2013-12-13 22:19:45 -08:00
|
|
|
# Rules common to all binder service domains
|
|
|
|
|
2013-12-19 18:18:32 -08:00
|
|
|
# Allow dumpstate to collect information from binder services
|
2013-12-13 22:19:45 -08:00
|
|
|
allow binderservicedomain dumpstate:fd use;
|
|
|
|
allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
|
2014-01-10 23:05:25 -08:00
|
|
|
allow binderservicedomain shell_data_file:file { getattr write };
|
2013-12-19 18:18:32 -08:00
|
|
|
|
2014-06-20 18:25:52 -07:00
|
|
|
# Allow dumpsys to work from adb shell or the serial console
|
2013-12-19 18:18:32 -08:00
|
|
|
allow binderservicedomain devpts:chr_file rw_file_perms;
|
2014-06-20 18:25:52 -07:00
|
|
|
allow binderservicedomain console_device:chr_file rw_file_perms;
|
2014-03-21 07:24:04 -07:00
|
|
|
|
|
|
|
# Receive and write to a pipe received over Binder from an app.
|
|
|
|
allow binderservicedomain appdomain:fd use;
|
|
|
|
allow binderservicedomain appdomain:fifo_file write;
|
2014-06-05 15:52:02 -07:00
|
|
|
|
2014-06-17 14:58:52 -07:00
|
|
|
allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
|
|
|
|
|
|
|
|
use_keystore(binderservicedomain)
|