1# apexd -- manager for APEX packages 2type apexd, domain; 3type apexd_exec, exec_type, file_type, system_file_type; 4 5binder_use(apexd) 6add_service(apexd, apex_service) 7set_prop(apexd, apexd_prop) 8 9neverallow { domain -init -apexd -system_server } apex_service:service_manager find; 10neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call; 11 12neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace; 13 14# only apexd can set apexd sysprop 15neverallow { domain -apexd -init } apexd_prop:property_service set; 16