1 # Needed by hubconnection for sensor hub 2 allow system_server sensors_device:chr_file rw_file_perms; 3 allow system_server uhid_device:chr_file rw_file_perms; 4 5 allow system_server sysfs_led:dir r_dir_perms; 6 allow system_server sysfs_led:file rw_file_perms; 7 8 allow system_server sysfs_gpu_tuning:dir r_dir_perms; 9 allow system_server sysfs_gpu_tuning:file rw_file_perms; 10 11 allow system_server sysfs_msm_subsys:dir r_dir_perms; 12 allow system_server sysfs_msm_subsys:lnk_file r_file_perms; 13 14 # Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services 15 # (e.g., LocationManager) 16 qmux_socket(system_server) 17 18 # talk to perfd 19 allow system_server perfd_data_file:dir search; 20 allow system_server perfd_data_file:sock_file write; 21 allow system_server perfd:unix_stream_socket connectto; 22 23 allow system_server persist_file:dir search; 24 allow system_server persist_file:file r_file_perms; 25 26 # hubconnection to get and set sensors.contexthub.* properties 27 set_prop(system_server, contexthub_prop); 28 29 allow system_server per_mgr_service:service_manager find; 30 31 # To improve app launch times - we would like to force all tasks to 32 # run on big cores for app launch (sched_boost) - instead of just 33 # boosting them to make it "more likely" to run on big cores. 34 allow system_server zygote:process setsched; 35 36 # remove fingerprint dataset when remove user account 37 allow system_server fingerprintd_data_file:file r_file_perms; 38 allow system_server fingerprintd_data_file:file create_file_perms; 39 allow system_server fingerprintd_data_file:dir create_dir_perms; 40 41 # Access /dev/graphics/fb0 for setting display persistence 42 allow system_server graphics_device:dir search; 43 allow system_server graphics_device:chr_file rw_file_perms; 44 45 # Access for thermal-engine 46 allow system_server sysfs_thermal:file write; 47
