| # Policy for peripheral_manager |
| # per_mgr - peripheral_manager domain |
| type per_mgr, domain; |
| |
| type per_mgr_exec, exec_type, file_type; |
| init_daemon_domain(per_mgr); |
| |
| # Needed for binder transactions |
| binder_use(per_mgr); |
| binder_service(per_mgr); |
| |
| allow per_mgr self:socket create_socket_perms; |
| allow per_mgr per_mgr_service:service_manager { add find }; |
| |
| # Needed by ipc_router |
| allow per_mgr self:capability net_raw; |
| |
| # Needed to power on the peripheral |
| allow per_mgr ssr_device:chr_file r_file_perms; |
| |
| # Needed by libmdmdetect to figure out the system configuration |
| r_dir_file(per_mgr, sysfs_esoc) |
| |
| # Needed by libmdmdetect to get subsystem info and to check their states |
| r_dir_file(per_mgr, sysfs_ssr) |
| |
| r_dir_file(per_mgr, firmware_file) |
| # Needed by pm-proxy to talk to peripheral manager |
| binder_call(per_mgr, per_mgr); |
| binder_call(per_mgr, sensors); |