Add idmap2 and idmap2d

Bug: 78815803 Test: builds, boots Test: manual: adb shell idmap2 create ... Test: manual: adb shell ps | grep -e idmap2d Change-Id: I60852e15d99329896ff9de6559d1e7cd1c67e33d

Add idmap2 and idmap2d
Bug: 78815803 Test: builds, boots Test: manual: adb shell idmap2 create ... Test: manual: adb shell ps | grep -e idmap2d Change-Id: I60852e15d99329896ff9de6559d1e7cd1c67e33d
f62362da · Mårten Kongstad · Todd Kennedy · 7ef01c34 · f62362da · f62362da
Commit f62362da authored 6 years ago by Mårten Kongstad Committed by Todd Kennedy 6 years ago
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -34,6 +34,7 @@
    heapprofd
    heapprofd_exec
    heapprofd_socket
+    idmap_service
    intelligence_service
    iris_service
    llkd

--- a/private/file_contexts
+++ b/private/file_contexts
@@ -277,6 +277,7 @@
 /system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
 /system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
 /system/bin/idmap u:object_r:idmap_exec:s0
+/system/bin/idmap2(d)?           u:object_r:idmap_exec:s0
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
 /system/bin/storaged             u:object_r:storaged_exec:s0

--- a/private/idmap.te
+++ b/private/idmap.te
 typeattribute idmap coredomain;
+init_daemon_domain(idmap)
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -67,6 +67,7 @@ hardware                                  u:object_r:hardware_service:s0
 hardware_properties                       u:object_r:hardware_properties_service:s0
 hdmi_control                              u:object_r:hdmi_control_service:s0
 ians                                      u:object_r:radio_service:s0
+idmap                                     u:object_r:idmap_service:s0
 incident                                  u:object_r:incident_service:s0
 inputflinger                              u:object_r:inputflinger_service:s0
 input_method                              u:object_r:input_method_service:s0

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -186,6 +186,7 @@ binder_call(system_server, binderservicedomain)
 binder_call(system_server, dumpstate)
 binder_call(system_server, fingerprintd)
 binder_call(system_server, gatekeeperd)
+binder_call(system_server, idmap)
 binder_call(system_server, installd)
 binder_call(system_server, incidentd)
 binder_call(system_server, netd)
@@ -656,6 +657,7 @@ allow system_server fingerprintd_service:service_manager find;
 allow system_server hal_fingerprint_service:service_manager find;
 allow system_server gatekeeper_service:service_manager find;
 allow system_server gpu_service:service_manager find;
+allow system_server idmap_service:service_manager find;
 allow system_server incident_service:service_manager find;
 allow system_server installd_service:service_manager find;
 allow system_server keystore_service:service_manager find;

--- a/public/idmap.te
+++ b/public/idmap.te
@@ -2,9 +2,11 @@
 type idmap, domain;
 type idmap_exec, system_file_type, exec_type, file_type;
+# STOPSHIP remove /system/bin/idmap and the link between idmap and installd (b/118711077)
 # Use open file to /data/resource-cache file inherited from installd.
 allow idmap installd:fd use;
-allow idmap resourcecache_data_file:file { getattr read write };
+allow idmap resourcecache_data_file:file create_file_perms;
+allow idmap resourcecache_data_file:dir rw_dir_perms;
 # Ignore reading /proc/<pid>/maps after a fork.
 dontaudit idmap installd:file read;
@@ -18,3 +20,7 @@ r_dir_file(idmap, vendor_app_file)
 # Allow apps access to /vendor/overlay
 r_dir_file(idmap, vendor_overlay_file)
+# Allow the idmap2d binary to register as a service and communicate via AIDL
+binder_use(idmap)
+add_service(idmap, idmap_service)
--- a/public/service.te
+++ b/public/service.te
@@ -10,6 +10,7 @@ type fingerprintd_service,      service_manager_type;
 type hal_fingerprint_service,   service_manager_type;
 type gatekeeper_service,        app_api_service, service_manager_type;
 type gpu_service,               service_manager_type;
+type idmap_service,             service_manager_type;
 type iorapd_service,            service_manager_type;
 type inputflinger_service,      service_manager_type;
 type incident_service,          service_manager_type;