# access to perflock
unix_socket_send(untrusted_app, mpctl, mpdecision)
unix_socket_connect(untrusted_app, mpctl, mpdecision)

# diag device node access is restricted to untrusted_app
neverallow untrusted_app diag_device:chr_file rw_file_perms;

# test apps needs to communicate with imscm
# using binder call
userdebug_or_eng(`
  binder_call(untrusted_app, imscm)
  allow untrusted_app imscm_service:service_manager find;
')

# for finding wbc_service
allow untrusted_app wbc_service:service_manager find;

# using binder call
userdebug_or_eng(`
  allow untrusted_app improve_touch_service:service_manager find;
  binder_call(untrusted_app, hbtp);
')

# for finding gba_auth_service
allow untrusted_app gba_auth_service:service_manager find;