ee253beede
As part of Treble, enforce that vendor's seapp_contexts can't label apps using coredomains. Apps installed to system/system_ext/product should be labeled with platform side sepolicy. This change marks violating domains that need to be fixed. Bug: 296512192 Test: build and see build log Change-Id: I755657e538ada8807313bd0063c880264e4b79be
26 lines
1.0 KiB
Plaintext
26 lines
1.0 KiB
Plaintext
type vendor_pbcs_app, domain, coredomain;
|
|
|
|
# TODO(b/296512192): move vendor_pbcs_app out of vendor sepolicy
|
|
typeattribute vendor_pbcs_app vendor_seapp_assigns_coredomain_violators;
|
|
|
|
app_domain(vendor_pbcs_app);
|
|
|
|
dontaudit vendor_pbcs_app system_app_data_file:dir *;
|
|
|
|
allow vendor_pbcs_app app_api_service:service_manager find;
|
|
# Allow PBCS to find Camera Service.
|
|
allow vendor_pbcs_app cameraserver_service:service_manager find;
|
|
|
|
# Allow PBCS to add the ServiceBinder service to ServiceManager.
|
|
add_service(vendor_pbcs_app, vendor_camera_binder_service);
|
|
# Allow PBCS to add the LyricConfigProvider service to ServiceManager.
|
|
add_service(vendor_pbcs_app, vendor_camera_lyricconfigprovider_service);
|
|
# Allow PBCS to add the CameraIdRemapper service to ServiceManager.
|
|
add_service(vendor_pbcs_app, vendor_camera_cameraidremapper_service);
|
|
|
|
binder_call(vendor_pbcs_app, hal_camera_default);
|
|
|
|
# Allow PBCS to read debug system properties of the form vendor.camera.pbcs.debug.*
|
|
# and persist.vendor.camera.pbcs.debug.*
|
|
get_prop(vendor_pbcs_app, vendor_camera_pbcs_debug_prop);
|