| Seth Moore | 71fa94e | 2022-10-28 13:46:16 -0700 | [diff] [blame] | 1 | ### |
| 2 | ### A domain for sandboxing the remote key provisioning daemon |
| 3 | ### app that is shipped via mainline. |
| 4 | ### |
| 5 | typeattribute rkpdapp coredomain; |
| 6 | |
| 7 | app_domain(rkpdapp) |
| Vikram Gaur | 592b345 | 2022-12-01 18:53:36 +0000 | [diff] [blame] | 8 | net_domain(rkpdapp) |
| Seth Moore | 71fa94e | 2022-10-28 13:46:16 -0700 | [diff] [blame] | 9 | |
| 10 | # RKPD needs to be able to call the remote provisioning HALs |
| 11 | hal_client_domain(rkpdapp, hal_keymint) |
| 12 | |
| 13 | # Grant access to certain system properties related to RKP |
| 14 | get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop) |
| Tri Vo | 7b9b6a0 | 2023-01-12 09:50:26 -0800 | [diff] [blame] | 15 | get_prop(rkpdapp, remote_prov_prop) |
| Seth Moore | 71fa94e | 2022-10-28 13:46:16 -0700 | [diff] [blame] | 16 | |
| 17 | # Grant access to the normal services that are available to all apps |
| 18 | allow rkpdapp app_api_service:service_manager find; |
| 19 | |
| Vikram Gaur | 91f5c53 | 2022-12-15 06:11:49 +0000 | [diff] [blame] | 20 | # Grant access to media.metrics service, needed for widevine. This |
| 21 | # access is granted to all other apps already (e.g. untrusted_app_all). |
| 22 | allow rkpdapp mediametrics_service:service_manager find; |
| 23 | |
| Seth Moore | 71fa94e | 2022-10-28 13:46:16 -0700 | [diff] [blame] | 24 | # Grant access to statsd |
| 25 | allow rkpdapp statsmanager_service:service_manager find; |
| 26 | binder_call(rkpdapp, statsd) |