summaryrefslogtreecommitdiff
path: root/prebuilts/api/32.0/private/permissioncontroller_app.te
diff options
context:
space:
mode:
Diffstat (limited to 'prebuilts/api/32.0/private/permissioncontroller_app.te')
-rw-r--r--prebuilts/api/32.0/private/permissioncontroller_app.te22
1 files changed, 22 insertions, 0 deletions
diff --git a/prebuilts/api/32.0/private/permissioncontroller_app.te b/prebuilts/api/32.0/private/permissioncontroller_app.te
new file mode 100644
index 000000000..5f8187530
--- /dev/null
+++ b/prebuilts/api/32.0/private/permissioncontroller_app.te
@@ -0,0 +1,22 @@
+###
+### A domain for further sandboxing the GooglePermissionController app.
+###
+type permissioncontroller_app, domain, coredomain;
+
+app_domain(permissioncontroller_app)
+
+allow permissioncontroller_app app_api_service:service_manager find;
+allow permissioncontroller_app system_api_service:service_manager find;
+
+# Allow interaction with gpuservice
+binder_call(permissioncontroller_app, gpuservice)
+
+allow permissioncontroller_app radio_service:service_manager find;
+
+# Allow the app to request and collect incident reports.
+# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
+allow permissioncontroller_app incident_service:service_manager find;
+binder_call(permissioncontroller_app, incidentd)
+allow permissioncontroller_app incidentd:fifo_file { read write };
+
+allow permissioncontroller_app gpu_device:dir search;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 08:07:44 +0000