# Policy for peripheral_manager
# per_mgr - peripheral_manager domain
type per_mgr, domain;

type per_mgr_exec, exec_type, file_type;
init_daemon_domain(per_mgr);

# Needed for binder transactions
binder_use(per_mgr);
binder_service(per_mgr);

allow per_mgr self:socket create_socket_perms;
allow per_mgr per_mgr_service:service_manager { add find };

# Needed by ipc_router
allow per_mgr self:capability net_raw;

# Needed to power on the peripheral
allow per_mgr ssr_device:chr_file r_file_perms;

# Needed by libmdmdetect to figure out the system configuration
r_dir_file(per_mgr, sysfs_esoc)

# Needed by libmdmdetect to get subsystem info and to check their states
r_dir_file(per_mgr, sysfs_ssr)

r_dir_file(per_mgr, firmware_file)
# Needed by pm-proxy to talk to peripheral manager
binder_call(per_mgr, per_mgr);
binder_call(per_mgr, sensors);