21 lines
649 B
Text
21 lines
649 B
Text
###
|
|
### A domain for sandboxing the remote key provisioning daemon
|
|
### app that is shipped via mainline.
|
|
###
|
|
typeattribute rkpdapp coredomain;
|
|
|
|
app_domain(rkpdapp)
|
|
net_domain(rkpdapp)
|
|
|
|
# RKPD needs to be able to call the remote provisioning HALs
|
|
hal_client_domain(rkpdapp, hal_keymint)
|
|
|
|
# Grant access to certain system properties related to RKP
|
|
get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop)
|
|
|
|
# Grant access to the normal services that are available to all apps
|
|
allow rkpdapp app_api_service:service_manager find;
|
|
|
|
# Grant access to statsd
|
|
allow rkpdapp statsmanager_service:service_manager find;
|
|
binder_call(rkpdapp, statsd)
|