1 # in addition to ioctl commands granted to domain allow system_server to use: 2 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls; 3 4 # At a minimum, used for GPS (b/32290392) 5 allow system_server self:socket ioctl; # create already in core policy 6 allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls; 7 8 # /dev/uhid 9 allow system_server uhid_device:chr_file rw_file_perms; 10 11 # used to access the fwk_sensor_hwservice over hwbinder 12 binder_call(system_server, hal_camera_default) 13 binder_call(system_server, location) 14 15 # interact with thermal_config 16 set_prop(system_server, thermal_prop) 17 18 # rpm 19 r_dir_file(system_server, debugfs_rpm) 20 21 # kgsl 22 allow system_server debugfs_kgsl:file { open read getattr }; 23 24 userdebug_or_eng(` 25 allow system_server diag_device:chr_file rw_file_perms; 26 ') 27
