2013-12-14 07:19:45 +01:00
|
|
|
# Rules common to all binder service domains
|
|
|
|
|
2016-11-21 08:23:04 +01:00
|
|
|
# Allow dumpstate and incidentd to collect information from binder services
|
|
|
|
allow binderservicedomain { dumpstate incidentd }:fd use;
|
|
|
|
allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
|
|
|
|
allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write };
|
2014-01-11 08:05:25 +01:00
|
|
|
allow binderservicedomain shell_data_file:file { getattr write };
|
2013-12-20 03:18:32 +01:00
|
|
|
|
2014-06-21 03:25:52 +02:00
|
|
|
# Allow dumpsys to work from adb shell or the serial console
|
2013-12-20 03:18:32 +01:00
|
|
|
allow binderservicedomain devpts:chr_file rw_file_perms;
|
2014-06-21 03:25:52 +02:00
|
|
|
allow binderservicedomain console_device:chr_file rw_file_perms;
|
2014-03-21 15:24:04 +01:00
|
|
|
|
|
|
|
# Receive and write to a pipe received over Binder from an app.
|
|
|
|
allow binderservicedomain appdomain:fd use;
|
|
|
|
allow binderservicedomain appdomain:fifo_file write;
|
2014-06-06 00:52:02 +02:00
|
|
|
|
2015-10-29 18:32:14 +01:00
|
|
|
# allow all services to run permission checks
|
|
|
|
allow binderservicedomain permission_service:service_manager find;
|
|
|
|
|
2015-05-13 23:39:48 +02:00
|
|
|
allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
|
2020-07-27 21:53:20 +02:00
|
|
|
allow binderservicedomain keystore:keystore2 { get_state };
|
2020-09-24 17:55:28 +02:00
|
|
|
allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
|
2014-06-17 23:58:52 +02:00
|
|
|
|
|
|
|
use_keystore(binderservicedomain)
|
2022-07-28 18:23:42 +02:00
|
|
|
# binderservicedomain is using apex_info via libvintf
|
|
|
|
use_apex_info(binderservicedomain)
|