car_product/sepolicy/private/carservice_app.te - platform/packages/services/Car - Git at Google

 # Domain to run Car Service (com.android.car)
 app_domain(carservice_app);

 # Allow Car Service to be the client of Vehicle and Audio Control HALs
 hal_client_domain(carservice_app, hal_audiocontrol)
 hal_client_domain(carservice_app, hal_health)
 hal_client_domain(carservice_app, hal_vehicle)

 # Allow to set boot.car_service_created property
 set_prop(carservice_app, system_prop)

 # Allow Car Service to register/access itself with ServiceManager
 add_service(carservice_app, carservice_service)

 # Allow Car Service to access certain system services.
 # Keep alphabetically sorted.
 allow carservice_app {
     accessibility_service
     activity_service
     activity_task_service
     audio_service
     audioserver_service
     autofill_service
     bluetooth_manager_service
     connectivity_service
     content_service
     deviceidle_service
     display_service
     graphicsstats_service
     input_method_service
     input_service
     location_service
     lock_settings_service
     media_session_service
     network_management_service
     power_service
     procfsinspector_service
     sensorservice_service
     statsmanager_service
     surfaceflinger_service
     telecom_service
     thermal_service
     uimode_service
     voiceinteraction_service
     wifi_service
     wifiscanner_service
 }:service_manager find;

 # Read and write /data/data subdirectory.
 allow carservice_app system_app_data_file:dir create_dir_perms;
 allow carservice_app system_app_data_file:{ file lnk_file } create_file_perms;
 # R/W /data/system/car
 allow carservice_app system_car_data_file:dir create_dir_perms;
 allow carservice_app system_car_data_file:{ file lnk_file } create_file_perms;

 net_domain(carservice_app)

 allow carservice_app cgroup:file rw_file_perms;

 # For I/O stats tracker
 allow carservice_app proc_uid_io_stats:file { read open getattr };

 allow carservice_app procfsinspector:binder call;

 # Allow binder calls with statsd
 allow carservice_app statsd:binder call;

 # To access /sys/fs/<type>/<partition>/lifetime_write_kbytes
 r_dir_file(carservice_app, sysfs_fs_ext4)
 r_dir_file(carservice_app, sysfs_fs_f2fs)

 set_prop(carservice_app, ctl_start_prop)
 set_prop(carservice_app, ctl_stop_prop)
 unix_socket_connect(carservice_app, dumpstate, dumpstate)

 # Allow reading vehicle-specific configuration
 get_prop(carservice_app, vehicle_hal_prop)

 carwatchdog_client_domain(carservice_app)

 # For ActivityBlockingActiviy
 allow carservice_app gpu_device:chr_file rw_file_perms;
 allow carservice_app gpu_device:dir r_dir_perms;
 allow carservice_app gpu_service:service_manager find;
 binder_call(carservice_app, gpuservice)
	# Domain to run Car Service (com.android.car)
	app_domain(carservice_app);

	# Allow Car Service to be the client of Vehicle and Audio Control HALs
	hal_client_domain(carservice_app, hal_audiocontrol)
	hal_client_domain(carservice_app, hal_health)
	hal_client_domain(carservice_app, hal_vehicle)

	# Allow to set boot.car_service_created property
	set_prop(carservice_app, system_prop)

	# Allow Car Service to register/access itself with ServiceManager
	add_service(carservice_app, carservice_service)

	# Allow Car Service to access certain system services.
	# Keep alphabetically sorted.
	allow carservice_app {
	accessibility_service
	activity_service
	activity_task_service
	audio_service
	audioserver_service
	autofill_service
	bluetooth_manager_service
	connectivity_service
	content_service
	deviceidle_service
	display_service
	graphicsstats_service
	input_method_service
	input_service
	location_service
	lock_settings_service
	media_session_service
	network_management_service
	power_service
	procfsinspector_service
	sensorservice_service
	statsmanager_service
	surfaceflinger_service
	telecom_service
	thermal_service
	uimode_service
	voiceinteraction_service
	wifi_service
	wifiscanner_service
	}:service_manager find;

	# Read and write /data/data subdirectory.
	allow carservice_app system_app_data_file:dir create_dir_perms;
	allow carservice_app system_app_data_file:{ file lnk_file } create_file_perms;
	# R/W /data/system/car
	allow carservice_app system_car_data_file:dir create_dir_perms;
	allow carservice_app system_car_data_file:{ file lnk_file } create_file_perms;

	net_domain(carservice_app)

	allow carservice_app cgroup:file rw_file_perms;

	# For I/O stats tracker
	allow carservice_app proc_uid_io_stats:file { read open getattr };

	allow carservice_app procfsinspector:binder call;

	# Allow binder calls with statsd
	allow carservice_app statsd:binder call;

	# To access /sys/fs/<type>/<partition>/lifetime_write_kbytes
	r_dir_file(carservice_app, sysfs_fs_ext4)
	r_dir_file(carservice_app, sysfs_fs_f2fs)

	set_prop(carservice_app, ctl_start_prop)
	set_prop(carservice_app, ctl_stop_prop)
	unix_socket_connect(carservice_app, dumpstate, dumpstate)

	# Allow reading vehicle-specific configuration
	get_prop(carservice_app, vehicle_hal_prop)

	carwatchdog_client_domain(carservice_app)

	# For ActivityBlockingActiviy
	allow carservice_app gpu_device:chr_file rw_file_perms;
	allow carservice_app gpu_device:dir r_dir_perms;
	allow carservice_app gpu_service:service_manager find;
	binder_call(carservice_app, gpuservice)