| type ims, domain, device_domain_deprecated; |
| type ims_exec, exec_type, vendor_file_type, file_type; |
| |
| init_daemon_domain(ims) |
| |
| # Policy below to be updated per b/23784951 |
| allow ims self:capability { net_admin net_raw }; |
| |
| binder_use(ims) |
| set_prop(ims, qcom_ims_prop) |
| qmux_socket(ims) |
| unix_socket_connect(ims, cnd, cnd) |
| allowxperm ims self:udp_socket ioctl SIOCDEVPRIVATE_D; |
| |
| allow ims ims_service:service_manager add; |
| |
| allow ims ims_socket:sock_file write; |
| allow ims self:socket create_socket_perms; |
| allowxperm ims self:socket ioctl msm_sock_ipc_ioctls; |
| allow ims self:udp_socket create_socket_perms; |
| allow ims self:netlink_socket create_socket_perms_no_ioctl; |
| allow ims self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read }; |
| |
| allow ims sysfs_msm_subsys:dir r_dir_perms; |
| allow ims sysfs_msm_subsys:lnk_file r_file_perms; |