Grant appdomain access to app_api_service
The original idea was to compartmentalize services for apps to access. ex. an app that manage display brightness should not have access to audio service. However, identifying all services is hard and we often end up granting app_api_service in practice to avoid unexpected crashes. Bug: 147198856 Test: Remove device app_api_service related sepolicy and related process remain functional Change-Id: I3aafcf1a91847a97c86f1d7992653b806a713bd4
This commit is contained in:
parent
4c37de9b44
commit
d5a0edd75e
@ -50,6 +50,9 @@ allow appdomain adbd:process sigchld;
|
||||
# child shell or gdbserver pty access for runas.
|
||||
allow appdomain devpts:chr_file { getattr read write ioctl };
|
||||
|
||||
# Allow appdomain to access app_api_service
|
||||
allow { appdomain -isolated_app } app_api_service:service_manager find;
|
||||
|
||||
# Use pipes and sockets provided by system_server via binder or local socket.
|
||||
allow appdomain system_server:fd use;
|
||||
allow appdomain system_server:fifo_file rw_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user