From ce711fd18ec25292a6497cf091c4a893d0c53d9e Mon Sep 17 00:00:00 2001 From: andychou Date: Mon, 8 Mar 2021 18:31:07 +0800 Subject: [PATCH] Fix avc denied issue when accessing to IStats service Originally we use isPriv=true but Exo APP is not located in priv-app folder. So has to remove isPriv=true and add into net_domain in order to network accessing. This is a clone cl updated from ag/13794482 Bug: 180594376 Test: manual test if there is avc denied Change-Id: Icb5009248d10c23e772040aad8ac2fed849bafa0 --- ambient/exo_app.te | 5 ++++- ambient/seapp_contexts | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ambient/exo_app.te b/ambient/exo_app.te index a66e9413..a901a197 100644 --- a/ambient/exo_app.te +++ b/ambient/exo_app.te @@ -1,6 +1,7 @@ -type exo_app, domain; +type exo_app, coredomain, domain; app_domain(exo_app) +net_domain(exo_app) allow exo_app app_api_service:service_manager find; allow exo_app audioserver_service:service_manager find; @@ -8,4 +9,6 @@ allow exo_app cameraserver_service:service_manager find; allow exo_app mediaserver_service:service_manager find; allow exo_app radio_service:service_manager find; allow exo_app fwk_stats_hwservice:hwservice_manager find; +allow exo_app mediametrics_service:service_manager find; + binder_call(exo_app, statsd) diff --git a/ambient/seapp_contexts b/ambient/seapp_contexts index 2bfdde8e..4ee10805 100644 --- a/ambient/seapp_contexts +++ b/ambient/seapp_contexts @@ -1,5 +1,5 @@ # Domain for Exo app -user=_app isPrivApp=true seinfo=platform name=com.google.pixel.exo domain=exo_app type=app_data_file levelFrom=all +user=_app seinfo=platform name=com.google.pixel.exo domain=exo_app type=app_data_file levelFrom=all # Domain for Exo Wirecutter app user=_app seinfo=wirecutter name=com.google.pixel.wirecutter domain=exo_wirecutter_app type=app_data_file levelFrom=all