From 1f7c89e359122284a469fb1414b88f01271408db Mon Sep 17 00:00:00 2001 From: Bruce Po Date: Fri, 31 May 2024 11:51:10 -0700 Subject: [PATCH] selinux move aocx from vndservice to service When updating aocx service to use binder ndk backend, we get this selinux violation: SELinux : avc: denied { add } for pid=2772 uid=0 name=aocx.IAocx scontext=u:r:aocxd:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0 TEST: adb push out/target/product/tangorpro/vendor/etc/selinux/* /vendor/etc/selinux adb reboot adb shell aocx_tool list BUG: 343998265 Change-Id: I1e4f554abfe02f33328c851f7da64c671d8f4cb7 --- aoc/sepolicy/service.te | 1 + aoc/sepolicy/{vndservice_contexts => service_contexts} | 0 aoc/sepolicy/vndservice.te | 1 - 3 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 aoc/sepolicy/service.te rename aoc/sepolicy/{vndservice_contexts => service_contexts} (100%) delete mode 100644 aoc/sepolicy/vndservice.te diff --git a/aoc/sepolicy/service.te b/aoc/sepolicy/service.te new file mode 100644 index 0000000..502b28d --- /dev/null +++ b/aoc/sepolicy/service.te @@ -0,0 +1 @@ +type aocx, service_manager_type; diff --git a/aoc/sepolicy/vndservice_contexts b/aoc/sepolicy/service_contexts similarity index 100% rename from aoc/sepolicy/vndservice_contexts rename to aoc/sepolicy/service_contexts diff --git a/aoc/sepolicy/vndservice.te b/aoc/sepolicy/vndservice.te deleted file mode 100644 index 01c2436..0000000 --- a/aoc/sepolicy/vndservice.te +++ /dev/null @@ -1 +0,0 @@ -type aocx, vndservice_manager_type;