platform_system_sepolicy/binderservicedomain.te
Chad Brubaker eaa1a1e975 Rename keystore methods and delete unused permissions
Keystore is going through an API cleanup to make names more clear and
remove unclear methods.

(cherry-picked from commit cbc8f79655)

Change-Id: I06354ccd0a9a73fd20168bfce9350c451cfaced3
2015-05-18 12:19:19 -07:00

18 lines
790 B
Text

# Rules common to all binder service domains
# Allow dumpstate to collect information from binder services
allow binderservicedomain dumpstate:fd use;
allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
allow binderservicedomain shell_data_file:file { getattr write };
# Allow dumpsys to work from adb shell or the serial console
allow binderservicedomain devpts:chr_file rw_file_perms;
allow binderservicedomain console_device:chr_file rw_file_perms;
# Receive and write to a pipe received over Binder from an app.
allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write;
allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
use_keystore(binderservicedomain)