Merge "Add default label and mapping for vendor services" into oc-dev

74a96734 · TreeHugger Robot · Android (Google) Code Review · 11772818 · 082eae4e · 74a96734
Commit 74a96734 authored 7 years ago by TreeHugger Robot Committed by Android (Google) Code Review 7 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -421,18 +421,13 @@ neverallow * {fs_type -contextmount_type}:filesystem relabelto;
 neverallow { domain -recovery } contextmount_type:dir_file_class_set
    { create write setattr relabelfrom relabelto append unlink link rename };
-# Do not allow service_manager add for default_android_service.
+# Do not allow service_manager add for default service labels.
 # Instead domains should use a more specific type such as
 # system_app_service rather than the generic type.
-# New service_types are defined in service.te and new mappings
+# New service_types are defined in {,hw,vnd}service.te and new mappings
-# from service name to service_type are defined in service_contexts.
+# from service name to service_type are defined in {,hw,vnd}service_contexts.
 neverallow * default_android_service:service_manager add;
+neverallow * default_android_vndservice:service_manager { add find };
-# Do not allow hwservice_manager add for default_android_hwservice.
-# Instead domains should use a more specific type such as
-# hal_audio_hwservice rather than the generic type.
-# New service_types are defined in hwservice.te and new mappings
-# from service name to service_type are defined in hwservice_contexts.
 neverallow * default_android_hwservice:hwservice_manager { add find };
 # Looking up the base class/interface of all HwBinder services is a bad idea.

--- a/public/vndservice.te
+++ b/public/vndservice.te
+type default_android_vndservice, vndservice_manager_type;
--- a/vendor/vndservice_contexts
+++ b/vendor/vndservice_contexts
+*                       u:object_r:default_android_vndservice:s0