From 52a96cc7dd2385b1c341e4a02842ed575cbc0652 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Thu, 5 Mar 2020 09:41:37 -0800 Subject: [PATCH] Allow vndservicemanager to self-register. This is useful for tools like dumpsys, so that they work on all services equally as well. Also, so that there is no difference with the regular service manager. Bug: 150579832 Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager' Test: denial is no longer present: 03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0 Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e --- private/compat/29.0/29.0.ignore.cil | 2 ++ public/vndservice.te | 1 + vendor/vndservice_contexts | 1 + vendor/vndservicemanager.te | 2 ++ 4 files changed, 6 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 3e90ec28f..9c5deb0a3 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -82,6 +82,7 @@ art_apex_dir rebootescrow_hal_prop service_manager_service + service_manager_vndservice simpleperf snapshotctl_log_data_file socket_hook_prop @@ -111,4 +112,5 @@ vendor_install_recovery vendor_install_recovery_exec vendor_socket_hook_prop + vendor_socket_hook_prop virtual_ab_prop)) diff --git a/public/vndservice.te b/public/vndservice.te index 0d309bf71..efd9adf92 100644 --- a/public/vndservice.te +++ b/public/vndservice.te @@ -1 +1,2 @@ +type service_manager_vndservice, vndservice_manager_type; type default_android_vndservice, vndservice_manager_type; diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts index 4cca2fb65..068056f53 100644 --- a/vendor/vndservice_contexts +++ b/vendor/vndservice_contexts @@ -1 +1,2 @@ +manager u:object_r:service_manager_vndservice:s0 * u:object_r:default_android_vndservice:s0 diff --git a/vendor/vndservicemanager.te b/vendor/vndservicemanager.te index 6e5c391f8..497e027b0 100644 --- a/vendor/vndservicemanager.te +++ b/vendor/vndservicemanager.te @@ -13,6 +13,8 @@ allow vndservicemanager vndbinder_device:chr_file rw_file_perms; # Read vndservice_contexts allow vndservicemanager vndservice_contexts_file:file r_file_perms; +add_service(vndservicemanager, service_manager_vndservice) + # Start lazy services set_prop(vndservicemanager, ctl_interface_start_prop)