Blame - private/permissioncontroller_app.te - android_system_sepolicy

blob: 44c12830bf22f452b8c85f78d86e6aad73a5bab1 [file] [log] [blame]

Ashwini Oruganti	9bc8112	2019-10-21 15:28:00 -0700	[diff] [blame]	1	###
				2	### A domain for further sandboxing the GooglePermissionController app.
				3	###
Ashwini Oruganti	5064189	2019-11-21 12:26:08 -0800	[diff] [blame]	4	type permissioncontroller_app, domain, coredomain;
Ashwini Oruganti	9bc8112	2019-10-21 15:28:00 -0700	[diff] [blame]	5
Ashwini Oruganti	9bc8112	2019-10-21 15:28:00 -0700	[diff] [blame]	6	app_domain(permissioncontroller_app)
				7
				8	# Allow interaction with gpuservice
				9	binder_call(permissioncontroller_app, gpuservice)
				10	allow permissioncontroller_app gpu_service:service_manager find;
				11
				12	# Allow interaction with role_service
				13	allow permissioncontroller_app role_service:service_manager find;
				14
				15	# Allow interaction with usagestats_service
				16	allow permissioncontroller_app usagestats_service:service_manager find;
				17
				18	# Allow interaction with activity_service
				19	allow permissioncontroller_app activity_service:service_manager find;
Ashwini Oruganti	c557ca6	2019-11-04 16:03:54 -0800	[diff] [blame]	20
Hai Zhang	04db97a	2020-12-04 14:27:12 -0800	[diff] [blame^]	21	# Allow interaction with legacy_permission_service
				22	allow permissioncontroller_app legacy_permission_service:service_manager find;
				23
Ashwini Oruganti	c557ca6	2019-11-04 16:03:54 -0800	[diff] [blame]	24	allow permissioncontroller_app activity_task_service:service_manager find;
				25	allow permissioncontroller_app audio_service:service_manager find;
				26	allow permissioncontroller_app autofill_service:service_manager find;
Ashwini Oruganti	5064189	2019-11-21 12:26:08 -0800	[diff] [blame]	27	allow permissioncontroller_app content_capture_service:service_manager find;
Ashwini Oruganti	c557ca6	2019-11-04 16:03:54 -0800	[diff] [blame]	28	allow permissioncontroller_app device_policy_service:service_manager find;
Ashwini Oruganti	5064189	2019-11-21 12:26:08 -0800	[diff] [blame]	29	allow permissioncontroller_app incidentcompanion_service:service_manager find;
Ashwini Oruganti	6570d6d	2019-12-26 15:34:00 -0800	[diff] [blame]	30	allow permissioncontroller_app IProxyService_service:service_manager find;
Ashwini Oruganti	c557ca6	2019-11-04 16:03:54 -0800	[diff] [blame]	31	allow permissioncontroller_app location_service:service_manager find;
Ashwini Oruganti	5064189	2019-11-21 12:26:08 -0800	[diff] [blame]	32	allow permissioncontroller_app media_session_service:service_manager find;
Evan Severson	1d69ca7	2020-05-04 15:13:34 -0700	[diff] [blame]	33	allow permissioncontroller_app radio_service:service_manager find;
Ashwini Oruganti	c557ca6	2019-11-04 16:03:54 -0800	[diff] [blame]	34	allow permissioncontroller_app surfaceflinger_service:service_manager find;
Ashwini Oruganti	5064189	2019-11-21 12:26:08 -0800	[diff] [blame]	35	allow permissioncontroller_app telecom_service:service_manager find;
Ashwini Oruganti	c557ca6	2019-11-04 16:03:54 -0800	[diff] [blame]	36	allow permissioncontroller_app trust_service:service_manager find;
Ashwini Oruganti	73e1229	2019-12-09 15:37:05 -0800	[diff] [blame]	37
				38	# Allow the app to request and collect incident reports.
				39	# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
				40	allow permissioncontroller_app incident_service:service_manager find;
				41	binder_call(permissioncontroller_app, incidentd)
				42	allow permissioncontroller_app incidentd:fifo_file { read write };