Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move coredomain seapp contexts to system_ext

Browse source 
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.

Bug: 280547417
Test: TH
Change-Id: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
Merged-In: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
(cherry picked from commit 63200470b8)
This commit is contained in:
Inseob Kim 2023-08-10 17:00:56 +09:00
parent 08dbe5a438
commit d9a89215f4
16 changed files with 82 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

16
private/debug_camera_app.te Normal file
View file

@ -0,0 +1,16 @@
typeattribute debug_camera_app coredomain;
userdebug_or_eng(`
app_domain(debug_camera_app)
net_domain(debug_camera_app)
allow debug_camera_app app_api_service:service_manager find;
allow debug_camera_app audioserver_service:service_manager find;
allow debug_camera_app cameraserver_service:service_manager find;
allow debug_camera_app mediaextractor_service:service_manager find;
allow debug_camera_app mediametrics_service:service_manager find;
allow debug_camera_app mediaserver_service:service_manager find;
# Allows GCA_Eng & GCA-Next to access the PowerHAL.
hal_client_domain(debug_camera_app, hal_power)
')

16
private/google_camera_app.te Normal file
View file

@ -0,0 +1,16 @@
typeattribute google_camera_app coredomain;
app_domain(google_camera_app)
net_domain(google_camera_app)
allow google_camera_app app_api_service:service_manager find;
allow google_camera_app audioserver_service:service_manager find;
allow google_camera_app cameraserver_service:service_manager find;
allow google_camera_app mediaextractor_service:service_manager find;
allow google_camera_app mediametrics_service:service_manager find;
allow google_camera_app mediaserver_service:service_manager find;
# Allows GCA to access the PowerHAL.
hal_client_domain(google_camera_app, hal_power)
# Library code may try to access vendor properties, but should be denied
dontaudit google_camera_app vendor_default_prop:file { getattr map open };

11
private/seapp_contexts Normal file
View file

@ -0,0 +1,11 @@
# Google Camera
user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
# Google Camera Eng
user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all
# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera
user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
# Also label GoogleCameraNext, built with debug keys as debug_camera_app.
user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all