| # evs app |
| type evs_app, domain, coredomain; |
| hal_client_domain(evs_app, hal_evs) |
| hal_client_domain(evs_app, hal_vehicle) |
| hal_client_domain(evs_app, hal_configstore) |
| hal_client_domain(evs_app, hal_graphics_allocator) |
| |
| # allow init to launch processes in this context |
| type evs_app_exec, exec_type, file_type, system_file_type; |
| init_daemon_domain(evs_app) |
| |
| # gets access to its own files on disk |
| type evs_app_files, file_type, system_file_type; |
| allow evs_app evs_app_files:file { getattr open read }; |
| allow evs_app evs_app_files:dir search; |
| |
| # Allow use of gralloc buffers and EGL |
| allow evs_app gpu_device:chr_file rw_file_perms; |
| allow evs_app ion_device:chr_file r_file_perms; |
| allow evs_app system_file:dir r_dir_perms; |
| |
| # Allow use of binder and find surfaceflinger |
| binder_use(evs_app); |
| allow evs_app surfaceflinger_service:service_manager find; |