Blame - private/composd.te - android_system_sepolicy

blob: dd61e3935335f16fcc4fefb0a891446a3aea1bf4 [file] [log] [blame]

Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	1	type composd, domain, coredomain;
				2	type composd_exec, system_file_type, exec_type, file_type;
				3
Alan Stokes	8788f7a	2021-11-19 17:33:34 +0000	[diff] [blame]	4	# Host dynamic AIDL services
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	5	init_daemon_domain(composd)
				6	binder_use(composd)
				7	add_service(composd, compos_service)
Alan Stokes	8788f7a	2021-11-19 17:33:34 +0000	[diff] [blame]	8	add_service(composd, compos_internal_service)
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	9
Alan Stokes	9112c9a	2021-10-19 16:50:24 +0100	[diff] [blame]	10	# Call back into system server
				11	binder_call(composd, system_server)
				12
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	13	# Start a VM
				14	virtualizationservice_use(composd)
				15
Alan Stokes	2914610	2021-12-16 14:31:14 +0000	[diff] [blame]	16	# Prepare staging directory for odrefresh
Victor Hsieh	33aa1a3	2021-12-03 16:46:18 -0800	[diff] [blame]	17	allow composd apex_art_data_file:dir { create_dir_perms relabelfrom };
				18	allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto };
Alan Stokes	ce6e298	2021-12-21 14:43:39 +0000	[diff] [blame^]	19	allow composd apex_art_staging_data_file:file { getattr unlink };
Victor Hsieh	33aa1a3	2021-12-03 16:46:18 -0800	[diff] [blame]	20
Alan Stokes	2914610	2021-12-16 14:31:14 +0000	[diff] [blame]	21	# Delete files in the odrefresh target directory
				22	allow composd apex_art_data_file:file unlink;
				23
Alan Stokes	d376e20	2021-09-09 17:08:15 +0100	[diff] [blame]	24	# Access our APEX data files
				25	allow composd apex_module_data_file:dir search;
				26	allow composd apex_compos_data_file:dir create_dir_perms;
				27	allow composd apex_compos_data_file:file create_file_perms;
Alan Stokes	d3438b0	2021-09-15 14:28:12 +0100	[diff] [blame]	28
Alan Stokes	2914610	2021-12-16 14:31:14 +0000	[diff] [blame]	29	# TODO(b/209008712): Remove these when we run odrefresh in the VM
Alan Stokes	9112c9a	2021-10-19 16:50:24 +0100	[diff] [blame]	30	# Run odrefresh to refresh ART artifacts, and kill it if we need to
Alan Stokes	d3438b0	2021-09-15 14:28:12 +0100	[diff] [blame]	31	domain_auto_trans(composd, odrefresh_exec, odrefresh)
Alan Stokes	9112c9a	2021-10-19 16:50:24 +0100	[diff] [blame]	32	allow composd odrefresh:process sigkill;
Victor Hsieh	1f117c26	2021-12-01 15:25:23 -0800	[diff] [blame]	33
Victor Hsieh	90b7b00	2021-11-30 14:21:06 -0800	[diff] [blame]	34	# Run fd_server in its own domain, and send SIGTERM when finished.
				35	domain_auto_trans(composd, fd_server_exec, compos_fd_server)
				36	allow composd compos_fd_server:process signal;
				37
Victor Hsieh	1f117c26	2021-12-01 15:25:23 -0800	[diff] [blame]	38	# Read ART's properties
				39	get_prop(composd, dalvik_config_prop)
Alan Stokes	2914610	2021-12-16 14:31:14 +0000	[diff] [blame]	40
				41	# We never create any artifact files directly
				42	neverallow composd apex_art_data_file:file ~unlink;