| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 1 | typeattribute gatekeeperd coredomain; |
| 2 | |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 3 | init_daemon_domain(gatekeeperd) |
| Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 4 | |
| 5 | # For checking whether GSI is running |
| 6 | get_prop(gatekeeperd, gsid_prop) |
| Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame] | 7 | |
| 8 | # gatekeeperd |
| 9 | binder_service(gatekeeperd) |
| 10 | binder_use(gatekeeperd) |
| 11 | |
| 12 | ### Rules needed when Gatekeeper HAL runs inside gatekeeperd process. |
| 13 | ### These rules should eventually be granted only when needed. |
| 14 | allow gatekeeperd ion_device:chr_file r_file_perms; |
| 15 | # Load HAL implementation |
| 16 | allow gatekeeperd system_file:dir r_dir_perms; |
| 17 | ### |
| 18 | |
| 19 | ### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process. |
| 20 | ### These rules should eventually be granted only when needed. |
| 21 | hal_client_domain(gatekeeperd, hal_gatekeeper) |
| 22 | ### |
| 23 | |
| 24 | # need to find KeyStore and add self |
| 25 | add_service(gatekeeperd, gatekeeper_service) |
| 26 | |
| 27 | # Need to add auth tokens to KeyStore |
| 28 | use_keystore(gatekeeperd) |
| 29 | allow gatekeeperd keystore:keystore2 { add_auth }; |
| 30 | allow gatekeeperd authorization_service:service_manager find; |
| 31 | |
| 32 | |
| 33 | # For permissions checking |
| 34 | allow gatekeeperd system_server:binder call; |
| 35 | allow gatekeeperd permission_service:service_manager find; |
| 36 | |
| 37 | # for SID file access |
| 38 | allow gatekeeperd gatekeeper_data_file:dir rw_dir_perms; |
| 39 | allow gatekeeperd gatekeeper_data_file:file create_file_perms; |
| 40 | |
| 41 | # For hardware properties retrieval |
| 42 | allow gatekeeperd hardware_properties_service:service_manager find; |
| 43 | |
| 44 | r_dir_file(gatekeeperd, cgroup) |
| 45 | r_dir_file(gatekeeperd, cgroup_v2) |