Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / refs/tags/fp2-sibon-17.08.1.1 / . / servicemanager.te
blob: 9947aa7d0f9e33412245ba97a14feb15e22782bf [file] [log] [blame]
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]1# servicemanager - the Binder context manager
Stephen Smalley45731c72014-09-08 16:06:40 -0400[diff] [blame]2type servicemanager, domain, mlstrustedsubject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -0500[diff] [blame]3type servicemanager_exec, exec_type, file_type;
4
5init_daemon_domain(servicemanager)
Stephen Smalleycfb2e992013-10-29 14:42:39 -0400[diff] [blame]6
7# Note that we do not use the binder_* macros here.
8# servicemanager is unique in that it only provides
9# name service (aka context manager) for Binder.
10# As such, it only ever receives and transfers other references
11# created by other domains. It never passes its own references
12# or initiates a Binder IPC.
13allow servicemanager self:binder set_context_mgr;
Nick Kralevich65feafc2014-08-21 16:26:23 -0700[diff] [blame]14allow servicemanager { domain -init }:binder transfer;
Riley Spahnf90c41f2014-06-05 15:52:02 -0700[diff] [blame]15
Riley Spahnf90c41f2014-06-05 15:52:02 -0700[diff] [blame]16# Check SELinux permissions.
17selinux_check_access(servicemanager)