blob: 8f6d10b75ab7e10f70c175bf60b1535453ccf929 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# access to perflock
unix_socket_send(untrusted_app, mpctl, mpdecision)
unix_socket_connect(untrusted_app, mpctl, mpdecision)
# diag device node access is restricted to untrusted_app
neverallow untrusted_app diag_device:chr_file rw_file_perms;
# test apps needs to communicate with imscm
# using binder call
userdebug_or_eng(`
binder_call(untrusted_app, imscm)
allow untrusted_app imscm_service:service_manager find;
')
# for finding wbc_service
allow untrusted_app wbc_service:service_manager find;
# using binder call
userdebug_or_eng(`
allow untrusted_app improve_touch_service:service_manager find;
binder_call(untrusted_app, hbtp);
')
# for finding gba_auth_service
allow untrusted_app gba_auth_service:service_manager find;
|