blob: 1e89760e0a045c9165f96e8223d41a366884f182 [file] [log] [blame]
###
### Apps signed with the platform key.
###
type platform_app, domain;
permissive platform_app;
app_domain(platform_app)
platform_app_domain(platform_app)
# Access the network.
net_domain(platform_app)
# Access bluetooth.
bluetooth_domain(platform_app)
# Write to /cache.
allow platform_app cache_file:dir rw_dir_perms;
allow platform_app cache_file:file create_file_perms;
# Read from /data/local.
allow platform_app shell_data_file:dir search;
allow platform_app shell_data_file:file { open getattr read };
allow platform_app shell_data_file:lnk_file read;
# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
# created by system server.
allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
allow platform_app apk_private_data_file:dir search;
# ASEC
allow platform_app asec_apk_file:dir create_dir_perms;
allow platform_app asec_apk_file:file create_file_perms;
# Access download files.
allow platform_app download_file:file rw_file_perms;
# Allow BackupManagerService to backup all app domains
allow platform_app appdomain:fifo_file write;
#
# Rules for all platform app domains.
#
# App sandbox file accesses.
allow platformappdomain platform_app_data_file:dir create_dir_perms;
allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_perms;
# App sdcard file accesses
allow platformappdomain sdcard_type:dir create_dir_perms;
allow platformappdomain sdcard_type:file create_file_perms;