c4055f0d04
Specify per-service rules for PDX transport. Now being able to grant permissions to individual services provided by processes, not all services of a process. Also tighter control over which permissions are required for client and server for individual components of IPC (endpoints, channels, etc). Bug: 37646189 Change-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea Merged-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea
24 lines
745 B
Text
24 lines
745 B
Text
# sensord
|
|
type sensord, domain, mlstrustedsubject;
|
|
type sensord_exec, exec_type, file_type;
|
|
|
|
hal_client_domain(sensord, hal_graphics_allocator)
|
|
allow sensord hal_graphics_allocator:fd use;
|
|
|
|
pdx_server(sensord, sensors_client)
|
|
pdx_server(sensord, pose_client)
|
|
pdx_client(sensord, bufferhub_client)
|
|
pdx_client(sensord, performance_client)
|
|
|
|
# Access /dev/ion
|
|
allow sensord ion_device:chr_file r_file_perms;
|
|
|
|
allow sensord sensors_device:chr_file rw_file_perms;
|
|
|
|
binder_use(sensord)
|
|
binder_call(sensord, system_server)
|
|
allow sensord system_server:unix_stream_socket { read write };
|
|
|
|
allow sensord sensorservice_service:service_manager find;
|
|
# permission_service is used by the NDK sensor APIs.
|
|
allow sensord permission_service:service_manager find;
|