Blame - system_app.te - fp2-dev/platform/external/sepolicy

blob: 5d0eca72723e485c2657a1646acc0f823f62aab5 [file] [log] [blame]

Stephen Smalley	8840fa7	2013-09-11 11:37:46 -0400	[diff] [blame]	1	#
				2	# Apps that run with the system UID, e.g. com.android.system.ui,
				3	# com.android.settings. These are not as privileged as the system
				4	# server.
				5	#
				6	type system_app, domain;
Nick Kralevich	623975f	2014-01-11 01:31:03 -0800	[diff] [blame]	7	permissive_or_unconfined(system_app)
Stephen Smalley	8840fa7	2013-09-11 11:37:46 -0400	[diff] [blame]	8	app_domain(system_app)
Stephen Smalley	85708ec	2014-02-24 10:48:03 -0500	[diff] [blame]	9	net_domain(system_app)
Nick Kralevich	2e7a301	2014-01-10 23:05:25 -0800	[diff] [blame]	10	binder_service(system_app)
Stephen Smalley	5637099	2013-10-23 13:12:55 -0400	[diff] [blame]	11
Stephen Smalley	91a4f8d	2014-05-07 13:10:02 -0400	[diff] [blame]	12	# Read and write /data/data subdirectory.
				13	allow system_app system_app_data_file:dir create_dir_perms;
				14	allow system_app system_app_data_file:file create_file_perms;
Stephen Smalley	5637099	2013-10-23 13:12:55 -0400	[diff] [blame]	15
				16	# Read wallpaper file.
				17	allow system_app wallpaper_file:file r_file_perms;
				18
				19	# Write to dalvikcache.
				20	allow system_app dalvikcache_data_file:file { write setattr };
				21
Nick Kralevich	dd1ec6d	2013-11-01 10:45:03 -0700	[diff] [blame]	22	# Write to properties
Nick Kralevich	3e78000	2013-12-10 16:40:49 -0800	[diff] [blame]	23	unix_socket_connect(system_app, property, init)
				24	allow system_app debug_prop:property_service set;
				25	allow system_app radio_prop:property_service set;
Nick Kralevich	dd1ec6d	2013-11-01 10:45:03 -0700	[diff] [blame]	26	allow system_app system_prop:property_service set;
Stephen Smalley	1c0c010	2014-03-06 14:47:22 -0500	[diff] [blame]	27	allow system_app ctl_bugreport_prop:property_service set;
				28
				29	# Create /data/anr/traces.txt.
				30	allow system_app anr_data_file:dir ra_dir_perms;
				31	allow system_app anr_data_file:file create_file_perms;
Mark Salyzyn	c52d738	2014-05-09 17:47:19 -0700	[diff] [blame^]	32
				33	control_logd(system_app)