From 8e818e3426dd95b2a987c4fedc919325d565ac8a Mon Sep 17 00:00:00 2001 From: Benjamin Schwartz Date: Mon, 3 Aug 2020 15:48:44 -0700 Subject: Fix sepolicy name conflict Need to distinguish between power stats hal's main service and the vendor service that it runs to provide an AIDL interface to other userspace stats providers. This also uncovered a problem where con_monitor_app was not labeled as coredomain. Bug: 162472196 Bug: 162964335 Test: m Change-Id: Icb95bc0acf114f877c92f08d10372c4052526ff7 --- coral-sepolicy.mk | 1 + vendor/google/citadeld.te | 1 - vendor/google/hal_power_stats_default.te | 3 --- vendor/google/vndservice.te | 1 - vendor/google/vndservice_contexts | 1 - vendor/qcom/common/con_monitor.te | 2 +- 6 files changed, 2 insertions(+), 7 deletions(-) diff --git a/coral-sepolicy.mk b/coral-sepolicy.mk index 4d1a0e2..1b256ca 100644 --- a/coral-sepolicy.mk +++ b/coral-sepolicy.mk @@ -11,3 +11,4 @@ BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/verizon # Pixel-wide BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel +BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats diff --git a/vendor/google/citadeld.te b/vendor/google/citadeld.te index b02bd30..e042518 100644 --- a/vendor/google/citadeld.te +++ b/vendor/google/citadeld.te @@ -1,2 +1 @@ -allow citadeld hal_power_stats_service:service_manager find; allow citadeld debugfs_ipc:dir search; diff --git a/vendor/google/hal_power_stats_default.te b/vendor/google/hal_power_stats_default.te index c9e3fe7..7bdd7c0 100644 --- a/vendor/google/hal_power_stats_default.te +++ b/vendor/google/hal_power_stats_default.te @@ -10,7 +10,4 @@ allow hal_power_stats_default pwrstats_device:chr_file rw_file_perms; dontaudit hal_power_stats_default sysfs_power_stats_ignore:dir r_dir_perms; dontaudit hal_power_stats_default sysfs_power_stats_ignore:file r_file_perms; -vndbinder_use(hal_power_stats) -add_service(hal_power_stats_server, hal_power_stats_service) - binder_call(hal_power_stats, citadeld) diff --git a/vendor/google/vndservice.te b/vendor/google/vndservice.te index d709b6b..3d188a0 100644 --- a/vendor/google/vndservice.te +++ b/vendor/google/vndservice.te @@ -1,5 +1,4 @@ type rls_service, vndservice_manager_type; -type hal_power_stats_service, vndservice_manager_type; type airbrush_faceauth_service, vndservice_manager_type; type airbrush_tpu_service, vndservice_manager_type; type eco_service, vndservice_manager_type; diff --git a/vendor/google/vndservice_contexts b/vendor/google/vndservice_contexts index e065d8a..d40c014 100644 --- a/vendor/google/vndservice_contexts +++ b/vendor/google/vndservice_contexts @@ -1,6 +1,5 @@ rlsservice u:object_r:rls_service:s0 airbrush_faceauth u:object_r:airbrush_faceauth_service:s0 airbrush_tpu u:object_r:airbrush_tpu_service:s0 -power.stats-vendor u:object_r:hal_power_stats_service:s0 media.ecoservice u:object_r:eco_service:s0 diff --git a/vendor/qcom/common/con_monitor.te b/vendor/qcom/common/con_monitor.te index 5108d1c..6acd6dc 100644 --- a/vendor/qcom/common/con_monitor.te +++ b/vendor/qcom/common/con_monitor.te @@ -1,5 +1,5 @@ # ConnectivityMonitor app -type con_monitor_app, domain; +type con_monitor_app, domain, coredomain; app_domain(con_monitor_app) -- cgit v1.2.3