| { |
| security_policy: { |
| job_policy: { |
| main_process_critical: [ |
| "/bootstrap/fshost", |
| ], |
| }, |
| capability_policy: [ |
| { |
| source_moniker: "<component_manager>", |
| source: "component", |
| source_name: "fuchsia.kernel.VmexResource", |
| capability: "protocol", |
| target_monikers: [ |
| "/bootstrap/base_resolver", |
| ], |
| }, |
| { |
| source_moniker: "/bootstrap/fshost", |
| source: "component", |
| source_name: "bin", |
| capability: "directory", |
| target_monikers: [ |
| "/bootstrap/console-launcher", |
| "/bootstrap/fshost", |
| ], |
| }, |
| { |
| source_moniker: "/bootstrap/fshost", |
| source: "component", |
| source_name: "data", |
| capability: "directory", |
| target_monikers: [ |
| // TODO(https://fxbug.dev/42077029): Remove once session_manager gets autolaunch override |
| // from structured configuration |
| "/core/session-manager", |
| ], |
| }, |
| { |
| source_moniker: "/bootstrap/fshost", |
| source: "component", |
| source_name: "tmp", |
| capability: "directory", |
| target_monikers: [ |
| "/bootstrap/netsvc", |
| "/core", |
| ], |
| }, |
| { |
| source_moniker: "/bootstrap/fshost/blobfs", |
| source: "component", |
| source_name: "blob-exec", |
| capability: "directory", |
| target_monikers: [ |
| "/bootstrap/base_resolver", |
| ], |
| }, |
| { |
| source_moniker: "/core/pkg-resolver", |
| source: "component", |
| source_name: "fuchsia.pkg.PackageResolver", |
| capability: "protocol", |
| target_monikers: [ |
| "/core/system-updater", |
| |
| // TODO(https://fxbug.dev/42074079) Use optional routing to remove these three routes on |
| // non-eng builds. |
| // Use of this capability is controlled by driver_index's structured config |
| // flag enable_ephemeral_drivers, which is disabled on non-eng builds. |
| // https://cs.opensource.google/fuchsia/fuchsia/+/main:src/lib/assembly/platform_configuration/src/subsystems/driver_framework.rs;l=30;drc=a6dbab2808229e37578e6dabdb6bae2a1c0130fe |
| "/bootstrap/driver_index", |
| "/bootstrap/driver_manager", |
| |
| // TODO(https://fxbug.dev/294908859) Use optional routing to remove this route on |
| // non-eng builds. |
| // Use of this capability is controlled by kernel command line options |
| // https://cs.opensource.google/fuchsia/fuchsia/+/main:src/bringup/bin/console-launcher/console_launcher.cc;l=53;drc=2abb92a67d8528b484e1c8ee49bdc8badeaec184 |
| "/bootstrap/console-launcher", |
| |
| // TODO(b/303275551): Remove once the security policy error is fixed. |
| "/core", |
| ], |
| }, |
| { |
| // We restrict access to base_resolver's Resolver protocol because we |
| // expect only parts of component framework to be able to access it. |
| source_moniker: "/bootstrap/base_resolver", |
| source: "component", |
| source_name: "fuchsia.component.resolution.Resolver", |
| capability: "protocol", |
| target_monikers: [ |
| "/core/full-resolver", |
| ], |
| }, |
| ], |
| }, |
| } |