Set up access control rule for aocxd
Test: make -j64 Bug: 385663354 Flag: EXEMPT bugfix Change-Id: I1b6584a0643085e9d69c85b27a0ba3667aacf1cf
This commit is contained in:
Bowen Lai
parent
327eb5b7eb
commit
f3564e9b91
2 changed files with 8 additions and 0 deletions
|
|
@ -1,5 +1,11 @@
|
|||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
|
||||
|
||||
# Skip aosp_ build due to dcservice_app is not available
|
||||
ifeq (,$(filter aosp_%, $(TARGET_PRODUCT)))
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += \
|
||||
device/google/gs-common/aoc/sepolicy/allowlist
|
||||
endif
|
||||
|
||||
PRODUCT_PACKAGES += dump_aoc \
|
||||
aocd \
|
||||
aocxd
|
||||
|
|
|
|||
2
aoc/sepolicy/allowlist/aocxd_neverallow.te
Normal file
2
aoc/sepolicy/allowlist/aocxd_neverallow.te
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# set up rule to control the access to aocxd
|
||||
neverallow { domain -hwservicemanager -servicemanager -vndservicemanager -system_suspend_server -dumpstate -hal_audio_default -dcservice_app } aocxd:binder { call transfer };
|
||||
Loading…
Add table
Add a link
Reference in a new issue