1 type mm-pp-daemon, domain; 2 type mm-pp-daemon_exec, exec_type, vendor_file_type, file_type; 3 4 init_daemon_domain(mm-pp-daemon) 5 6 #Need to use fb/drm ioctls to communicate with kernel 7 allow mm-pp-daemon graphics_device:chr_file rw_file_perms; 8 allow mm-pp-daemon graphics_device:dir r_dir_perms; 9 10 # Allow reading/writing data config files 11 allow mm-pp-daemon display_vendor_data_file:dir create_dir_perms; 12 allow mm-pp-daemon display_vendor_data_file:file create_file_perms; 13 14 # Rule for IPC communication 15 allow mm-pp-daemon qdisplay_service:service_manager find; 16 vndbinder_use(mm-pp-daemon) 17 hwbinder_use(mm-pp-daemon) 18 hal_client_domain(mm-pp-daemon, hal_graphics_composer) 19 allow mm-pp-daemon fwk_sensor_hwservice:hwservice_manager find; 20 binder_call(mm-pp-daemon, system_server) 21 22 # Allow mm-pp-daemon to change the brightness 23 allow mm-pp-daemon sysfs_leds:dir r_dir_perms; 24 allow mm-pp-daemon sysfs_leds:file rw_file_perms; 25 allow mm-pp-daemon sysfs_leds:lnk_file read; 26 r_dir_file(mm-pp-daemon, sysfs_leds) 27 allow mm-pp-daemon sysfs_graphics:dir r_dir_perms; 28 allow mm-pp-daemon sysfs_graphics:file rw_file_perms; 29
