Newer
Older
# servicemanager - the Binder context manager
type servicemanager, domain;
type servicemanager_exec, exec_type, file_type;
init_daemon_domain(servicemanager)
# Note that we do not use the binder_* macros here.
# servicemanager is unique in that it only provides
# name service (aka context manager) for Binder.
# As such, it only ever receives and transfers other references
# created by other domains. It never passes its own references
# or initiates a Binder IPC.
allow servicemanager self:binder set_context_mgr;
allow servicemanager { domain -init }:binder transfer;
# Check SELinux permissions.
selinux_check_access(servicemanager)