commit 79eda9ebb85e4ff47585d628c520664d9883ddd8
author d34d <clark@cyngn.com> Wed Jul 20 11:02:12 2016 -0700
committer Clark Scheff <clark@cyngn.com> Tue Aug 02 12:15:34 2016 -0700
tree 76d2184388eb1c3ba7a81360e9b40cb127be427b
parent 7f81f3ce336cc97dc7400bddbd843522b9c2c51d

sepolicy: Put theme service in its own context

Allow the theme manager and its data to be sandboxed in
its own context

Change-Id: I7898663d1c196bfe04fa4c539d20191a43fde284

sepolicy/themeservice_app.te

diff --git a/sepolicy/themeservice_app.te b/sepolicy/themeservice_app.te
new file mode 100644
index 0000000..aaa84ab
--- /dev/null
+++ b/sepolicy/themeservice_app.te
@@ -0,0 +1,19 @@
+# Add themeservice_app to appdomain
+type themeservice_app, domain;
+app_domain(themeservice_app)
+
+# Theme manager service
+allow themeservice_app activity_service:service_manager find;
+allow themeservice_app cm_status_bar_service:service_manager find;
+allow themeservice_app cm_themes_service:dir search;
+allow themeservice_app connectivity_service:service_manager find;
+allow themeservice_app display_service:service_manager find;
+allow themeservice_app mount_service:service_manager find;
+allow themeservice_app notification_service:service_manager find;
+allow themeservice_app system_app_data_file:dir search;
+allow themeservice_app user_service:service_manager find;
+allow themeservice_app wallpaper_service:service_manager find;
+
+# Allow full access to themeservice_app_data_file
+allow themeservice_app themeservice_app_data_file:dir create_dir_perms;
+allow themeservice_app themeservice_app_data_file:file create_file_perms;