| # easel service |
| type easel, domain; |
| type easel_exec, exec_type, vendor_file_type, file_type; |
| |
| init_daemon_domain(easel) |
| |
| hwbinder_use(easel) |
| add_hwservice(easel, hal_paintbox_hwservice) |
| get_prop(easel, hwservicemanager_prop) |
| |
| # access easel dev nodes |
| allow easel easel_device:chr_file rw_file_perms; |
| allow easel sysfs_easel:file rw_file_perms; |
| allow easel sysfs_easel:dir r_dir_perms; |
| |
| # access easel thermal sysfs |
| allow easel sysfs_thermal:dir r_dir_perms; |
| allow easel sysfs_thermal:file r_file_perms; |
| allow easel sysfs_thermal:lnk_file r_file_perms; |
| |
| # access "/proc/stat" |
| allow easel proc_stat:file r_file_perms; |
| |
| allow easel google_camera_app:binder call; |
| allow easel hal_camera_default:binder call; |
| allow easel hal_neuralnetworks_paintbox:binder call; |
| |
| allow easel hal_graphics_allocator_default:fd use; |
| allow easel ion_device:chr_file r_file_perms; |
| |
| # access to keychain for kernel based authentication |
| allow easel kernel:key search; |