Home | History | Annotate | Download | only in vendor 
      1 # vndservicemanager - the Binder context manager for vendor processes
      2 type vndservicemanager_exec, exec_type, vendor_file_type, file_type;
      3 
      4 init_daemon_domain(vndservicemanager);
      5 
      6 allow vndservicemanager self:binder set_context_mgr;
      7 
      8 # transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only)
      9 allow vndservicemanager { domain -coredomain -init -vendor_init }:binder transfer;
     10 
     11 allow vndservicemanager vndbinder_device:chr_file rw_file_perms;
     12 
     13 # Read vndservice_contexts
     14 allow vndservicemanager vndservice_contexts_file:file r_file_perms;
     15 
     16 # Check SELinux permissions.
     17 selinux_check_access(vndservicemanager)
     18