Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e4350c1a64a4040e0c78e8d492b21c427cd78690^! / . / private
commite4350c1a64a4040e0c78e8d492b21c427cd78690[log] [tgz]
authorHung-ying Tyan <tyanh@google.com>Sun Jan 13 19:13:19 2019 +0800
committerHung-ying Tyan <tyanh@google.com>Thu Jan 31 01:30:36 2019 +0000
treec2cefae106cf8f540f102009d7e0b3e0195d44dc
parent59e8da919695a245c53bdc09e670e682a5f2eeed [diff]
Sepolicy for dynamic_android_service

Dynamic_android service is a proxy running in SystemServer to the
gsi_service daemon. It provides a set of SystemApi's to manage
installation of a new system image to the device while keeping the
original system image intact.

Bug: 122929007
Test: manual; see dynamic_android service start in logcat
Change-Id: Idb9b0475677dad13b7864ca0cf6041dcab04b4e3

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index bc49c99..42f18a0 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -34,6 +34,7 @@
     device_config_reset_performed_prop
     device_config_runtime_native_prop
     device_config_service
+    dynamic_android_service
     face_service
     face_vendor_data_file
     fastbootd

diff --git a/private/service.te b/private/service.te
index 84e524d..89664e4 100644
--- a/private/service.te
+++ b/private/service.te

@@ -1,3 +1,4 @@
+type dynamic_android_service,       system_api_service, system_server_service, service_manager_type;
 type gsi_service,                   service_manager_type;
 type incidentcompanion_service,     system_api_service, system_server_service, service_manager_type;
 type stats_service,                 service_manager_type;

diff --git a/private/service_contexts b/private/service_contexts
index 82abfbc..965304c 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -57,6 +57,7 @@
 drm.drmManager                            u:object_r:drmserver_service:s0
 dropbox                                   u:object_r:dropbox_service:s0
 dumpstate                                 u:object_r:dumpstate_service:s0
+dynamic_android                           u:object_r:dynamic_android_service:s0
 econtroller                               u:object_r:radio_service:s0
 euicc_card_controller                     u:object_r:radio_service:s0
 external_vibrator_service                 u:object_r:external_vibrator_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index f91461c..2a79460 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -682,9 +682,10 @@
 allow system_server drmserver_service:service_manager find;
 allow system_server dumpstate_service:service_manager find;
 allow system_server fingerprintd_service:service_manager find;
-allow system_server hal_fingerprint_service:service_manager find;
 allow system_server gatekeeper_service:service_manager find;
 allow system_server gpu_service:service_manager find;
+allow system_server gsi_service:service_manager find;
+allow system_server hal_fingerprint_service:service_manager find;
 allow system_server idmap_service:service_manager find;
 allow system_server incident_service:service_manager find;
 allow system_server installd_service:service_manager find;