hwservicemanager.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # hwservicemanager - the Binder context manager for HAL services
 type hwservicemanager, domain, mlstrustedsubject;
 type hwservicemanager_exec, exec_type, file_type;

 init_daemon_domain(hwservicemanager)

 # Note that we do not use the binder_* macros here.
 # hwservicemanager only provides name service (aka context manager)
 # for Binder.
 # As such, it only ever receives and transfers other references
 # created by other domains.  It never passes its own references
 # or initiates a Binder IPC.
 allow hwservicemanager self:binder set_context_mgr;
 allow hwservicemanager { domain -init }:binder transfer;

 # TODO once hwservicemanager checks whether HALs are
 # allowed to register a certain service, add policy here
 # for allowing to check SELinux permissions.
	# hwservicemanager - the Binder context manager for HAL services
	type hwservicemanager, domain, mlstrustedsubject;
	type hwservicemanager_exec, exec_type, file_type;

	init_daemon_domain(hwservicemanager)

	# Note that we do not use the binder_* macros here.
	# hwservicemanager only provides name service (aka context manager)
	# for Binder.
	# As such, it only ever receives and transfers other references
	# created by other domains. It never passes its own references
	# or initiates a Binder IPC.
	allow hwservicemanager self:binder set_context_mgr;
	allow hwservicemanager { domain -init }:binder transfer;

	# TODO once hwservicemanager checks whether HALs are
	# allowed to register a certain service, add policy here
	# for allowing to check SELinux permissions.