Evolution-X-Tensor/device_google_gs-common
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set up access control rule for aocxd

Browse Source 
Test: make -j64
Bug: 385663354
Flag: EXEMPT bugfix
Change-Id: I1b6584a0643085e9d69c85b27a0ba3667aacf1cf
This commit is contained in:
Bowen Lai
2024-12-25 07:18:45 +00:00
parent 327eb5b7eb
commit f3564e9b91
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
aoc/aoc.mk
View File

@@ -1,5 +1,11 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
# Skip aosp_ build due to dcservice_app is not available
ifeq (,$(filter aosp_%, $(TARGET_PRODUCT)))
BOARD_VENDOR_SEPOLICY_DIRS += \
device/google/gs-common/aoc/sepolicy/allowlist
endif
PRODUCT_PACKAGES += dump_aoc \
aocd \
aocxd

2
aoc/sepolicy/allowlist/aocxd_neverallow.te Normal file
View File

@@ -0,0 +1,2 @@
# set up rule to control the access to aocxd
neverallow { domain -hwservicemanager -servicemanager -vndservicemanager -system_suspend_server -dumpstate -hal_audio_default -dcservice_app } aocxd:binder { call transfer };