SE Android policy.

author: Stephen Smalley <sds@tycho.nsa.gov> 2012-01-04 12:33:27 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> 2012-01-04 12:33:27 -0500
commit: 2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 (patch)
tree: 70cf7ff792b5f782a2963f87c873b7a7ae926af4 /servicemanager.te
download: android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.gz
android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.bz2
android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/servicemanager.te b/servicemanager.te
new file mode 100644
index 0000000..fefbe08
--- /dev/null
+++ b/servicemanager.te
@@ -0,0 +1,14 @@
+# servicemanager - the Binder context manager
+type servicemanager, domain;
+type servicemanager_exec, exec_type, file_type;
+
+init_daemon_domain(servicemanager)
+
+# Note that we do not use the binder_* macros here.
+# servicemanager is unique in that it only provides
+# name service (aka context manager) for Binder.
+# As such, it only ever receives and transfers other references
+# created by other domains.  It never passes its own references
+# or initiates a Binder IPC.
+allow servicemanager self:binder set_context_mgr;
+allow servicemanager domain:binder { receive transfer };
author	Stephen Smalley <sds@tycho.nsa.gov>	2012-01-04 12:33:27 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	2012-01-04 12:33:27 -0500
commit	2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 (patch)
tree	70cf7ff792b5f782a2963f87c873b7a7ae926af4 /servicemanager.te
download	android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.gz android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.bz2 android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.zip