2019-10-22 00:28:00 +02:00
|
|
|
###
|
|
|
|
|
### A domain for further sandboxing the GooglePermissionController app.
|
|
|
|
|
###
|
2019-11-21 21:26:08 +01:00
|
|
|
type permissioncontroller_app, domain, coredomain;
|
2019-10-22 00:28:00 +02:00
|
|
|
|
|
|
|
|
app_domain(permissioncontroller_app)
|
|
|
|
|
|
2020-12-07 20:42:27 +01:00
|
|
|
allow permissioncontroller_app app_api_service:service_manager find;
|
|
|
|
|
allow permissioncontroller_app system_api_service:service_manager find;
|
|
|
|
|
|
2019-10-22 00:28:00 +02:00
|
|
|
# Allow interaction with gpuservice
|
|
|
|
|
binder_call(permissioncontroller_app, gpuservice)
|
2020-12-04 23:27:12 +01:00
|
|
|
|
2020-05-05 00:13:34 +02:00
|
|
|
allow permissioncontroller_app radio_service:service_manager find;
|
2019-12-10 00:37:05 +01:00
|
|
|
|
|
|
|
|
# Allow the app to request and collect incident reports.
|
|
|
|
|
# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
|
|
|
|
|
allow permissioncontroller_app incident_service:service_manager find;
|
|
|
|
|
binder_call(permissioncontroller_app, incidentd)
|
|
|
|
|
allow permissioncontroller_app incidentd:fifo_file { read write };
|
