Something went wrong on our end
-
Alex Klyubin authoredThis removes hwservicemanager from halserverdomain, because halserverdomain is only for domains which offer a HAL service. hwservicemanager offers HwBinder services, but those are not HAL services. Test: mmm system/sepolicy Test: Device boots, no new denials. Bug: 36494354 Bug: 36896667 Change-Id: I002e047ee1dd98f44429ab3dfe31f66dc63a8a1c
Alex Klyubin authoredThis removes hwservicemanager from halserverdomain, because halserverdomain is only for domains which offer a HAL service. hwservicemanager offers HwBinder services, but those are not HAL services. Test: mmm system/sepolicy Test: Device boots, no new denials. Bug: 36494354 Bug: 36896667 Change-Id: I002e047ee1dd98f44429ab3dfe31f66dc63a8a1c
hwservicemanager.te 828 B
# hwservicemanager - the Binder context manager for HAL services
type hwservicemanager, domain, mlstrustedsubject;
type hwservicemanager_exec, exec_type, file_type;
# Note that we do not use the binder_* macros here.
# hwservicemanager provides name service (aka context manager)
# for hwbinder.
# Additionally, it initiates binder IPC calls to
# clients who request service notifications. The permission
# to do this is granted in the hwbinder_use macro.
allow hwservicemanager self:binder set_context_mgr;
set_prop(hwservicemanager, hwservicemanager_prop)
# Scan through /system/lib64/hw looking for installed HALs
allow hwservicemanager system_file:dir r_dir_perms;
# TODO once hwservicemanager checks whether HALs are
# allowed to register a certain service, add policy here
# for allowing to check SELinux permissions.