| #integrated sensor process |
| type ims, domain; |
| type ims_exec, exec_type, file_type; |
| |
| # Started by init |
| init_daemon_domain(ims) |
| net_domain(ims) |
| |
| # Talk to qmuxd |
| qmux_socket(ims) |
| |
| # To make VT call |
| binder_use(ims) |
| |
| # Bring up IMSPDM |
| allow ims kernel:system module_request; |
| |
| allow ims self:socket create_socket_perms; |
| allow ims self:capability { net_admin net_raw }; |
| |
| # Use generic netlink socket |
| allow ims self:netlink_socket create_socket_perms; |
| |
| # To run NDC command |
| allow ims shell_exec:file rx_file_perms; |
| allow ims system_file:file rx_file_perms; |
| |
| # IMS route installation |
| allow ims wcnss_service_exec:file rx_file_perms; |
| |
| # Talk to netd via netd_socket |
| unix_socket_connect(ims, netd, netd) |
| |
| # Talk to qumuxd via ims_socket |
| unix_socket_connect(ims, ims, qmuxd) |
| |
| # Talk to init via property_socket |
| unix_socket_connect(ims, property, init) |
| |
| #Add connectionmanager service |
| allow ims imscm_service:service_manager add; |
| |
| # Set property to start imsdata_daemon and ims_rtp_daemon |
| allow ims qcom_ims_prop:property_service set; |
| |
| # permissions needed for IMS to connect and interact with WPA supplicant |
| allow ims wpa:unix_dgram_socket sendto; |
| allow ims wpa_exec:file rx_file_perms; |
| allow ims wpa_socket:dir w_dir_perms; |
| allow ims wpa_socket:sock_file { write create unlink setattr }; |
| allow ims wifi_data_file:dir r_dir_perms; |
| |
| # permissions for communication with CNE in LBO use case |
| unix_socket_connect(ims, cnd, cnd) |
| |
| #Communication with voice_svc device for audio on APP |
| allow ims voice_device:chr_file rw_file_perms; |