1*e4a36f41SAndroid Build Coastguard Workertypeattribute servicemanager coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(servicemanager) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workerread_runtime_log_tags(servicemanager) 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Workerset_prop(servicemanager, ctl_interface_start_prop) 8*e4a36f41SAndroid Build Coastguard Workerset_prop(servicemanager, servicemanager_prop) 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# servicemanager is using bootstrap bionic 11*e4a36f41SAndroid Build Coastguard Workeruse_bootstrap_libs(servicemanager) 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker# servicemanager is using apex_info via libvintf 14*e4a36f41SAndroid Build Coastguard Workeruse_apex_info(servicemanager) 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Note that we do not use the binder_* macros here. 17*e4a36f41SAndroid Build Coastguard Worker# servicemanager is unique in that it only provides 18*e4a36f41SAndroid Build Coastguard Worker# name service (aka context manager) for Binder. 19*e4a36f41SAndroid Build Coastguard Worker# As such, it only ever receives and transfers other references 20*e4a36f41SAndroid Build Coastguard Worker# created by other domains. It never passes its own references 21*e4a36f41SAndroid Build Coastguard Worker# or initiates a Binder IPC. 22*e4a36f41SAndroid Build Coastguard Workerallow servicemanager self:binder set_context_mgr; 23*e4a36f41SAndroid Build Coastguard Workerallow servicemanager { 24*e4a36f41SAndroid Build Coastguard Worker domain 25*e4a36f41SAndroid Build Coastguard Worker -init 26*e4a36f41SAndroid Build Coastguard Worker -vendor_init 27*e4a36f41SAndroid Build Coastguard Worker -hwservicemanager 28*e4a36f41SAndroid Build Coastguard Worker -vndservicemanager 29*e4a36f41SAndroid Build Coastguard Worker}:binder transfer; 30*e4a36f41SAndroid Build Coastguard Worker 31*e4a36f41SAndroid Build Coastguard Workerallow servicemanager service_contexts_file:file r_file_perms; 32*e4a36f41SAndroid Build Coastguard Worker 33*e4a36f41SAndroid Build Coastguard Workerallow servicemanager vendor_service_contexts_file:file r_file_perms; 34*e4a36f41SAndroid Build Coastguard Worker 35*e4a36f41SAndroid Build Coastguard Worker# nonplat_service_contexts only accessible on non full-treble devices 36*e4a36f41SAndroid Build Coastguard Workernot_full_treble(`allow servicemanager vendor_service_contexts_file:file r_file_perms;') 37*e4a36f41SAndroid Build Coastguard Worker 38*e4a36f41SAndroid Build Coastguard Workeradd_service(servicemanager, service_manager_service) 39*e4a36f41SAndroid Build Coastguard Workerallow servicemanager dumpstate:fd use; 40*e4a36f41SAndroid Build Coastguard Workerallow servicemanager dumpstate:fifo_file write; 41*e4a36f41SAndroid Build Coastguard Worker 42*e4a36f41SAndroid Build Coastguard Worker# Check SELinux permissions. 43*e4a36f41SAndroid Build Coastguard Workerselinux_check_access(servicemanager) 44*e4a36f41SAndroid Build Coastguard Worker 45*e4a36f41SAndroid Build Coastguard Workerallow servicemanager kmsg_device:chr_file rw_file_perms; 46*e4a36f41SAndroid Build Coastguard Worker 47*e4a36f41SAndroid Build Coastguard Workerperfetto_producer(servicemanager) 48*e4a36f41SAndroid Build Coastguard Worker 49*e4a36f41SAndroid Build Coastguard Workerrecovery_only(` 50*e4a36f41SAndroid Build Coastguard Worker # Read VINTF files. 51*e4a36f41SAndroid Build Coastguard Worker r_dir_file(servicemanager, rootfs) 52*e4a36f41SAndroid Build Coastguard Worker') 53