1### 2### A domain for further sandboxing the GooglePermissionController app. 3### 4type permissioncontroller_app, domain, coredomain; 5 6app_domain(permissioncontroller_app) 7 8# Allow interaction with gpuservice 9binder_call(permissioncontroller_app, gpuservice) 10allow permissioncontroller_app gpu_service:service_manager find; 11 12# Allow interaction with role_service 13allow permissioncontroller_app role_service:service_manager find; 14 15# Allow interaction with usagestats_service 16allow permissioncontroller_app usagestats_service:service_manager find; 17 18# Allow interaction with activity_service 19allow permissioncontroller_app activity_service:service_manager find; 20 21allow permissioncontroller_app activity_task_service:service_manager find; 22allow permissioncontroller_app audio_service:service_manager find; 23allow permissioncontroller_app autofill_service:service_manager find; 24allow permissioncontroller_app content_capture_service:service_manager find; 25allow permissioncontroller_app device_policy_service:service_manager find; 26allow permissioncontroller_app incidentcompanion_service:service_manager find; 27allow permissioncontroller_app IProxyService_service:service_manager find; 28allow permissioncontroller_app location_service:service_manager find; 29allow permissioncontroller_app media_session_service:service_manager find; 30allow permissioncontroller_app radio_service:service_manager find; 31allow permissioncontroller_app surfaceflinger_service:service_manager find; 32allow permissioncontroller_app telecom_service:service_manager find; 33allow permissioncontroller_app trust_service:service_manager find; 34 35# Allow the app to request and collect incident reports. 36# (Also requires DUMP and PACKAGE_USAGE_STATS permissions) 37allow permissioncontroller_app incident_service:service_manager find; 38binder_call(permissioncontroller_app, incidentd) 39allow permissioncontroller_app incidentd:fifo_file { read write }; 40