Skip to content
Snippets Groups Projects
Normal view Permalink
system_server.te 871 B
Newer Older
  • Learn to ignore specific revisions
    • dcashman's avatar
    Split general policy into public and private components.
    dcashman committed
    1 2 3 4 
    # type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
# Define a type for tmpfs-backed ashmem regions.
tmpfs_domain(system_server)
    Josh Gao's avatar
    Introduce crash_dump debugging helper.  
    Josh Gao committed
    5 
    # Create a socket for connections from crash_dump.
    dcashman's avatar
    Split general policy into public and private components.
    dcashman committed
    6 
    type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
    dcashman's avatar
    sepolicy: add version_policy tool and version non-platform policy.  
    dcashman committed
    7 8 9 10 11 12 13 14 
    
allow system_server zygote_tmpfs:file read;

# Create a socket for receiving info from wpa.
type_transition system_server wifi_data_file:sock_file system_wpa_socket;
type_transition system_server wpa_socket:sock_file system_wpa_socket;

# TODO: deal with tmpfs_domain pub/priv split properly
    Nick Kralevich's avatar
    Whitespace fix  
    Nick Kralevich committed
    15 
    neverallow system_server system_server_tmpfs:file execute;
    Calin Juravle's avatar
    SElinux policies for compiling secondary dex files  
    Calin Juravle committed
    16 17 18 19 
    
# dexoptanalyzer is currently used only for secondary dex files which
# system_server should never access.
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;