| type hiccup_app, domain; |
| app_domain(hiccup_app) |
| net_domain(hiccup_app) |
| |
| type hiccupd, coredomain, domain; |
| type hiccupd_exec, exec_type, system_file_type, file_type; |
| |
| # Allow for transition from init domain to hiccupd |
| init_daemon_domain(hiccupd) |
| |
| # Allow hiccupd to use Binder IPC |
| binder_use(hiccupd) |
| |
| # Mark hiccupd as a Binder service domain |
| binder_service(hiccupd) |
| |
| # Allow apps to interact with hiccupd |
| binder_call(hiccupd, hiccup_app) |
| binder_call(hiccup_app, hiccupd) |
| binder_call(hiccupd, system_app) |
| binder_call(system_app, hiccupd) |
| |
| # Allow hiccup_app to find services |
| allow hiccup_app { |
| app_api_service |
| hiccupd_service |
| surfaceflinger_service |
| }:service_manager find; |
| |
| # Allow hiccup_app to read persist.fp.hiccup.* properties |
| get_prop(hiccup_app, hiccup_prop) |
| |
| # Allow hiccup_app to read files in /persist |
| allow hiccup_app persist_file:dir r_dir_perms; |
| allow hiccup_app persist_file:file r_file_perms; |
| |
| # Allow hiccup_app to detect if the last shutdown was clean |
| get_prop(hiccup_app, shutdown_reason_prop) |
| |
| # Allow access to Permission Controller in System Server |
| binder_call(hiccupd, system_server) |
| |
| # Allow hiccupd to be registered with service manager |
| allow hiccupd hiccupd_service:service_manager add; |
| |
| # Allow hiccupd to execute commands |
| allow hiccupd shell_exec:file rx_file_perms; |
| allow hiccupd toolbox_exec:file rx_file_perms; |
| allow hiccupd system_file:file rx_file_perms; |
| |
| # Allow hiccupd to set properties |
| set_prop(hiccupd, hiccup_prop) |
| |
| #allow reading and writing log files |
| allow hiccupd hiccup_file:file create_file_perms; |
| allow hiccupd hiccup_file:dir rw_dir_perms; |
| allow hiccupd cache_file:dir create_dir_perms; |
| allow hiccupd cache_file:file create_file_perms; |
| allow hiccup_app cache_file:file r_file_perms; |
| |
| # Allow reading of files in /proc |
| # - /proc/sys/kernel/boot_reason and |
| # - /proc/sys/qpnp-power-on/pon_reason |
| # - /proc/sys/qpnp-power-on/poff_reason |
| allow hiccupd proc:file r_file_perms; |
| |
| # Allow dumping of current kernel logs with dmesg |
| allow hiccupd kernel:system syslog_read; |
| allow hiccupd kmsg_device:chr_file { open read }; |