From 78b9dcdb693935647bdb243965b718de5856b433 Mon Sep 17 00:00:00 2001 From: Dave Mankoff Date: Wed, 12 Apr 2023 15:14:52 +0000 Subject: [PATCH] Give SystemUI access to necessary selinux properties. Other errors mentioned in the bugs are already absent. Fixes: 269964574 Fixes: 272628396 Fixes: 272628174 Test: built and flash device. No selinux errors printed. Change-Id: Ic285b1f5a2ce6973899011a7c6a596e807c3e933 --- tracking_denials/bug_map | 8 -------- vendor/systemui_app.te | 4 ++++ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 0e0305b6..b17b17b7 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -28,16 +28,8 @@ servicemanager hal_fingerprint_default binder b/264483753 ssr_detector_app system_app_data_file dir b/264483352 ssr_detector_app system_app_data_file file b/264483352 system_server default_android_service service_manager b/264483754 -systemui_app bootanim_system_prop property_service b/269964574 -systemui_app hal_googlebattery binder b/269964574 systemui_app init unix_stream_socket b/269964574 -systemui_app mediaextractor_service service_manager b/272628174 -systemui_app mediametrics_service service_manager b/272628174 -systemui_app mediaserver_service service_manager b/272628174 systemui_app property_socket sock_file b/269964574 -systemui_app qemu_hw_prop file b/269964574 -systemui_app twoshay binder b/269964574 -systemui_app vr_manager_service service_manager b/272628174 twoshay systemui_app binder b/269964558 untrusted_app default_android_service service_manager b/264599934 vendor_init device_config_configuration_prop property_service b/267714573 diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te index 312d8c80..b462eb38 100644 --- a/vendor/systemui_app.te +++ b/vendor/systemui_app.te @@ -7,10 +7,14 @@ allow systemui_app color_display_service:service_manager find; allow systemui_app audioserver_service:service_manager find; allow systemui_app cameraserver_service:service_manager find; allow systemui_app mediaserver_service:service_manager find; +allow systemui_app mediaextractor_service:service_manager find; +allow systemui_app mediametrics_service:service_manager find; allow systemui_app radio_service:service_manager find; +allow systemui_app vr_manager_service:service_manager find; get_prop(systemui_app, keyguard_config_prop) set_prop(systemui_app, bootanim_system_prop) +get_prop(systemui_app, qemu_hw_prop) allow systemui_app pixel_battery_service_type:service_manager find; binder_call(systemui_app, pixel_battery_domain)