Add sepolicy for ConnectivityMonitor am: 78b62802e4 am: ef2e13dcd1 am: 75821af430

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/23575448 Change-Id: I9ee542ee1322c61ee88a93d2e2886441dad67658 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-06 08:03:08 +00:00 · 2023-06-06 08:03:08 +00:00 · 9236600765
commit 9236600765
parent e2cd135f0a 75821af430
4 changed files with 10 additions and 47 deletions
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@ -1,14 +1,3 @@
-con_monitor_app app_data_file dir b/264483670
-con_monitor_app app_data_file file b/264483670
-con_monitor_app batterystats_service service_manager b/283725302
-con_monitor_app dalvikcache_data_file dir b/264483670
-con_monitor_app dalvikcache_data_file file b/264483670
-con_monitor_app init unix_stream_socket b/283725302
-con_monitor_app mnt_expand_file dir b/264483670
-con_monitor_app property_socket sock_file b/283725302
-con_monitor_app radio_prop property_service b/283725302
-con_monitor_app system_data_file lnk_file b/264483670
-con_monitor_app virtual_device_service service_manager b/283725302
 dump_modem sysfs_dump_modem file b/281815537
 dumpstate app_zygote process b/279680264
 google_camera_app audio_service service_manager b/264600171
--- a/tracking_denials/con_monitor_app.te
+++ b/tracking_denials/con_monitor_app.te
@ -1,36 +0,0 @@
-# b/261518779
-dontaudit con_monitor_app activity_service:service_manager { find };
-dontaudit con_monitor_app content_capture_service:service_manager { find };
-dontaudit con_monitor_app game_service:service_manager { find };
-dontaudit con_monitor_app netstats_service:service_manager { find };
-dontaudit con_monitor_app system_server:binder { call };
-dontaudit con_monitor_app system_server:binder { transfer };
-dontaudit con_monitor_app system_server:fd { use };
-# b/261783158
-dontaudit con_monitor_app system_file:file { getattr };
-dontaudit con_monitor_app system_file:file { map };
-dontaudit con_monitor_app system_file:file { open };
-dontaudit con_monitor_app system_file:file { read };
-dontaudit con_monitor_app tmpfs:file { execute };
-dontaudit con_monitor_app tmpfs:file { map };
-dontaudit con_monitor_app tmpfs:file { read };
-dontaudit con_monitor_app tmpfs:file { write };
-# b/261933171
-dontaudit con_monitor_app dumpstate:fd { use };
-dontaudit con_monitor_app dumpstate:fifo_file { append };
-dontaudit con_monitor_app dumpstate:fifo_file { write };
-dontaudit con_monitor_app system_server:fifo_file { write };
-dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto };
-dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write };
-# b/262455571
-dontaudit con_monitor_app data_file_type:dir { search };
-dontaudit con_monitor_app servicemanager:binder { call };
-dontaudit con_monitor_app statsd:unix_dgram_socket { sendto };
-dontaudit con_monitor_app statsdw_socket:sock_file { write };
-dontaudit con_monitor_app system_file:file { execute };
-# b/264489520
-userdebug_or_eng(`
-  permissive con_monitor_app;
-')
-# b/267843291
-dontaudit con_monitor_app resourcecache_data_file:file { read };
--- a/vendor/con_monitor_app.te
+++ b/vendor/con_monitor_app.te
@ -1,3 +1,12 @@
 # ConnectivityMonitor app
 type con_monitor_app, domain;
 app_domain(con_monitor_app);
+
+allow con_monitor_app app_api_service:service_manager find;
+allow con_monitor_app batterystats_service:service_manager find;
+allow con_monitor_app virtual_device_service:service_manager find;
+
+binder_call(con_monitor_app, system_server);
+binder_call(con_monitor_app, servicemanager);
+
+set_prop(con_monitor_app, radio_prop);
--- a/vendor/system_server.te
+++ b/vendor/system_server.te
@ -1,5 +1,6 @@
 # Allow system server to send sensor data callbacks to GPS
 binder_call(system_server, gpsd);
 binder_call(system_server, hal_camera_default);
+binder_call(system_server, con_monitor_app);

 allow system_server arm_mali_platform_service:service_manager find;