9c6c988bad
Ignore-AOSP-First: UpsideDownCake Finalization Bug: 275409981 Test: build Change-Id: I15bf3817a8a6867d52f7963a04a69e543a9801e9 Merged-In: I15bf3817a8a6867d52f7963a04a69e543a9801e9
26 lines
882 B
Text
26 lines
882 B
Text
###
|
|
### A domain for sandboxing the remote key provisioning daemon
|
|
### app that is shipped via mainline.
|
|
###
|
|
typeattribute rkpdapp coredomain;
|
|
|
|
app_domain(rkpdapp)
|
|
net_domain(rkpdapp)
|
|
|
|
# RKPD needs to be able to call the remote provisioning HALs
|
|
hal_client_domain(rkpdapp, hal_keymint)
|
|
|
|
# Grant access to certain system properties related to RKP
|
|
get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop)
|
|
set_prop(rkpdapp, remote_prov_prop)
|
|
|
|
# Grant access to the normal services that are available to all apps
|
|
allow rkpdapp app_api_service:service_manager find;
|
|
|
|
# Grant access to media.metrics service, needed for widevine. This
|
|
# access is granted to all other apps already (e.g. untrusted_app_all).
|
|
allow rkpdapp mediametrics_service:service_manager find;
|
|
|
|
# Grant access to statsd
|
|
allow rkpdapp statsmanager_service:service_manager find;
|
|
binder_call(rkpdapp, statsd)
|