Merge "Sepolicy: Moving few service to private."

common/qdma_app.te

@@ -51,5 +51,7 @@ allow qdma_app { mount_service }:service_manager find;
 allow qdma_app qdma_data_file:dir create_dir_perms;
 allow qdma_app qdma_data_file:file create_file_perms;
 
+allow qdma_app user_service:service_manager find;
+
 # allow access to socket
 unix_socket_connect(qdma_app, dpmtcm, dpmd)

common/service.te

@@ -12,7 +12,6 @@ type improve_touch_service,       service_manager_type;
 type usf_service,                 service_manager_type;
 type dtseagleservice_service,     service_manager_type;
 type gba_auth_service,            service_manager_type;
-type izat_service,                app_api_service, system_api_service, service_manager_type;
 type mdtpdaemon_service,          service_manager_type;
 type qtitetherservice_service,    service_manager_type;
 type wigigp2p_service,            app_api_service, system_server_service, service_manager_type;

common/service_contexts

@@ -39,9 +39,6 @@ improveTouch.HandBiometricManagerService       u:object_r:improve_touch_service:
 wfdservice                                     u:object_r:wfdservice_service:s0
 DigitalPen                                     u:object_r:usf_service:s0
 dts_eagle_service                              u:object_r:dtseagleservice_service:s0
-extphone                                       u:object_r:radio_service:s0
-qti.ims.ext                                    u:object_r:radio_service:s0
-com.qualcomm.location.izat.IzatService         u:object_r:izat_service:s0
 com.qualcomm.qti.secota.service.SecotaNService u:object_r:secotad_service:s0
 mdtp                                           u:object_r:mdtpdaemon_service:s0
 qtitetherservice                               u:object_r:qtitetherservice_service:s0
@@ -52,4 +49,3 @@ wigig                                          u:object_r:wigig_service:s0
 # DOLBY_START
 media.dolby_memoryservice                      u:object_r:audioserver_service:s0
 # DOLBY_END
-sms-sec                                        u:object_r:radio_service:s0

common/system_server.te

@@ -107,9 +107,6 @@ get_prop(system_server, xlat_prop)
 # For WFD
 allow system_server graphics_device:dir r_dir_perms;
 
-# Allow Izat service
-allow system_server izat_service:service_manager add;
-
 # For QSEE Svc Apps
 allow system_server qsee_svc_app_data_file:file rw_file_perms;
 allow system_server qsee_svc_app_data_file:dir r_dir_perms;

private/service.te

@@ -30,3 +30,5 @@ type cne_service,                 service_manager_type;
 type dpmservice,                  service_manager_type;
 type uce_service,                 service_manager_type;
 type MinkBinderSvc,               app_api_service, service_manager_type;
+type izat_service,                app_api_service, system_api_service, service_manager_type;
+

private/service_contexts

@@ -33,3 +33,8 @@ dpmservice                                     u:object_r:dpmservice:s0
 uce                                            u:object_r:uce_service:s0
 vendor.audio.vrservice                         u:object_r:audioserver_service:s0
 MinkBinderSvc                                  u:object_r:MinkBinderSvc:s0
+com.qualcomm.location.izat.IzatService         u:object_r:izat_service:s0
+sms-sec                                        u:object_r:radio_service:s0
+extphone                                       u:object_r:radio_service:s0
+qti.ims.ext                                    u:object_r:radio_service:s0
+

private/system_server.te

@@ -33,3 +33,6 @@ allow system_server { dpmd_socket dpmtcm_socket dpmwrapper_socket }:sock_file w_
 
 allow system_server dpmd_data_file:dir create_dir_perms;
 allow system_server dpmd_data_file:file create_file_perms;
+
+# Allow Izat service
+allow system_server izat_service:service_manager add;