Skip to content
Snippets Groups Projects
Select Git revision
  • cancel-callbacks
  • master default protected
  • io_uring_set_taskrun_flags
  • steal-all-io-on-hint
  • ripripgrepv4
  • io-sleep-strategies-msg-ring
  • improve-echoclient
  • improve-even-pulse
  • waitfd-sleep-strategy2
  • ripripgrepv2.5-io-sleep
  • ripripgrepv3-io-sleep
  • ripripgrepv3
  • ripripgrepv2
  • du
  • select2
  • linked-echoserver
  • cancel-callbacks-simple
  • callback-fsearch-alternative
  • callback-fsearch
  • fsearch-track-outfile-offset
20 results

Makefile

Blame
    • Forked from Lehrstuhl für Informatik 4 (Systemsoftware) / manycore / emper
    Source project has a limited visibility.
    platform_app.te 2.33 KiB 
    ###
### Apps signed with the platform key.
###

type platform_app, domain;
app_domain(platform_app)
# Access the network.
net_domain(platform_app)
# Access bluetooth.
bluetooth_domain(platform_app)
# Read from /data/local/tmp or /data/data/com.android.shell.
allow platform_app shell_data_file:dir search;
allow platform_app shell_data_file:file { open getattr read };
# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
# created by system server.
allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;
allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
allow platform_app apk_private_data_file:dir search;
# ASEC
allow platform_app asec_apk_file:dir create_dir_perms;
allow platform_app asec_apk_file:file create_file_perms;

# Access to /data/media.
allow platform_app media_rw_data_file:dir create_dir_perms;
allow platform_app media_rw_data_file:file create_file_perms;

# Write to /cache.
allow platform_app cache_file:dir create_dir_perms;
allow platform_app cache_file:file create_file_perms;

allow platform_app drmserver_service:service_manager find;
allow platform_app mediaserver_service:service_manager find;
allow platform_app radio_service:service_manager find;
allow platform_app surfaceflinger_service:service_manager find;
allow platform_app tmp_system_server_service:service_manager find;
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;

service_manager_local_audit_domain(platform_app)
auditallow platform_app {
    tmp_system_server_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service
    -device_policy_service
    -display_service
    -dreams_service
    -dropbox_service
    -fingerprint_service
    -graphicsstats_service
    -input_method_service
    -input_service
    -lock_settings_service
    -media_projection_service
    -media_router_service
    -media_session_service
    -mount_service
    -netpolicy_service
    -netstats_service
    -network_management_service
    -notification_service
    -power_service
    -registry_service
    -search_service
    -sensorservice_service
    -statusbar_service
    -trust_service
    -uimode_service
    -usb_service
    -user_service
        -vibrator_service
    -wallpaper_service
    -webviewupdate_service
    -wifi_service
}:service_manager find;