Commits

Alex Klyubin  committed 63eea9a

Rename domain "system" to "system_server".

Now that the "system" domain is just about the system_server, it's
clearer if the domain is called "system_server".

This CL depends on the renaming in external/sepolicy performed in
https://android-review.googlesource.com/#/c/65502/.

Change-Id: I90a6850603dcf60049963462c5572d36de62bc00

  • Participants
  • Parent commits d6cdb88

Comments (0)

Files changed (4)

File BoardConfig.mk

        nfc.te \
        rild.te \
        surfaceflinger.te \
-       system.te \
+       system_server.te \
        ueventd.te \
        wpa.te
 

File sepolicy/compatibility.te

 allow adbd self:capability setpcap;
 
 #============= debuggerd ==============
-allow debuggerd system:unix_stream_socket connectto;
+allow debuggerd system_server:unix_stream_socket connectto;
 allow debuggerd system_data_file:sock_file write;
 
 #============= dhcp ==============
 allow surfaceflinger system_app:dir search;
 allow surfaceflinger system_app:file { read open };
 
-#============= system ==============
-allow system device:chr_file ioctl;
-allow system init:binder { transfer call };
-allow system init:unix_stream_socket { read write setopt };
-allow system proc:file write;
-allow system security_file:lnk_file read;
-allow system unlabeled:dir { read remove_name write open add_name };
-allow system unlabeled:file { rename getattr read create open ioctl append };
+#============= system_server ==============
+allow system_server device:chr_file ioctl;
+allow system_server init:binder { transfer call };
+allow system_server init:unix_stream_socket { read write setopt };
+allow system_server proc:file write;
+allow system_server security_file:lnk_file read;
+allow system_server unlabeled:dir { read remove_name write open add_name };
+allow system_server unlabeled:file { rename getattr read create open ioctl append };
 
 #============= system_app ==============
 allow system_app init:unix_stream_socket { read write setopt };

File sepolicy/system.te

-# Grant GPU access to system apps (e.g., PowerManagerService)
-allow system gpu_device:chr_file rw_file_perms;
-allow system diag_device:chr_file rw_file_perms;
-
-# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system apps
-# (e.g., LocationManager)
-allow system qmux_radio_socket:sock_file create_file_perms;
-allow system qmux_radio_socket:dir rw_dir_perms;

File sepolicy/system_server.te

+# Grant GPU access to system services (e.g., PowerManagerService)
+allow system_server gpu_device:chr_file rw_file_perms;
+allow system_server diag_device:chr_file rw_file_perms;
+
+# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services
+# (e.g., LocationManager)
+allow system_server qmux_radio_socket:sock_file create_file_perms;
+allow system_server qmux_radio_socket:dir rw_dir_perms;