1 # Integrated qualcomm sensor process 2 type sensors, domain, domain_deprecated; 3 type sensors_exec, exec_type, file_type; 4 5 # Started by init 6 init_daemon_domain(sensors) 7 8 # drop privileges 9 allow sensors self:capability { dac_override sys_nice chown setuid setgid net_bind_service}; 10 11 # b/18417109 12 # The kernel code does a permission check of both net_bind_service and 13 # net_raw, and allows access if either one returns true. 14 # It does the net_raw check first, triggering an SELinux denial. 15 # No need to audit 16 dontaudit sensors self:capability net_raw; 17 18 allow sensors persist_sensors_file:dir setattr; 19 20 allow sensors shared_log_device:chr_file rw_file_perms; 21 22 # Access power management controls 23 allow sensors power_control_device:chr_file w_file_perms; 24 25 allow sensors sensors_device:chr_file rw_file_perms; 26 type_transition sensors socket_device:sock_file sensors_socket "sensor_ctl_socket"; 27 allow sensors sensors_socket:sock_file create_file_perms; 28 allow sensors socket_device:dir { add_name write remove_name }; 29 30 # Wake lock access 31 wakelock_use(sensors) 32 33 # Access to /persist/sensors 34 allow sensors persist_file:dir r_dir_perms; 35 allow sensors persist_sensors_file:dir rw_dir_perms; 36 allow sensors persist_sensors_file:file create_file_perms; 37 38 allow sensors self:socket *; 39
