platform_system_sepolicy/platform_app.te
dcashman 566e8fe258 Record service accesses.
Reduce logspam and record further observed service connections.

Bug: 18106000
Change-Id: I9a57e4bb8f1c8e066861719fb208c691498842a8
2015-01-16 17:27:25 -08:00

76 lines
No EOL
2.3 KiB
Text

###
### Apps signed with the platform key.
###
type platform_app, domain;
app_domain(platform_app)
# Access the network.
net_domain(platform_app)
# Access bluetooth.
bluetooth_domain(platform_app)
# Read from /data/local/tmp or /data/data/com.android.shell.
allow platform_app shell_data_file:dir search;
allow platform_app shell_data_file:file { open getattr read };
# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
# created by system server.
allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;
allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
allow platform_app apk_private_data_file:dir search;
# ASEC
allow platform_app asec_apk_file:dir create_dir_perms;
allow platform_app asec_apk_file:file create_file_perms;
# Access to /data/media.
allow platform_app media_rw_data_file:dir create_dir_perms;
allow platform_app media_rw_data_file:file create_file_perms;
# Write to /cache.
allow platform_app cache_file:dir create_dir_perms;
allow platform_app cache_file:file create_file_perms;
allow platform_app drmserver_service:service_manager find;
allow platform_app mediaserver_service:service_manager find;
allow platform_app radio_service:service_manager find;
allow platform_app surfaceflinger_service:service_manager find;
allow platform_app system_server_service:service_manager find;
allow platform_app tmp_system_server_service:service_manager find;
service_manager_local_audit_domain(platform_app)
auditallow platform_app {
tmp_system_server_service
-accessibility_service
-activity_service
-appops_service
-appwidget_service
-assetatlas_service
-audio_service
-batterystats_service
-bluetooth_manager_service
-connectivity_service
-content_service
-device_policy_service
-display_service
-dreams_service
-dropbox_service
-fingerprint_service
-input_method_service
-input_service
-lock_settings_service
-media_projection_service
-media_router_service
-media_session_service
-mount_service
-netpolicy_service
-netstats_service
-network_management_service
-notification_service
-power_service
-registry_service
-search_service
-statusbar_service
-trust_service
-user_service
-vibrator_service
-wallpaper_service
-wifi_service
}:service_manager find;