| Mugdha Lakhani | 50ad933 | 2023-05-07 17:41:57 +0000 | [diff] [blame] | 1 | ### |
| 2 | ### SDK Sandbox process. |
| 3 | ### |
| 4 | ### This file defines the security policy for the sdk sandbox processes |
| 5 | ### for a test set of restrictions. These restrictions will be adapted |
| 6 | ### with modifications, into the set of restrictions for the next SDK |
| 7 | ### level. |
| 8 | type sdk_sandbox_next, domain, coredomain, sdk_sandbox_all; |
| 9 | |
| 10 | net_domain(sdk_sandbox_next) |
| 11 | app_domain(sdk_sandbox_next) |
| 12 | |
| 13 | # Allow finding services. This is different from ephemeral_app policy. |
| 14 | # Adding services manually to the allowlist is preferred hence app_api_service is not used. |
| 15 | allow sdk_sandbox_next { |
| 16 | activity_service |
| 17 | activity_task_service |
| 18 | appops_service |
| 19 | audio_service |
| 20 | audioserver_service |
| 21 | batteryproperties_service |
| 22 | batterystats_service |
| 23 | connectivity_service |
| 24 | connmetrics_service |
| 25 | deviceidle_service |
| 26 | display_service |
| 27 | dropbox_service |
| 28 | font_service |
| 29 | game_service |
| 30 | gpu_service |
| 31 | graphicsstats_service |
| 32 | hardware_properties_service |
| 33 | hint_service |
| 34 | imms_service |
| 35 | input_method_service |
| 36 | input_service |
| 37 | IProxyService_service |
| 38 | ipsec_service |
| 39 | launcherapps_service |
| 40 | legacy_permission_service |
| 41 | light_service |
| 42 | locale_service |
| 43 | media_communication_service |
| 44 | mediaextractor_service |
| 45 | mediametrics_service |
| 46 | media_projection_service |
| 47 | media_router_service |
| 48 | mediaserver_service |
| 49 | media_session_service |
| 50 | memtrackproxy_service |
| 51 | midi_service |
| 52 | netpolicy_service |
| 53 | netstats_service |
| 54 | network_management_service |
| 55 | notification_service |
| 56 | package_service |
| 57 | permission_checker_service |
| 58 | permission_service |
| 59 | permissionmgr_service |
| 60 | platform_compat_service |
| 61 | power_service |
| 62 | procstats_service |
| 63 | registry_service |
| 64 | restrictions_service |
| 65 | rttmanager_service |
| 66 | search_service |
| 67 | selection_toolbar_service |
| 68 | sensor_privacy_service |
| 69 | sensorservice_service |
| 70 | servicediscovery_service |
| 71 | settings_service |
| 72 | speech_recognition_service |
| 73 | statusbar_service |
| 74 | storagestats_service |
| 75 | surfaceflinger_service |
| 76 | telecom_service |
| 77 | tethering_service |
| 78 | textclassification_service |
| 79 | textservices_service |
| 80 | texttospeech_service |
| 81 | thermal_service |
| 82 | translation_service |
| 83 | tv_iapp_service |
| 84 | tv_input_service |
| 85 | uimode_service |
| 86 | vcn_management_service |
| 87 | webviewupdate_service |
| 88 | }:service_manager find; |
| 89 | |