| Nick Kralevich | 09e6abd | 2013-12-13 22:19:45 -0800 | [diff] [blame] | 1 | # Rules common to all binder service domains |
| 2 | |
| Nick Kralevich | 5153890 | 2013-12-19 18:18:32 -0800 | [diff] [blame] | 3 | # Allow dumpstate to collect information from binder services |
| Nick Kralevich | 09e6abd | 2013-12-13 22:19:45 -0800 | [diff] [blame] | 4 | allow binderservicedomain dumpstate:fd use; |
| 5 | allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr }; |
| Nick Kralevich | 2e7a301 | 2014-01-10 23:05:25 -0800 | [diff] [blame] | 6 | allow binderservicedomain shell_data_file:file { getattr write }; |
| Nick Kralevich | 5153890 | 2013-12-19 18:18:32 -0800 | [diff] [blame] | 7 | |
| 8 | # Allow dumpsys to work from adb shell |
| 9 | allow binderservicedomain devpts:chr_file rw_file_perms; |
| Stephen Smalley | 644279b | 2014-03-21 10:24:04 -0400 | [diff] [blame^] | 10 | |
| 11 | # Receive and write to a pipe received over Binder from an app. |
| 12 | allow binderservicedomain appdomain:fd use; |
| 13 | allow binderservicedomain appdomain:fifo_file write; |