| Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 1 | # vndservicemanager - the Binder context manager for vendor processes |
| 2 | type vndservicemanager_exec, exec_type, vendor_file_type, file_type; |
| 3 | |
| 4 | init_daemon_domain(vndservicemanager); |
| 5 | |
| 6 | allow vndservicemanager self:binder set_context_mgr; |
| 7 | |
| 8 | # transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only) |
| 9 | allow vndservicemanager { domain -coredomain -init -vendor_init }:binder transfer; |
| 10 | |
| 11 | allow vndservicemanager vndbinder_device:chr_file rw_file_perms; |
| 12 | |
| 13 | # Read vndservice_contexts |
| 14 | allow vndservicemanager vndservice_contexts_file:file r_file_perms; |
| 15 | |
| 16 | add_service(vndservicemanager, service_manager_vndservice) |
| 17 | |
| 18 | # Start lazy services |
| 19 | set_prop(vndservicemanager, ctl_interface_start_prop) |
| 20 | |
| 21 | # Check SELinux permissions. |
| 22 | selinux_check_access(vndservicemanager) |