| Seth Moore | 71fa94e | 2022-10-28 13:46:16 -0700 | [diff] [blame] | 1 | ### |
| 2 | ### A domain for sandboxing the remote key provisioning daemon |
| 3 | ### app that is shipped via mainline. |
| 4 | ### |
| 5 | typeattribute rkpdapp coredomain; |
| 6 | |
| 7 | app_domain(rkpdapp) |
| 8 | |
| 9 | # RKPD needs to be able to call the remote provisioning HALs |
| 10 | hal_client_domain(rkpdapp, hal_keymint) |
| 11 | |
| 12 | # Grant access to certain system properties related to RKP |
| 13 | get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop) |
| 14 | |
| 15 | # Grant access to the normal services that are available to all apps |
| 16 | allow rkpdapp app_api_service:service_manager find; |
| 17 | |
| 18 | # Grant access to statsd |
| 19 | allow rkpdapp statsmanager_service:service_manager find; |
| 20 | binder_call(rkpdapp, statsd) |