1# rules removed from the domain attribute 2 3# Read access to properties mapping. 4allow domain_deprecated kernel:fd use; 5allow domain_deprecated tmpfs:file { read getattr }; 6allow domain_deprecated tmpfs:lnk_file { read getattr }; 7 8# Search /storage/emulated tmpfs mount. 9allow domain_deprecated tmpfs:dir r_dir_perms; 10 11# Inherit or receive open files from others. 12allow domain_deprecated system_server:fd use; 13 14# Connect to adbd and use a socket transferred from it. 15# This is used for e.g. adb backup/restore. 16allow domain_deprecated adbd:unix_stream_socket connectto; 17allow domain_deprecated adbd:fd use; 18allow domain_deprecated adbd:unix_stream_socket { getattr getopt ioctl read write shutdown }; 19 20# Root fs. 21allow domain_deprecated rootfs:dir r_dir_perms; 22allow domain_deprecated rootfs:file r_file_perms; 23allow domain_deprecated rootfs:lnk_file r_file_perms; 24 25# Device accesses. 26allow domain_deprecated device:file read; 27 28# System file accesses. 29allow domain_deprecated system_file:dir r_dir_perms; 30allow domain_deprecated system_file:file r_file_perms; 31allow domain_deprecated system_file:lnk_file r_file_perms; 32 33# Read files already opened under /data. 34allow domain_deprecated system_data_file:dir { search getattr }; 35allow domain_deprecated system_data_file:file { getattr read }; 36allow domain_deprecated system_data_file:lnk_file r_file_perms; 37 38# Read apk files under /data/app. 39allow domain_deprecated apk_data_file:dir { getattr search }; 40allow domain_deprecated apk_data_file:file r_file_perms; 41allow domain_deprecated apk_data_file:lnk_file r_file_perms; 42 43# Read /data/dalvik-cache. 44allow domain_deprecated dalvikcache_data_file:dir { search getattr }; 45allow domain_deprecated dalvikcache_data_file:file r_file_perms; 46 47# Read already opened /cache files. 48allow domain_deprecated cache_file:dir r_dir_perms; 49allow domain_deprecated cache_file:file { getattr read }; 50allow domain_deprecated cache_file:lnk_file r_file_perms; 51 52#Allow access to ion memory allocation device 53allow domain_deprecated ion_device:chr_file rw_file_perms; 54 55# Read access to pseudo filesystems. 56r_dir_file(domain_deprecated, proc) 57r_dir_file({ domain_deprecated -isolated_app }, sysfs) 58r_dir_file(domain_deprecated, inotify) 59r_dir_file(domain_deprecated, cgroup) 60allow domain_deprecated proc_meminfo:file r_file_perms; 61r_dir_file(domain_deprecated, proc_net) 62 63# Get SELinux enforcing status. 64allow domain_deprecated selinuxfs:dir r_dir_perms; 65allow domain_deprecated selinuxfs:file r_file_perms; 66 67# /data/security files 68allow domain_deprecated security_file:dir { search getattr }; 69allow domain_deprecated security_file:file getattr; 70allow domain_deprecated security_file:lnk_file r_file_perms; 71 72# World readable asec image contents 73allow domain_deprecated asec_public_file:file r_file_perms; 74allow domain_deprecated { asec_public_file asec_apk_file }:dir r_dir_perms; 75