type per_mgr, domain, device_domain_deprecated;
type per_mgr_exec, exec_type, file_type;
init_daemon_domain(per_mgr);

allow per_mgr shared_log_device:chr_file rw_file_perms;

allow per_mgr sysfs_msm_subsys:dir r_dir_perms;
allow per_mgr sysfs_msm_subsys:lnk_file r_file_perms;

binder_service(per_mgr)
binder_use(per_mgr)
binder_call(per_mgr, per_proxy)
binder_call(per_mgr, rild)
allow per_mgr per_mgr_service:service_manager add;

allow per_mgr subsys_modem_device:chr_file r_file_perms;

allow per_mgr self:capability net_raw;
allow per_mgr self:socket create_socket_perms;
allowxperm per_mgr self:socket ioctl msm_sock_ipc_ioctls;