1# 2# Apps that run with the system UID, e.g. com.android.system.ui, 3# com.android.settings. These are not as privileged as the system 4# server. 5# 6type system_app, domain, domain_deprecated; 7app_domain(system_app) 8net_domain(system_app) 9binder_service(system_app) 10 11# Read and write /data/data subdirectory. 12allow system_app system_app_data_file:dir create_dir_perms; 13allow system_app system_app_data_file:{ file lnk_file } create_file_perms; 14 15# Read and write to /data/misc/user. 16allow system_app misc_user_data_file:dir create_dir_perms; 17allow system_app misc_user_data_file:file create_file_perms; 18 19# Access to vold-mounted storage for measuring free space 20allow system_app mnt_media_rw_file:dir search; 21 22# Read wallpaper file. 23allow system_app wallpaper_file:file r_file_perms; 24 25# Read icon file. 26allow system_app icon_file:file r_file_perms; 27 28# Write to properties 29set_prop(system_app, debug_prop) 30set_prop(system_app, system_prop) 31set_prop(system_app, logd_prop) 32set_prop(system_app, net_radio_prop) 33set_prop(system_app, system_radio_prop) 34set_prop(system_app, log_tag_prop) 35userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)') 36auditallow system_app net_radio_prop:property_service set; 37auditallow system_app system_radio_prop:property_service set; 38 39# ctl interface 40set_prop(system_app, ctl_default_prop) 41set_prop(system_app, ctl_bugreport_prop) 42 43# Create /data/anr/traces.txt. 44allow system_app anr_data_file:dir ra_dir_perms; 45allow system_app anr_data_file:file create_file_perms; 46 47# Settings need to access app name and icon from asec 48allow system_app asec_apk_file:file r_file_perms; 49 50allow system_app servicemanager:service_manager list; 51allow system_app { service_manager_type -netd_service }:service_manager find; 52 53allow system_app keystore:keystore_key { 54 get_state 55 get 56 insert 57 delete 58 exist 59 list 60 reset 61 password 62 lock 63 unlock 64 is_empty 65 sign 66 verify 67 grant 68 duplicate 69 clear_uid 70 user_changed 71}; 72 73# /sys access 74allow system_app sysfs_zram:dir search; 75allow system_app sysfs_zram:file r_file_perms; 76 77control_logd(system_app) 78