| # access to perflock |
| unix_socket_send(untrusted_app, mpctl, mpdecision) |
| unix_socket_connect(untrusted_app, mpctl, mpdecision) |
| |
| # diag device node access is restricted to untrusted_app |
| neverallow untrusted_app diag_device:chr_file rw_file_perms; |
| |
| # test apps needs to communicate with imscm |
| # using binder call |
| userdebug_or_eng(` |
| binder_call(untrusted_app, imscm) |
| ') |
| |
| # for finding wbc_service |
| allow untrusted_app wbc_service:service_manager find; |
| |
| # using binder call |
| userdebug_or_eng(` |
| allow untrusted_app improve_touch_service:service_manager find; |
| binder_call(untrusted_app, hbtp); |
| ') |