1### 2### SDK Sandbox process. 3### 4### This file defines the audit sdk sandbox security policy for 5### the set of restrictions proposed for the next SDK level. 6### 7### The sdk_sandbox_audit domain has the same rules as the 8### sdk_sandbox_current domain and additional auditing rules 9### for the accesses we are considering forbidding in the upcoming 10### sdk_sandbox_next domain. 11type sdk_sandbox_audit, domain, coredomain, sdk_sandbox_all, sdk_sandbox_current; 12 13net_domain(sdk_sandbox_audit) 14app_domain(sdk_sandbox_audit) 15 16# Auditallow rules for accesses that are currently allowed but we 17# might remove in the future. 18 19auditallow sdk_sandbox_audit { 20 cameraserver_service 21 ephemeral_app_api_service 22 mediadrmserver_service 23 radio_service 24}:service_manager find; 25 26auditallow sdk_sandbox_audit { 27 property_type 28 -system_property_type 29}:file rw_file_perms; 30 31auditallow sdk_sandbox_audit { 32 property_type 33 -system_property_type 34}:dir rw_dir_perms; 35