1# vndservicemanager - the Binder context manager for vendor processes 2type vndservicemanager_exec, exec_type, vendor_file_type, file_type; 3 4init_daemon_domain(vndservicemanager); 5 6allow vndservicemanager self:binder set_context_mgr; 7 8# transfer binder objects to other processes (TODO b/35870313 limit this to vendor-only) 9allow vndservicemanager { domain -coredomain -init -vendor_init }:binder transfer; 10 11allow vndservicemanager vndbinder_device:chr_file rw_file_perms; 12 13# Read vndservice_contexts 14allow vndservicemanager vndservice_contexts_file:file r_file_perms; 15 16add_service(vndservicemanager, service_manager_vndservice) 17 18# Start lazy services 19set_prop(vndservicemanager, ctl_interface_start_prop) 20 21# Check SELinux permissions. 22selinux_check_access(vndservicemanager) 23