From 030a7ef69cc0827b587c26d13142e032676563a4 Mon Sep 17 00:00:00 2001 From: Corey Tabaka <eieio@google.com> Date: Wed, 16 Aug 2017 15:02:11 -0700 Subject: [PATCH] Enable performanced to talk to the permission service. Performanced needs to talk to the permission service to verify permissions of clients to access certain restricted scheduler policies. Bug: 64337476 Test: performance_service_tests passes; logs do not contain avc denials for performanced -> permission service. Change-Id: I31618ab1d3e79c3c10138d567b0f5606527020f9 --- public/performanced.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/public/performanced.te b/public/performanced.te index 3d3fadb39..9bf813e1a 100644 --- a/public/performanced.te +++ b/public/performanced.te @@ -2,6 +2,11 @@ type performanced, domain, mlstrustedsubject; type performanced_exec, exec_type, file_type; +# Needed to check for app permissions. +binder_use(performanced) +binder_call(performanced, system_server) +allow performanced permission_service:service_manager find; + pdx_server(performanced, performance_client) # TODO: use file caps to obtain sys_nice instead of setuid / setgid. -- GitLab