| #Policy for peripheral_manager |
| #per_mgr - peripheral_manager domain |
| type per_mgr, domain; |
| |
| type per_mgr_exec, exec_type, file_type; |
| init_daemon_domain(per_mgr); |
| |
| #Needed for binder transactions |
| binder_use(per_mgr); |
| binder_service(per_mgr); |
| allow per_mgr self:socket create_socket_perms; |
| allow per_mgr per_mgr_service:service_manager { add find }; |
| |
| #Rules for peripheral manager clients |
| #Rules for RILD |
| binder_call(per_mgr, rild); |
| binder_call(rild, per_mgr); |
| |
| #Needed by ipc_router |
| allow per_mgr self:capability { net_raw }; |
| |
| #Needed to power on the peripheral |
| allow per_mgr ssr_device:chr_file { open read }; |
| |
| #Needed by libmdmdetect to figure out the system configuration |
| #allow per_mgr sysfs_esoc:dir { open search read }; |
| #allow per_mgr sysfs_esoc:lnk_file { read }; |
| |
| #Needed by libmdmdetect to get subsystem info and to check their states |
| allow per_mgr sysfs_ssr:dir { open search read }; |
| allow per_mgr sysfs_ssr:lnk_file { read open }; |
| |
| #Needed by pm-proxy to talk to peripheral manager |
| binder_call(per_mgr, per_mgr); |
| |
| allow per_mgr subsys_modem_device:chr_file r_file_perms; |