servicemanager.te - android/platform/system/sepolicy - Gitiles Standalone

 # servicemanager - the Binder context manager
 type servicemanager, domain;
 type servicemanager_exec, exec_type, file_type;

 init_daemon_domain(servicemanager)

 # Note that we do not use the binder_* macros here.
 # servicemanager is unique in that it only provides
 # name service (aka context manager) for Binder.
 # As such, it only ever receives and transfers other references
 # created by other domains.  It never passes its own references
 # or initiates a Binder IPC.
 allow servicemanager self:binder set_context_mgr;
 allow servicemanager domain:binder transfer;

 # Get contexts of binder services that call servicemanager.
 allow servicemanager binderservicedomain:dir search;
 allow servicemanager binderservicedomain:file { read open };
 allow servicemanager binderservicedomain:process getattr;
 # Check SELinux permissions.
 selinux_check_access(servicemanager)
	# servicemanager - the Binder context manager
	type servicemanager, domain;
	type servicemanager_exec, exec_type, file_type;

	init_daemon_domain(servicemanager)

	# Note that we do not use the binder_* macros here.
	# servicemanager is unique in that it only provides
	# name service (aka context manager) for Binder.
	# As such, it only ever receives and transfers other references
	# created by other domains. It never passes its own references
	# or initiates a Binder IPC.
	allow servicemanager self:binder set_context_mgr;
	allow servicemanager domain:binder transfer;

	# Get contexts of binder services that call servicemanager.
	allow servicemanager binderservicedomain:dir search;
	allow servicemanager binderservicedomain:file { read open };
	allow servicemanager binderservicedomain:process getattr;
	# Check SELinux permissions.
	selinux_check_access(servicemanager)