2019-10-22 00:28:00 +02:00
|
|
|
###
|
|
|
|
|
### A domain for further sandboxing the GooglePermissionController app.
|
|
|
|
|
###
|
2019-11-21 21:26:08 +01:00
|
|
|
type permissioncontroller_app, domain, coredomain;
|
2019-10-22 00:28:00 +02:00
|
|
|
|
2019-11-20 23:40:40 +01:00
|
|
|
# Allow everything.
|
|
|
|
|
# TODO(b/142672293): remove when no selinux denials are triggered for this
|
|
|
|
|
# domain
|
|
|
|
|
# STOPSHIP(b/142672293): monitor http://go/sedenials for any denials around
|
|
|
|
|
# `permissioncontroller_app` and remove this line once we are confident about
|
|
|
|
|
# this having the right set of permissions.
|
|
|
|
|
userdebug_or_eng(`permissive permissioncontroller_app;')
|
|
|
|
|
|
2019-10-22 00:28:00 +02:00
|
|
|
app_domain(permissioncontroller_app)
|
|
|
|
|
|
|
|
|
|
# Allow interaction with gpuservice
|
|
|
|
|
binder_call(permissioncontroller_app, gpuservice)
|
|
|
|
|
allow permissioncontroller_app gpu_service:service_manager find;
|
|
|
|
|
|
|
|
|
|
# Allow interaction with role_service
|
|
|
|
|
allow permissioncontroller_app role_service:service_manager find;
|
|
|
|
|
|
|
|
|
|
# Allow interaction with usagestats_service
|
|
|
|
|
allow permissioncontroller_app usagestats_service:service_manager find;
|
|
|
|
|
|
|
|
|
|
# Allow interaction with activity_service
|
|
|
|
|
allow permissioncontroller_app activity_service:service_manager find;
|
2019-11-05 01:03:54 +01:00
|
|
|
|
|
|
|
|
allow permissioncontroller_app activity_task_service:service_manager find;
|
|
|
|
|
allow permissioncontroller_app audio_service:service_manager find;
|
|
|
|
|
allow permissioncontroller_app autofill_service:service_manager find;
|
2019-11-21 21:26:08 +01:00
|
|
|
allow permissioncontroller_app content_capture_service:service_manager find;
|
2019-11-05 01:03:54 +01:00
|
|
|
allow permissioncontroller_app device_policy_service:service_manager find;
|
2019-11-21 21:26:08 +01:00
|
|
|
allow permissioncontroller_app incidentcompanion_service:service_manager find;
|
2019-11-05 01:03:54 +01:00
|
|
|
allow permissioncontroller_app location_service:service_manager find;
|
2019-11-21 21:26:08 +01:00
|
|
|
allow permissioncontroller_app media_session_service:service_manager find;
|
2019-11-05 01:03:54 +01:00
|
|
|
allow permissioncontroller_app surfaceflinger_service:service_manager find;
|
2019-11-21 21:26:08 +01:00
|
|
|
allow permissioncontroller_app telecom_service:service_manager find;
|
2019-11-05 01:03:54 +01:00
|
|
|
allow permissioncontroller_app trust_service:service_manager find;
|
