Blame - private/binderservicedomain.te - android_system_sepolicy

blob: 7275954b2940a2b53dae45466b974a286013ca4a [file] [log] [blame]

Nick Kralevich	09e6abd	2013-12-13 22:19:45 -0800	[diff] [blame]	1	# Rules common to all binder service domains
				2
Joe Onorato	41f93db	2016-11-20 23:23:04 -0800	[diff] [blame]	3	# Allow dumpstate and incidentd to collect information from binder services
				4	allow binderservicedomain { dumpstate incidentd }:fd use;
				5	allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
				6	allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write };
Nick Kralevich	2e7a301	2014-01-10 23:05:25 -0800	[diff] [blame]	7	allow binderservicedomain shell_data_file:file { getattr write };
Nick Kralevich	5153890	2013-12-19 18:18:32 -0800	[diff] [blame]	8
Nick Kralevich	67d1f1e	2014-06-20 18:25:52 -0700	[diff] [blame]	9	# Allow dumpsys to work from adb shell or the serial console
Nick Kralevich	5153890	2013-12-19 18:18:32 -0800	[diff] [blame]	10	allow binderservicedomain devpts:chr_file rw_file_perms;
Nick Kralevich	67d1f1e	2014-06-20 18:25:52 -0700	[diff] [blame]	11	allow binderservicedomain console_device:chr_file rw_file_perms;
Stephen Smalley	644279b	2014-03-21 10:24:04 -0400	[diff] [blame]	12
				13	# Receive and write to a pipe received over Binder from an app.
				14	allow binderservicedomain appdomain:fd use;
				15	allow binderservicedomain appdomain:fifo_file write;
Riley Spahn	f90c41f	2014-06-05 15:52:02 -0700	[diff] [blame]	16
dcashman	32d207e	2015-10-29 10:32:14 -0700	[diff] [blame]	17	# allow all services to run permission checks
				18	allow binderservicedomain permission_service:service_manager find;
				19
Chad Brubaker	eaa1a1e	2015-05-13 14:39:48 -0700	[diff] [blame]	20	allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
Janis Danisevskis	abb93f2	2020-07-27 12:53:20 -0700	[diff] [blame]	21	allow binderservicedomain keystore:keystore2 { get_state };
Janis Danisevskis	144c822	2020-09-24 08:55:28 -0700	[diff] [blame^]	22	allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
Riley Spahn	1196d2a	2014-06-17 14:58:52 -0700	[diff] [blame]	23
				24	use_keystore(binderservicedomain)