blob: 3039434b98a08dbf38c3e146215f8bfe3952b7f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
# Policy for sensor daemon
type sensors, domain, domain_deprecated;
type sensors_exec, exec_type, file_type;
# Started by init
init_daemon_domain(sensors)
type_transition sensors system_data_file:{ dir file } sensors_data_file;
allow sensors self:capability {
# Change own perms to (nobody,nobody)
setuid
setgid
# Chown /data/misc/sensors/debug/ to nobody
chown
# Access /data/misc/sensors/debug and /data/system/sensors/settings
dac_override
dac_read_search
net_bind_service
};
dontaudit sensors self:capability { fsetid net_raw };
# Sensors socket
allow sensors sensors_socket:sock_file create_file_perms;
type_transition sensors socket_device:sock_file sensors_socket "sensor_ctl_socket";
allow sensors socket_device:dir rw_dir_perms;
# Create directories and files under /data/misc/sensors
# and /data/system/sensors. Allow generic r/w file access.
allow sensors system_data_file:dir create_dir_perms;
allow sensors sensors_data_file:dir create_dir_perms;
allow sensors sensors_data_file:file create_file_perms;
# Access sensor nodes (/dev/msm_dsps, /dev/sensors)
allow sensors sensors_device:chr_file rw_file_perms;
# Access to /persist/sensors
allow sensors persist_file:dir r_dir_perms;
allow sensors sensors_persist_file:dir create_dir_perms;
allow sensors sensors_persist_file:file create_file_perms;
# Access to execmem
allow sensors self:process execmem;
# Wake lock access
wakelock_use(sensors)
allow sensors cgroup:dir { create add_name };
allow sensors self:socket *;
# Access to other devices
allow sensors smd_device:chr_file rw_file_perms;
allow sensors smem_log_device:chr_file rw_file_perms;
allow sensors device_latency:chr_file w_file_perms;
# Access to tests from userdebug/eng builds
userdebug_or_eng(`
domain_auto_trans(shell, sensors_exec, sensors)
diag_use(sensors)
')
binder_use(sensors)
binder_call(sensors, servicemanager)
binder_call(sensors, per_mgr)
allow sensors sysfs:file w_file_perms;
#Rules for sensors to talk to peripheral manager
use_per_mgr(sensors);
|
