sepolicy/ims.te - device/huawei/angler - Git at Google

 type ims, domain, device_domain_deprecated;
 type ims_exec, exec_type, file_type;

 init_daemon_domain(ims)

 # Policy below to be updated per b/23784951
 allow ims self:capability { net_admin net_raw };

 binder_use(ims)
 set_prop(ims, qcom_ims_prop)
 qmux_socket(ims)
 unix_socket_connect(ims, cnd, cnd)

 allow ims ims_service:service_manager add;

 allow ims ims_socket:sock_file write;
 allow ims self:socket create_socket_perms;
 allowxperm ims self:socket ioctl msm_sock_ipc_ioctls;
 allow ims self:udp_socket create_socket_perms;
 allow ims self:netlink_socket create_socket_perms_no_ioctl;
 allow ims self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };

 allow ims sysfs_msm_subsys:dir r_dir_perms;
 allow ims sysfs_msm_subsys:lnk_file r_file_perms;
	type ims, domain, device_domain_deprecated;
	type ims_exec, exec_type, file_type;

	init_daemon_domain(ims)

	# Policy below to be updated per b/23784951
	allow ims self:capability { net_admin net_raw };

	binder_use(ims)
	set_prop(ims, qcom_ims_prop)
	qmux_socket(ims)
	unix_socket_connect(ims, cnd, cnd)

	allow ims ims_service:service_manager add;

	allow ims ims_socket:sock_file write;
	allow ims self:socket create_socket_perms;
	allowxperm ims self:socket ioctl msm_sock_ipc_ioctls;
	allow ims self:udp_socket create_socket_perms;
	allow ims self:netlink_socket create_socket_perms_no_ioctl;
	allow ims self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };

	allow ims sysfs_msm_subsys:dir r_dir_perms;
	allow ims sysfs_msm_subsys:lnk_file r_file_perms;