From 3286fca7db279b9e5d69da408301fc48b52b4c4b Mon Sep 17 00:00:00 2001
From: Svet Ganov <svetoslavganov@google.com>
Date: Mon, 12 Sep 2016 11:58:08 -0700
Subject: [PATCH] Move device serial behing a permission - selinux

Build serial is non-user resettable freely available device
identifier. It can be used by ad-netowrks to track the user
across apps which violates the user's privacy.

This change deprecates Build.SERIAL and adds a new Build.getSerial()
API which requires holding the read_phone_state permission.
The Build.SERIAL value is set to "undefined" for apps targeting
high enough SDK and for legacy app the value is still available.

bug:31402365

Change-Id: I6309aa58c8993b3db4fea7b55aae05592408b6e4
---
 service.te       | 1 +
 service_contexts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/service.te b/service.te
index 50aef266f..536d5e73e 100644
--- a/service.te
+++ b/service.te
@@ -47,6 +47,7 @@ type cpuinfo_service, system_api_service, system_server_service, service_manager
 type dbinfo_service, system_api_service, system_server_service, service_manager_type;
 type device_policy_service, app_api_service, system_server_service, service_manager_type;
 type deviceidle_service, app_api_service, system_server_service, service_manager_type;
+type device_identifiers_service, app_api_service, system_server_service, service_manager_type;
 type devicestoragemonitor_service, system_server_service, service_manager_type;
 type diskstats_service, system_api_service, system_server_service, service_manager_type;
 type display_service, app_api_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index c0dfd2be4..f7ac035e1 100644
--- a/service_contexts
+++ b/service_contexts
@@ -30,6 +30,7 @@ country_detector                          u:object_r:country_detector_service:s0
 cpuinfo                                   u:object_r:cpuinfo_service:s0
 dbinfo                                    u:object_r:dbinfo_service:s0
 device_policy                             u:object_r:device_policy_service:s0
+device_identifiers                        u:object_r:device_identifiers_service:s0
 deviceidle                                u:object_r:deviceidle_service:s0
 devicestoragemonitor                      u:object_r:devicestoragemonitor_service:s0
 diskstats                                 u:object_r:diskstats_service:s0
-- 
GitLab