1e9eb36ad2
This reverts commit a41bfab758.
Reason for revert: Automerger path causing the regression is no more
Change-Id: I4c9ab6f2e18c9d8157f5667bc98fcce00e78f93d
34 lines
968 B
Text
34 lines
968 B
Text
###
|
|
### SDK Sandbox process.
|
|
###
|
|
### This file defines the audit sdk sandbox security policy for
|
|
### the set of restrictions proposed for the next SDK level.
|
|
###
|
|
### The sdk_sandbox_audit domain has the same rules as the
|
|
### sdk_sandbox_current domain and additional auditing rules
|
|
### for the accesses we are considering forbidding in the upcoming
|
|
### sdk_sandbox_next domain.
|
|
type sdk_sandbox_audit, domain, coredomain, sdk_sandbox_all, sdk_sandbox_current;
|
|
|
|
net_domain(sdk_sandbox_audit)
|
|
app_domain(sdk_sandbox_audit)
|
|
|
|
# Auditallow rules for accesses that are currently allowed but we
|
|
# might remove in the future.
|
|
|
|
auditallow sdk_sandbox_audit {
|
|
cameraserver_service
|
|
ephemeral_app_api_service
|
|
mediadrmserver_service
|
|
radio_service
|
|
}:service_manager find;
|
|
|
|
auditallow sdk_sandbox_audit {
|
|
property_type
|
|
-system_property_type
|
|
}:file rw_file_perms;
|
|
|
|
auditallow sdk_sandbox_audit {
|
|
property_type
|
|
-system_property_type
|
|
}:dir rw_dir_perms;
|