Sepolicy rules for initial media quality framework.
We add a new system service (MediaQualityService) and manager (MediaQuality) with feature flag. This service will standardize APIs for Android TV setting in Android W to streamline vendor development process for TV settings.
Bug: 371041195
Bug: 348412562
Test: m
Test: Gambit TV
Change-Id: Id20a1d7bb5b3ab5310f8ae7ade9b127e13cee4b8
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 698d68f..a95f53d 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -350,6 +350,7 @@
"media_communication": EXCEPTION_NO_FUZZER,
"media_metrics": EXCEPTION_NO_FUZZER,
"media_projection": EXCEPTION_NO_FUZZER,
+ "media_quality": EXCEPTION_NO_FUZZER,
"media_resource_monitor": EXCEPTION_NO_FUZZER,
"media_router": EXCEPTION_NO_FUZZER,
"media_session": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 787531a..3927eee 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -19,5 +19,6 @@
virtual_fingerprint_exec
virtual_face
virtual_face_exec
+ media_quality_service
advanced_protection_service
))
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 6c52dba..3132c5a 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -52,4 +52,5 @@
aconfigd_socket
enable_16k_pages_prop
proc_cgroups
+ media_quality_service
))
diff --git a/private/service.te b/private/service.te
index a4d00f3..9aaf499 100644
--- a/private/service.te
+++ b/private/service.te
@@ -27,6 +27,9 @@
type statsbootstrap_service, system_server_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
type statsmanager_service, system_api_service, system_server_service, service_manager_type;
+until_board_api(202504, `
+ type media_quality_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+')
is_flag_enabled(RELEASE_SUPERVISION_SERVICE, `
type supervision_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 7c3efc7..6275b3a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -337,6 +337,7 @@
media_communication u:object_r:media_communication_service:s0
media_metrics u:object_r:media_metrics_service:s0
media_projection u:object_r:media_projection_service:s0
+media_quality u:object_r:media_quality_service:s0
media_resource_monitor u:object_r:media_session_service:s0
media_router u:object_r:media_router_service:s0
media_session u:object_r:media_session_service:s0
diff --git a/public/service.te b/public/service.te
index 9d77fb9..cc9b1ab 100644
--- a/public/service.te
+++ b/public/service.te
@@ -176,6 +176,9 @@
type media_communication_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type media_metrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+starting_at_board_api(202504, `
+ type media_quality_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+')
type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type meminfo_service, system_api_service, system_server_service, service_manager_type;