Introduce sdk_sandbox_audit SELinux domain Bug: 295861450 Test: atest CtsSdkSandboxInprocessTests and adb shell ps -Z Change-Id: I9c5873181c925c6b8ebb411328d30aa519053acf

commit: 4db0e27a5059b47e791cd1c1abc6be0073ddda05 [log] [tgz]
author: Sandro Montanari <sandrom@google.com> Thu Oct 19 15:00:55 2023 +0000
committer: Sandro Montanari <sandrom@google.com> Thu Oct 26 08:50:26 2023 +0000
tree: 5dd7018f7df40512c25b81f93cde209274835dd9
parent: 012b954125d1c2655ae1f90b70734b02886abc4d [diff] [blame]
diff --git a/private/sdk_sandbox_34.te b/private/sdk_sandbox_34.te
index d45da88..bb15057 100644
--- a/private/sdk_sandbox_34.te
+++ b/private/sdk_sandbox_34.te

@@ -3,89 +3,7 @@
 ###
 ### This file defines the security policy for the sdk sandbox processes
 ### for targetSdkVersion=34.
-type sdk_sandbox_34, domain, coredomain, sdk_sandbox_all;
+type sdk_sandbox_34, domain, coredomain, sdk_sandbox_all, sdk_sandbox_current;
 
 net_domain(sdk_sandbox_34)
 app_domain(sdk_sandbox_34)
-
-# Allow finding services. This is different from ephemeral_app policy.
-# Adding services manually to the allowlist is preferred hence app_api_service is not used.
-allow sdk_sandbox_34 {
-    activity_service
-    activity_task_service
-    appops_service
-    audio_service
-    audioserver_service
-    batteryproperties_service
-    batterystats_service
-    cameraserver_service
-    connectivity_service
-    connmetrics_service
-    deviceidle_service
-    display_service
-    dropbox_service
-    ephemeral_app_api_service
-    font_service
-    game_service
-    gpu_service
-    graphicsstats_service
-    hardware_properties_service
-    hint_service
-    imms_service
-    input_method_service
-    input_service
-    IProxyService_service
-    ipsec_service
-    launcherapps_service
-    legacy_permission_service
-    light_service
-    locale_service
-    media_communication_service
-    mediadrmserver_service
-    mediaextractor_service
-    mediametrics_service
-    media_projection_service
-    media_router_service
-    mediaserver_service
-    media_session_service
-    memtrackproxy_service
-    midi_service
-    netpolicy_service
-    netstats_service
-    network_management_service
-    notification_service
-    package_service
-    permission_checker_service
-    permission_service
-    permissionmgr_service
-    platform_compat_service
-    power_service
-    procstats_service
-    radio_service
-    registry_service
-    restrictions_service
-    rttmanager_service
-    search_service
-    selection_toolbar_service
-    sensor_privacy_service
-    sensorservice_service
-    servicediscovery_service
-    settings_service
-    speech_recognition_service
-    statusbar_service
-    storagestats_service
-    surfaceflinger_service
-    telecom_service
-    tethering_service
-    textclassification_service
-    textservices_service
-    texttospeech_service
-    thermal_service
-    translation_service
-    tv_iapp_service
-    tv_input_service
-    uimode_service
-    vcn_management_service
-    webviewupdate_service
-}:service_manager find;
-
commit	4db0e27a5059b47e791cd1c1abc6be0073ddda05	[log] [tgz]
author	Sandro Montanari <sandrom@google.com>	Thu Oct 19 15:00:55 2023 +0000
committer	Sandro Montanari <sandrom@google.com>	Thu Oct 26 08:50:26 2023 +0000
tree	5dd7018f7df40512c25b81f93cde209274835dd9
parent	012b954125d1c2655ae1f90b70734b02886abc4d [diff] [blame]