common/imscm.te - fp2-dev/device/qcom/sepolicy - Gitiles

 #integrated sensor process
 type imscm, domain;
 type imscm_exec, exec_type, file_type;

 # Started by init
 init_daemon_domain(imscm)
 net_domain(imscm)

 # To make VT call
 binder_use(imscm)

 #Add connectionmanager service
 allow imscm imscm_service:service_manager add;

 #allow imscm ims_socket:sock_file write;
 #allow imscm ims:unix_stream_socket connectto;
 unix_socket_connect(imscm, ims, ims)
 allow imscm self:capability net_raw;
 #allow imscm untrusted_app:binder call;

 # imscm needs to communicate with test app
 # using binder call
 userdebug_or_eng(`
   binder_call(imscm, appdomain)
 ')

 # imscm needs read/write access to devpts
 allow imscm devpts:chr_file rw_file_perms;
	#integrated sensor process
	type imscm, domain;
	type imscm_exec, exec_type, file_type;

	# Started by init
	init_daemon_domain(imscm)
	net_domain(imscm)

	# To make VT call
	binder_use(imscm)

	#Add connectionmanager service
	allow imscm imscm_service:service_manager add;

	#allow imscm ims_socket:sock_file write;
	#allow imscm ims:unix_stream_socket connectto;
	unix_socket_connect(imscm, ims, ims)
	allow imscm self:capability net_raw;
	#allow imscm untrusted_app:binder call;

	# imscm needs to communicate with test app
	# using binder call
	userdebug_or_eng(`
	binder_call(imscm, appdomain)
	')

	# imscm needs read/write access to devpts
	allow imscm devpts:chr_file rw_file_perms;