How can I lock down an Android service to my company?

Question

Background:
I'm building a service into the Android OS and I would like it to be accessible only to apps published by my company. This service is implemented as a component of a Java-based system app, and said system app must be signed by the platform certificate in order to use several system permissions it requires (protectionLevel="signature|privileged" in frameworks/base/core/res/AndroidManifest.xml). The app(s) that will be accessing it need to be signed by my company certificate (different from the platform cert), so AFAIK the service needs to be remote and exported. The apps will communicate with the service across processes by using a messenger (though AIDL is also an option).

Question:
How can I lock down an exported system service to only my company's apps?
I've already had to implement a custom SELinux domain for my company's apps for another project, so an SELinux policy solution (e.g. only members of a given SELinux domain are allowed to bind to a given service) would be ideal.

Answer 1

If I understand your situation, you have:

• a service inside a system app, therefore it has system app permissions.

• apps that needs to talk to this service, and you know how to create a separated selinux domain for them.

In that case, you can implement a service in init.rc with the same selinux context as your apps and a domain socket with system permission. Now, only your apps can access init.rc service, which can communicate with java service using the socket.