Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sepolicy for dm backend app #334

Open
wants to merge 1 commit into
base: celadon/u/mr0/master
Choose a base branch
from
Open

Add sepolicy for dm backend app #334

wants to merge 1 commit into from

Conversation

chenyanxzhu
Copy link

Tracked-On:

@sysopenci
Copy link

Improper Commit Message
Proper Tracked on value is not present in
commit message,make sure Tracked-on: jira-ticket is present

@sysopenci sysopenci added Pending Developer Approval Pending Developer Approval Pending PR Review Pending PR Review Engineering Build Not Started Engineering Build Not Started labels Aug 15, 2024
@sysopenci
Copy link

Improper Commit Message
Proper Tracked on value is not present in
commit message,make sure Tracked-on: jira-ticket is present

@sysopenci
Copy link

Improper Commit Message
Proper Tracked on value is not present in
commit message,make sure Tracked-on: jira-ticket is present

@sysopenci
Copy link

Improper Commit Message
Proper Tracked on value is not present in
commit message,make sure Tracked-on: jira-ticket is present

@sysopenci
Copy link

Improper Commit Message
Proper Tracked on value is not present in
commit message,make sure Tracked-on: jira-ticket is present

@sysopenci
Copy link

Improper Commit Message
Proper Tracked on value is not present in
commit message,make sure Tracked-on: jira-ticket is present

@sysopenci
Copy link

Improper Commit Message
Proper Tracked on value is not present in
commit message,make sure Tracked-on: jira-ticket is present

feijiang1
feijiang1 approved these changes Sep 12, 2024
View reviewed changes
Copy link
Contributor

@feijiang1 feijiang1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sysopenci
Copy link

Android CI has started Engineering Build for this issue ,Please check the linked Tracked-On issue/Android CI Web for more details.

@sysopenci
Copy link

SUCCESS: Android CI has completed Engineering Build for this issue.Please check the linked Tracked-On issue/Android CI Web for more details.

@sysopenci sysopenci added Engineering Build Successful Engineering Build Successful and removed Engineering Build Not Started Engineering Build Not Started labels Sep 18, 2024
@sysopenci
Copy link

Android CI has started Engineering Build for this issue ,Please check the linked Tracked-On issue/Android CI Web for more details.

@sysopenci
Copy link

FAILURE: Android CI has completed Engineering Build for this issue.Please check the linked Tracked-On issue/Android CI Web for more details.

@sysopenci sysopenci added Engineering Build Failed and removed Engineering Build Successful Engineering Build Successful labels Sep 18, 2024
ceiba1985
ceiba1985 reviewed Sep 18, 2024
View reviewed changes
graphics/dm_backend/backend_client_app.te Outdated
@@ -0,0 +1,36 @@
type dm_backend_ipc_data_file, file_type, data_file_type;
type dm_backend_app_data_file, file_type, data_file_type, app_data_file_type;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

put these two lines to file.te

graphics/dm_backend/backend_client_app.te Outdated
app_domain(dm_backend_client_app)
net_domain(dm_backend_client_app)

#permissive dm_backend_client_app;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove all the rules you comment out

graphics/dm_backend/backend_client_app.te
allow dm_backend_client_app dm_backend_app_data_file:dir create_dir_perms;
#allow dm_backend_client_app default_prop:file read;
#get_prop(dm_backend_client_app, default_prop)
allow dm_backend_client_app dm_backend_app_data_file:file unlink;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remote this line

graphics/dm_backend/backend_client_app.te
allow dm_backend_client_app activity_service:service_manager find;
allow dm_backend_client_app activity_task_service:service_manager find;
allow dm_backend_client_app content_capture_service:service_manager find;
allow dm_backend_client_app dm_backend_app_data_file:file { create open read setattr write };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use create_file_perms instead

graphics/dm_backend/file_contexts
#dm_backend_app /data/vendor/dm_backend_app permission
/data/vendor/dm_backend_app(/.*)? u:object_r:dm_backend_ipc_data_file:s0
/system/bin/dm-backend u:object_r:dm_backend_server_exec:s0
/system/bin/acrn-bkend-server u:object_r:dm_backend_server_exec:s0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't assign a vendor file type to file in system partition

@sysopenci
Copy link

Android CI has started Engineering Build for this issue ,Please check the linked Tracked-On issue/Android CI Web for more details.

@sysopenci
Copy link

SUCCESS: Android CI has completed Engineering Build for this issue.Please check the linked Tracked-On issue/Android CI Web for more details.

@sysopenci sysopenci added Engineering Build Successful Engineering Build Successful and removed Engineering Build Failed labels Sep 19, 2024
@chenyanxzhu
Add sepolicy for dm backend app
62e2a25 
Tracked-On: OAM-124639
Signed-off-by: chenyanxzhu <[email protected]>
@sysopenci
Copy link

one of the dependent pr cannot be Rebase and Merged; please fix the issue and commit your changes once again to run EB.

@sysopenci
Copy link

Android CI has started Engineering Build for this issue ,Please check the linked Tracked-On issue/Android CI Web for more details.

@sysopenci
Copy link

SUCCESS: Android CI has completed Engineering Build for this issue.Please check the linked Tracked-On issue/Android CI Web for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@feijiang1 feijiang1 feijiang1 approved these changes

@balajim001 balajim001 Awaiting requested review from balajim001

@dyang23 dyang23 Awaiting requested review from dyang23

@GangSecurity GangSecurity Awaiting requested review from GangSecurity

@gkdeepa gkdeepa Awaiting requested review from gkdeepa

@JeevakaPrabu JeevakaPrabu Awaiting requested review from JeevakaPrabu

@kwang13 kwang13 Awaiting requested review from kwang13

@lchen43 lchen43 Awaiting requested review from lchen43

@sgnanase sgnanase Awaiting requested review from sgnanase

@swaroopbalan swaroopbalan Awaiting requested review from swaroopbalan

@YadongQi YadongQi Awaiting requested review from YadongQi

@ceiba1985 ceiba1985 Awaiting requested review from ceiba1985

Assignees
No one assigned
Labels
Developer Approved Engineering Build Successful Engineering Build Successful Valid commit message
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@chenyanxzhu @sysopenci @ceiba1985 @feijiang1 @dyang23