ee253beede
As part of Treble, enforce that vendor's seapp_contexts can't label apps using coredomains. Apps installed to system/system_ext/product should be labeled with platform side sepolicy. This change marks violating domains that need to be fixed. Bug: 296512192 Test: build and see build log Change-Id: I755657e538ada8807313bd0063c880264e4b79be
27 lines
896 B
Plaintext
27 lines
896 B
Plaintext
type vendor_pcs_app, domain, coredomain;
|
|
|
|
# TODO(b/296512192): move vendor_pcs_app out of vendor sepolicy
|
|
typeattribute vendor_pcs_app vendor_seapp_assigns_coredomain_violators;
|
|
|
|
app_domain(vendor_pcs_app);
|
|
|
|
allow vendor_pcs_app {
|
|
app_api_service
|
|
audioserver_service
|
|
cameraserver_service
|
|
mediametrics_service
|
|
mediaserver_service
|
|
radio_service
|
|
}:service_manager find;
|
|
|
|
# Allow PCS to find the LyricConfigProvider service through ServiceManager.
|
|
allow vendor_pcs_app vendor_camera_lyricconfigprovider_service:service_manager find;
|
|
# Allow PCS to find the CameraIdRemapper service through ServiceManager.
|
|
allow vendor_pcs_app vendor_camera_cameraidremapper_service:service_manager find;
|
|
|
|
allow vendor_pcs_app hal_pixel_remote_camera_service:service_manager add;
|
|
|
|
binder_call(vendor_pcs_app, hal_camera_default);
|
|
|
|
binder_call(vendor_pcs_app, hal_pixel_remote_camera_service);
|