diff options
Diffstat (limited to 'platform_app.te')
-rw-r--r-- | platform_app.te | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/platform_app.te b/platform_app.te deleted file mode 100644 index 0381288..0000000 --- a/platform_app.te +++ /dev/null @@ -1,47 +0,0 @@ -### -### Apps signed with the platform key. -### - -type platform_app, domain, domain_deprecated; -app_domain(platform_app) -# Access the network. -net_domain(platform_app) -# Access bluetooth. -bluetooth_domain(platform_app) -# Read from /data/local/tmp or /data/data/com.android.shell. -allow platform_app shell_data_file:dir search; -allow platform_app shell_data_file:file { open getattr read }; -# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files -# created by system server. -allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms; -allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms; -allow platform_app apk_private_data_file:dir search; -# ASEC -allow platform_app asec_apk_file:dir create_dir_perms; -allow platform_app asec_apk_file:file create_file_perms; - -# Access to /data/media. -allow platform_app media_rw_data_file:dir create_dir_perms; -allow platform_app media_rw_data_file:file create_file_perms; - -# Write to /cache. -allow platform_app { cache_file cache_recovery_file }:dir create_dir_perms; -allow platform_app { cache_file cache_recovery_file }:file create_file_perms; - -# Likely not needed -auditallow platform_app cache_recovery_file:dir create_dir_perms; -auditallow platform_app cache_recovery_file:file create_file_perms; - -# Direct access to vold-mounted storage under /mnt/media_rw -# This is a performance optimization that allows platform apps to bypass the FUSE layer -allow platform_app mnt_media_rw_file:dir r_dir_perms; -allow platform_app vfat:dir create_dir_perms; -allow platform_app vfat:file create_file_perms; - -allow platform_app drmserver_service:service_manager find; -allow platform_app mediaserver_service:service_manager find; -allow platform_app persistent_data_block_service:service_manager find; -allow platform_app radio_service:service_manager find; -allow platform_app surfaceflinger_service:service_manager find; -allow platform_app app_api_service:service_manager find; -allow platform_app system_api_service:service_manager find; |