| #Policy for peripheral_manager |
| #per_mgr - peripheral_manager domain |
| type per_mgr, domain; |
| |
| type per_mgr_exec, exec_type, file_type; |
| init_daemon_domain(per_mgr); |
| |
| #Needed for binder transactions |
| binder_use(per_mgr); |
| binder_service(per_mgr); |
| allow per_mgr self:socket { create ioctl bind read write }; |
| allow per_mgr per_mgr_service:service_manager add; |
| |
| #Rules for peripheral manager clients |
| #Rules for RILD |
| binder_call(per_mgr, rild); |
| binder_call(rild, per_mgr); |
| |
| #Needed by ipc_router |
| allow per_mgr self:capability { net_raw }; |
| |
| #Needed to power on the peripheral |
| allow per_mgr ssr_device:chr_file { open read }; |
| |
| #Needed by libmdmdetect to figure out the system configuration |
| allow per_mgr sysfs_esoc:dir { open search read }; |
| allow per_mgr sysfs_esoc:lnk_file { read }; |
| |
| #Needed by libmdmdetect to get subsystem info and to check their states |
| allow per_mgr sysfs_ssr:dir { open search read }; |
| allow per_mgr sysfs_ssr:lnk_file { read open }; |
| |