# Policies for hbtp (host based touch processing)
type hbtp, domain;
type hbtp_exec, exec_type, file_type;

init_daemon_domain(hbtp)

# Allow access for /dev/hbtp_input and /dev/jdi-bu21150
allow hbtp { hbtp_device qdsp_device bu21150_device }:chr_file rw_file_perms;

allow hbtp hbtp_log_file:dir rw_dir_perms;
allow hbtp hbtp_log_file:file create_file_perms;

allow hbtp sysfs_usb_supply:dir search;
allow hbtp sysfs_usb_supply:file rw_file_perms;

allow hbtp sysfs:file write;

allow hbtp self:netlink_kobject_uevent_socket { create read setopt bind };

binder_use(hbtp);

allow hbtp improve_touch_service:service_manager add;

userdebug_or_eng(`
  binder_call(hbtp, untrusted_app);
')

binder_call(hbtp, platform_app);

binder_call(hbtp, surfaceflinger);

# Allow the service to access wakelock sysfs
allow hbtp sysfs_wake_lock:file r_file_perms;

# Allow the service to change to system from root
allow hbtp self:capability { setgid setuid };

# Allow the service to access wakelock capability
wakelock_use(hbtp)