| # microdroid_app is a domain for microdroid_launcher, which is a binary that |
| # loads a shared library from an apk and executes it by calling an entry point |
| # in the library. This can be considered as the native counterpart of |
| # app_process for Java. |
| # |
| # Both microdroid_launcher and payload from the shared library run in the |
| # context of microdroid_app. |
| |
| type microdroid_app, domain, coredomain, microdroid_payload; |
| type microdroid_app_exec, exec_type, file_type, system_file_type; |
| |
| # Talk to binder services (for keystore) |
| binder_use(microdroid_app); |
| |
| # Allow payloads to use keystore |
| use_keystore(microdroid_app); |
| |
| # Allow payloads to use and manage their keys |
| allow microdroid_app vm_payload_key:keystore2_key { |
| delete |
| get_info |
| manage_blob |
| rebind |
| use |
| }; |