commit f98b51ef0e2bfa2ea4482c37bf36d014aa21f0aa
author Wenhao Wang <wenhaowang@google.com> Sat Nov 16 23:05:34 2024 -0800
committer Wenhao Wang <wenhaowang@google.com> Sun Nov 17 11:09:57 2024 -0800
tree e67d496f467876d5e9bae23b4f2654afb73c6d68
parent 722f3ec3594d302d7e9370e011f007eb23c9bc7b

Add sepolicy for intrusion detection service

We are asked to rename forensic to intrusion
detection to have a more accurate description.
The forensic terms on sepolicy will be removed
in next CL once the CLs on internal main is merged.

Bug: 365994454
Test: manual
Change-Id: I895896213d55808dc6f85de9761f6114f950ca34

private/compat/202404/202404.ignore.cil

diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 3ba4bcd..e401588 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -23,4 +23,5 @@
     advanced_protection_service
     sysfs_firmware_acpi_tables
     dynamic_instrumentation_service
+    intrusion_detection_service
   ))

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 26ba680..f97b996 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -300,6 +300,9 @@
 input_method                              u:object_r:input_method_service:s0
 input                                     u:object_r:input_service:s0
 installd                                  u:object_r:installd_service:s0
+starting_at_board_api(202504, `
+    intrusion_detection                   u:object_r:intrusion_detection_service:s0
+')
 iphonesubinfo_msim                        u:object_r:radio_service:s0
 iphonesubinfo2                            u:object_r:radio_service:s0
 iphonesubinfo                             u:object_r:radio_service:s0