whitechapel/vendor/google/aocd.te - device/google/gs101-sepolicy - Git at Google

 type aocd, domain;
 type aocd_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(aocd)

 # access persist files
 allow aocd mnt_vendor_file:dir search;
 allow aocd persist_file:dir search;

 # sysfs operations
 allow aocd sysfs_aoc:dir search;
 allow aocd sysfs_aoc_firmware:file w_file_perms;

 # dev operations
 allow aocd aoc_device:chr_file r_file_perms;
	type aocd, domain;
	type aocd_exec, vendor_file_type, exec_type, file_type;
	init_daemon_domain(aocd)

	# access persist files
	allow aocd mnt_vendor_file:dir search;
	allow aocd persist_file:dir search;

	# sysfs operations
	allow aocd sysfs_aoc:dir search;
	allow aocd sysfs_aoc_firmware:file w_file_perms;

	# dev operations
	allow aocd aoc_device:chr_file r_file_perms;