1# Integrated qualcomm sensor process 2type sensors, domain, domain_deprecated; 3type sensors_exec, exec_type, file_type; 4 5# Started by init 6init_daemon_domain(sensors) 7 8# drop privileges 9allow sensors self:capability { dac_override sys_nice chown setuid setgid net_bind_service}; 10 11# b/18417109 12# The kernel code does a permission check of both net_bind_service and 13# net_raw, and allows access if either one returns true. 14# It does the net_raw check first, triggering an SELinux denial. 15# No need to audit 16dontaudit sensors self:capability net_raw; 17 18allow sensors persist_sensors_file:dir setattr; 19 20allow sensors shared_log_device:chr_file rw_file_perms; 21 22# Access power management controls 23allow sensors power_control_device:chr_file w_file_perms; 24 25allow sensors sensors_device:chr_file rw_file_perms; 26type_transition sensors socket_device:sock_file sensors_socket "sensor_ctl_socket"; 27allow sensors sensors_socket:sock_file create_file_perms; 28allow sensors socket_device:dir { add_name write remove_name }; 29 30# Wake lock access 31wakelock_use(sensors) 32 33# Access to /persist/sensors 34allow sensors persist_file:dir r_dir_perms; 35allow sensors persist_sensors_file:dir rw_dir_perms; 36allow sensors persist_sensors_file:file create_file_perms; 37 38allow sensors self:socket *; 39