Blame - microdroid/sepolicy/system/private/binderservicedomain.te - android_packages_modules_Virtualization

blob: 7275954b2940a2b53dae45466b974a286013ca4a [file] [log] [blame]

Inseob Kim	ff43be2	2021-06-07 16:56:56 +0900	[diff] [blame^]	1	# Rules common to all binder service domains
				2
				3	# Allow dumpstate and incidentd to collect information from binder services
				4	allow binderservicedomain { dumpstate incidentd }:fd use;
				5	allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
				6	allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write };
				7	allow binderservicedomain shell_data_file:file { getattr write };
				8
				9	# Allow dumpsys to work from adb shell or the serial console
				10	allow binderservicedomain devpts:chr_file rw_file_perms;
				11	allow binderservicedomain console_device:chr_file rw_file_perms;
				12
				13	# Receive and write to a pipe received over Binder from an app.
				14	allow binderservicedomain appdomain:fd use;
				15	allow binderservicedomain appdomain:fifo_file write;
				16
				17	# allow all services to run permission checks
				18	allow binderservicedomain permission_service:service_manager find;
				19
				20	allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
				21	allow binderservicedomain keystore:keystore2 { get_state };
				22	allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
				23
				24	use_keystore(binderservicedomain)