commit d7d9cfcad2a5b83fe0f554c5eaa53339b327beca
author Tao Bao <tbao@google.com> Mon Oct 16 21:57:12 2017 -0700
committer Tao Bao <tbao@google.com> Fri Jan 19 15:03:21 2018 -0800
tree 20bafb64641157baa464c23efc876a7852622b05
parent 829c6fef143b9e93213e521c30d960aba45e37f5

Add rules for system_update service.

system_update service manages system update information: system updater
(priv_app) publishes the pending system update info through the service,
while other apps can read the info accordingly (design doc in
go/pi-ota-platform-api).

This CL adds the service type, and grants priv_app to access the service.

Bug: 67437079
Test: Build and flash marlin image. The system_update service works.
Change-Id: I7a3eaee3ecd3e2e16b410413e917ec603566b375

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3ce030e..9da748a 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -67,6 +67,7 @@
     sysfs_fs_ext4_features
     system_boot_reason_prop
     system_net_netd_hwservice
+    system_update_service
     thermal_service
     thermalcallback_hwservice
     thermalserviced

private/priv_app.te

diff --git a/private/priv_app.te b/private/priv_app.te
index ec52d56..e3eec83 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -96,6 +96,10 @@
 binder_call(priv_app, storaged)
 allow priv_app storaged_service:service_manager find;
 
+# Allow GMS core to access system_update_service (e.g. to publish pending
+# system update info).
+allow priv_app system_update_service:service_manager find;
+
 # Allow GMS core to communicate with statsd.
 binder_call(priv_app, statsd)
 

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 6f33c89..c1ea51a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -151,6 +151,7 @@
 storaged                                  u:object_r:storaged_service:s0
 storagestats                              u:object_r:storagestats_service:s0
 SurfaceFlinger                            u:object_r:surfaceflinger_service:s0
+system_update                             u:object_r:system_update_service:s0
 task                                      u:object_r:task_service:s0
 telecom                                   u:object_r:telecom_service:s0
 telephony.registry                        u:object_r:registry_service:s0

public/service.te

diff --git a/public/service.te b/public/service.te
index 704e245..44c3ef6 100644
--- a/public/service.te
+++ b/public/service.te
@@ -131,6 +131,7 @@
 type slice_service, app_api_service, system_server_service, service_manager_type;
 type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type system_update_service, system_server_service, service_manager_type;
 type task_service, system_server_service, service_manager_type;
 type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;