1# Rules common to all binder service domains
2
3# Allow dumpstate to collect information from binder services
4allow binderservicedomain dumpstate:fd use;
5allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
6allow binderservicedomain shell_data_file:file { getattr write };
7
8# Allow dumpsys to work from adb shell or the serial console
9allow binderservicedomain devpts:chr_file rw_file_perms;
10allow binderservicedomain console_device:chr_file rw_file_perms;
11
12# Receive and write to a pipe received over Binder from an app.
13allow binderservicedomain appdomain:fd use;
14allow binderservicedomain appdomain:fifo_file write;
15
16allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
17
18use_keystore(binderservicedomain)
19