create security context for aconfigd-system rust binary and
aconfigd_system socket.
aconfigd-system is the rust replacement for cc_binary aconfigd. And
aconfigd_system socket is the replacement for aconfigd socket. The
transition will be flag guarded, only one daemon will be turn on based
on the flag. The binaries and sockets should have identical policy.
The rust binary will implement the main function logic including socket
messaging marshaling. The detailed logic to handle a request is still in
a cc_library for now. Will conevert it to a rust_library later.
Bug: b/327170179
Test: m
Change-Id: I70975833d229bf04bcb8e2cc0970e69a63b1c366
diff --git a/private/file_contexts b/private/file_contexts
index 2e67c35..a957f24 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -156,6 +156,7 @@
/dev/socket(/.*)? u:object_r:socket_device:s0
/dev/socket/adbd u:object_r:adbd_socket:s0
/dev/socket/aconfigd u:object_r:aconfigd_socket:s0
+/dev/socket/aconfigd_system u:object_r:aconfigd_socket:s0
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0
@@ -394,6 +395,7 @@
/system/bin/netbpfload u:object_r:bpfloader_exec:s0
/system/bin/watchdogd u:object_r:watchdogd_exec:s0
/system/bin/aconfigd u:object_r:aconfigd_exec:s0
+/system/bin/aconfigd-system u:object_r:aconfigd_exec:s0
/system/bin/apexd u:object_r:apexd_exec:s0
/system/bin/gsid u:object_r:gsid_exec:s0
/system/bin/simpleperf u:object_r:simpleperf_exec:s0