| type per_mgr, domain, device_domain_deprecated; |
| type per_mgr_exec, exec_type, vendor_file_type, file_type; |
| init_daemon_domain(per_mgr); |
| |
| allow per_mgr shared_log_device:chr_file rw_file_perms; |
| |
| allow per_mgr sysfs_msm_subsys:dir r_dir_perms; |
| allow per_mgr sysfs_msm_subsys:lnk_file r_file_perms; |
| |
| binder_service(per_mgr) |
| binder_use(per_mgr) |
| binder_call(per_mgr, per_proxy) |
| binder_call(per_mgr, rild) |
| allow per_mgr per_mgr_service:service_manager add; |
| |
| allow per_mgr subsys_modem_device:chr_file r_file_perms; |
| |
| allow per_mgr self:capability net_raw; |
| allow per_mgr self:socket create_socket_perms; |
| allowxperm per_mgr self:socket ioctl msm_sock_ipc_ioctls; |