1### 2### VrCore was historically an untrusted_app, but it was moved into its own 3### domain to tighten access to VrCore-specific IPC services and 4### opportunistically eliminate legacy untrusted_app rules. 5### 6 7type vrcore_app, domain; 8type vrcore_app_tmpfs, file_type; 9 10app_domain(vrcore_app) 11net_domain(vrcore_app) 12bluetooth_domain(vrcore_app) 13 14# Services from untrusted_app_all. 15# Should be kept in sync with untrusted_app_all. 16allow vrcore_app audioserver_service:service_manager find; 17allow vrcore_app cameraserver_service:service_manager find; 18allow vrcore_app drmserver_service:service_manager find; 19allow vrcore_app mediaserver_service:service_manager find; 20allow vrcore_app mediaextractor_service:service_manager find; 21allow vrcore_app mediametrics_service:service_manager find; 22allow vrcore_app mediadrmserver_service:service_manager find; 23allow vrcore_app nfc_service:service_manager find; 24allow vrcore_app radio_service:service_manager find; 25allow vrcore_app surfaceflinger_service:service_manager find; 26allow vrcore_app app_api_service:service_manager find; 27 28# VrCore-specific services. 29allow vrcore_app vr_manager_service:service_manager find; 30allow vrcore_app vr_hwc_service:service_manager find; 31allow vrcore_app virtual_touchpad_service:service_manager find; 32 33# gdbserver for ndk-gdb ptrace attaches to app process. 34allow vrcore_app self:process ptrace; 35 36# Access to /data/media for screenshots. 37allow vrcore_app media_rw_data_file:dir create_dir_perms; 38allow vrcore_app media_rw_data_file:file create_file_perms; 39