### ### Services with isolatedProcess=true in their manifest. ### ### This file defines the rules for isolated apps. An "isolated ### app" is an APP with UID between AID_ISOLATED_START (99000) ### and AID_ISOLATED_END (99999). ### ### isolated_app includes all the appdomain rules, plus the ### additional following rules: ### type isolated_app, domain; app_domain(isolated_app) net_domain(isolated_app) # read and write access to app_data_file is already # granted via app.te. Allow execute. # Needed to allow dlopen() from Chrome renderer processes. # See b/15902433 for details. allow isolated_app app_data_file:file execute; # Audited locally. service_manager_local_audit_domain(isolated_app) auditallow isolated_app service_manager_type:service_manager find;