Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#
# System Server aka system_server spawned by zygote.
# Most of the framework services run in this process.
#
type system_server, domain;
permissive system_server;
unconfined_domain(system_server);
relabelto_domain(system_server);
# These are the capabilities assigned by the zygote to the
# system server.
allow system_server self:capability {
kill
net_admin
net_bind_service
net_broadcast
net_raw
sys_boot
sys_module
sys_nice
sys_resource
sys_time
sys_tty_config
};
# Create a socket for receiving info from wpa.
type_transition system_server wifi_data_file:sock_file system_wpa_socket;
allow system_server self:zygote { specifyids specifyrlimits specifyseinfo };
allow system_server backup_data_file:dir relabelto;
allow system_server cache_backup_file:dir relabelto;
allow system_server anr_data_file:dir relabelto;
allow system_server system_data_file:dir relabelto;
allow system_server apk_data_file:file relabelto;
allow system_server apk_tmp_file:file relabelto;
allow system_server cache_backup_file:file relabelto;
allow system_server apk_private_tmp_file:file relabelto;
allow system_server wallpaper_file:file relabelto;