| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================== |
| |
| typeattribute teeregistryd_app coredomain; |
| |
| app_domain(teeregistryd_app) |
| |
| binder_service(teeregistryd_app) |
| binder_use(teeregistryd_app) |
| |
| add_service(teeregistryd_app, teeregistry_service) |
| |
| hal_client_domain(teeregistryd_app, hal_teeregistry) |
| hal_client_domain(teeregistryd_app, hal_allocator) |
| |
| allow teeregistryd_app activity_service:service_manager find; |
| allow teeregistryd_app connectivity_service:service_manager find; |
| allow teeregistryd_app display_service:service_manager find; |
| allow teeregistryd_app network_management_service:service_manager find; |
| allow teeregistryd_app tee_service:service_manager find; |
| allow teeregistryd_app fwmarkd_socket:sock_file write; |
| allow teeregistryd_app netd:unix_stream_socket connectto; |
| allow teeregistryd_app node:udp_socket node_bind; |
| allow teeregistryd_app port:udp_socket name_bind; |
| allow teeregistryd_app port:tcp_socket name_connect; |
| allow teeregistryd_app self:tcp_socket { create setopt read getopt getattr write connect }; |
| allow teeregistryd_app dnsproxyd_socket:sock_file write; |
| allow teeregistryd_app self:udp_socket { create bind setattr }; |