1 # hwservicemanager - the Binder context manager for HAL services 2 type hwservicemanager, domain, mlstrustedsubject; 3 type hwservicemanager_exec, exec_type, file_type; 4 5 # Note that we do not use the binder_* macros here. 6 # hwservicemanager provides name service (aka context manager) 7 # for hwbinder. 8 # Additionally, it initiates binder IPC calls to 9 # clients who request service notifications. The permission 10 # to do this is granted in the hwbinder_use macro. 11 allow hwservicemanager self:binder set_context_mgr; 12 13 set_prop(hwservicemanager, hwservicemanager_prop) 14 15 # Scan through /system/lib64/hw looking for installed HALs 16 allow hwservicemanager system_file:dir r_dir_perms; 17 18 # Read hwservice_contexts 19 allow hwservicemanager hwservice_contexts_file:file r_file_perms; 20 21 # Check SELinux permissions. 22 selinux_check_access(hwservicemanager) 23
