78 lines
2.4 KiB
Text
78 lines
2.4 KiB
Text
###
|
|
### Apps signed with the platform key.
|
|
###
|
|
|
|
type platform_app, domain;
|
|
app_domain(platform_app)
|
|
# Access the network.
|
|
net_domain(platform_app)
|
|
# Access bluetooth.
|
|
bluetooth_domain(platform_app)
|
|
# Read from /data/local/tmp or /data/data/com.android.shell.
|
|
allow platform_app shell_data_file:dir search;
|
|
allow platform_app shell_data_file:file { open getattr read };
|
|
# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
|
|
# created by system server.
|
|
allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;
|
|
allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
|
|
allow platform_app apk_private_data_file:dir search;
|
|
# ASEC
|
|
allow platform_app asec_apk_file:dir create_dir_perms;
|
|
allow platform_app asec_apk_file:file create_file_perms;
|
|
|
|
# Access to /data/media.
|
|
allow platform_app media_rw_data_file:dir create_dir_perms;
|
|
allow platform_app media_rw_data_file:file create_file_perms;
|
|
|
|
# Write to /cache.
|
|
allow platform_app cache_file:dir create_dir_perms;
|
|
allow platform_app cache_file:file create_file_perms;
|
|
|
|
allow platform_app drmserver_service:service_manager find;
|
|
allow platform_app mediaserver_service:service_manager find;
|
|
allow platform_app radio_service:service_manager find;
|
|
allow platform_app surfaceflinger_service:service_manager find;
|
|
allow platform_app system_server_service:service_manager find;
|
|
allow platform_app tmp_system_server_service:service_manager find;
|
|
|
|
service_manager_local_audit_domain(platform_app)
|
|
auditallow platform_app {
|
|
tmp_system_server_service
|
|
-accessibility_service
|
|
-account_service
|
|
-activity_service
|
|
-appops_service
|
|
-appwidget_service
|
|
-assetatlas_service
|
|
-audio_service
|
|
-batterystats_service
|
|
-bluetooth_manager_service
|
|
-connectivity_service
|
|
-content_service
|
|
-device_policy_service
|
|
-display_service
|
|
-dreams_service
|
|
-dropbox_service
|
|
-fingerprint_service
|
|
-graphicsstats_service
|
|
-input_method_service
|
|
-input_service
|
|
-lock_settings_service
|
|
-media_projection_service
|
|
-media_router_service
|
|
-media_session_service
|
|
-mount_service
|
|
-netpolicy_service
|
|
-netstats_service
|
|
-network_management_service
|
|
-notification_service
|
|
-power_service
|
|
-registry_service
|
|
-search_service
|
|
-statusbar_service
|
|
-trust_service
|
|
-user_service
|
|
-vibrator_service
|
|
-wallpaper_service
|
|
-wifi_service
|
|
}:service_manager find;
|