1*e4a36f41SAndroid Build Coastguard Worker### 2*e4a36f41SAndroid Build Coastguard Worker### A domain for further sandboxing the GooglePermissionController app. 3*e4a36f41SAndroid Build Coastguard Worker### 4*e4a36f41SAndroid Build Coastguard Workertype permissioncontroller_app, domain, coredomain; 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Workerapp_domain(permissioncontroller_app) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Workerallow permissioncontroller_app app_api_service:service_manager find; 9*e4a36f41SAndroid Build Coastguard Workerallow permissioncontroller_app system_api_service:service_manager find; 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# Allow interaction with gpuservice 12*e4a36f41SAndroid Build Coastguard Workerbinder_call(permissioncontroller_app, gpuservice) 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Workerallow permissioncontroller_app radio_service:service_manager find; 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Allow the app to request and collect incident reports. 17*e4a36f41SAndroid Build Coastguard Worker# (Also requires DUMP and PACKAGE_USAGE_STATS permissions) 18*e4a36f41SAndroid Build Coastguard Workerallow permissioncontroller_app incident_service:service_manager find; 19*e4a36f41SAndroid Build Coastguard Workerbinder_call(permissioncontroller_app, incidentd) 20*e4a36f41SAndroid Build Coastguard Workerallow permissioncontroller_app incidentd:fifo_file { read write }; 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Workerallow permissioncontroller_app gpu_device:dir search; 23