Skip to content
Snippets Groups Projects
Commit e3531f63 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Allow violators of "no Binder in vendor" access to /dev/binder"

parents 3dcc37f3 2ab99a13
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 1 deletion
public/domain.te
+ 6
1
View file @ e3531f63
...@@ -67,7 +67,12 @@ allow domain null_device:chr_file rw_file_perms; ...@@ -67,7 +67,12 @@ allow domain null_device:chr_file rw_file_perms;
allow domain zero_device:chr_file rw_file_perms; allow domain zero_device:chr_file rw_file_perms;
allow domain ashmem_device:chr_file rw_file_perms; allow domain ashmem_device:chr_file rw_file_perms;
# /dev/binder can be accessed by non-vendor domains and by apps # /dev/binder can be accessed by non-vendor domains and by apps
allow { coredomain appdomain -hwservicemanager } binder_device:chr_file rw_file_perms; allow {
coredomain
appdomain
binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
-hwservicemanager
} binder_device:chr_file rw_file_perms;
# Devices which are not full TREBLE have fewer restrictions on access to /dev/binder # Devices which are not full TREBLE have fewer restrictions on access to /dev/binder
not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;') not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
allow { domain -servicemanager -vndservicemanager } hwbinder_device:chr_file rw_file_perms; allow { domain -servicemanager -vndservicemanager } hwbinder_device:chr_file rw_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment