tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/34.0/private/binderservicedomain.te
Alex Buynytskyy 9c6c988bad UpsideDownCake/34 is now REL 
Ignore-AOSP-First: UpsideDownCake Finalization
Bug: 275409981
Test: build
Change-Id: I15bf3817a8a6867d52f7963a04a69e543a9801e9
Merged-In: I15bf3817a8a6867d52f7963a04a69e543a9801e9
2023-04-21 19:36:02 +00:00

26 lines
1.2 KiB
Text
Raw Blame History

# Rules common to all binder service domains
# Allow dumpstate and incidentd to collect information from binder services
allow binderservicedomain { dumpstate incidentd }:fd use;
allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write };
allow binderservicedomain shell_data_file:file { getattr write };
# Allow dumpsys to work from adb shell or the serial console
allow binderservicedomain devpts:chr_file rw_file_perms;
allow binderservicedomain console_device:chr_file rw_file_perms;
# Receive and write to a pipe received over Binder from an app.
allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write;
# allow all services to run permission checks
allow binderservicedomain permission_service:service_manager find;
allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
allow binderservicedomain keystore:keystore2 { get_state };
allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
use_keystore(binderservicedomain)
# binderservicedomain is using apex_info via libvintf
use_apex_info(binderservicedomain)
Reference in a new issue View git blame Copy permalink