Home | History | Annotate | Download | only in sepolicy 
      1 # in addition to ioctl commands granted to domain allow system_server to use:
      2 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
      3 
      4 # At a minimum, used for GPS (b/32290392)
      5 allow system_server self:socket ioctl; # create already in core policy
      6 allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls;
      7 
      8 # /dev/uhid
      9 allow system_server uhid_device:chr_file rw_file_perms;
     10 
     11 # TODO(b/36613917): Remove this once system_server no longer communicates with netmgrd over sockets.
     12 typeattribute netmgrd socket_between_core_and_vendor_violators;
     13 allow system_server netmgrd_socket:dir search;
     14 unix_socket_connect(system_server, netmgrd, netmgrd)
     15 
     16 binder_call(system_server, hal_camera_default)
     17 binder_call(system_server, location)
     18 
     19 # files in /sys
     20 r_dir_file(system_server, sysfs_type)
     21 
     22 # interact with thermal_config
     23 set_prop(system_server, thermal_prop)
     24 
     25 # rpm
     26 r_dir_file(system_server, debugfs_rpm)
     27 
     28 # /vendor/usr/keylayout
     29 r_dir_file(system_server, idc_file)
     30 # /vendor/usr/idc
     31 r_dir_file(system_server, keylayout_file)
     32 
     33 # kgsl
     34 allow system_server debugfs_kgsl:file { open read getattr };
     35 
     36 userdebug_or_eng(`
     37   allow system_server diag_device:chr_file rw_file_perms;
     38 ')
     39 
     40 # allow system server to set sched fifo for sensor hal main thread to achieve right performance
     41 allow system_server hal_sensors_default:process setsched;
     42