5c6a227ebb
Copy the final system sepolicy from oc-dev to its prebuilt dir corresponding to its version (26.0) so that we can uprev policy and start maintaining compatibility files, as well as use it for CTS tests targeting future platforms. Bug: 37896931 Test: none, this just copies the old policy. Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
22 lines
834 B
Text
22 lines
834 B
Text
# hwservicemanager - the Binder context manager for HAL services
|
|
type hwservicemanager, domain, mlstrustedsubject;
|
|
type hwservicemanager_exec, exec_type, file_type;
|
|
|
|
# Note that we do not use the binder_* macros here.
|
|
# hwservicemanager provides name service (aka context manager)
|
|
# for hwbinder.
|
|
# Additionally, it initiates binder IPC calls to
|
|
# clients who request service notifications. The permission
|
|
# to do this is granted in the hwbinder_use macro.
|
|
allow hwservicemanager self:binder set_context_mgr;
|
|
|
|
set_prop(hwservicemanager, hwservicemanager_prop)
|
|
|
|
# Scan through /system/lib64/hw looking for installed HALs
|
|
allow hwservicemanager system_file:dir r_dir_perms;
|
|
|
|
# Read hwservice_contexts
|
|
allow hwservicemanager hwservice_contexts_file:file r_file_perms;
|
|
|
|
# Check SELinux permissions.
|
|
selinux_check_access(hwservicemanager)
|