Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / fd92fb93bc1ea53867ded05532cb64134025ef1f^! / . / private
commitfd92fb93bc1ea53867ded05532cb64134025ef1f[log] [tgz]
authorSantos Cordon <santoscordon@google.com>Mon Jan 21 13:45:47 2019 +0000
committerSantos Cordon <santoscordon@google.com>Tue Feb 05 11:40:04 2019 +0000
treeb4b2025f58084a65013dc984c97a5830defd962d
parent5a06b7cfe34a482c318abd7d40a63fe9154a7895 [diff]
SEPolicy for Suspend Control interface.

Bug: 121210355
Test: manual
Change-Id: I9c46c72f0219309140ed2fb008ef57b4bca6ff2b

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 1c33a1e..40a184c 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -109,6 +109,7 @@
     system_event_log_tags_file
     system_lmk_prop
     system_suspend_hwservice
+    system_suspend_control_service
     staging_data_file
     task_profiles_file
     testharness_service

diff --git a/private/service_contexts b/private/service_contexts
index 0c4373b..5d50866 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -183,6 +183,7 @@
 storaged_pri                              u:object_r:storaged_service:s0
 storagestats                              u:object_r:storagestats_service:s0
 SurfaceFlinger                            u:object_r:surfaceflinger_service:s0
+suspend_control                           u:object_r:system_suspend_control_service:s0
 system_update                             u:object_r:system_update_service:s0
 task                                      u:object_r:task_service:s0
 telecom                                   u:object_r:telecom_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 1d48377..7b5589d 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -986,6 +986,9 @@
 allow system_server apex_service:service_manager find;
 allow system_server apexd:binder call;
 
+# Allow system server to communicate to system-suspend's control interface
+allow system_server system_suspend_control_service:service_manager find;
+
 # Allow the system server to read files under /data/apex. The system_server
 # needs these privileges to compare file signatures while processing installs.
 #