blob: 67698b45c36f4fad7d97ebcf16d52a13a478e826 [file] [log] [blame]
# Integrated qualcomm sensor process
type sensors, domain, device_domain_deprecated;
type sensors_exec, exec_type, file_type;
# Started by init
# drop privileges
allow sensors self:capability { dac_override sys_nice chown setuid setgid net_bind_service};
# b/18417109
# The kernel code does a permission check of both net_bind_service and
# net_raw, and allows access if either one returns true.
# It does the net_raw check first, triggering an SELinux denial.
# No need to audit
dontaudit sensors self:capability net_raw;
allow sensors persist_sensors_file:dir setattr;
allow sensors shared_log_device:chr_file rw_file_perms;
# Access power management controls
allow sensors power_control_device:chr_file w_file_perms;
allow sensors sensors_device:chr_file rw_file_perms;
type_transition sensors socket_device:sock_file sensors_socket "sensor_ctl_socket";
allow sensors sensors_socket:sock_file create_file_perms;
allow sensors socket_device:dir { add_name write remove_name };
# Wake lock access
# Access to /persist/sensors
allow sensors persist_file:dir r_dir_perms;
allow sensors persist_sensors_file:dir rw_dir_perms;
allow sensors persist_sensors_file:file create_file_perms;
allow sensors self:socket *;
allowxperm sensors self:socket ioctl msm_sock_ipc_ioctls;