Allow system_server and shell to start gsid on-demand. gsid is started lazily to reduce memory pressure. It can be started either via gsi_tool (invoked by adb shell), or by DynamicAndroidService via system_server. Bug: 126622385 Test: no denials running "gsi_tool status" Change-Id: I90a5f3f28fe4f294fb60e7c87a62e76716fbd5c0

commit: 64bbf0515030a6b7471d1378c970d9a249a7b78c [log] [tgz]
author: David Anderson <dvander@google.com> Wed Feb 27 18:31:11 2019 -0800
committer: David Anderson <dvander@google.com> Thu Feb 28 07:54:25 2019 -0800
tree: 4b19a623c56b1fa4e8a1d4ab1f9749969aab79e7
parent: 7eb9143e468534761af916d0c8cb862355cbc794 [diff] [blame]
diff --git a/private/property_contexts b/private/property_contexts
index a34a52c..b3214c8 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -127,6 +127,11 @@
 ctl.stop$adbd              u:object_r:ctl_adbd_prop:s0
 ctl.restart$adbd           u:object_r:ctl_adbd_prop:s0
 
+# Restrict access to starting/stopping gsid.
+ctl.start$gsid          u:object_r:ctl_gsid_prop:s0
+ctl.stop$gsid           u:object_r:ctl_gsid_prop:s0
+ctl.restart$gsid        u:object_r:ctl_gsid_prop:s0
+
 # NFC properties
 nfc.                    u:object_r:nfc_prop:s0
commit	64bbf0515030a6b7471d1378c970d9a249a7b78c	[log] [tgz]
author	David Anderson <dvander@google.com>	Wed Feb 27 18:31:11 2019 -0800
committer	David Anderson <dvander@google.com>	Thu Feb 28 07:54:25 2019 -0800
tree	4b19a623c56b1fa4e8a1d4ab1f9749969aab79e7
parent	7eb9143e468534761af916d0c8cb862355cbc794 [diff] [blame]