1*e4a36f41SAndroid Build Coastguard Worker# hwservicemanager - the Binder context manager for HAL services 2*e4a36f41SAndroid Build Coastguard Workertype hwservicemanager, domain, mlstrustedsubject; 3*e4a36f41SAndroid Build Coastguard Workertype hwservicemanager_exec, system_file_type, exec_type, file_type; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Note that we do not use the binder_* macros here. 6*e4a36f41SAndroid Build Coastguard Worker# hwservicemanager provides name service (aka context manager) 7*e4a36f41SAndroid Build Coastguard Worker# for hwbinder. 8*e4a36f41SAndroid Build Coastguard Worker# Additionally, it initiates binder IPC calls to 9*e4a36f41SAndroid Build Coastguard Worker# clients who request service notifications. The permission 10*e4a36f41SAndroid Build Coastguard Worker# to do this is granted in the hwbinder_use macro. 11*e4a36f41SAndroid Build Coastguard Workerallow hwservicemanager self:binder set_context_mgr; 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker# Scan through /system/lib64/hw looking for installed HALs 14*e4a36f41SAndroid Build Coastguard Workerallow hwservicemanager system_file:dir r_dir_perms; 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Read hwservice_contexts 17*e4a36f41SAndroid Build Coastguard Workerallow hwservicemanager hwservice_contexts_file:file r_file_perms; 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker# Check SELinux permissions. 20*e4a36f41SAndroid Build Coastguard Workerselinux_check_access(hwservicemanager) 21