Create a separate domain for VzwOmaTrigger
This creates a new vzwomatrigger_app domain. The domain is currently in permissive mode (for userdebug and eng builds), while we observe the SELinux denials generated and update permissions. Bug: 142672293 Test: Build, flash, boot successfully Change-Id: I552df772b66e8e7edb1ccee754d1ea8dd1acece0
This commit is contained in:
parent
64e36cf38d
commit
c77ff3727c
@ -158,6 +158,7 @@ user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
|
||||
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
|
||||
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
|
||||
user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
|
||||
user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
|
||||
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
|
||||
|
14
private/vzwomatrigger_app.te
Normal file
14
private/vzwomatrigger_app.te
Normal file
@ -0,0 +1,14 @@
|
||||
###
|
||||
### A domain for further sandboxing the VzwOmaTrigger app.
|
||||
###
|
||||
type vzwomatrigger_app, domain;
|
||||
|
||||
# Allow everything.
|
||||
# TODO(b/142672293): remove when no selinux denials are triggered for this
|
||||
# domain
|
||||
# STOPSHIP(b/142672293): monitor http://go/sedenials for any denials around
|
||||
# `vzwomatrigger_app` and remove this line once we are confident about
|
||||
# this having the right set of permissions.
|
||||
userdebug_or_eng(`permissive vzwomatrigger_app;')
|
||||
|
||||
app_domain(vzwomatrigger_app)
|
Loading…
Reference in New Issue
Block a user