type mm-pp-daemon, domain;
type mm-pp-daemon_exec, exec_type, file_type;

init_daemon_domain(mm-pp-daemon)

#============= mm-pp-daemon ==============
#Need to use fb ioctls to communicate with kernel
allow mm-pp-daemon graphics_device:chr_file rw_file_perms;
allow mm-pp-daemon graphics_device:dir search;

# Allow reading/writing to persist
# The color config file is dynamically created
allow mm-pp-daemon persist_file:dir rw_dir_perms;
allow mm-pp-daemon persist_file:file create_file_perms;

# Allow reading/writing data config files
allow mm-pp-daemon display_config:dir create_dir_perms;
allow mm-pp-daemon display_config:file create_file_perms;

allow mm-pp-daemon system_prop:property_service set;

userdebug_or_eng(`
    # Display calibration service opens /dev/diag in order to communicate with the
    # target device
    allow mm-pp-daemon diag_device:chr_file rw_file_perms;

    # QDCM needs to trigger screen refreshes in some cases to reach the
    # convergent state
    binder_use(mm-pp-daemon)
    binder_call(mm-pp-daemon, system_server)
    binder_call(mm-pp-daemon, surfaceflinger)

    # This allows pp-daemon to use shell commands to blank
    # the display - it uses input keyevent to do this
    allow mm-pp-daemon shell_exec:file rx_file_perms;
    allow mm-pp-daemon system_file:file execute_no_trans;
    allow mm-pp-daemon zygote_exec:file rx_file_perms;
    allow mm-pp-daemon self:process ptrace;
')

# Allow mm-pp-daemon to change the brightness of the target during display
# calibration
allow mm-pp-daemon sysfs:file rw_file_perms;

# Allow socket calls in pp-daemon
unix_socket_connect(mm-pp-daemon, property, init)
unix_socket_connect(mm-pp-daemon, pps, init)