car_product/sepolicy/qcom-sh.te - platform/packages/services/Car - Gitiles

 # qcom-sh service
 type qcom-sh, domain;
 type qcom-sh_exec, exec_type, file_type;

 # Started by init
 init_daemon_domain(qcom-sh)

 # Set ctl.quipc_* property.
 set_prop(qcom-sh, ctl_quipc_igsn_prop)
 set_prop(qcom-sh, ctl_quipc_main_prop)

 allow qcom-sh self:capability net_admin;

 # Allow writing of ipv6 network properties
 allow qcom-sh proc_net:file w_file_perms;

 allow qcom-sh shell_exec:file r_file_perms;

 allow qcom-sh toolbox_exec:file rx_file_perms;

 allow qcom-sh sysfs:file r_file_perms;
	# qcom-sh service
	type qcom-sh, domain;
	type qcom-sh_exec, exec_type, file_type;

	# Started by init
	init_daemon_domain(qcom-sh)

	# Set ctl.quipc_* property.
	set_prop(qcom-sh, ctl_quipc_igsn_prop)
	set_prop(qcom-sh, ctl_quipc_main_prop)

	allow qcom-sh self:capability net_admin;

	# Allow writing of ipv6 network properties
	allow qcom-sh proc_net:file w_file_perms;

	allow qcom-sh shell_exec:file r_file_perms;

	allow qcom-sh toolbox_exec:file rx_file_perms;

	allow qcom-sh sysfs:file r_file_perms;