1#integrated sensor process 2type ims, domain; 3type ims_exec, exec_type, vendor_file_type, file_type; 4 5# Started by init 6init_daemon_domain(ims) 7net_domain(ims) 8 9# Use generic netlink socket 10allow ims self:{ 11 socket 12 netlink_generic_socket 13 qipcrtr_socket 14} create_socket_perms_no_ioctl; 15 16set_prop(ims, qcom_ims_prop) 17unix_socket_connect(ims, cnd, cnd) 18#Allow access to netmgrd socket 19allow ims netmgrd_socket:dir r_dir_perms; 20unix_socket_connect(ims, netmgrd, netmgrd) 21allow ims netmgrd_socket:sock_file rw_file_perms; 22 23hwbinder_use(ims) 24get_prop(ims, hwservicemanager_prop) 25 26r_dir_file(ims, sysfs_msm_subsys) 27 28allow ims sysfs_soc:dir search; 29allow ims sysfs_soc:file r_file_perms; 30 31get_prop(ims, cnd_vendor_prop) 32 33allow ims hal_datafactory_hwservice:hwservice_manager find; 34 35# for video call 36binder_call(ims, cnd) 37 38#SSD_RIL+ 39allow ims vendor_radio_data_file:dir rw_dir_perms; 40allow ims vendor_radio_data_file:file create_file_perms; 41#SSD_RIL- 42 43allow ims sysfs_timestamp_switch:file r_file_perms; 44allow ims sysfs_data:file r_file_perms; 45 46allow ims self:capability net_bind_service; 47allow ims ion_device:chr_file r_file_perms; 48 49allow ims ims_socket:sock_file write; 50allowxperm ims self:udp_socket ioctl RMNET_IOCTL_EXTENDED; 51 52#diag 53userdebug_or_eng(` 54 r_dir_file(ims, sysfs_diag) 55 allow ims diag_device:chr_file rw_file_perms; 56') 57 58allow ims hal_cne_hwservice:hwservice_manager find; 59 60set_prop(ims, ctl_start_prop); 61set_prop(ims, ctl_stop_prop); 62 63r_dir_file(ims, sysfs_esoc) 64r_dir_file(ims, sysfs_ssr) 65 66dontaudit hal_rcsservice sysfs_faceauth:dir r_dir_perms; 67dontaudit hal_rcsservice sysfs_faceauth:file r_file_perms; 68dontaudit ims sysfs_faceauth:dir search; 69 70dontaudit ims diag_device:chr_file rw_file_perms; 71