Add SELinux rules for service_manager.
Add a service_mananger class with the verb add.
Add a type that groups the services for each of the
processes that is allowed to start services in service.te
and an attribute for all services controlled by the service
manager. Add the service_contexts file which maps service
name to target label.
Bug: 12909011
Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
diff --git a/service_contexts b/service_contexts
new file mode 100644
index 0000000..3720b46
--- /dev/null
+++ b/service_contexts
@@ -0,0 +1,96 @@
+accessibility u:object_r:system_server_service:s0
+account u:object_r:system_server_service:s0
+activity u:object_r:system_server_service:s0
+alarm u:object_r:system_server_service:s0
+android.security.keystore u:object_r:keystore_service:s0
+appops u:object_r:system_server_service:s0
+appwidget u:object_r:system_server_service:s0
+assetatlas u:object_r:system_server_service:s0
+audio u:object_r:system_server_service:s0
+backup u:object_r:system_server_service:s0
+batteryproperties u:object_r:healthd_service:s0
+batterystats u:object_r:system_server_service:s0
+battery u:object_r:system_server_service:s0
+bluetooth_manager u:object_r:system_server_service:s0
+clipboard u:object_r:system_server_service:s0
+com.android.internal.telephony.mms.IMms u:object_r:system_server_service:s0
+commontime_management u:object_r:system_server_service:s0
+connectivity u:object_r:system_server_service:s0
+consumer_ir u:object_r:system_server_service:s0
+content u:object_r:system_server_service:s0
+country_detector u:object_r:system_server_service:s0
+cpuinfo u:object_r:system_server_service:s0
+dbinfo u:object_r:system_server_service:s0
+device_policy u:object_r:system_server_service:s0
+devicestoragemonitor u:object_r:system_server_service:s0
+diskstats u:object_r:system_server_service:s0
+display.qservice u:object_r:surfaceflinger_service:s0
+display u:object_r:system_server_service:s0
+DockObserver u:object_r:system_server_service:s0
+dreams u:object_r:system_server_service:s0
+drm.drmManager u:object_r:drmserver_service:s0
+dropbox u:object_r:system_server_service:s0
+entropy u:object_r:system_server_service:s0
+ethernet u:object_r:system_server_service:s0
+gfxinfo u:object_r:system_server_service:s0
+hardware u:object_r:system_server_service:s0
+hdmi_control u:object_r:system_server_service:s0
+inputflinger u:object_r:inputflinger_service:s0
+input_method u:object_r:system_server_service:s0
+input u:object_r:system_server_service:s0
+iphonesubinfo u:object_r:radio_service:s0
+isms u:object_r:radio_service:s0
+launcherapps u:object_r:system_server_service:s0
+location u:object_r:system_server_service:s0
+lock_settings u:object_r:system_server_service:s0
+media.audio_flinger u:object_r:mediaserver_service:s0
+media.audio_policy u:object_r:mediaserver_service:s0
+media.camera u:object_r:mediaserver_service:s0
+media.player u:object_r:mediaserver_service:s0
+media_router u:object_r:system_server_service:s0
+media_session u:object_r:system_server_service:s0
+meminfo u:object_r:system_server_service:s0
+mount u:object_r:system_server_service:s0
+netpolicy u:object_r:system_server_service:s0
+netstats u:object_r:system_server_service:s0
+network_management u:object_r:system_server_service:s0
+network_score u:object_r:system_server_service:s0
+nfc u:object_r:nfc_service:s0
+notification u:object_r:system_server_service:s0
+package u:object_r:system_server_service:s0
+permission u:object_r:system_server_service:s0
+phone u:object_r:radio_service:s0
+power u:object_r:system_server_service:s0
+print u:object_r:system_server_service:s0
+procstats u:object_r:system_server_service:s0
+restrictions u:object_r:system_server_service:s0
+samplingprofiler u:object_r:system_server_service:s0
+scheduling_policy u:object_r:system_server_service:s0
+search u:object_r:system_server_service:s0
+sensorservice u:object_r:system_server_service:s0
+serial u:object_r:system_server_service:s0
+servicediscovery u:object_r:system_server_service:s0
+simphonebook u:object_r:radio_service:s0
+sip u:object_r:radio_service:s0
+statusbar u:object_r:system_server_service:s0
+SurfaceFlinger u:object_r:surfaceflinger_service:s0
+task u:object_r:system_server_service:s0
+telecomm u:object_r:radio_service:s0
+telephony.registry u:object_r:system_server_service:s0
+textservices u:object_r:system_server_service:s0
+trust u:object_r:system_server_service:s0
+tv_input u:object_r:system_server_service:s0
+uimode u:object_r:system_server_service:s0
+updatelock u:object_r:system_server_service:s0
+usagestats u:object_r:system_server_service:s0
+usb u:object_r:system_server_service:s0
+user u:object_r:system_server_service:s0
+vibrator u:object_r:system_server_service:s0
+voiceinteraction u:object_r:system_server_service:s0
+wallpaper u:object_r:system_server_service:s0
+wifip2p u:object_r:system_server_service:s0
+wifiscanner u:object_r:system_server_service:s0
+wifi u:object_r:system_server_service:s0
+window u:object_r:system_server_service:s0
+
+* u:object_r:default_android_service:s0