Update SELinux Policy for bufferhubd am: 26fa914cb2
am: cf728896d0
Change-Id: If0aec726ee0497ac2bbd41fdde57bb509cab2de4
diff --git a/private/bufferhubd.te b/private/bufferhubd.te
index 012eb20..31328ac 100644
--- a/private/bufferhubd.te
+++ b/private/bufferhubd.te
@@ -1,3 +1,7 @@
typeattribute bufferhubd coredomain;
init_daemon_domain(bufferhubd)
+
+# Permission for create binder service "bufferhubd"
+binder_use(bufferhubd);
+add_service(bufferhubd, buffer_hub_service);
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index b70b2ab..b64e10e 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -18,6 +18,8 @@
bpfloader
bpfloader_exec
broadcastradio_service
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
cgroup_bpf
color_display_service
crossprofileapps_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 1e38d2d..494e634 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -16,6 +16,8 @@
bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
cgroup_bpf
color_display_service
crossprofileapps_service
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 9d9fc20..cd7b7c8 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -7,6 +7,8 @@
adb_service
app_binding_service
biometric_service
+ ;; TODO(b/116344577): remove after the issue is resolved
+ buffer_hub_service
fastbootd
color_display_service
hal_health_storage_hwservice
diff --git a/private/service.te b/private/service.te
index 3fec882..660bc1e 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,2 +1,3 @@
+type buffer_hub_service, service_manager_type;
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index ebd8a36..e04227b 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -22,6 +22,7 @@
bluetooth_manager u:object_r:bluetooth_manager_service:s0
bluetooth u:object_r:bluetooth_service:s0
broadcastradio u:object_r:broadcastradio_service:s0
+bufferhubd u:object_r:buffer_hub_service:s0
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
diff --git a/private/shell.te b/private/shell.te
index 130a130..1213777 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -51,3 +51,6 @@
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
allow shell perfetto_traces_data_file:dir rw_dir_perms;
allow shell perfetto_traces_data_file:file r_file_perms;
+
+# Allow shell-based "dumpsys" to call into bufferhubd.
+binder_call(shell, bufferhubd);
diff --git a/public/bufferhubd.te b/public/bufferhubd.te
index 580462c..10826d3 100644
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te
@@ -4,6 +4,7 @@
hal_client_domain(bufferhubd, hal_graphics_allocator)
+# TODO(b/112338294): remove these after migrate to Binder
pdx_server(bufferhubd, bufferhub_client)
pdx_client(bufferhubd, performance_client)