1# apexd -- manager for APEX packages
2type apexd, domain;
3type apexd_exec, exec_type, file_type, system_file_type;
4
5binder_use(apexd)
6add_service(apexd, apex_service)
7set_prop(apexd, apexd_prop)
8
9neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
10neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call;
11
12neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
13
14# only apexd can set apexd sysprop
15neverallow { domain -apexd -init } apexd_prop:property_service set;
16