sepolicy/qtimeservice.te - device/google/marlin - Git at Google

 # Qualcomm TimeService app
 type qtimeservice, domain;
 type qtimeservice_tmpfs, file_type;

 app_domain(qtimeservice)

 allow qtimeservice { app_api_service }:service_manager find;

 # Communicate with time_daemon
 allow qtimeservice time:unix_stream_socket connectto;

 # Read and write /data/data subdirectory.
 allow qtimeservice system_app_data_file:dir create_dir_perms;
 allow qtimeservice system_app_data_file:{ file lnk_file } create_file_perms;

 # qtimeservice is a vendor app that can run/execute vendor libraries
 # TODO: (b/36613996) This MUST be removed when 'qtimeservice' is moved to /vendor
 # as part of the fix
 allow qtimeservice vendor_file_type:dir { search getattr };
 allow qtimeservice vendor_file_type:file { execute read open getattr };
 allow qtimeservice vendor_file_type:lnk_file { getattr read };

 allow qtimeservice cgroup:file w_file_perms;
	# Qualcomm TimeService app
	type qtimeservice, domain;
	type qtimeservice_tmpfs, file_type;

	app_domain(qtimeservice)

	allow qtimeservice { app_api_service }:service_manager find;

	# Communicate with time_daemon
	allow qtimeservice time:unix_stream_socket connectto;

	# Read and write /data/data subdirectory.
	allow qtimeservice system_app_data_file:dir create_dir_perms;
	allow qtimeservice system_app_data_file:{ file lnk_file } create_file_perms;

	# qtimeservice is a vendor app that can run/execute vendor libraries
	# TODO: (b/36613996) This MUST be removed when 'qtimeservice' is moved to /vendor
	# as part of the fix
	allow qtimeservice vendor_file_type:dir { search getattr };
	allow qtimeservice vendor_file_type:file { execute read open getattr };
	allow qtimeservice vendor_file_type:lnk_file { getattr read };

	allow qtimeservice cgroup:file w_file_perms;