Merge "Set up access control rule for aocxd" into main
This commit is contained in:
Bowen Lai
Android (Google) Code Review
commit
09f71b4f37
2 changed files with 8 additions and 0 deletions
|
|
@ -1,5 +1,11 @@
|
||||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
|
||||||
|
|
||||||
|
# Skip aosp_ build due to dcservice_app is not available
|
||||||
|
ifeq (,$(filter aosp_%, $(TARGET_PRODUCT)))
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += \
|
||||||
|
device/google/gs-common/aoc/sepolicy/allowlist
|
||||||
|
endif
|
||||||
|
|
||||||
PRODUCT_PACKAGES += dump_aoc \
|
PRODUCT_PACKAGES += dump_aoc \
|
||||||
aocd \
|
aocd \
|
||||||
aocxd
|
aocxd
|
||||||
|
|
|
||||||
2
aoc/sepolicy/allowlist/aocxd_neverallow.te
Normal file
2
aoc/sepolicy/allowlist/aocxd_neverallow.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# set up rule to control the access to aocxd
|
||||||
|
neverallow { domain -hwservicemanager -servicemanager -vndservicemanager -system_suspend_server -dumpstate -hal_audio_default -dcservice_app } aocxd:binder { call transfer };
|
||||||
Loading…
Add table
Add a link
Reference in a new issue