From d7d9cfcad2a5b83fe0f554c5eaa53339b327beca Mon Sep 17 00:00:00 2001
From: Tao Bao <tbao@google.com>
Date: Mon, 16 Oct 2017 21:57:12 -0700
Subject: [PATCH] Add rules for system_update service.

system_update service manages system update information: system updater
(priv_app) publishes the pending system update info through the service,
while other apps can read the info accordingly (design doc in
go/pi-ota-platform-api).

This CL adds the service type, and grants priv_app to access the service.

Bug: 67437079
Test: Build and flash marlin image. The system_update service works.
Change-Id: I7a3eaee3ecd3e2e16b410413e917ec603566b375
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/priv_app.te                 | 4 ++++
 private/service_contexts            | 1 +
 public/service.te                   | 1 +
 4 files changed, 7 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3ce030eed..9da748a92 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -67,6 +67,7 @@
     sysfs_fs_ext4_features
     system_boot_reason_prop
     system_net_netd_hwservice
+    system_update_service
     thermal_service
     thermalcallback_hwservice
     thermalserviced
diff --git a/private/priv_app.te b/private/priv_app.te
index ec52d5691..e3eec831d 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -96,6 +96,10 @@ allow priv_app update_engine_service:service_manager find;
 binder_call(priv_app, storaged)
 allow priv_app storaged_service:service_manager find;
 
+# Allow GMS core to access system_update_service (e.g. to publish pending
+# system update info).
+allow priv_app system_update_service:service_manager find;
+
 # Allow GMS core to communicate with statsd.
 binder_call(priv_app, statsd)
 
diff --git a/private/service_contexts b/private/service_contexts
index 6f33c8975..c1ea51a92 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -151,6 +151,7 @@ statusbar                                 u:object_r:statusbar_service:s0
 storaged                                  u:object_r:storaged_service:s0
 storagestats                              u:object_r:storagestats_service:s0
 SurfaceFlinger                            u:object_r:surfaceflinger_service:s0
+system_update                             u:object_r:system_update_service:s0
 task                                      u:object_r:task_service:s0
 telecom                                   u:object_r:telecom_service:s0
 telephony.registry                        u:object_r:registry_service:s0
diff --git a/public/service.te b/public/service.te
index 704e2452e..44c3ef6ca 100644
--- a/public/service.te
+++ b/public/service.te
@@ -131,6 +131,7 @@ type shortcut_service, app_api_service, system_server_service, service_manager_t
 type slice_service, app_api_service, system_server_service, service_manager_type;
 type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type system_update_service, system_server_service, service_manager_type;
 type task_service, system_server_service, service_manager_type;
 type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-- 
GitLab