Home | History | Annotate | Download | only in sepolicy 
      1 # Qualcomm TimeService app
      2 type qtimeservice, domain;
      3 
      4 app_domain(qtimeservice)
      5 
      6 allow qtimeservice { app_api_service }:service_manager find;
      7 
      8 # Communicate with time_daemon
      9 allow qtimeservice time:unix_stream_socket connectto;
     10 
     11 # Read and write /data/data subdirectory.
     12 allow qtimeservice system_app_data_file:dir create_dir_perms;
     13 allow qtimeservice system_app_data_file:{ file lnk_file } create_file_perms;
     14 
     15 # qtimeservice is a vendor app that can run/execute vendor libraries
     16 # TODO: (b/36613996) This MUST be removed when 'qtimeservice' is moved to /vendor
     17 # as part of the fix
     18 allow qtimeservice vendor_file_type:dir { search getattr };
     19 allow qtimeservice vendor_file_type:file { execute read open getattr };
     20 allow qtimeservice vendor_file_type:lnk_file { getattr read };
     21