1 # in addition to ioctl commands granted to domain allow system_server to use: 2 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls; 3 allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls; 4 5 # Grant access to Qualcomm MSM Interface (QMI) radio sockets 6 qmux_socket(system_server) 7 8 # /dev/uhid 9 allow system_server uhid_device:chr_file rw_file_perms; 10 11 # talk to perfd 12 allow system_server perfd_data_file:dir search; 13 allow system_server perfd_data_file:sock_file write; 14 allow system_server perfd:unix_stream_socket connectto; 15 16 allow system_server location:unix_stream_socket connectto; 17 allow system_server location_data_file:sock_file write; 18 19 allow system_server netmgrd_socket:dir search; 20 unix_socket_connect(system_server, netmgrd, netmgrd) 21 22 # talk to peripheral manager 23 allow system_server per_mgr_service:service_manager find; 24 binder_call(system_server, per_mgr) 25 26 # files in /sys 27 r_dir_file(system_server, sysfs_type) 28 29 # write to files owned by location daemon 30 allow system_server location_data_file:dir create_dir_perms; 31 allow system_server location_data_file:{ file fifo_file } create_file_perms; 32 33 # read sensor calibration data 34 allow system_server persist_file:dir search; 35 allow system_server persist_file:file r_file_perms; 36 set_prop(system_server, sensors_prop) 37 38 # interact with thermal_config 39 allow system_server thermal-engine:unix_stream_socket connectto; 40 allow system_server thermal_socket:sock_file write; 41 42 userdebug_or_eng(` 43 allow system_server diag_device:chr_file rw_file_perms; 44 ') 45
