platform_system_sepolicy/vendor/vndservicemanager.te

# vndservicemanager - the Binder context manager for vendor processes
type vndservicemanager_exec, exec_type, file_type;

init_daemon_domain(vndservicemanager);

allow vndservicemanager self:binder set_context_mgr;

# transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only)
allow vndservicemanager { domain -init }:binder transfer;

allow vndservicemanager vndbinder_device:chr_file rw_file_perms;

# Check SELinux permissions.
selinux_check_access(vndservicemanager)
Initial sepolicy for vndservicemanager. vndservicemanager is the context manager for binder services that are solely registered and accessed from vendor processes. Bug: 36052864 Test: vendorservicemanager runs Merged-In: Ifbf536932678d0ff13d019635fe6347e185ef387 Change-Id: I430f1762eb83825f6cd4be939a69d46a8ddc80ff 2017-03-22 00:01:52 +01:00			`# vndservicemanager - the Binder context manager for vendor processes`
			`type vndservicemanager_exec, exec_type, file_type;`

			`init_daemon_domain(vndservicemanager);`

			`allow vndservicemanager self:binder set_context_mgr;`

			`# transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only)`
			`allow vndservicemanager { domain -init }:binder transfer;`

			`allow vndservicemanager vndbinder_device:chr_file rw_file_perms;`

			`# Check SELinux permissions.`
			`selinux_check_access(vndservicemanager)`