Create sepolicy for Pixel System Service

Having the dedicated domain for Pixel System Service instead of using platform_app. Test: m Bug: 274749278 Change-Id: I852fc46a3b811925e3a75e71a3579b58898045f9
2023-05-03 15:56:31 +08:00 · 2023-05-03 15:56:31 +08:00 · 2f4d29bcea
commit 2f4d29bcea
parent d5df962202
3 changed files with 13 additions and 0 deletions
--- a/pixelsystemservice/pixelsystemservice.mk
+++ b/pixelsystemservice/pixelsystemservice.mk
@ -0,0 +1,5 @@
+PRODUCT_SOONG_NAMESPACES += vendor/google/apps/PersistentBackgroundServices
+PRODUCT_PACKAGES += \
+       PersistentBackgroundServices
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixelsystemservice/sepolicy
--- a/pixelsystemservice/sepolicy/pixelsystemservice_app.te
+++ b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
@ -0,0 +1,6 @@
+type pixelsystemservice_app, domain, coredomain;
+
+app_domain(pixelsystemservice_app);
+
+# Standard system services
+allow pixelsystemservice_app app_api_service:service_manager find;
--- a/pixelsystemservice/sepolicy/seapp_contexts
+++ b/pixelsystemservice/sepolicy/seapp_contexts
@ -0,0 +1,2 @@
+# Pixel System Service
+user=_app seinfo=platform name=com.google.android.pixelsystemservice domain=pixelsystemservice_app type=app_data_file levelFrom=all