Merge "Update documentation on binderservicedomain" into main

2023-08-29 23:27:50 +00:00 · 2023-08-29 23:27:50 +00:00 · 69a9189ddf
commit 69a9189ddf
parent 9432227844 5e9b88f739
3 changed files with 5 additions and 4 deletions
--- a/private/binderservicedomain.te
+++ b/private/binderservicedomain.te
@ -1,4 +1,5 @@
-# Rules common to all binder service domains
+# Rules common to some specific binder service domains.
+# Deprecated. Consider granting the exact permissions required by your service.

 # Allow dumpstate and incidentd to collect information from binder services
 allow binderservicedomain { dumpstate incidentd }:fd use;
--- a/public/attributes
+++ b/public/attributes
@ -221,7 +221,8 @@ attribute netdomain;
 # All domains used for apps with bluetooth access.
 attribute bluetoothdomain;

-# All domains used for binder service domains.
+# Specific domains that expose a binder service.
+# Deprecated, consider granting the exact permissions required by your service.
 attribute binderservicedomain;

 # All domains which have BPF access.
--- a/public/te_macros
+++ b/public/te_macros
@ -440,8 +440,7 @@ allow $1 $2:fd use;

 #####################################
 # binder_service(domain)
-# Mark a domain as being a Binder service domain.
-# Used to allow binder IPC to the various system services.
+# Deprecated. Consider granting the exact permissions required by your service.
 define(`binder_service', `
 typeattribute $1 binderservicedomain;
 ')