selinux: add domain for Gallery (52da0cbc) · Commits · e / os / android_device_lineage_sepolicy

common/private/gallery_app.te

0 → 100644

+21 −0

Original line number	Diff line number	Diff line
		type gallery_app, domain, coredomain;

		app_domain(gallery_app)
		net_domain(gallery_app)

		# Access standard system services
		allow gallery_app app_api_service:service_manager find;
		allow gallery_app audioserver_service:service_manager find;
		allow gallery_app cameraserver_service:service_manager find;
		allow gallery_app drmserver_service:service_manager find;
		allow gallery_app mediacodec_service:service_manager find;
		allow gallery_app mediaextractor_service:service_manager find;
		allow gallery_app mediaserver_service:service_manager find;
		allow gallery_app mediametrics_service:service_manager find;
		allow gallery_app nfc_service:service_manager find;
		allow gallery_app surfaceflinger_service:service_manager find;

		allow gallery_app hidl_token_hwservice:hwservice_manager find;

		# Allow to read and execute camera app modules
		allow gallery_app vendor_file:file { rx_file_perms };

+1 −0

user=_app isPrivApp=true seinfo=platform name=com.android.gallery3d domain=gallery_app type=app_data_file levelFrom=user

user=_app isPrivApp=true seinfo=platform name=org.lineageos.snap domain=snap_app type=app_data_file levelFrom=user