52a96cc7dd
This is useful for tools like dumpsys, so that they work on all services
equally as well. Also, so that there is no difference with the regular
service manager.
Bug: 150579832
Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager'
Test: denial is no longer present:
03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0
Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e
22 lines
775 B
Text
22 lines
775 B
Text
# vndservicemanager - the Binder context manager for vendor processes
|
|
type vndservicemanager_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
init_daemon_domain(vndservicemanager);
|
|
|
|
allow vndservicemanager self:binder set_context_mgr;
|
|
|
|
# transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only)
|
|
allow vndservicemanager { domain -coredomain -init -vendor_init }:binder transfer;
|
|
|
|
allow vndservicemanager vndbinder_device:chr_file rw_file_perms;
|
|
|
|
# Read vndservice_contexts
|
|
allow vndservicemanager vndservice_contexts_file:file r_file_perms;
|
|
|
|
add_service(vndservicemanager, service_manager_vndservice)
|
|
|
|
# Start lazy services
|
|
set_prop(vndservicemanager, ctl_interface_start_prop)
|
|
|
|
# Check SELinux permissions.
|
|
selinux_check_access(vndservicemanager)
|