1fc57087b4
We want "vendor domain" which is referred to as { domain -coredomain
-appdomain }, to behave the same on user vs userdebug builds.
Bug: 134161662
Test: m selinux_policy / Check logcat for denials
Change-Id: If6757c820ed657ba2b70263bb546a456adcc7cff
29 lines
473 B
Text
29 lines
473 B
Text
typeattribute perfprofd coredomain;
|
|
|
|
userdebug_or_eng(`
|
|
init_daemon_domain(perfprofd)
|
|
')
|
|
|
|
neverallow {
|
|
domain
|
|
userdebug_or_eng(`
|
|
-statsd
|
|
-system_server
|
|
-system_suspend_server
|
|
-hal_health_server
|
|
-hwservicemanager
|
|
')
|
|
} perfprofd:binder call;
|
|
|
|
neverallow perfprofd {
|
|
domain
|
|
userdebug_or_eng(`
|
|
-servicemanager
|
|
-statsd
|
|
-su
|
|
-system_server
|
|
-system_suspend_server
|
|
-hal_health_server
|
|
-hwservicemanager
|
|
')
|
|
}:binder call;
|