private/sdk_sandbox_34.te - android_system_sepolicy - Gitiles

 ###
 ### SDK Sandbox process.
 ###
 ### This file defines the security policy for the sdk sandbox processes
 ### for targetSdkVersion=34.
 type sdk_sandbox_34, domain;

 typeattribute sdk_sandbox_34 coredomain;

 sdk_sandbox_domain(sdk_sandbox_34)
 app_domain(sdk_sandbox_34)

 # services
 allow sdk_sandbox_34 audioserver_service:service_manager find;
 allow sdk_sandbox_34 cameraserver_service:service_manager find;
 allow sdk_sandbox_34 mediaserver_service:service_manager find;
 allow sdk_sandbox_34 mediaextractor_service:service_manager find;
 allow sdk_sandbox_34 mediametrics_service:service_manager find;
 allow sdk_sandbox_34 mediadrmserver_service:service_manager find;
 allow sdk_sandbox_34 drmserver_service:service_manager find;
 allow sdk_sandbox_34 radio_service:service_manager find;
 allow sdk_sandbox_34 ephemeral_app_api_service:service_manager find;

 allow sdk_sandbox_34 activity_service:service_manager find;
 allow sdk_sandbox_34 activity_task_service:service_manager find;
 allow sdk_sandbox_34 appops_service:service_manager find;
 allow sdk_sandbox_34 audio_service:service_manager find;
 allow sdk_sandbox_34 batteryproperties_service:service_manager find;
 allow sdk_sandbox_34 batterystats_service:service_manager find;
 allow sdk_sandbox_34 connectivity_service:service_manager find;
 allow sdk_sandbox_34 connmetrics_service:service_manager find;
 allow sdk_sandbox_34 deviceidle_service:service_manager find;
 allow sdk_sandbox_34 display_service:service_manager find;
 allow sdk_sandbox_34 dropbox_service:service_manager find;
 allow sdk_sandbox_34 font_service:service_manager find;
 allow sdk_sandbox_34 gpu_service:service_manager find;
 allow sdk_sandbox_34 graphicsstats_service:service_manager find;
 allow sdk_sandbox_34 hardware_properties_service:service_manager find;
 allow sdk_sandbox_34 imms_service:service_manager find;
 allow sdk_sandbox_34 IProxyService_service:service_manager find;
 allow sdk_sandbox_34 ipsec_service:service_manager find;
 allow sdk_sandbox_34 launcherapps_service:service_manager find;
 allow sdk_sandbox_34 legacy_permission_service:service_manager find;
 allow sdk_sandbox_34 light_service:service_manager find;
 allow sdk_sandbox_34 locale_service:service_manager find;
 allow sdk_sandbox_34 media_communication_service:service_manager find;
 allow sdk_sandbox_34 media_session_service:service_manager find;
 allow sdk_sandbox_34 memtrackproxy_service:service_manager find;
 allow sdk_sandbox_34 midi_service:service_manager find;
 allow sdk_sandbox_34 notification_service:service_manager find;
 allow sdk_sandbox_34 package_service:service_manager find;
 allow sdk_sandbox_34 permission_checker_service:service_manager find;
 allow sdk_sandbox_34 permissionmgr_service:service_manager find;
 allow sdk_sandbox_34 permission_service:service_manager find;
 allow sdk_sandbox_34 platform_compat_service:service_manager find;
 allow sdk_sandbox_34 procstats_service:service_manager find;
 allow sdk_sandbox_34 registry_service:service_manager find;
 allow sdk_sandbox_34 restrictions_service:service_manager find;
 allow sdk_sandbox_34 search_service:service_manager find;
 allow sdk_sandbox_34 selection_toolbar_service:service_manager find;
 allow sdk_sandbox_34 sensor_privacy_service:service_manager find;
 allow sdk_sandbox_34 sensorservice_service:service_manager find;
 allow sdk_sandbox_34 servicediscovery_service:service_manager find;
 allow sdk_sandbox_34 settings_service:service_manager find;
 allow sdk_sandbox_34 speech_recognition_service:service_manager find;
 allow sdk_sandbox_34 statusbar_service:service_manager find;
 allow sdk_sandbox_34 surfaceflinger_service:service_manager find;
 allow sdk_sandbox_34 telecom_service:service_manager find;
 allow sdk_sandbox_34 textservices_service:service_manager find;
 allow sdk_sandbox_34 texttospeech_service:service_manager find;
 allow sdk_sandbox_34 thermal_service:service_manager find;
 allow sdk_sandbox_34 translation_service:service_manager find;
 allow sdk_sandbox_34 tv_iapp_service:service_manager find;
 allow sdk_sandbox_34 tv_input_service:service_manager find;
 allow sdk_sandbox_34 uimode_service:service_manager find;
 allow sdk_sandbox_34 vcn_management_service:service_manager find;
 allow sdk_sandbox_34 webviewupdate_service:service_manager find;

