| Martijn Coenen | e7d8f4c | 2017-03-21 16:01:52 -0700 | [diff] [blame] | 1 | # vndservicemanager - the Binder context manager for vendor processes |
| Sandeep Patil | 2ee66e7 | 2017-04-10 13:03:28 -0700 | [diff] [blame] | 2 | type vndservicemanager_exec, exec_type, vendor_file_type, file_type; |
| Martijn Coenen | e7d8f4c | 2017-03-21 16:01:52 -0700 | [diff] [blame] | 3 | |
| 4 | init_daemon_domain(vndservicemanager); |
| 5 | |
| 6 | allow vndservicemanager self:binder set_context_mgr; |
| 7 | |
| 8 | # transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only) |
| Tom Cherry | a099830 | 2018-02-09 11:31:56 -0800 | [diff] [blame] | 9 | allow vndservicemanager { domain -coredomain -init -vendor_init }:binder transfer; |
| Martijn Coenen | e7d8f4c | 2017-03-21 16:01:52 -0700 | [diff] [blame] | 10 | |
| 11 | allow vndservicemanager vndbinder_device:chr_file rw_file_perms; |
| 12 | |
| Martijn Coenen | 6676c23 | 2017-03-31 17:29:53 -0700 | [diff] [blame] | 13 | # Read vndservice_contexts |
| 14 | allow vndservicemanager vndservice_contexts_file:file r_file_perms; |
| 15 | |
| Steven Moreland | 52a96cc | 2020-03-05 09:41:37 -0800 | [diff] [blame] | 16 | add_service(vndservicemanager, service_manager_vndservice) |
| 17 | |
| Jon Spivack | b58c4c2 | 2019-08-19 16:05:13 -0700 | [diff] [blame] | 18 | # Start lazy services |
| 19 | set_prop(vndservicemanager, ctl_interface_start_prop) |
| 20 | |
| Martijn Coenen | e7d8f4c | 2017-03-21 16:01:52 -0700 | [diff] [blame] | 21 | # Check SELinux permissions. |
| 22 | selinux_check_access(vndservicemanager) |
| Steven Moreland | 5c3f315 | 2022-06-08 22:34:15 +0000 | [diff] [blame] | 23 | |
| 24 | # Log to kmesg |
| 25 | allow vndservicemanager kmsg_device:chr_file rw_file_perms; |