platform_system_sepolicy/public/webview_zygote.te
Alex Klyubin a7653ee2ed Move webview_zygote policy to private
This leaves only the existence of webview_zygote domain and its
executable's webview_zygote_exec file label as public API. All other
rules are implementation details of this domain's policy and are thus
now private.

Test: Device boots, with Multiproces WebView developer setting
      enabled, apps with WebView work fine. No new denials.
Bug: 31364497

Change-Id: I179476c43a50863ee3b327fc5155847d992a040d
2017-01-27 17:01:43 +00:00

5 lines
210 B
Text

# webview_zygote is an auxiliary zygote process that is used to spawn
# isolated_app processes for rendering untrusted web content.
type webview_zygote, domain;
type webview_zygote_exec, exec_type, file_type;