Add isolated_compute_app domain Provides a new domain to enable secure sensitive data processing. This allows processing of sensitive data, while enforcing necessary privacy restrictions to prevent the egress of data via network, IPC or file system. Bug: 255597123 Test: m && manual - sample app with IsolatedProcess=True can use camera service Change-Id: I401667dbcf492a1cf8c020a79f8820d61990e72d

commit: 3d4a6b7474a2b4297f3a4ecdd265996e155d2229 [log] [tgz]
author: Charles Chen <liangyuchen@google.com> Tue Jan 17 08:16:44 2023 +0000
committer: Charles Chen <liangyuchen@google.com> Tue Jan 31 15:24:55 2023 +0000
tree: 88e3fca81838b25825dc558113e8d2ad1b07637f
parent: ccf80144925c0b9b4a86f0eb81fa053998a12c5e [diff] [blame]
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 9d1740d..069bb10 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil

@@ -31,8 +31,8 @@
 
 ; Apps, except isolated apps, are clients of Graphics Allocator HAL
 ; Unfortunately, we can't currently express this in module policy language:
-;     typeattribute { appdomain -isolated_app_all } hal_graphics_allocator_client;
-(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app_all))))))
+;     typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
+(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
 
 ; Apps, except isolated apps, are clients of Cas HAL
 ; Unfortunately, we can't currently express this in module policy language:
commit	3d4a6b7474a2b4297f3a4ecdd265996e155d2229	[log] [tgz]
author	Charles Chen <liangyuchen@google.com>	Tue Jan 17 08:16:44 2023 +0000
committer	Charles Chen <liangyuchen@google.com>	Tue Jan 31 15:24:55 2023 +0000
tree	88e3fca81838b25825dc558113e8d2ad1b07637f
parent	ccf80144925c0b9b4a86f0eb81fa053998a12c5e [diff] [blame]