55e5c9b513
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
27 lines
710 B
Text
27 lines
710 B
Text
type traceur_app, domain;
|
|
|
|
allow traceur_app servicemanager:service_manager list;
|
|
allow traceur_app hwservicemanager:hwservice_manager list;
|
|
|
|
allow traceur_app {
|
|
service_manager_type
|
|
-apex_service
|
|
-dnsresolver_service
|
|
-gatekeeper_service
|
|
-incident_service
|
|
-installd_service
|
|
-iorapd_service
|
|
-lpdump_service
|
|
-netd_service
|
|
-virtual_touchpad_service
|
|
-vold_service
|
|
-vr_hwc_service
|
|
-default_android_service
|
|
}:service_manager find;
|
|
|
|
# Allow traceur_app to use atrace HAL
|
|
hal_client_domain(traceur_app, hal_atrace)
|
|
|
|
dontaudit traceur_app service_manager_type:service_manager find;
|
|
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
|
|
dontaudit traceur_app domain:binder call;
|