Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / device / qcom / sepolicy / 93241e5253df5e58322729ceba368dba3d5b0dc7 / . / common / system_server.te
blob: 4f9e89cf7012b73eca3ed007360ba4cdcb6897dd [file] [log] [blame]
Avijit Kanti Das345ffcb2014-07-24 01:03:22 -0700[diff] [blame]1#============= system_server ==============
Avijit Kanti Das0196c6a2014-07-23 23:44:35 -0700[diff] [blame]2# allow system_server to communicate with cnd process over cnd_socket
3unix_socket_connect(system_server, cnd, cnd)
4# allow system/framework applications to update the cnd configuration files
5allow system_server cnd_data_file:dir { read open write getattr add_name };
6allow system_server cnd_data_file:file { create write getattr setattr read lock open };
7
Avijit Kanti Das60e32ec2014-10-08 11:47:24 -0700[diff] [blame]8# Access to sensors socket
9unix_socket_connect(system_server, sensors, sensors)
10unix_socket_send(system_server, sensors, sensors)
11allow system_server sensors:unix_stream_socket sendto;
12allow system_server sensors_socket:sock_file r_file_perms;
Biswajit Paul64f83f62014-10-13 14:36:16 -0700[diff] [blame]13qmux_socket(system_server);
Vince Leung06bd7d82014-10-15 15:15:57 -0700[diff] [blame]14
15# access to perflock
16allow system_server mpctl_socket:dir r_dir_perms;
17unix_socket_send(system_server, mpctl, mpdecision)
18unix_socket_connect(system_server, mpctl, mpdecision)
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]19
20# allow system/framework applications to update the dpmd configuration files
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]21unix_socket_connect(system_server, dpmd, dpmd);
22allow system_server dpmd_socket:sock_file write;
Bhavya Sokke Mallikarjunappa1224bdc2014-11-03 13:33:33 -0800[diff] [blame]23allow system_server dpmd_data_file:dir create_dir_perms;
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]24allow system_server dpmservice:service_manager add;
Bhavya Sokke Mallikarjunappa1224bdc2014-11-03 13:33:33 -0800[diff] [blame]25allow system_server dpmd_data_file:file create_file_perms;
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]26allow system_server socket_device:sock_file write;
Bhavya Sokke Mallikarjunappa1224bdc2014-11-03 13:33:33 -0800[diff] [blame]27
Vince Leung358d6f32014-10-16 15:10:52 -0700[diff] [blame]28unix_socket_send(system_server, mpctl, perfd)
29unix_socket_connect(system_server, mpctl, perfd)
Tushar Janefalkar87c1f922014-10-21 15:16:12 -0700[diff] [blame]30
31allow system_server location:unix_stream_socket connectto;
32allow system_server location_data_file:dir rw_dir_perms;
33allow system_server location_data_file:fifo_file create_file_perms;
34allow system_server location_socket:sock_file rw_file_perms;
35allow system_server location_app_data_file:dir r_dir_perms;
Avijit Kanti Dasc58a6f72014-10-25 16:34:06 -0700[diff] [blame]36allow system_server location_data_file:sock_file rw_file_perms;
Biswajit Pauld8ab6262014-10-23 16:27:42 -0700[diff] [blame]37
38#For wifistatemachine
39allow system_server kernel:key search;
Avijit Kanti Das42a58192014-10-31 15:28:08 -0700[diff] [blame]40allow system_server wbc_service:service_manager add;
Avijit Kanti Dascf1be2f2014-11-07 00:01:45 -0800[diff] [blame]41allow system_server digitalpen_service:service_manager add;
Avijit Kanti Dasd6e8d8e2014-11-07 10:27:44 -0800[diff] [blame]42
43#For ssr
44allow system_server ssr_device:chr_file { read open };
Kurva Harisha86fd522014-11-19 17:06:16 -0800[diff] [blame]45
46allow system_server fuse:dir search;
47allow system_server persist_file:dir search;
Hemant Gupta8678c752014-11-30 11:04:02 +0530[diff] [blame]48
49#For ANT tty communication and to set wc_transport prop
50allow system_server bluetooth_prop:property_service set;
51allow system_server serial_device:chr_file rw_file_perms;
52allow system_server smd_device:chr_file rw_file_perms;