80c26d2524
As part of Treble, enforce that vendor's seapp_contexts can't label apps using coredomains. Apps installed to system/system_ext/product should be labeled with platform side sepolicy. This change marks violating domains that need to be fixed. Bug: 296512193 Test: build oriole and see build log Change-Id: I7d5b91014362a64f3d66b3913d4d1bc773d922c8
24 lines
837 B
Text
24 lines
837 B
Text
type exo_app, coredomain, domain;
|
|
|
|
# TODO(b/296512193): move exo_app out of vendor sepolicy
|
|
typeattribute exo_app vendor_seapp_assigns_coredomain_violators;
|
|
|
|
app_domain(exo_app)
|
|
net_domain(exo_app)
|
|
|
|
allow exo_app app_api_service:service_manager find;
|
|
allow exo_app audioserver_service:service_manager find;
|
|
allow exo_app cameraserver_service:service_manager find;
|
|
allow exo_app mediaserver_service:service_manager find;
|
|
allow exo_app radio_service:service_manager find;
|
|
allow exo_app fwk_stats_service:service_manager find;
|
|
allow exo_app mediametrics_service:service_manager find;
|
|
allow exo_app virtual_device_service:service_manager find;
|
|
allow exo_app gpu_device:dir search;
|
|
|
|
allow exo_app uhid_device:chr_file rw_file_perms;
|
|
|
|
binder_call(exo_app, statsd)
|
|
binder_use(exo_app)
|
|
|
|
get_prop(exo_app, device_config_runtime_native_boot_prop)
|