App-specific SELinux domain for VrCore.

Move VrCore from untrusted_app_25 into its own domain so we can have
finer control of its IPC surface.

Bug: 36367417
Test: manual
Change-Id: Ib02a58a0a45b7b86c05e3e585437b2f9d68687fe

1 files changed, 36 insertions, 0 deletions

diff --git a/vrcore/sepolicy/vrcore_app.te b/vrcore/sepolicy/vrcore_app.te
new file mode 100644
index 0000000..4515b50
--- /dev/null
+++ b/vrcore/sepolicy/vrcore_app.te
@@ -0,0 +1,36 @@
+###
+### VrCore was historically an untrusted_app, but it was moved into its own
+### domain to tighten access to VrCore-specific IPC services and
+### opportunistically eliminate legacy untrusted_app rules.
+###
+
+type vrcore_app, domain;
+
+app_domain(vrcore_app)
+net_domain(vrcore_app)
+bluetooth_domain(vrcore_app)
+
+# Services from untrusted_app_all.
+# Should be kept in sync with untrusted_app_all.
+allow vrcore_app audioserver_service:service_manager find;
+allow vrcore_app cameraserver_service:service_manager find;
+allow vrcore_app drmserver_service:service_manager find;
+allow vrcore_app mediaserver_service:service_manager find;
+allow vrcore_app mediaextractor_service:service_manager find;
+allow vrcore_app mediametrics_service:service_manager find;
+allow vrcore_app mediadrmserver_service:service_manager find;
+allow vrcore_app mediacasserver_service:service_manager find;
+allow vrcore_app nfc_service:service_manager find;
+allow vrcore_app radio_service:service_manager find;
+allow vrcore_app surfaceflinger_service:service_manager find;
+allow vrcore_app app_api_service:service_manager find;
+
+# VrCore-specific services.
+allow vrcore_app vr_manager_service:service_manager find;
+
+# gdbserver for ndk-gdb ptrace attaches to app process.
+allow vrcore_app self:process ptrace;
+
+# Access to /data/media for screenshots.
+allow vrcore_app media_rw_data_file:dir create_dir_perms;
+allow vrcore_app media_rw_data_file:file create_file_perms;