tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/permissioncontroller_app.te
Ashwini Oruganti 5064189c23 Update permissioncontroller_app domain rules 
This adds permissions for content_capture_service,
incidentcompanion_service, media_session_service, and telecom_service.
These were observed via sedenials on dogfood builds.

Bug: 142672293
Bug: 144677148
Test: Green builds, no more denials show up for these services.
Change-Id: Ifd93c54fb3ca3f0da781cd2038217a29e812a40f
2019-11-21 12:59:33 -08:00

39 lines
1.8 KiB
Text
Raw Blame History

###
### A domain for further sandboxing the GooglePermissionController app.
###
type permissioncontroller_app, domain, coredomain;
# Allow everything.
# TODO(b/142672293): remove when no selinux denials are triggered for this
# domain
# STOPSHIP(b/142672293): monitor http://go/sedenials for any denials around
# `permissioncontroller_app` and remove this line once we are confident about
# this having the right set of permissions.
userdebug_or_eng(`permissive permissioncontroller_app;')
app_domain(permissioncontroller_app)
# Allow interaction with gpuservice
binder_call(permissioncontroller_app, gpuservice)
allow permissioncontroller_app gpu_service:service_manager find;
# Allow interaction with role_service
allow permissioncontroller_app role_service:service_manager find;
# Allow interaction with usagestats_service
allow permissioncontroller_app usagestats_service:service_manager find;
# Allow interaction with activity_service
allow permissioncontroller_app activity_service:service_manager find;
allow permissioncontroller_app activity_task_service:service_manager find;
allow permissioncontroller_app audio_service:service_manager find;
allow permissioncontroller_app autofill_service:service_manager find;
allow permissioncontroller_app content_capture_service:service_manager find;
allow permissioncontroller_app device_policy_service:service_manager find;
allow permissioncontroller_app incidentcompanion_service:service_manager find;
allow permissioncontroller_app location_service:service_manager find;
allow permissioncontroller_app media_session_service:service_manager find;
allow permissioncontroller_app surfaceflinger_service:service_manager find;
allow permissioncontroller_app telecom_service:service_manager find;
allow permissioncontroller_app trust_service:service_manager find;
Reference in a new issue View git blame Copy permalink