1### 2### A domain for sandboxing the remote key provisioning daemon 3### app that is shipped via mainline. 4### 5typeattribute rkpdapp coredomain; 6 7app_domain(rkpdapp) 8net_domain(rkpdapp) 9 10# RKPD needs to be able to call the remote provisioning HALs 11hal_client_domain(rkpdapp, hal_keymint) 12 13# Grant access to certain system properties related to RKP 14get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop) 15set_prop(rkpdapp, remote_prov_prop) 16 17# Grant access to the normal services that are available to all apps 18allow rkpdapp app_api_service:service_manager find; 19 20# Grant access to media.metrics service, needed for widevine. This 21# access is granted to all other apps already (e.g. untrusted_app_all). 22allow rkpdapp mediametrics_service:service_manager find; 23 24# Grant access to statsd 25allow rkpdapp statsmanager_service:service_manager find; 26binder_call(rkpdapp, statsd) 27