blob: 32e1f5dbfa395e5f5268f362b102322a00a84a17 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# access to perflock
unix_socket_send(untrusted_app, mpctl, mpdecision)
unix_socket_connect(untrusted_app, mpctl, mpdecision)
# diag device node access is restricted to untrusted_app
neverallow untrusted_app diag_device:chr_file rw_file_perms;
# allow apps to read battery status
allow untrusted_app sysfs_battery_supply:dir r_dir_perms;
allow untrusted_app sysfs_battery_supply:file r_file_perms;
# test apps needs to communicate with imscm
# using binder call
userdebug_or_eng(`
binder_call(untrusted_app, imscm)
allow untrusted_app imscm_service:service_manager find;
')
# for finding wbc_service
allow untrusted_app wbc_service:service_manager find;
# using binder call
userdebug_or_eng(`
allow untrusted_app improve_touch_service:service_manager find;
binder_call(untrusted_app, hbtp);
')
# for finding gba_auth_service
allow untrusted_app gba_auth_service:service_manager find;
|
