3d4a6b7474
Provides a new domain to enable secure sensitive data processing. This allows processing of sensitive data, while enforcing necessary privacy restrictions to prevent the egress of data via network, IPC or file system. Bug: 255597123 Test: m && manual - sample app with IsolatedProcess=True can use camera service Change-Id: I401667dbcf492a1cf8c020a79f8820d61990e72d
52 lines
1.9 KiB
Text
52 lines
1.9 KiB
Text
###
|
|
### isolated_compute_apps.
|
|
###
|
|
### This file defines the rules for isolated apps that requires the permission
|
|
### to gather data with service manager and require computational resources to
|
|
### improve the performance to process data under a sandbox. This
|
|
### isolated_compute_app restricts data egress to protect the privacy.
|
|
###
|
|
### TODO(b/266923392): Clean rules for isolated_compute_app characteristics
|
|
###
|
|
type isolated_compute_app, domain;
|
|
|
|
typeattribute isolated_compute_app coredomain;
|
|
|
|
app_domain(isolated_compute_app)
|
|
isolated_app_domain(isolated_compute_app)
|
|
|
|
allow isolated_compute_app audioserver_service:service_manager find;
|
|
allow isolated_compute_app cameraserver_service:service_manager find;
|
|
allow isolated_compute_app content_capture_service:service_manager find;
|
|
allow isolated_compute_app device_state_service:service_manager find;
|
|
allow isolated_compute_app speech_recognition_service:service_manager find;
|
|
|
|
# Enable access to hardware services for camera functionalilites
|
|
hal_client_domain(isolated_compute_app, hal_allocator)
|
|
hwbinder_use(isolated_compute_app)
|
|
|
|
# Write app-specific trace data to the Perfetto traced damon. This requires
|
|
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
|
|
perfetto_producer(isolated_compute_app)
|
|
|
|
# Allow profiling if the main app has been marked as profileable or
|
|
# debuggable.
|
|
can_profile_heap(isolated_compute_app)
|
|
can_profile_perf(isolated_compute_app)
|
|
|
|
#####
|
|
##### Neverallow
|
|
#####
|
|
|
|
# Do not allow isolated_compute_app to access hardware service except for the
|
|
# ones necessary for camera service.
|
|
# TODO (b/266555480): The permission should be guarded by compliance test.
|
|
# Remove the negation for member domains when refactorization is done.
|
|
# neverallow isolated_compute_app {
|
|
# hwservice_manager_type
|
|
# -hal_graphics_allocator_hwservice
|
|
# -hal_graphics_mapper_hwservice
|
|
# -hidl_allocator_hwservice
|
|
# -hidl_manager_hwservice
|
|
# -hidl_memory_hwservice
|
|
# }:hwservice_manager *;
|