6b952393f6
Change-Id: I07d188e4dd8801a539db1e9f3edf82a1d662648e (cherry picked from commit 61a082a55dbc2798d50d0d4b766151d69334729a)
18 lines
760 B
Text
18 lines
760 B
Text
# hwservicemanager - the Binder context manager for HAL services
|
|
type hwservicemanager, domain, mlstrustedsubject;
|
|
type hwservicemanager_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(hwservicemanager)
|
|
|
|
# Note that we do not use the binder_* macros here.
|
|
# hwservicemanager only provides name service (aka context manager)
|
|
# for Binder.
|
|
# As such, it only ever receives and transfers other references
|
|
# created by other domains. It never passes its own references
|
|
# or initiates a Binder IPC.
|
|
allow hwservicemanager self:binder set_context_mgr;
|
|
allow hwservicemanager { domain -init }:binder transfer;
|
|
|
|
# TODO once hwservicemanager checks whether HALs are
|
|
# allowed to register a certain service, add policy here
|
|
# for allowing to check SELinux permissions.
|