| William Hester | 5f486c7 | 2019-01-15 13:39:30 -0800 | [diff] [blame] | 1 | # Allow apps to read the Test Harness Mode property. This property is used in |
| 2 | # the implementation of ActivityManager.isDeviceInTestHarnessMode() |
| 3 | get_prop(appdomain, test_harness_prop) |
| 4 | |
| Florian Mayer | 5e52281 | 2019-10-08 16:15:14 +0100 | [diff] [blame] | 5 | userdebug_or_eng(`perfetto_producer({ appdomain })') |
| 6 | |
| Nathan Harold | ee26864 | 2017-12-14 18:20:30 -0800 | [diff] [blame] | 7 | neverallow appdomain system_server:udp_socket { |
| Nathan Harold | 252b015 | 2018-03-27 06:34:54 -0700 | [diff] [blame] | 8 | accept append bind create ioctl listen lock name_bind |
| 9 | relabelfrom relabelto setattr shutdown }; |
| Nick Kralevich | 1e5021c | 2018-11-28 17:50:24 -0800 | [diff] [blame] | 10 | |
| 11 | # Transition to a non-app domain. |
| 12 | # Exception for the shell and su domains, can transition to runas, etc. |
| Nick Kralevich | 0eb0a16 | 2018-12-12 09:06:05 -0800 | [diff] [blame] | 13 | # Exception for crash_dump to allow for app crash reporting. |
| 14 | # Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc) |
| 15 | # to allow renderscript to create privileged executable files. |
| 16 | neverallow { appdomain -shell userdebug_or_eng(`-su') } |
| 17 | { domain -appdomain -crash_dump -rs }:process { transition }; |
| 18 | neverallow { appdomain -shell userdebug_or_eng(`-su') } |
| 19 | { domain -appdomain }:process { dyntransition }; |