1*e4a36f41SAndroid Build Coastguard Worker### 2*e4a36f41SAndroid Build Coastguard Worker### A domain for sandboxing the remote key provisioning daemon 3*e4a36f41SAndroid Build Coastguard Worker### app that is shipped via mainline. 4*e4a36f41SAndroid Build Coastguard Worker### 5*e4a36f41SAndroid Build Coastguard Workertypeattribute rkpdapp coredomain; 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Workerapp_domain(rkpdapp) 8*e4a36f41SAndroid Build Coastguard Workernet_domain(rkpdapp) 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# RKPD needs to be able to call the remote provisioning HALs 11*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(rkpdapp, hal_keymint) 12*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(rkpdapp, hal_remotelyprovisionedcomponent_avf) 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Grant access to certain system properties related to RKP 15*e4a36f41SAndroid Build Coastguard Workerget_prop(rkpdapp, device_config_remote_key_provisioning_native_prop) 16*e4a36f41SAndroid Build Coastguard Workerset_prop(rkpdapp, remote_prov_prop) 17*e4a36f41SAndroid Build Coastguard Worker 18*e4a36f41SAndroid Build Coastguard Worker# Grant access to the normal services that are available to all apps 19*e4a36f41SAndroid Build Coastguard Workerallow rkpdapp app_api_service:service_manager find; 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker# Grant access to media.metrics service, needed for widevine. This 22*e4a36f41SAndroid Build Coastguard Worker# access is granted to all other apps already (e.g. untrusted_app_all). 23*e4a36f41SAndroid Build Coastguard Workerallow rkpdapp mediametrics_service:service_manager find; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Worker# Grant access to statsd 26*e4a36f41SAndroid Build Coastguard Workerallow rkpdapp statsmanager_service:service_manager find; 27*e4a36f41SAndroid Build Coastguard Workerbinder_call(rkpdapp, statsd) 28