xref: /aosp_15_r20/system/sepolicy/private/binderservicedomain.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1*e4a36f41SAndroid Build Coastguard Worker# Rules common to some specific binder service domains.
2*e4a36f41SAndroid Build Coastguard Worker# Deprecated. Consider granting the exact permissions required by your service.
3*e4a36f41SAndroid Build Coastguard Worker
4*e4a36f41SAndroid Build Coastguard Worker# Allow dumpstate and incidentd to collect information from binder services
5*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain { dumpstate incidentd }:fd use;
6*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
7*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain { dumpstate incidentd }:fifo_file  { getattr write };
8*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain shell_data_file:file { getattr write };
9*e4a36f41SAndroid Build Coastguard Worker
10*e4a36f41SAndroid Build Coastguard Worker# Allow dumpsys to work from adb shell or the serial console
11*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain devpts:chr_file rw_file_perms;
12*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain console_device:chr_file rw_file_perms;
13*e4a36f41SAndroid Build Coastguard Worker
14*e4a36f41SAndroid Build Coastguard Worker# Receive and write to a pipe received over Binder from an app.
15*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain appdomain:fd use;
16*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain appdomain:fifo_file write;
17*e4a36f41SAndroid Build Coastguard Worker
18*e4a36f41SAndroid Build Coastguard Worker# allow all services to run permission checks
19*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain permission_service:service_manager find;
20*e4a36f41SAndroid Build Coastguard Worker
21*e4a36f41SAndroid Build Coastguard Workerallow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
22*e4a36f41SAndroid Build Coastguard Worker
23*e4a36f41SAndroid Build Coastguard Workeruse_keystore(binderservicedomain)
24*e4a36f41SAndroid Build Coastguard Worker# binderservicedomain is using apex_info via libvintf
25*e4a36f41SAndroid Build Coastguard Workeruse_apex_info(binderservicedomain)
26