1 # rules removed from the domain attribute 2 3 # Read access to properties mapping. 4 allow domain_deprecated kernel:fd use; 5 allow domain_deprecated tmpfs:file { read getattr }; 6 allow domain_deprecated tmpfs:lnk_file { read getattr }; 7 8 # Search /storage/emulated tmpfs mount. 9 allow domain_deprecated tmpfs:dir r_dir_perms; 10 11 # Inherit or receive open files from others. 12 allow domain_deprecated system_server:fd use; 13 14 # Connect to adbd and use a socket transferred from it. 15 # This is used for e.g. adb backup/restore. 16 allow domain_deprecated adbd:unix_stream_socket connectto; 17 allow domain_deprecated adbd:fd use; 18 allow domain_deprecated adbd:unix_stream_socket { getattr getopt ioctl read write shutdown }; 19 20 # Root fs. 21 allow domain_deprecated rootfs:dir r_dir_perms; 22 allow domain_deprecated rootfs:file r_file_perms; 23 allow domain_deprecated rootfs:lnk_file r_file_perms; 24 25 # Device accesses. 26 allow domain_deprecated device:file read; 27 28 # System file accesses. 29 allow domain_deprecated system_file:dir r_dir_perms; 30 allow domain_deprecated system_file:file r_file_perms; 31 allow domain_deprecated system_file:lnk_file r_file_perms; 32 33 # Read files already opened under /data. 34 allow domain_deprecated system_data_file:dir { search getattr }; 35 allow domain_deprecated system_data_file:file { getattr read }; 36 allow domain_deprecated system_data_file:lnk_file r_file_perms; 37 38 # Read apk files under /data/app. 39 allow domain_deprecated apk_data_file:dir { getattr search }; 40 allow domain_deprecated apk_data_file:file r_file_perms; 41 allow domain_deprecated apk_data_file:lnk_file r_file_perms; 42 43 # Read /data/dalvik-cache. 44 allow domain_deprecated dalvikcache_data_file:dir { search getattr }; 45 allow domain_deprecated dalvikcache_data_file:file r_file_perms; 46 47 # Read already opened /cache files. 48 allow domain_deprecated cache_file:dir r_dir_perms; 49 allow domain_deprecated cache_file:file { getattr read }; 50 allow domain_deprecated cache_file:lnk_file r_file_perms; 51 52 #Allow access to ion memory allocation device 53 allow domain_deprecated ion_device:chr_file rw_file_perms; 54 55 # Read access to pseudo filesystems. 56 r_dir_file(domain_deprecated, proc) 57 r_dir_file({ domain_deprecated -isolated_app }, sysfs) 58 r_dir_file(domain_deprecated, inotify) 59 r_dir_file(domain_deprecated, cgroup) 60 allow domain_deprecated proc_meminfo:file r_file_perms; 61 r_dir_file(domain_deprecated, proc_net) 62 63 # Get SELinux enforcing status. 64 allow domain_deprecated selinuxfs:dir r_dir_perms; 65 allow domain_deprecated selinuxfs:file r_file_perms; 66 67 # /data/security files 68 allow domain_deprecated security_file:dir { search getattr }; 69 allow domain_deprecated security_file:file getattr; 70 allow domain_deprecated security_file:lnk_file r_file_perms; 71 72 # World readable asec image contents 73 allow domain_deprecated asec_public_file:file r_file_perms; 74 allow domain_deprecated { asec_public_file asec_apk_file }:dir r_dir_perms; 75
