Update SELinux policies for rlsservice

1. Move rls_service context from vndservice_contexts to service_contexts. 2. Allow binder calls from rlsservice to servicemanager 3. Change rls_service type from vndservice_manager_type to service_manager_type. Bug: 301520085 Test: GCA Change-Id: I7badfe2ddb73b13884b54d2c8972e1921af6ea38
2023-10-30 19:39:19 +08:00 · 2023-10-30 19:39:19 +08:00 · ea198bd127
commit ea198bd127
parent aa6b15007d
5 changed files with 5 additions and 3 deletions
--- a/whitechapel/vendor/google/rlsservice.te
+++ b/whitechapel/vendor/google/rlsservice.te
@ -16,8 +16,9 @@ allow rlsservice mnt_vendor_file:dir search;
 # access device files
 allow rlsservice rls_device:chr_file rw_file_perms;

-binder_call(rlsservice, hal_sensors_default)
 binder_call(rlsservice, hal_camera_default)
+binder_call(rlsservice, hal_sensors_default)
+binder_call(rlsservice, servicemanager)

 # Allow access to always-on compute device node
 allow rlsservice device:dir { read watch };
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@ -2,3 +2,5 @@ type hal_pixel_display_service, service_manager_type, hal_service_type;
 type hal_uwb_vendor_service, service_manager_type, hal_service_type;
 # WLC
 type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;
+
+type rls_service, service_manager_type;
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@ -2,3 +2,4 @@ com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_
 hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_vendor_service:s0
 android.hardware.drm.IDrmFactory/widevine                  u:object_r:hal_drm_service:s0
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
+rlsservice                                                 u:object_r:rls_service:s0
--- a/whitechapel/vendor/google/vndservice.te
+++ b/whitechapel/vendor/google/vndservice.te
@ -1,3 +1,2 @@
-type rls_service, vndservice_manager_type;
 type vendor_surfaceflinger_vndservice, vndservice_manager_type;
 type eco_service, vndservice_manager_type;
--- a/whitechapel/vendor/google/vndservice_contexts
+++ b/whitechapel/vendor/google/vndservice_contexts
@ -1,3 +1,2 @@
 Exynos.HWCService     u:object_r:vendor_surfaceflinger_vndservice:s0
-rlsservice            u:object_r:rls_service:s0
 media.ecoservice      u:object_r:eco_service:s0