blob: db2f93ffa7b60343e57028174c02f52012429862 [file] [log] [blame]
# Rules common to all binder service domains
# Allow dumpstate to collect information from binder services
allow binderservicedomain dumpstate:fd use;
allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
allow binderservicedomain shell_data_file:file { getattr write };
# Allow dumpsys to work from adb shell
allow binderservicedomain devpts:chr_file rw_file_perms;
# Receive and write to a pipe received over Binder from an app.
allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write;
# Allow binderservicedomain to add services by default.
allow binderservicedomain service_manager_type:service_manager add;
auditallow binderservicedomain default_android_service:service_manager add;