type mm-pp-daemon, domain;
type mm-pp-daemon_exec, exec_type, file_type;

init_daemon_domain(mm-pp-daemon)

#============= mm-pp-daemon ==============
#Need to use fb ioctls to communicate with kernel
allow mm-pp-daemon graphics_device:chr_file rw_file_perms;
allow mm-pp-daemon graphics_device:dir search;

# Allow reading/writing to persist
# The color config file is dynamically created
allow mm-pp-daemon persist_file:dir rw_dir_perms;
allow mm-pp-daemon persist_file:file create_file_perms;

# Allow reading/writing data config files
allow mm-pp-daemon display_config:dir create_dir_perms;
allow mm-pp-daemon display_config:file create_file_perms;

# Allow read to sensor device and read/write to sensor socket
allow mm-pp-daemon sensors_device:chr_file r_file_perms;
allow mm-pp-daemon sensors_socket:sock_file rw_file_perms;
allow mm-pp-daemon sensors:unix_stream_socket connectto;

allow mm-pp-daemon system_prop:property_service set;

# Allow diag to access tempfs
allow mm-pp-daemon diag_device:chr_file rw_file_perms;

# Allow mm-pp-daemon to call binder for screen refresh
binder_use(mm-pp-daemon)
binder_call(mm-pp-daemon, system_server)
binder_call(mm-pp-daemon, surfaceflinger)

userdebug_or_eng(`
    # This allows pp-daemon to use shell commands to blank
    # the display - it uses input keyevent to do this
    allow mm-pp-daemon shell_exec:file rx_file_perms;
    allow mm-pp-daemon system_file:file execute_no_trans;
    allow mm-pp-daemon zygote_exec:file rx_file_perms;
    allow mm-pp-daemon self:process ptrace;
')

# Allow mm-pp-daemon to change the brightness of the target during display
# calibration
allow mm-pp-daemon sysfs:file rw_file_perms;

# Allow socket calls in pp-daemon
unix_socket_connect(mm-pp-daemon, property, init)
unix_socket_connect(mm-pp-daemon, pps, init)