| type sensorservice, domain; |
| type sensorservice_exec, exec_type, file_type; |
| |
| brillo_domain(sensorservice) |
| |
| # Allow sensorservice to be discovered by servicemanager and use binder. |
| allow sensorservice sensorservice_service:service_manager add; |
| allow sensorservice servicemanager:binder { transfer call }; |
| |
| # Allow crash_reporter access to core dump files. |
| allow_crash_reporter(sensorservice) |
| |
| allow sensorservice cpuctl_device:dir search; |
| |
| r_dir_file(sensorservice, proc_net) |
| r_dir_file(sensorservice, sysfs) |
| |
| allow sensorservice self:capability { net_admin sys_nice }; |