From a49b27af44d710d0879c6399c56e533cce04c3aa Mon Sep 17 00:00:00 2001
From: Robert Carr <racarr@google.com>
Date: Fri, 16 Nov 2018 13:32:58 -0800
Subject: [PATCH] SEPolicy for InputFlinger Service.

Add an InputFlinger service in system_server and allow SurfaceFlinger to
exchange sockets with it.

Test: None
Bug: 80101428
Bug: 113136004
Bug: 111440400
Change-Id: I1533ab7a1da0ca61d8a28037fffbc189d796f737
---
 private/surfaceflinger.te | 2 ++
 public/inputflinger.te    | 1 -
 public/service.te         | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 8652ee850..c50faef31 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -89,6 +89,7 @@ allow surfaceflinger permission_service:service_manager find;
 allow surfaceflinger power_service:service_manager find;
 allow surfaceflinger vr_manager_service:service_manager find;
 allow surfaceflinger window_service:service_manager find;
+allow surfaceflinger inputflinger_service:service_manager find;
 
 
 # allow self to set SCHED_FIFO
@@ -98,6 +99,7 @@ r_dir_file(surfaceflinger, cgroup)
 r_dir_file(surfaceflinger, system_file)
 allow surfaceflinger tmpfs:dir r_dir_perms;
 allow surfaceflinger system_server:fd use;
+allow surfaceflinger system_server:unix_stream_socket { read write };
 allow surfaceflinger ion_device:chr_file r_file_perms;
 
 # pdx IPC
diff --git a/public/inputflinger.te b/public/inputflinger.te
index f206c05e7..c3f4da858 100644
--- a/public/inputflinger.te
+++ b/public/inputflinger.te
@@ -9,7 +9,6 @@ binder_call(inputflinger, system_server)
 
 wakelock_use(inputflinger)
 
-add_service(inputflinger, inputflinger_service)
 allow inputflinger input_device:dir r_dir_perms;
 allow inputflinger input_device:chr_file rw_file_perms;
 
diff --git a/public/service.te b/public/service.te
index f6741805a..55f8d759e 100644
--- a/public/service.te
+++ b/public/service.te
@@ -12,7 +12,6 @@ type gatekeeper_service,        app_api_service, service_manager_type;
 type gpu_service,               service_manager_type;
 type idmap_service,             service_manager_type;
 type iorapd_service,            service_manager_type;
-type inputflinger_service,      service_manager_type;
 type incident_service,          service_manager_type;
 type installd_service,          service_manager_type;
 type keystore_service,          service_manager_type;
@@ -174,4 +173,5 @@ type wifi_service, app_api_service, system_server_service, service_manager_type;
 type wificond_service, service_manager_type;
 type wifiaware_service, app_api_service, system_server_service, service_manager_type;
 type window_service, system_api_service, system_server_service, service_manager_type;
+type inputflinger_service, system_api_service, system_server_service, service_manager_type;
 type wpantund_service, system_api_service, service_manager_type;
-- 
GitLab