Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ee0ae810cd2e2ebe05a0df99c262e2befd6f1be4^! / .
commitee0ae810cd2e2ebe05a0df99c262e2befd6f1be4[log] [tgz]
authorDennis Shen <dzshen@google.com>Wed Nov 06 13:14:44 2024 +0000
committerDennis Shen <dzshen@google.com>Fri Nov 08 18:52:46 2024 +0000
tree07ddb4f89e5bb3f2a0c02354ef01dda36a60135f
parent5ec72cace32b2b5b979ebe35da7b0323c71083ce [diff]
create security context for aconfigd-system rust binary and
aconfigd_system socket.

aconfigd-system is the rust replacement for cc_binary aconfigd. And
aconfigd_system socket is the replacement for aconfigd socket. The
transition will be flag guarded, only one daemon will be turn on based
on the flag. The binaries and sockets should have identical policy.

The rust binary will implement the main function logic including socket
messaging marshaling. The detailed logic to handle a request is still in
a cc_library for now. Will conevert it to a rust_library later.

Bug: b/327170179
Test: m
Change-Id: I70975833d229bf04bcb8e2cc0970e69a63b1c366

diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index eab7697..7400a33 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test

@@ -190,6 +190,7 @@
 /dev/socket/does_not_exist                                        socket_device
 /dev/socket/adbd                                                  adbd_socket
 /dev/socket/aconfigd                                              aconfigd_socket
+/dev/socket/aconfigd_system                                       aconfigd_socket
 /dev/socket/dnsproxyd                                             dnsproxyd_socket
 /dev/socket/dumpstate                                             dumpstate_socket
 /dev/socket/fwmarkd                                               fwmarkd_socket
@@ -465,6 +466,7 @@
 /system/usr/share/zoneinfo/0                                      system_zoneinfo_file
 /system/bin/adbd                                                  adbd_exec
 /system/bin/aconfigd                                              aconfigd_exec
+/system/bin/aconfigd-system                                       aconfigd_exec
 /system/bin/vold_prepare_subdirs                                  vold_prepare_subdirs_exec
 /system/bin/stats                                                 stats_exec
 /system/bin/statsd                                                statsd_exec

diff --git a/private/file_contexts b/private/file_contexts
index 2e67c35..a957f24 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -156,6 +156,7 @@
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
 /dev/socket/aconfigd	u:object_r:aconfigd_socket:s0
+/dev/socket/aconfigd_system	u:object_r:aconfigd_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/fwmarkd	u:object_r:fwmarkd_socket:s0
@@ -394,6 +395,7 @@
 /system/bin/netbpfload           u:object_r:bpfloader_exec:s0
 /system/bin/watchdogd            u:object_r:watchdogd_exec:s0
 /system/bin/aconfigd             u:object_r:aconfigd_exec:s0
+/system/bin/aconfigd-system      u:object_r:aconfigd_exec:s0
 /system/bin/apexd                u:object_r:apexd_exec:s0
 /system/bin/gsid                 u:object_r:gsid_exec:s0
 /system/bin/simpleperf           u:object_r:simpleperf_exec:s0