f90c41f6e8
Add a service_mananger class with the verb add. Add a type that groups the services for each of the processes that is allowed to start services in service.te and an attribute for all services controlled by the service manager. Add the service_contexts file which maps service name to target label. Bug: 12909011 Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
17 lines
764 B
Text
17 lines
764 B
Text
# Rules common to all binder service domains
|
|
|
|
# Allow dumpstate to collect information from binder services
|
|
allow binderservicedomain dumpstate:fd use;
|
|
allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
|
|
allow binderservicedomain shell_data_file:file { getattr write };
|
|
|
|
# Allow dumpsys to work from adb shell
|
|
allow binderservicedomain devpts:chr_file rw_file_perms;
|
|
|
|
# Receive and write to a pipe received over Binder from an app.
|
|
allow binderservicedomain appdomain:fd use;
|
|
allow binderservicedomain appdomain:fifo_file write;
|
|
|
|
# Allow binderservicedomain to add services by default.
|
|
allow binderservicedomain service_manager_type:service_manager add;
|
|
auditallow binderservicedomain default_android_service:service_manager add;
|