4a89cdfa89
Temporarily give every system_server_service its own domain in preparation for splitting it and identifying special services or classes of services. Change-Id: I81ffbdbf5eea05e0146fd7fd245f01639b1ae0ef
14 lines
636 B
Text
14 lines
636 B
Text
# Process which creates/updates shared RELRO files to be used by other apps.
|
|
type shared_relro, domain;
|
|
|
|
# The shared relro process is a Java program forked from the zygote, so it
|
|
# inherits from app to get basic permissions it needs to run.
|
|
app_domain(shared_relro)
|
|
|
|
# Grant write access to the shared relro files/directory.
|
|
allow shared_relro shared_relro_file:dir rw_dir_perms;
|
|
allow shared_relro shared_relro_file:file create_file_perms;
|
|
|
|
# Needs to contact the "webviewupdate" and "activity" services
|
|
allow shared_relro system_server_service:service_manager find;
|
|
allow shared_relro tmp_system_server_service:service_manager find;
|