1# Rules common to all binder service domains 2 3# Allow dumpstate to collect information from binder services 4allow binderservicedomain dumpstate:fd use; 5allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr }; 6allow binderservicedomain shell_data_file:file { getattr write }; 7 8# Allow dumpsys to work from adb shell or the serial console 9allow binderservicedomain devpts:chr_file rw_file_perms; 10allow binderservicedomain console_device:chr_file rw_file_perms; 11 12# Receive and write to a pipe received over Binder from an app. 13allow binderservicedomain appdomain:fd use; 14allow binderservicedomain appdomain:fifo_file write; 15 16allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify }; 17 18use_keystore(binderservicedomain) 19