1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#integrated sensor process
type ims, domain, domain_deprecated;
type ims_exec, exec_type, file_type;
# Started by init
init_daemon_domain(ims)
net_domain(ims)
# Talk to qmuxd
qmux_socket(ims)
# To make VT call
binder_use(ims)
allow ims self:capability net_bind_service;
# Use generic netlink socket
allow ims self:{
netlink_socket
socket
netlink_generic_socket
} create_socket_perms;
# To run NDC command
allow ims {
shell_exec
system_file
# IMS route installation
wcnss_service_exec
# for WPA supplicant
wpa_exec
}:file rx_file_perms;
# Talk to netd via netd_socket
unix_socket_connect(ims, netd, netd)
# Talk to qumuxd via ims_socket
unix_socket_connect(ims, ims, qmuxd)
# Talk to init via property_socket
unix_socket_connect(ims, property, init)
#Add connectionmanager service
allow ims imscm_service:service_manager add;
# Set property to start imsdata_daemon and ims_rtp_daemon
allow ims qcom_ims_prop:property_service set;
# permissions needed for IMS to connect and interact with WPA supplicant
unix_socket_send(ims, wpa, wpa)
allow ims wpa_socket:dir w_dir_perms;
allow ims wpa_socket:sock_file { create unlink setattr };
allow ims wifi_data_file:dir r_dir_perms;
# permissions for communication with CNE in LBO use case
unix_socket_connect(ims, cnd, cnd)
#Communication with voice_svc device for audio on APP
allow ims voice_device:chr_file rw_file_perms;
#Allow access to netmgrd socket
netmgr_socket(ims);
# Inherit and use open files from radio.
allow ims radio:fd use;
#diag
userdebug_or_eng(`
diag_use(ims)
')
|
