blob: 395155d41b33220a9fa3ea35954adadd76b6d303 [file] [log] [blame]
#Policy for peripheral_manager
#per_mgr - peripheral_manager domain
type per_mgr, domain, domain_deprecated;
type per_mgr_exec, exec_type, file_type;
#Needed for binder transactions
allow per_mgr self:socket create_socket_perms;
allow per_mgr per_mgr_service:service_manager { add find };
#Rules for peripheral manager clients
#Rules for RILD
binder_call(per_mgr, rild);
binder_call(rild, per_mgr);
#Needed by ipc_router
allow per_mgr self:capability { net_raw };
#Needed to power on the peripheral
allow per_mgr ssr_device:chr_file { open read };
#Needed by libmdmdetect to figure out the system configuration
#allow per_mgr sysfs_esoc:dir { open search read };
#allow per_mgr sysfs_esoc:lnk_file { read };
#Needed by libmdmdetect to get subsystem info and to check their states
allow per_mgr sysfs_ssr:dir { open search read };
allow per_mgr sysfs_ssr:lnk_file { read open };
#Needed by pm-proxy to talk to peripheral manager
binder_call(per_mgr, per_mgr);
allow per_mgr subsys_modem_device:chr_file r_file_perms;