1### 2### A domain for further sandboxing the GooglePermissionController app. 3### 4type permissioncontroller_app, domain, coredomain; 5 6app_domain(permissioncontroller_app) 7 8allow permissioncontroller_app app_api_service:service_manager find; 9allow permissioncontroller_app system_api_service:service_manager find; 10 11# Allow interaction with gpuservice 12binder_call(permissioncontroller_app, gpuservice) 13 14allow permissioncontroller_app radio_service:service_manager find; 15 16# Allow the app to request and collect incident reports. 17# (Also requires DUMP and PACKAGE_USAGE_STATS permissions) 18allow permissioncontroller_app incident_service:service_manager find; 19binder_call(permissioncontroller_app, incidentd) 20allow permissioncontroller_app incidentd:fifo_file { read write }; 21 22allow permissioncontroller_app gpu_device:dir search; 23