| ### |
| ### A domain for further sandboxing the GooglePermissionController app. |
| ### |
| type permissioncontroller_app, domain; |
| |
| app_domain(permissioncontroller_app) |
| |
| # Allow interaction with gpuservice |
| binder_call(permissioncontroller_app, gpuservice) |
| allow permissioncontroller_app gpu_service:service_manager find; |
| |
| # Allow interaction with role_service |
| allow permissioncontroller_app role_service:service_manager find; |
| |
| # Allow interaction with usagestats_service |
| allow permissioncontroller_app usagestats_service:service_manager find; |
| |
| # Allow interaction with activity_service |
| allow permissioncontroller_app activity_service:service_manager find; |
| |
| allow permissioncontroller_app activity_task_service:service_manager find; |
| allow permissioncontroller_app audio_service:service_manager find; |
| allow permissioncontroller_app autofill_service:service_manager find; |
| allow permissioncontroller_app device_policy_service:service_manager find; |
| allow permissioncontroller_app location_service:service_manager find; |
| allow permissioncontroller_app surfaceflinger_service:service_manager find; |
| allow permissioncontroller_app trust_service:service_manager find; |
