304962477a
Define the selinux domain to apply to SDK runtime for targetSdkVersion=34. The existing sdk_sandbox domain has been renamed to sdk_sandbox_next. Future CLs will add logic to apply one of these to the SDK runtime processes on the device, based on a flag. auditallow block from sdk_sandbox has been removed as we haven't yet measured the system health impact of adding this. It'll be added to an audit domain later after we've ruled out negative system health impact. Bug: 270148964 Test: make and boot the test device, load SDK using test app Change-Id: I7438fb16c1c5e85e30683e421ce463f9e0b1470d
15 lines
558 B
Text
15 lines
558 B
Text
hal_attribute(lazy_test);
|
|
|
|
# This is applied to apps on vendor images with SDK <=30 only,
|
|
# to exempt them from recent mls changes. It must not be applied
|
|
# to any domain on newer system or vendor image.
|
|
attribute mlsvendorcompat;
|
|
|
|
# Attributes for property types having both system_property_type
|
|
# and vendor_property_type. Such types are ill-formed because
|
|
# property owner attributes must be exclusive.
|
|
attribute system_and_vendor_property_type;
|
|
expandattribute system_and_vendor_property_type false;
|
|
|
|
# All SDK sandbox domains
|
|
attribute sdk_sandbox_all;
|