blob: 2ad0502165941df20d75fd9bd7b27f47137d1071 [file] [log] [blame]
# vndservicemanager - the Binder context manager for vendor processes
type vndservicemanager_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vndservicemanager);
allow vndservicemanager self:binder set_context_mgr;
# transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only)
allow vndservicemanager { domain -coredomain -init -vendor_init }:binder transfer;
allow vndservicemanager vndbinder_device:chr_file rw_file_perms;
# Read vndservice_contexts
allow vndservicemanager vndservice_contexts_file:file r_file_perms;
add_service(vndservicemanager, service_manager_vndservice)
# Start lazy services
set_prop(vndservicemanager, ctl_interface_start_prop)
# Check SELinux permissions.
selinux_check_access(vndservicemanager)
# Log to kmesg
allow vndservicemanager kmsg_device:chr_file rw_file_perms;