| Anton Hansson | e822545 | 2019-11-25 13:10:10 +0000 | [diff] [blame] | 1 | |
| 2 | # Domain for derive_sdk |
| 3 | type derive_sdk, domain, coredomain; |
| 4 | type derive_sdk_exec, system_file_type, exec_type, file_type; |
| 5 | init_daemon_domain(derive_sdk) |
| 6 | |
| 7 | # Read /apex |
| 8 | allow derive_sdk apex_mnt_dir:dir r_dir_perms; |
| 9 | |
| 10 | # Prop rules: writable by derive_sdk, readable by bootclasspath (apps) |
| Anton Hansson | b841335 | 2020-01-06 17:29:13 +0000 | [diff] [blame] | 11 | set_prop(derive_sdk, module_sdkextensions_prop) |
| 12 | neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set; |