Skip to content
Snippets Groups Projects
Normal view Permalink
binderservicedomain.te 784 B
Newer Older
  • Learn to ignore specific revisions
    • Nick Kralevich's avatar
    initial dumpstate domain
    Nick Kralevich committed
    1 2 
    # Rules common to all binder service domains
    Nick Kralevich's avatar
    Allow dumpsys  
    Nick Kralevich committed
    3 
    # Allow dumpstate to collect information from binder services
    Nick Kralevich's avatar
    initial dumpstate domain
    Nick Kralevich committed
    4 5 
    allow binderservicedomain dumpstate:fd use;
allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
    Nick Kralevich's avatar
    Address bug report denials.  
    Nick Kralevich committed
    6 
    allow binderservicedomain shell_data_file:file { getattr write };
    Nick Kralevich's avatar
    Allow dumpsys  
    Nick Kralevich committed
    7
    Nick Kralevich's avatar
    Allow dumpsys from serial console  
    Nick Kralevich committed
    8 
    # Allow dumpsys to work from adb shell or the serial console
    Nick Kralevich's avatar
    Allow dumpsys  
    Nick Kralevich committed
    9 
    allow binderservicedomain devpts:chr_file rw_file_perms;
    Nick Kralevich's avatar
    Allow dumpsys from serial console  
    Nick Kralevich committed
    10 
    allow binderservicedomain console_device:chr_file rw_file_perms;
    Stephen Smalley's avatar
    Allow binder services to use pipes passed over binder.  
    Stephen Smalley committed
    11 12 13 14 
    
# Receive and write to a pipe received over Binder from an app.
allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write;
    Riley Spahn's avatar
    Add SELinux rules for service_manager.  
    Riley Spahn committed
    15
    Riley Spahn's avatar
    Adding policies for KeyStore MAC.  
    Riley Spahn committed
    16 17 18 
    allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };

use_keystore(binderservicedomain)