48fbbbeae2
Create a service context for manager itself and allow servicemanager to register itself. This is so that tools like dumpsys can reference servicemanager the same way they would reference other services. That things can still get ahold of the servicemanager directly via libbinder APIs since it is a context manager. Bug: 136027762 Test: dumpsys -l Change-Id: If3d7aa5d5284c82840ed1877b969572ce0561d2e
27 lines
979 B
Text
27 lines
979 B
Text
# servicemanager - the Binder context manager
|
|
type servicemanager, domain, mlstrustedsubject;
|
|
type servicemanager_exec, system_file_type, exec_type, file_type;
|
|
|
|
# Note that we do not use the binder_* macros here.
|
|
# servicemanager is unique in that it only provides
|
|
# name service (aka context manager) for Binder.
|
|
# As such, it only ever receives and transfers other references
|
|
# created by other domains. It never passes its own references
|
|
# or initiates a Binder IPC.
|
|
allow servicemanager self:binder set_context_mgr;
|
|
allow servicemanager {
|
|
domain
|
|
-init
|
|
-vendor_init
|
|
-hwservicemanager
|
|
-vndservicemanager
|
|
}:binder transfer;
|
|
|
|
allow servicemanager service_contexts_file:file r_file_perms;
|
|
# nonplat_service_contexts only accessible on non full-treble devices
|
|
not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
|
|
|
|
add_service(servicemanager, service_manager_service)
|
|
|
|
# Check SELinux permissions.
|
|
selinux_check_access(servicemanager)
|