Blame - private/servicemanager.te - android_system_sepolicy

blob: 6764b451f509f6b5ef97248c1dba0374d95b1b7f [file] [log] [blame]

Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	1	typeattribute servicemanager coredomain;
				2
dcashman	cc39f63	2016-07-22 13:13:11 -0700	[diff] [blame]	3	init_daemon_domain(servicemanager)
Mark Salyzyn	d33a9a1	2016-11-07 15:11:39 -0800	[diff] [blame]	4
				5	read_runtime_log_tags(servicemanager)
Jon Spivack	839e3db	2019-06-27 13:11:22 -0700	[diff] [blame]	6
				7	set_prop(servicemanager, ctl_interface_start_prop)
Steven Moreland	fd1eb68	2022-07-20 20:54:25 +0000	[diff] [blame]	8	set_prop(servicemanager, servicemanager_prop)
Jooyung Han	133ca4e	2022-07-14 11:31:03 +0900	[diff] [blame]	9
				10	# servicemanager is using bootstrap bionic
				11	use_bootstrap_libs(servicemanager)
Rob Seymour	ecbadbb	2022-07-28 16:23:42 +0000	[diff] [blame]	12
				13	# servicemanager is using apex_info via libvintf
				14	use_apex_info(servicemanager)
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	15
				16	# Note that we do not use the binder_* macros here.
				17	# servicemanager is unique in that it only provides
				18	# name service (aka context manager) for Binder.
				19	# As such, it only ever receives and transfers other references
				20	# created by other domains. It never passes its own references
				21	# or initiates a Binder IPC.
				22	allow servicemanager self:binder set_context_mgr;
				23	allow servicemanager {
				24	domain
				25	-init
				26	-vendor_init
				27	-hwservicemanager
				28	-vndservicemanager
				29	}:binder transfer;
				30
				31	allow servicemanager service_contexts_file:file r_file_perms;
				32
				33	allow servicemanager vendor_service_contexts_file:file r_file_perms;
				34
				35	# nonplat_service_contexts only accessible on non full-treble devices
				36	not_full_treble(`allow servicemanager vendor_service_contexts_file:file r_file_perms;')
				37
				38	add_service(servicemanager, service_manager_service)
				39	allow servicemanager dumpstate:fd use;
				40	allow servicemanager dumpstate:fifo_file write;
				41
				42	# Check SELinux permissions.
				43	selinux_check_access(servicemanager)
				44
				45	allow servicemanager kmsg_device:chr_file rw_file_perms;
				46
Parth Sane	a99fae0	2024-05-21 16:46:50 +0000	[diff] [blame^]	47	perfetto_producer(servicemanager)
				48
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	49	recovery_only(`
				50	# Read VINTF files.
				51	r_dir_file(servicemanager, rootfs)
				52	')