Home | History | Annotate | Download | only in common 
      1 # Policy for sensor daemon
      2 type sensors, domain;
      3 type sensors_exec, exec_type, vendor_file_type, file_type;
      4 
      5 init_daemon_domain(sensors)
      6 
      7 allow sensors self:capability {
      8     setuid
      9     setgid
     10     net_bind_service
     11 };
     12 
     13 allow sensors self:socket create_socket_perms;
     14 allowxperm sensors self:socket ioctl msm_sock_ipc_ioctls;
     15 
     16 allow sensors persist_sensors_file:dir rw_dir_perms;
     17 allow sensors persist_sensors_file:file create_file_perms;
     18 allow sensors mnt_vendor_file:dir { getattr search };
     19 allow sensors persist_file:dir search;
     20 
     21 allow sensors system_file:dir r_dir_perms;
     22 allow sensors sensors_device:chr_file rw_file_perms;
     23 
     24 # sensor direct mode
     25 allow sensors qdsp_device:chr_file ioctl;
     26 
     27 allow sensors sysfs_soc:dir search;
     28 allow sensors sysfs_soc:file r_file_perms;
     29 r_dir_file(sensors, sysfs_msm_subsys)
     30 
     31 allow sensors ion_device:chr_file r_file_perms;
     32 allow sensors qdsp_device:chr_file r_file_perms;
     33 
     34 # Allow to getprop persist.vendor.sys.modem.diag.mdlog
     35 get_prop(sensors, vendor_modem_diag_prop)
     36 
     37 # Allow to read /sys/class/power_supply/usb/input_current_now
     38 r_dir_file(sensors, sysfs_batteryinfo)
     39 
     40 # For reading dir/files on /dsp
     41 r_dir_file(sensors, adsprpcd_file)
     42 
     43 dontaudit sensors kernel:system module_request;
     44