#Policy for peripheral_manager #per_mgr - peripheral_manager domain type per_mgr, domain; type per_mgr_exec, exec_type, file_type; init_daemon_domain(per_mgr); #Needed for binder transactions binder_use(per_mgr); binder_service(per_mgr); allow per_mgr self:socket create_socket_perms; allow per_mgr per_mgr_service:service_manager { add find }; #Rules for peripheral manager clients #Rules for RILD binder_call(per_mgr, rild); binder_call(rild, per_mgr); #Needed by ipc_router allow per_mgr self:capability { net_raw }; #Needed to power on the peripheral allow per_mgr ssr_device:chr_file { open read }; #Needed by libmdmdetect to figure out the system configuration #allow per_mgr sysfs_esoc:dir { open search read }; #allow per_mgr sysfs_esoc:lnk_file { read }; #Needed by libmdmdetect to get subsystem info and to check their states allow per_mgr sysfs_ssr:dir { open search read }; allow per_mgr sysfs_ssr:lnk_file { read open }; #Needed by pm-proxy to talk to peripheral manager binder_call(per_mgr, per_mgr); allow per_mgr subsys_modem_device:chr_file r_file_perms;