Sepolicy: Fix system server calling perfprofd

Give all the right permissions to find and send a message to perfprofd from the system server. Bug: 73175642 Test: m Test: manual Change-Id: I82b63ec097dcd445d9e8169fe0df4398d62ac184

Sepolicy: Fix system server calling perfprofd
Give all the right permissions to find and send a message to perfprofd from the system server. Bug: 73175642 Test: m Test: manual Change-Id: I82b63ec097dcd445d9e8169fe0df4398d62ac184
986b9af4 · Andreas Gampe · c4ec97ab · 986b9af4 · 986b9af4
Commit 986b9af4 authored 6 years ago by Andreas Gampe
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -4,5 +4,5 @@ userdebug_or_eng(`
 ')

 # Only servicemanager, statsd, su and systemserver can communicate.
-neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
+neverallow { domain userdebug_or_eng(`-statsd -system_server') } perfprofd:binder call;
 neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -180,6 +180,9 @@ binder_call(system_server, storaged)
 binder_call(system_server, vold)
 binder_call(system_server, wificond)
 binder_call(system_server, wpantund)
+userdebug_or_eng(`
+  binder_call(system_server, perfprofd)
+')
 binder_service(system_server)

 # Use HALs
@@ -620,6 +623,9 @@ allow system_server storaged_service:service_manager find;
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server vold_service:service_manager find;
 allow system_server wificond_service:service_manager find;
+userdebug_or_eng(`
+  allow system_server perfprofd_service:service_manager find;
+')

 allow system_server keystore:keystore_key {
 	get_state