Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f98b51ef0e2bfa2ea4482c37bf36d014aa21f0aa^! / .
commitf98b51ef0e2bfa2ea4482c37bf36d014aa21f0aa[log] [tgz]
authorWenhao Wang <wenhaowang@google.com>Sat Nov 16 23:05:34 2024 -0800
committerWenhao Wang <wenhaowang@google.com>Sun Nov 17 11:09:57 2024 -0800
treee67d496f467876d5e9bae23b4f2654afb73c6d68
parent722f3ec3594d302d7e9370e011f007eb23c9bc7b [diff]
Add sepolicy for intrusion detection service

We are asked to rename forensic to intrusion
detection to have a more accurate description.
The forensic terms on sepolicy will be removed
in next CL once the CLs on internal main is merged.

Bug: 365994454
Test: manual
Change-Id: I895896213d55808dc6f85de9761f6114f950ca34

diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index c2a1b27..3af8dd2 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go

@@ -308,6 +308,7 @@
 		"inputflinger":                           EXCEPTION_NO_FUZZER,
 		"input_method":                           EXCEPTION_NO_FUZZER,
 		"input":                                  EXCEPTION_NO_FUZZER,
+		"intrusion_detection":                    EXCEPTION_NO_FUZZER,
 		"installd":                               []string{"installd_service_fuzzer"},
 		"iphonesubinfo_msim":                     EXCEPTION_NO_FUZZER,
 		"iphonesubinfo2":                         EXCEPTION_NO_FUZZER,

diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 3ba4bcd..e401588 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil

@@ -23,4 +23,5 @@
     advanced_protection_service
     sysfs_firmware_acpi_tables
     dynamic_instrumentation_service
+    intrusion_detection_service
   ))

diff --git a/private/service_contexts b/private/service_contexts
index 26ba680..f97b996 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -300,6 +300,9 @@
 input_method                              u:object_r:input_method_service:s0
 input                                     u:object_r:input_service:s0
 installd                                  u:object_r:installd_service:s0
+starting_at_board_api(202504, `
+    intrusion_detection                   u:object_r:intrusion_detection_service:s0
+')
 iphonesubinfo_msim                        u:object_r:radio_service:s0
 iphonesubinfo2                            u:object_r:radio_service:s0
 iphonesubinfo                             u:object_r:radio_service:s0

diff --git a/public/service.te b/public/service.te
index 753d20d..7aab275 100644
--- a/public/service.te
+++ b/public/service.te

@@ -168,6 +168,9 @@
 type incremental_service, system_server_service, service_manager_type;
 type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+starting_at_board_api(202504, `
+    type intrusion_detection_service, app_api_service, system_api_service, system_server_service, service_manager_type;
+')
 type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type iris_service, app_api_service, system_server_service, service_manager_type;
 type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;