| Inseob Kim | 7560aed | 2021-07-20 09:57:57 +0000 | [diff] [blame] | 1 | # TODO(b/193504816): move this to compos APEX |
| Inseob Kim | 1f87fbd | 2021-07-26 05:56:31 +0000 | [diff] [blame] | 2 | type compos, domain, coredomain, microdroid_payload; |
| Inseob Kim | 7560aed | 2021-07-20 09:57:57 +0000 | [diff] [blame] | 3 | type compos_exec, exec_type, file_type, system_file_type; |
| 4 | |
| Alan Stokes | d313282 | 2022-01-05 16:05:54 +0000 | [diff] [blame] | 5 | # Run derive_classpath in our domain |
| 6 | allow compos derive_classpath_exec:file rx_file_perms; |
| 7 | allow compos apex_mnt_dir:dir r_dir_perms; |
| 8 | # Ignore harmless denials on /proc/self/fd |
| 9 | dontaudit compos self:dir write; |
| 10 | # See b/35323867#comment3 |
| 11 | dontaudit compos self:global_capability_class_set dac_override; |
| 12 | |
| Victor Hsieh | 3423bc4 | 2022-05-10 16:14:30 -0700 | [diff] [blame] | 13 | # Allow settings system properties that ART expects. |
| Jiakai Zhang | 22fb5c7 | 2023-03-30 15:50:05 +0100 | [diff] [blame] | 14 | set_prop(compos, dalvik_config_prop_type) |
| Victor Hsieh | 3423bc4 | 2022-05-10 16:14:30 -0700 | [diff] [blame] | 15 | set_prop(compos, device_config_runtime_native_boot_prop) |
| 16 | |
| Alan Stokes | 766caba | 2022-02-14 14:33:37 +0000 | [diff] [blame] | 17 | # Allow running odrefresh in its own domain |
| Victor Hsieh | f97cc1f | 2021-11-30 14:43:47 -0800 | [diff] [blame] | 18 | domain_auto_trans(compos, odrefresh_exec, odrefresh) |
| Alan Stokes | 766caba | 2022-02-14 14:33:37 +0000 | [diff] [blame] | 19 | |
| 20 | # Allow running compos_key_helper in its own domain |
| 21 | domain_auto_trans(compos, compos_key_helper_exec, compos_key_helper) |
| 22 | # And killing it on error |
| 23 | allow compos compos_key_helper:process sigkill; |