platform_system_sepolicy/private/webview_zygote.te
Robert Sesek dc43f7cd84 Add the "webview_zygote" domain.
The webview_zygote is a new unprivileged zygote and has its own sockets for
listening to fork requests. However the webview_zygote does not run as root
(though it does require certain capabilities) and only allows dyntransition to
the isolated_app domain.

Test: m
Test: angler boots

Bug: 21643067
Change-Id: I89a72ffe6dcb983c4a44048518efd7efb7ed8e83
2016-11-11 10:13:17 -05:00

3 lines
157 B
Text

# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
init_daemon_domain(webview_zygote)