Move coredomain seapp contexts to system_ext
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.
Bug: 280547417
Test: TH
Change-Id: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
Merged-In: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50
(cherry picked from commit 63200470b8)
This commit is contained in:
Inseob Kim
parent
08dbe5a438
commit
d9a89215f4
16 changed files with 82 additions and 82 deletions
11
system_ext/private/pixeldisplayservice_app.te
Normal file
11
system_ext/private/pixeldisplayservice_app.te
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
typeattribute pixeldisplayservice_app coredomain;
|
||||
|
||||
app_domain(pixeldisplayservice_app);
|
||||
|
||||
allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms;
|
||||
allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms;
|
||||
|
||||
# Standard system services
|
||||
allow pixeldisplayservice_app app_api_service:service_manager find;
|
||||
|
||||
allow pixeldisplayservice_app cameraserver_service:service_manager find;
|
||||
6
system_ext/private/seapp_contexts
Normal file
6
system_ext/private/seapp_contexts
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
# PixelDisplayService
|
||||
user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all
|
||||
|
||||
# SystemUI
|
||||
user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all
|
||||
user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all
|
||||
17
system_ext/private/systemui_app.te
Normal file
17
system_ext/private/systemui_app.te
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
typeattribute systemui_app coredomain;
|
||||
app_domain(systemui_app)
|
||||
allow systemui_app app_api_service:service_manager find;
|
||||
allow systemui_app network_score_service:service_manager find;
|
||||
allow systemui_app overlay_service:service_manager find;
|
||||
allow systemui_app color_display_service:service_manager find;
|
||||
allow systemui_app audioserver_service:service_manager find;
|
||||
allow systemui_app cameraserver_service:service_manager find;
|
||||
allow systemui_app mediaserver_service:service_manager find;
|
||||
allow systemui_app mediaextractor_service:service_manager find;
|
||||
allow systemui_app mediametrics_service:service_manager find;
|
||||
allow systemui_app radio_service:service_manager find;
|
||||
allow systemui_app vr_manager_service:service_manager find;
|
||||
|
||||
get_prop(systemui_app, keyguard_config_prop)
|
||||
set_prop(systemui_app, bootanim_system_prop)
|
||||
get_prop(systemui_app, qemu_hw_prop)
|
||||
1
system_ext/public/pixeldisplayservice_app.te
Normal file
1
system_ext/public/pixeldisplayservice_app.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type pixeldisplayservice_app, domain;
|
||||
1
system_ext/public/systemui_app.te
Normal file
1
system_ext/public/systemui_app.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type systemui_app, domain;
|
||||
Loading…
Add table
Add a link
Reference in a new issue