Newer
Older
# hwservicemanager - the Binder context manager for HAL services
type hwservicemanager, domain, mlstrustedsubject;
type hwservicemanager_exec, exec_type, file_type;
init_daemon_domain(hwservicemanager)
# Note that we do not use the binder_* macros here.
# hwservicemanager only provides name service (aka context manager)
# for Binder.
# As such, it only ever receives and transfers other references
# created by other domains. It never passes its own references
# or initiates a Binder IPC.
allow hwservicemanager self:binder set_context_mgr;
allow hwservicemanager { domain -init }:binder transfer;
# TODO once hwservicemanager checks whether HALs are
# allowed to register a certain service, add policy here
# for allowing to check SELinux permissions.