1# Rules common to some specific binder service domains. 2# Deprecated. Consider granting the exact permissions required by your service. 3 4# Allow dumpstate and incidentd to collect information from binder services 5allow binderservicedomain { dumpstate incidentd }:fd use; 6allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr }; 7allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write }; 8allow binderservicedomain shell_data_file:file { getattr write }; 9 10# Allow dumpsys to work from adb shell or the serial console 11allow binderservicedomain devpts:chr_file rw_file_perms; 12allow binderservicedomain console_device:chr_file rw_file_perms; 13 14# Receive and write to a pipe received over Binder from an app. 15allow binderservicedomain appdomain:fd use; 16allow binderservicedomain appdomain:fifo_file write; 17 18# allow all services to run permission checks 19allow binderservicedomain permission_service:service_manager find; 20 21allow binderservicedomain keystore:keystore2_key { delete get_info rebind use }; 22 23use_keystore(binderservicedomain) 24# binderservicedomain is using apex_info via libvintf 25use_apex_info(binderservicedomain) 26