1 #integrated sensor process 2 type ims, domain, vendor_executes_system_violators; 3 type ims_exec, exec_type, vendor_file_type, file_type; 4 5 allow ims self:capability net_bind_service; 6 7 # Started by init 8 init_daemon_domain(ims) 9 net_domain(ims) 10 11 # TODO(b/36657020): Removed this once ims no longer needs access to /dev/binder 12 typeattribute ims binder_in_vendor_violators; 13 14 # Grant access to Qualcomm MSM Interface (QMI) radio sockets 15 qmux_socket(ims) 16 17 # talk to netmgrd and cnd 18 allow ims netmgrd_socket:dir search; 19 unix_socket_connect(ims, netmgrd, netmgrd) 20 unix_socket_connect(ims, cnd, cnd) 21 set_prop(ims, system_prop) 22 23 # files in /sys 24 r_dir_file(ims, sysfs_type) 25 26 # additional socket perms 27 allow ims ims_socket:sock_file write; 28 allow ims self:netlink_socket create_socket_perms_no_ioctl; 29 allow ims self:socket create_socket_perms; 30 allowxperm ims self:udp_socket ioctl RMNET_IOCTL_EXTENDED; 31 allowxperm ims self:socket ioctl msm_sock_ipc_ioctls; 32 33 userdebug_or_eng(` 34 allow ims diag_device:chr_file rw_file_perms; 35 ') 36 37 # Runs /system/bin/sh for executing ndc commands via popen 38 allow ims shell_exec:file rx_file_perms; 39 allow ims system_file:file rx_file_perms; 40 41 # use /dev/ion memory 42 allow ims ion_device:chr_file r_file_perms; 43 44 # use fds passed from radio app 45 allow ims radio:fd use; 46
