1*e4a36f41SAndroid Build Coastguard Workertypeattribute gatekeeperd coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(gatekeeperd) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# For checking whether GSI is running 6*e4a36f41SAndroid Build Coastguard Workerget_prop(gatekeeperd, gsid_prop) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# gatekeeperd 9*e4a36f41SAndroid Build Coastguard Workerbinder_service(gatekeeperd) 10*e4a36f41SAndroid Build Coastguard Workerbinder_use(gatekeeperd) 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Worker### Rules needed when Gatekeeper HAL runs inside gatekeeperd process. 13*e4a36f41SAndroid Build Coastguard Worker### These rules should eventually be granted only when needed. 14*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd ion_device:chr_file r_file_perms; 15*e4a36f41SAndroid Build Coastguard Worker# Load HAL implementation 16*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd system_file:dir r_dir_perms; 17*e4a36f41SAndroid Build Coastguard Worker### 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process. 20*e4a36f41SAndroid Build Coastguard Worker### These rules should eventually be granted only when needed. 21*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(gatekeeperd, hal_gatekeeper) 22*e4a36f41SAndroid Build Coastguard Worker### 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# need to find KeyStore and add self 25*e4a36f41SAndroid Build Coastguard Workeradd_service(gatekeeperd, gatekeeper_service) 26*e4a36f41SAndroid Build Coastguard Worker 27*e4a36f41SAndroid Build Coastguard Worker# Need to add auth tokens to KeyStore 28*e4a36f41SAndroid Build Coastguard Workeruse_keystore(gatekeeperd) 29*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd keystore:keystore2 { add_auth }; 30*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd authorization_service:service_manager find; 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Worker 33*e4a36f41SAndroid Build Coastguard Worker# For permissions checking 34*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd system_server:binder call; 35*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd permission_service:service_manager find; 36*e4a36f41SAndroid Build Coastguard Worker 37*e4a36f41SAndroid Build Coastguard Worker# for SID file access 38*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd gatekeeper_data_file:dir rw_dir_perms; 39*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd gatekeeper_data_file:file create_file_perms; 40*e4a36f41SAndroid Build Coastguard Worker 41*e4a36f41SAndroid Build Coastguard Worker# For hardware properties retrieval 42*e4a36f41SAndroid Build Coastguard Workerallow gatekeeperd hardware_properties_service:service_manager find; 43*e4a36f41SAndroid Build Coastguard Worker 44*e4a36f41SAndroid Build Coastguard Workerr_dir_file(gatekeeperd, cgroup) 45*e4a36f41SAndroid Build Coastguard Workerr_dir_file(gatekeeperd, cgroup_v2) 46