test/fidotest.te - fp2-dev/device/qcom/sepolicy - Gitiles

 type fidotest, domain;
 type fidotest_exec, exec_type, file_type;
 init_daemon_domain(fidotest)
 userdebug_or_eng(`
   #Allow fido test daemons to use Binder IPC
   binder_use(fidotest)

   #Allow apps to interact with fido test daemons
   binder_call(fidotest, platform_app)
   binder_call(platform_app, fidotest)
   binder_call(fidotest, system_app)
   binder_call(system_app, fidotest)

   # Mark fido test daemons as a Binder service domain
   binder_service(fidotest)

   #Allow fido test daemons to be registered with service manager
   allow fidotest fidotest_service:service_manager add;

   # Allow communication with init over property server
   unix_socket_connect(fidotest, property, init);

   # Allow access to tee device
   allow fidotest tee_device:chr_file rw_file_perms;

   # Allow access to firmware
   allow fidotest firmware_file:dir r_dir_perms;
   allow fidotest firmware_file:file r_file_perms;
 ')
	type fidotest, domain;
	type fidotest_exec, exec_type, file_type;
	init_daemon_domain(fidotest)
	userdebug_or_eng(`
	#Allow fido test daemons to use Binder IPC
	binder_use(fidotest)

	#Allow apps to interact with fido test daemons
	binder_call(fidotest, platform_app)
	binder_call(platform_app, fidotest)
	binder_call(fidotest, system_app)
	binder_call(system_app, fidotest)

	# Mark fido test daemons as a Binder service domain
	binder_service(fidotest)

	#Allow fido test daemons to be registered with service manager
	allow fidotest fidotest_service:service_manager add;

	# Allow communication with init over property server
	unix_socket_connect(fidotest, property, init);

	# Allow access to tee device
	allow fidotest tee_device:chr_file rw_file_perms;

	# Allow access to firmware
	allow fidotest firmware_file:dir r_dir_perms;
	allow fidotest firmware_file:file r_file_perms;
	')