vendor/verizon/obdm_app.te - device/google/bonito-sepolicy - Git at Google

 type obdm_app, domain, coredomain;

 app_domain(obdm_app)
 net_domain(obdm_app)

 allow obdm_app proc_stat:file r_file_perms;

 # talk to /dev/diag
 allow obdm_app diag_device:chr_file rw_file_perms;

 allow obdm_app app_api_service:service_manager find;
 allow obdm_app radio_service:service_manager find;
 allow obdm_app surfaceflinger_service:service_manager find;

 allow obdm_app self:socket create_socket_perms;
 allowxperm obdm_app self:socket ioctl { 0x0000c302 0x0000c304 };

 allow obdm_app sysfs:dir r_dir_perms;
 r_dir_file(obdm_app, sysfs_msm_subsys)
	type obdm_app, domain, coredomain;

	app_domain(obdm_app)
	net_domain(obdm_app)

	allow obdm_app proc_stat:file r_file_perms;

	# talk to /dev/diag
	allow obdm_app diag_device:chr_file rw_file_perms;

	allow obdm_app app_api_service:service_manager find;
	allow obdm_app radio_service:service_manager find;
	allow obdm_app surfaceflinger_service:service_manager find;

	allow obdm_app self:socket create_socket_perms;
	allowxperm obdm_app self:socket ioctl { 0x0000c302 0x0000c304 };

	allow obdm_app sysfs:dir r_dir_perms;
	r_dir_file(obdm_app, sysfs_msm_subsys)