platform_system_sepolicy/private/sdk_sandbox_34.te
Mugdha Lakhani 9304b8a6cc Create sdk_sandbox_all.
Rename sdk_sandbox to sdk_sandbox_34.
Additionally, Extract out parts of sdk_sandbox_34 to
sdk_sandbox_all.te that will be shared with all sdk_sandbox domains.

Bug: b/270148964
Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest
SdkSandboxRestrictionsTest

Change-Id: I36e0c8795148de83c81dfe12559452812aa2b25e
Merged-In: I36e0c8795148de83c81dfe12559452812aa2b25e
2023-05-10 17:54:07 +00:00

91 lines
2.2 KiB
Text

###
### SDK Sandbox process.
###
### This file defines the security policy for the sdk sandbox processes
### for targetSdkVersion=34.
type sdk_sandbox_34, domain, coredomain, sdk_sandbox_all;
net_domain(sdk_sandbox_34)
app_domain(sdk_sandbox_34)
# Allow finding services. This is different from ephemeral_app policy.
# Adding services manually to the allowlist is preferred hence app_api_service is not used.
allow sdk_sandbox_34 {
activity_service
activity_task_service
appops_service
audio_service
audioserver_service
batteryproperties_service
batterystats_service
cameraserver_service
connectivity_service
connmetrics_service
deviceidle_service
display_service
dropbox_service
ephemeral_app_api_service
font_service
game_service
gpu_service
graphicsstats_service
hardware_properties_service
hint_service
imms_service
input_method_service
input_service
IProxyService_service
ipsec_service
launcherapps_service
legacy_permission_service
light_service
locale_service
media_communication_service
mediadrmserver_service
mediaextractor_service
mediametrics_service
media_projection_service
media_router_service
mediaserver_service
media_session_service
memtrackproxy_service
midi_service
netpolicy_service
netstats_service
network_management_service
notification_service
package_service
permission_checker_service
permission_service
permissionmgr_service
platform_compat_service
power_service
procstats_service
radio_service
registry_service
restrictions_service
rttmanager_service
search_service
selection_toolbar_service
sensor_privacy_service
sensorservice_service
servicediscovery_service
settings_service
speech_recognition_service
statusbar_service
storagestats_service
surfaceflinger_service
telecom_service
tethering_service
textclassification_service
textservices_service
texttospeech_service
thermal_service
translation_service
tv_iapp_service
tv_input_service
uimode_service
vcn_management_service
webviewupdate_service
}:service_manager find;