Add policy for apexd.
apexd is a new daemon for managing APEX packages installed
on the device. It hosts a single binder service, "apexservice".
Bug: 112455435
Test: builds, binder service can be registered,
apexes can be accessed, verified and mounted
Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97
diff --git a/private/system_app.te b/private/system_app.te
index 4ed1982..245496f 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -70,6 +70,7 @@
# TODO: scope this down? Too broad?
allow system_app {
service_manager_type
+ -apex_service
-dumpstate_service
-installd_service
-netd_service