1 # Needed by hubconnection for sensor hub 2 allow system_server sensors_device:chr_file rw_file_perms; 3 allow system_server uhid_device:chr_file rw_file_perms; 4 5 allow system_server sysfs_gpu_tuning:dir r_dir_perms; 6 allow system_server sysfs_gpu_tuning:file rw_file_perms; 7 8 allow system_server sysfs_msm_subsys:dir r_dir_perms; 9 allow system_server sysfs_msm_subsys:lnk_file r_file_perms; 10 11 # Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services 12 # (e.g., LocationManager) 13 qmux_socket(system_server) 14 15 # talk to perfd 16 allow system_server perfd_data_file:dir search; 17 allow system_server perfd_data_file:sock_file write; 18 allow system_server perfd:unix_stream_socket connectto; 19 20 allow system_server persist_file:dir search; 21 allow system_server persist_file:file r_file_perms; 22 23 # hubconnection to get and set sensors.contexthub.* properties 24 set_prop(system_server, contexthub_prop); 25 26 allow system_server per_mgr_service:service_manager find; 27 28 # To improve app launch times - we would like to force all tasks to 29 # run on big cores for app launch (sched_boost) - instead of just 30 # boosting them to make it "more likely" to run on big cores. 31 allow system_server zygote:process setsched; 32 33 # remove fingerprint dataset when remove user account 34 allow system_server fingerprintd_data_file:file r_file_perms; 35 allow system_server fingerprintd_data_file:file create_file_perms; 36 allow system_server fingerprintd_data_file:dir create_dir_perms; 37 38 # Access /dev/graphics/fb0 for setting display persistence 39 allow system_server graphics_device:dir search; 40 allow system_server graphics_device:chr_file rw_file_perms; 41 42 # Access for thermal-engine 43 allow system_server sysfs_thermal:file write; 44 45 # use MSM ipc router ioctls 46 allow system_server self:socket ioctl; 47 allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls; 48
