Confine servicemanager, but leave it permissive for now.

Change-Id: Ib29d63b9bff0d3b1b2c152c4e4d82e21360aacc5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 10 insertions, 1 deletions

diff --git a/servicemanager.te b/servicemanager.te
index 10b6aad..dc0f15e 100644
--- a/servicemanager.te
+++ b/servicemanager.te
@@ -1,6 +1,15 @@
 # servicemanager - the Binder context manager
 type servicemanager, domain;
+permissive servicemanager;
 type servicemanager_exec, exec_type, file_type;
 
 init_daemon_domain(servicemanager)
-unconfined_domain(servicemanager)
+
+# Note that we do not use the binder_* macros here.
+# servicemanager is unique in that it only provides
+# name service (aka context manager) for Binder.
+# As such, it only ever receives and transfers other references
+# created by other domains.  It never passes its own references
+# or initiates a Binder IPC.
+allow servicemanager self:binder set_context_mgr;
+allow servicemanager domain:binder transfer;