a2a2d9cbbd
Once b/186727553 is fixed, booting GSI on cuttlefish will no longer load cuttlefish's system_ext sepolicy. These domains are all private and hence the permissions are being added to system/sepolicy to avoid making them public(especially mediatranscoding that was changed from public to private in Android S). Test: build, boot Change-Id: I4a78030015fff147545bb627c9e62afbd0daa9d7
22 lines
824 B
Text
22 lines
824 B
Text
###
|
|
### A domain for further sandboxing the GooglePermissionController app.
|
|
###
|
|
type permissioncontroller_app, domain, coredomain;
|
|
|
|
app_domain(permissioncontroller_app)
|
|
|
|
allow permissioncontroller_app app_api_service:service_manager find;
|
|
allow permissioncontroller_app system_api_service:service_manager find;
|
|
|
|
# Allow interaction with gpuservice
|
|
binder_call(permissioncontroller_app, gpuservice)
|
|
|
|
allow permissioncontroller_app radio_service:service_manager find;
|
|
|
|
# Allow the app to request and collect incident reports.
|
|
# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
|
|
allow permissioncontroller_app incident_service:service_manager find;
|
|
binder_call(permissioncontroller_app, incidentd)
|
|
allow permissioncontroller_app incidentd:fifo_file { read write };
|
|
|
|
allow permissioncontroller_app gpu_device:dir search;
|