5b73b80b0d
Nothing should be depending on the details. I haven't removed public/shared_relro.te entirely - there's a reference to shared_relro in public/app.te, and at least one reference to the domain outside of system policy. Fix: 175867372 Test: Presubmits Change-Id: I5fd4090f4b445520c4fa767c1835a5bb4e9cb146
15 lines
639 B
Text
15 lines
639 B
Text
typeattribute shared_relro coredomain;
|
|
|
|
# The shared relro process is a Java program forked from the zygote, so it
|
|
# inherits from app to get basic permissions it needs to run.
|
|
app_domain(shared_relro)
|
|
|
|
allow shared_relro shared_relro_file:dir rw_dir_perms;
|
|
allow shared_relro shared_relro_file:file create_file_perms;
|
|
|
|
allow shared_relro activity_service:service_manager find;
|
|
allow shared_relro webviewupdate_service:service_manager find;
|
|
allow shared_relro package_service:service_manager find;
|
|
|
|
# StrictMode may attempt to find this service, failure is harmless.
|
|
dontaudit shared_relro network_management_service:service_manager find;
|