1 # HwBinder IPC from client to server, and callbacks 2 binder_call(hal_lowpan_client, hal_lowpan_server) 3 binder_call(hal_lowpan_server, hal_lowpan_client) 4 5 add_hwservice(hal_lowpan_server, hal_lowpan_hwservice) 6 7 # Allow hal_lowpan_client to be able to find the hal_lowpan_server 8 allow hal_lowpan_client hal_lowpan_hwservice:hwservice_manager find; 9 10 # hal_lowpan domain can write/read to/from lowpan_prop 11 set_prop(hal_lowpan_server, lowpan_prop) 12 13 # Allow hal_lowpan_server to open lowpan_devices 14 allow hal_lowpan_server lowpan_device:chr_file rw_file_perms; 15 16 ### 17 ### neverallow rules 18 ### 19 20 # Only LoWPAN HAL may directly access LoWPAN hardware 21 neverallow { domain -hal_lowpan_server -init -ueventd } lowpan_device:chr_file ~getattr; 22