1 ### 2 ### VrCore was historically an untrusted_app, but it was moved into its own 3 ### domain to tighten access to VrCore-specific IPC services and 4 ### opportunistically eliminate legacy untrusted_app rules. 5 ### 6 7 type vrcore_app, domain; 8 9 app_domain(vrcore_app) 10 net_domain(vrcore_app) 11 bluetooth_domain(vrcore_app) 12 13 # Services from untrusted_app_all. 14 # Should be kept in sync with untrusted_app_all. 15 allow vrcore_app audioserver_service:service_manager find; 16 allow vrcore_app cameraserver_service:service_manager find; 17 allow vrcore_app drmserver_service:service_manager find; 18 allow vrcore_app mediaserver_service:service_manager find; 19 allow vrcore_app mediaextractor_service:service_manager find; 20 allow vrcore_app mediametrics_service:service_manager find; 21 allow vrcore_app mediadrmserver_service:service_manager find; 22 allow vrcore_app mediacasserver_service:service_manager find; 23 allow vrcore_app nfc_service:service_manager find; 24 allow vrcore_app radio_service:service_manager find; 25 allow vrcore_app surfaceflinger_service:service_manager find; 26 allow vrcore_app app_api_service:service_manager find; 27 28 # VrCore-specific services. 29 allow vrcore_app vr_manager_service:service_manager find; 30 allow vrcore_app vr_hwc_service:service_manager find; 31 allow vrcore_app virtual_touchpad_service:service_manager find; 32 33 # gdbserver for ndk-gdb ptrace attaches to app process. 34 allow vrcore_app self:process ptrace; 35 36 # Access to /data/media for screenshots. 37 allow vrcore_app media_rw_data_file:dir create_dir_perms; 38 allow vrcore_app media_rw_data_file:file create_file_perms; 39
