From 89796047b8af32839d358fb4f1af8a5519e7c96e Mon Sep 17 00:00:00 2001 From: Klines Jiang Date: Tue, 26 Sep 2023 08:23:43 +0000 Subject: [PATCH] [SELinux] Update gyotaku_app domain policy for sync changes from upstream Bug: 302083256 Test: Local build and tested pass Change-Id: Ieae2eb5dac827fcc64129ece7d4e199d2f341da3 --- gyotaku_app/sepolicy/gyotaku_app.te | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/gyotaku_app/sepolicy/gyotaku_app.te b/gyotaku_app/sepolicy/gyotaku_app.te index 28fa93b..80123cf 100644 --- a/gyotaku_app/sepolicy/gyotaku_app.te +++ b/gyotaku_app/sepolicy/gyotaku_app.te @@ -1,34 +1,25 @@ type gyotaku_app, domain; -app_domain(gyotaku_app) - userdebug_or_eng(` + app_domain(gyotaku_app) + net_domain(gyotaku_app) + # For Gyotaku app common use allow gyotaku_app app_api_service:service_manager find; allow gyotaku_app privapp_data_file:lnk_file read; - allow gyotaku_app gyotaku_app:udp_socket create; allow gyotaku_app system_app_data_file:dir create_dir_perms; allow gyotaku_app system_app_data_file:file create_file_perms; - # For cloud and network related use - allow gyotaku_app dnsproxyd_socket:sock_file write; - allow gyotaku_app gyotaku_app:udp_socket connect; - allow gyotaku_app netd:unix_stream_socket connectto; - allow gyotaku_app gyotaku_app:tcp_socket create; - allow gyotaku_app privapp_data_file:file execute; - allow netd gyotaku_app:fd use; - allow netd gyotaku_app:tcp_socket {read write}; - # For access /proc/fs/f2fs/* storage use allow gyotaku_app proc_f2fs:dir search; - allow gyotaku_app proc_f2fs:file {open read}; + allow gyotaku_app proc_f2fs:file r_file_perms; # For access /proc/stat use - allow gyotaku_app proc_stat:file {read open getattr}; + allow gyotaku_app proc_stat:file r_file_perms; # For getproperty isDebuggable use get_prop(gyotaku_app, userdebug_or_eng_prop) - # For persiste property use - allow gyotaku_app logpersistd_logging_prop:file {read open getattr map}; + # For persistent property use + get_prop(gyotaku_app, logpersistd_logging_prop); ')