From 467d8a80ea62854e115b2b40ce6d559882eb248a Mon Sep 17 00:00:00 2001
From: Chris Wailes <chriswailes@google.com>
Date: Wed, 3 Mar 2021 12:30:28 -0800
Subject: [PATCH] Add SELinux properties for artd

Test: boot device and check for artd process
Change-Id: I2a161701102ecbde3e293af0346d1db0b11d4aab
---
 apex/com.android.art-file_contexts  |  1 +
 private/artd.te                     | 12 ++++++++++++
 private/compat/30.0/30.0.ignore.cil |  3 +++
 private/service_contexts            |  1 +
 public/service.te                   |  1 +
 5 files changed, 18 insertions(+)
 create mode 100644 private/artd.te

diff --git a/apex/com.android.art-file_contexts b/apex/com.android.art-file_contexts
index d2a862685..2533cac9d 100644
--- a/apex/com.android.art-file_contexts
+++ b/apex/com.android.art-file_contexts
@@ -2,6 +2,7 @@
 # System files
 #
 (/.*)?                   u:object_r:system_file:s0
+/bin/artd                u:object_r:artd_exec:s0
 /bin/dex2oat(32|64)?     u:object_r:dex2oat_exec:s0
 /bin/dexoptanalyzer      u:object_r:dexoptanalyzer_exec:s0
 /bin/odrefresh           u:object_r:odrefresh_exec:s0
diff --git a/private/artd.te b/private/artd.te
new file mode 100644
index 000000000..a76074b7e
--- /dev/null
+++ b/private/artd.te
@@ -0,0 +1,12 @@
+# art service daemon
+type artd, domain;
+type artd_exec, system_file_type, exec_type, file_type;
+
+# Allow artd to publish a binder service and make binder calls.
+binder_use(artd)
+add_service(artd, artd_service)
+allow artd dumpstate:fifo_file  { getattr write };
+
+typeattribute artd coredomain;
+
+init_daemon_domain(artd)
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index e479f3344..eb343151f 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -17,6 +17,9 @@
     app_hibernation_service
     appcompat_data_file
     arm64_memtag_prop
+    artd
+    artd_exec
+    artd_service
     authorization_service
     bootanim_config_prop
     camerax_extensions_prop
diff --git a/private/service_contexts b/private/service_contexts
index c9c6aef1a..335794331 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -51,6 +51,7 @@ blob_store                                u:object_r:blob_store_service:s0
 gsiservice                                u:object_r:gsi_service:s0
 appops                                    u:object_r:appops_service:s0
 appwidget                                 u:object_r:appwidget_service:s0
+artd                                      u:object_r:artd_service:s0
 assetatlas                                u:object_r:assetatlas_service:s0
 attention                                 u:object_r:attention_service:s0
 audio                                     u:object_r:audio_service:s0
diff --git a/public/service.te b/public/service.te
index 4012fcaba..916ad536f 100644
--- a/public/service.te
+++ b/public/service.te
@@ -1,6 +1,7 @@
 type aidl_lazy_test_service,    service_manager_type;
 type apc_service,               service_manager_type;
 type apex_service,              service_manager_type;
+type artd_service,              service_manager_type;
 type audioserver_service,       service_manager_type;
 type authorization_service,     service_manager_type;
 type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;