common/peripheral_manager.te - fp2-dev/device/qcom/sepolicy - Gitiles

 # Policy for peripheral_manager
 # per_mgr - peripheral_manager domain
 type per_mgr, domain;

 type per_mgr_exec, exec_type, file_type;
 init_daemon_domain(per_mgr);

 # Needed for binder transactions
 binder_use(per_mgr);
 binder_service(per_mgr);

 allow per_mgr self:socket create_socket_perms;
 allow per_mgr per_mgr_service:service_manager { add find };

 # Needed by ipc_router
 allow per_mgr self:capability net_raw;

 # Needed to power on the peripheral
 allow per_mgr ssr_device:chr_file r_file_perms;

 # Needed by libmdmdetect to figure out the system configuration
 r_dir_file(per_mgr, sysfs_esoc)

 # Needed by libmdmdetect to get subsystem info and to check their states
 r_dir_file(per_mgr, sysfs_ssr)

 r_dir_file(per_mgr, firmware_file)
 # Needed by pm-proxy to talk to peripheral manager
 binder_call(per_mgr, per_mgr);
 binder_call(per_mgr, sensors);
	# Policy for peripheral_manager
	# per_mgr - peripheral_manager domain
	type per_mgr, domain;

	type per_mgr_exec, exec_type, file_type;
	init_daemon_domain(per_mgr);

	# Needed for binder transactions
	binder_use(per_mgr);
	binder_service(per_mgr);

	allow per_mgr self:socket create_socket_perms;
	allow per_mgr per_mgr_service:service_manager { add find };

	# Needed by ipc_router
	allow per_mgr self:capability net_raw;

	# Needed to power on the peripheral
	allow per_mgr ssr_device:chr_file r_file_perms;

	# Needed by libmdmdetect to figure out the system configuration
	r_dir_file(per_mgr, sysfs_esoc)

	# Needed by libmdmdetect to get subsystem info and to check their states
	r_dir_file(per_mgr, sysfs_ssr)

	r_dir_file(per_mgr, firmware_file)
	# Needed by pm-proxy to talk to peripheral manager
	binder_call(per_mgr, per_mgr);
	binder_call(per_mgr, sensors);