23f0f3b28a
This change adds the SEPolicy changes required to support the remote provisioning flow. The notable additions are specifically labeling the remote provisioning app and giving it access to find the remote provisioning service which is added in keystore. It also requires network access in order to communicate to the provisioning servers. This functionality is extremely narrow to the point that it seems worth it to define a separate domain for this app, rather than add this in to the priv_app or platform_app permission files. Since this app also communicates with the network, it also seems advantageous to limit its permissions only to what is absolutely necessary to perform its function. Test: No denials! Change-Id: I602c12365a575d914afc91f55e6a9b6aa2e14189 |
||
|---|---|---|
| .. | ||
| 30.0.cil | ||
| 30.0.compat.cil | ||
| 30.0.ignore.cil | ||