commit 7f46347a47a22423998af452ee649c2b3a6926dd
author Treehugger Robot <treehugger-gerrit@google.com> Wed Dec 21 19:16:32 2016 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Dec 21 19:16:32 2016 +0000
tree cdbbb767f654726cea37f52b0261d35fdb8aa5bc
parent 4613628b049424a925ff3096bc887d81b89c2b68
parent df125b90b456748f834df06e69d9e8aa05054c69

Merge "init: only allowed to transition to logpersist or logd"

public/hwservicemanager.te

diff --git a/public/hwservicemanager.te b/public/hwservicemanager.te
index f179599..20a7229 100644
--- a/public/hwservicemanager.te
+++ b/public/hwservicemanager.te
@@ -3,13 +3,12 @@
 type hwservicemanager_exec, exec_type, file_type;
 
 # Note that we do not use the binder_* macros here.
-# hwservicemanager only provides name service (aka context manager)
-# for Binder.
-# As such, it only ever receives and transfers other references
-# created by other domains.  It never passes its own references
-# or initiates a Binder IPC.
+# hwservicemanager provides name service (aka context manager)
+# for hwbinder.
+# Additionally, it initiates binder IPC calls to
+# clients who request service notifications. The permission
+# to do this is granted in the hwbinder_use macro.
 allow hwservicemanager self:binder set_context_mgr;
-allow hwservicemanager { domain -init }:binder transfer;
 
 set_prop(hwservicemanager, hwservicemanager_prop)
 

public/te_macros

diff --git a/public/te_macros b/public/te_macros
index 6a1a5ff..094642c 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -192,6 +192,8 @@
 define(`hwbinder_use', `
 # Call the hwservicemanager and transfer references to it.
 allow $1 hwservicemanager:binder { call transfer };
+# Allow hwservicemanager to send out callbacks
+allow hwservicemanager $1:binder { call transfer };
 # hwservicemanager performs getpidcon on clients.
 allow hwservicemanager $1:dir search;
 allow hwservicemanager $1:file { read open };