Blame - private/composd.te - android_system_sepolicy

blob: 88c4e4a6ea8df1d24a90de961dd1dc746dce976f [file] [log] [blame]

Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	1	type composd, domain, coredomain;
				2	type composd_exec, system_file_type, exec_type, file_type;
				3
Alan Stokes	8788f7a	2021-11-19 17:33:34 +0000	[diff] [blame]	4	# Host dynamic AIDL services
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	5	init_daemon_domain(composd)
				6	binder_use(composd)
				7	add_service(composd, compos_service)
Alan Stokes	8788f7a	2021-11-19 17:33:34 +0000	[diff] [blame]	8	add_service(composd, compos_internal_service)
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	9
Alan Stokes	9112c9a	2021-10-19 16:50:24 +0100	[diff] [blame]	10	# Call back into system server
				11	binder_call(composd, system_server)
				12
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	13	# Start a VM
				14	virtualizationservice_use(composd)
				15
Victor Hsieh	33aa1a3	2021-12-03 16:46:18 -0800	[diff] [blame]	16	# Allow preparing staging directory for odrefresh
				17	allow composd apex_art_data_file:dir { create_dir_perms relabelfrom };
				18	allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto };
				19
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	20	# Access our APEX data files
				21	allow composd apex_module_data_file:dir search;
				22	allow composd apex_compos_data_file:dir create_dir_perms;
				23	allow composd apex_compos_data_file:file create_file_perms;
Alan Stokes	d3438b0	2021-09-15 14:28:12 +0100	[diff] [blame]	24
Victor Hsieh	90b7b00	2021-11-30 14:21:06 -0800	[diff] [blame^]	25	# TODO(b/209008712): Removed these when we run odrefresh in the VM
Alan Stokes	9112c9a	2021-10-19 16:50:24 +0100	[diff] [blame]	26	# Run odrefresh to refresh ART artifacts, and kill it if we need to
Alan Stokes	d3438b0	2021-09-15 14:28:12 +0100	[diff] [blame]	27	domain_auto_trans(composd, odrefresh_exec, odrefresh)
Alan Stokes	9112c9a	2021-10-19 16:50:24 +0100	[diff] [blame]	28	allow composd odrefresh:process sigkill;
Victor Hsieh	1f117c26	2021-12-01 15:25:23 -0800	[diff] [blame]	29
Victor Hsieh	90b7b00	2021-11-30 14:21:06 -0800	[diff] [blame^]	30	# Run fd_server in its own domain, and send SIGTERM when finished.
				31	domain_auto_trans(composd, fd_server_exec, compos_fd_server)
				32	allow composd compos_fd_server:process signal;
				33
Victor Hsieh	1f117c26	2021-12-01 15:25:23 -0800	[diff] [blame]	34	# Read ART's properties
				35	get_prop(composd, dalvik_config_prop)