From 2f4d29bceaf6e23d358d5d594995c152365ce5a7 Mon Sep 17 00:00:00 2001 From: Jackal Guo Date: Wed, 3 May 2023 15:56:31 +0800 Subject: [PATCH] Create sepolicy for Pixel System Service Having the dedicated domain for Pixel System Service instead of using platform_app. Test: m Bug: 274749278 Change-Id: I852fc46a3b811925e3a75e71a3579b58898045f9 --- pixelsystemservice/pixelsystemservice.mk | 5 +++++ pixelsystemservice/sepolicy/pixelsystemservice_app.te | 6 ++++++ pixelsystemservice/sepolicy/seapp_contexts | 2 ++ 3 files changed, 13 insertions(+) create mode 100644 pixelsystemservice/pixelsystemservice.mk create mode 100644 pixelsystemservice/sepolicy/pixelsystemservice_app.te create mode 100644 pixelsystemservice/sepolicy/seapp_contexts diff --git a/pixelsystemservice/pixelsystemservice.mk b/pixelsystemservice/pixelsystemservice.mk new file mode 100644 index 0000000..fcabe89 --- /dev/null +++ b/pixelsystemservice/pixelsystemservice.mk @@ -0,0 +1,5 @@ +PRODUCT_SOONG_NAMESPACES += vendor/google/apps/PersistentBackgroundServices +PRODUCT_PACKAGES += \ + PersistentBackgroundServices + +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixelsystemservice/sepolicy diff --git a/pixelsystemservice/sepolicy/pixelsystemservice_app.te b/pixelsystemservice/sepolicy/pixelsystemservice_app.te new file mode 100644 index 0000000..f120058 --- /dev/null +++ b/pixelsystemservice/sepolicy/pixelsystemservice_app.te @@ -0,0 +1,6 @@ +type pixelsystemservice_app, domain, coredomain; + +app_domain(pixelsystemservice_app); + +# Standard system services +allow pixelsystemservice_app app_api_service:service_manager find; diff --git a/pixelsystemservice/sepolicy/seapp_contexts b/pixelsystemservice/sepolicy/seapp_contexts new file mode 100644 index 0000000..f1c1262 --- /dev/null +++ b/pixelsystemservice/sepolicy/seapp_contexts @@ -0,0 +1,2 @@ +# Pixel System Service +user=_app seinfo=platform name=com.google.android.pixelsystemservice domain=pixelsystemservice_app type=app_data_file levelFrom=all