#Policy for peripheral_manager
#per_mgr - peripheral_manager domain
type per_mgr, domain;

type per_mgr_exec, exec_type, file_type;
init_daemon_domain(per_mgr);

#Needed for binder transactions
binder_use(per_mgr);
binder_service(per_mgr);
allow per_mgr self:socket create_socket_perms;
allow per_mgr per_mgr_service:service_manager { add find };

#Rules for peripheral manager clients
#Rules for RILD
binder_call(per_mgr, rild);
binder_call(rild, per_mgr);

#Needed by ipc_router
allow per_mgr self:capability { net_raw };

#Needed to power on the peripheral
allow per_mgr ssr_device:chr_file { open read };

#Needed by libmdmdetect to figure out the system configuration
#allow per_mgr sysfs_esoc:dir { open search read };
#allow per_mgr sysfs_esoc:lnk_file { read };

#Needed by libmdmdetect to get subsystem info and to check their states
allow per_mgr sysfs_ssr:dir { open search read };
allow per_mgr sysfs_ssr:lnk_file { read open };

#Needed by pm-proxy to talk to peripheral manager
binder_call(per_mgr, per_mgr);

allow per_mgr subsys_modem_device:chr_file r_file_perms;