| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 1 | # type_transition must be private policy the domain_trans rules could stay |
| 2 | # public, but conceptually should go with this |
| 3 | # Define a type for tmpfs-backed ashmem regions. |
| 4 | tmpfs_domain(system_server) |
| Josh Gao | cb3eb4e | 2016-10-19 14:39:30 -0700 | [diff] [blame] | 5 | # Create a socket for connections from crash_dump. |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 6 | type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; |
| dcashman | 2e00e63 | 2016-10-12 14:58:09 -0700 | [diff] [blame] | 7 | |
| 8 | allow system_server zygote_tmpfs:file read; |
| 9 | |
| 10 | # Create a socket for receiving info from wpa. |
| 11 | type_transition system_server wifi_data_file:sock_file system_wpa_socket; |
| 12 | type_transition system_server wpa_socket:sock_file system_wpa_socket; |
| 13 | |
| 14 | # TODO: deal with tmpfs_domain pub/priv split properly |
| Nick Kralevich | b56e6ef | 2016-12-09 20:14:31 -0800 | [diff] [blame] | 15 | neverallow system_server system_server_tmpfs:file execute; |
| Calin Juravle | e5a1f64 | 2017-01-17 20:31:31 -0800 | [diff] [blame^] | 16 | |
| 17 | # dexoptanalyzer is currently used only for secondary dex files which |
| 18 | # system_server should never access. |
| 19 | neverallow system_server dexoptanalyzer_exec:file no_x_file_perms; |