 # Allow sdk_sandbox_34 to read/write files in visible storage if provided fds
 allow sdk_sandbox_34 { sdcard_type fuse media_rw_data_file }:file {read write getattr ioctl lock append};
	###
	### SDK Sandbox process.
	###
	### This file defines the security policy for the sdk sandbox processes
	### for targetSdkVersion=34.
	type sdk_sandbox_34, domain;

	typeattribute sdk_sandbox_34 coredomain;

	sdk_sandbox_domain(sdk_sandbox_34)
	app_domain(sdk_sandbox_34)

	# services
	allow sdk_sandbox_34 audioserver_service:service_manager find;
	allow sdk_sandbox_34 cameraserver_service:service_manager find;
	allow sdk_sandbox_34 mediaserver_service:service_manager find;
	allow sdk_sandbox_34 mediaextractor_service:service_manager find;
	allow sdk_sandbox_34 mediametrics_service:service_manager find;
	allow sdk_sandbox_34 mediadrmserver_service:service_manager find;
	allow sdk_sandbox_34 drmserver_service:service_manager find;
	allow sdk_sandbox_34 radio_service:service_manager find;
	allow sdk_sandbox_34 ephemeral_app_api_service:service_manager find;

	allow sdk_sandbox_34 activity_service:service_manager find;
	allow sdk_sandbox_34 activity_task_service:service_manager find;
	allow sdk_sandbox_34 appops_service:service_manager find;
	allow sdk_sandbox_34 audio_service:service_manager find;
	allow sdk_sandbox_34 batteryproperties_service:service_manager find;
	allow sdk_sandbox_34 batterystats_service:service_manager find;
	allow sdk_sandbox_34 connectivity_service:service_manager find;
	allow sdk_sandbox_34 connmetrics_service:service_manager find;
	allow sdk_sandbox_34 deviceidle_service:service_manager find;
	allow sdk_sandbox_34 display_service:service_manager find;
	allow sdk_sandbox_34 dropbox_service:service_manager find;
	allow sdk_sandbox_34 font_service:service_manager find;
	allow sdk_sandbox_34 gpu_service:service_manager find;
	allow sdk_sandbox_34 graphicsstats_service:service_manager find;
	allow sdk_sandbox_34 hardware_properties_service:service_manager find;
	allow sdk_sandbox_34 imms_service:service_manager find;
	allow sdk_sandbox_34 IProxyService_service:service_manager find;
	allow sdk_sandbox_34 ipsec_service:service_manager find;
	allow sdk_sandbox_34 launcherapps_service:service_manager find;
	allow sdk_sandbox_34 legacy_permission_service:service_manager find;
	allow sdk_sandbox_34 light_service:service_manager find;
	allow sdk_sandbox_34 locale_service:service_manager find;
	allow sdk_sandbox_34 media_communication_service:service_manager find;
	allow sdk_sandbox_34 media_session_service:service_manager find;
	allow sdk_sandbox_34 memtrackproxy_service:service_manager find;
	allow sdk_sandbox_34 midi_service:service_manager find;
	allow sdk_sandbox_34 notification_service:service_manager find;
	allow sdk_sandbox_34 package_service:service_manager find;
	allow sdk_sandbox_34 permission_checker_service:service_manager find;
	allow sdk_sandbox_34 permissionmgr_service:service_manager find;
	allow sdk_sandbox_34 permission_service:service_manager find;
	allow sdk_sandbox_34 platform_compat_service:service_manager find;
	allow sdk_sandbox_34 procstats_service:service_manager find;
	allow sdk_sandbox_34 registry_service:service_manager find;
	allow sdk_sandbox_34 restrictions_service:service_manager find;
	allow sdk_sandbox_34 search_service:service_manager find;
	allow sdk_sandbox_34 selection_toolbar_service:service_manager find;
	allow sdk_sandbox_34 sensor_privacy_service:service_manager find;
	allow sdk_sandbox_34 sensorservice_service:service_manager find;
	allow sdk_sandbox_34 servicediscovery_service:service_manager find;
	allow sdk_sandbox_34 settings_service:service_manager find;
	allow sdk_sandbox_34 speech_recognition_service:service_manager find;
	allow sdk_sandbox_34 statusbar_service:service_manager find;
	allow sdk_sandbox_34 surfaceflinger_service:service_manager find;
	allow sdk_sandbox_34 telecom_service:service_manager find;
	allow sdk_sandbox_34 textservices_service:service_manager find;
	allow sdk_sandbox_34 texttospeech_service:service_manager find;
	allow sdk_sandbox_34 thermal_service:service_manager find;
	allow sdk_sandbox_34 translation_service:service_manager find;
	allow sdk_sandbox_34 tv_iapp_service:service_manager find;
	allow sdk_sandbox_34 tv_input_service:service_manager find;
	allow sdk_sandbox_34 uimode_service:service_manager find;
	allow sdk_sandbox_34 vcn_management_service:service_manager find;
	allow sdk_sandbox_34 webviewupdate_service:service_manager find;

	# Allow sdk_sandbox_34 to read/write files in visible storage if provided fds
	allow sdk_sandbox_34 { sdcard_type fuse media_rw_data_file }:file {read write getattr ioctl lock append};