diff options
Diffstat (limited to 'system_app.te')
| -rw-r--r-- | system_app.te | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/system_app.te b/system_app.te deleted file mode 100644 index 355f6d4..0000000 --- a/system_app.te +++ /dev/null @@ -1,73 +0,0 @@ -# -# Apps that run with the system UID, e.g. com.android.system.ui, -# com.android.settings. These are not as privileged as the system -# server. -# -type system_app, domain, domain_deprecated; -app_domain(system_app) -net_domain(system_app) -binder_service(system_app) - -# Read and write /data/data subdirectory. -allow system_app system_app_data_file:dir create_dir_perms; -allow system_app system_app_data_file:{ file lnk_file } create_file_perms; - -# Read and write to /data/misc/user. -allow system_app misc_user_data_file:dir create_dir_perms; -allow system_app misc_user_data_file:file create_file_perms; - -# Access to vold-mounted storage for measuring free space -allow system_app mnt_media_rw_file:dir search; - -# Read wallpaper file. -allow system_app wallpaper_file:file r_file_perms; - -# Write to properties -set_prop(system_app, bluetooth_prop) -set_prop(system_app, debug_prop) -set_prop(system_app, system_prop) -set_prop(system_app, logd_prop) -set_prop(system_app, net_radio_prop) -set_prop(system_app, system_radio_prop) -auditallow system_app net_radio_prop:property_service set; -auditallow system_app system_radio_prop:property_service set; - -# ctl interface -set_prop(system_app, ctl_default_prop) -set_prop(system_app, ctl_bugreport_prop) - -# Create /data/anr/traces.txt. -allow system_app anr_data_file:dir ra_dir_perms; -allow system_app anr_data_file:file create_file_perms; - -# Settings need to access app name and icon from asec -allow system_app asec_apk_file:file r_file_perms; - -allow system_app servicemanager:service_manager list; -allow system_app service_manager_type:service_manager find; - -allow system_app keystore:keystore_key { - get_state - get - insert - delete - exist - list - reset - password - lock - unlock - is_empty - sign - verify - grant - duplicate - clear_uid - user_changed -}; - -# /sys access -allow system_app sysfs_zram:dir search; -allow system_app sysfs_zram:file r_file_perms; - -control_logd(system_app) |