1 # servicemanager - the Binder context manager 2 type servicemanager, domain, domain_deprecated, mlstrustedsubject; 3 type servicemanager_exec, exec_type, file_type; 4 5 init_daemon_domain(servicemanager) 6 7 # Note that we do not use the binder_* macros here. 8 # servicemanager is unique in that it only provides 9 # name service (aka context manager) for Binder. 10 # As such, it only ever receives and transfers other references 11 # created by other domains. It never passes its own references 12 # or initiates a Binder IPC. 13 allow servicemanager self:binder set_context_mgr; 14 allow servicemanager { domain -init }:binder transfer; 15 16 # Check SELinux permissions. 17 selinux_check_access(servicemanager) 18
