| type chre, domain; |
| type chre_exec, vendor_file_type, exec_type, file_type; |
| init_daemon_domain(chre) |
| |
| # Permit communication with AoC |
| allow chre aoc_device:chr_file rw_file_perms; |
| |
| # Allow CHRE to determine AoC's current clock |
| allow chre sysfs_aoc:dir search; |
| allow chre sysfs_aoc_boottime:file r_file_perms; |
| |
| # Allow CHRE to create thread to watch AOC's device |
| allow chre device:dir r_dir_perms; |
| |
| # Allow CHRE to use the USF low latency transport |
| usf_low_latency_transport(chre) |
| |
| # Allow CHRE to talk to the WiFi HAL |
| allow chre hal_wifi_ext:binder { call transfer }; |
| allow chre hal_wifi_ext_hwservice:hwservice_manager find; |
| allow chre hal_wifi_ext_service:service_manager find; |
| |
| # Allow CHRE host to talk to stats service |
| allow chre fwk_stats_service:service_manager find; |
| binder_call(chre, stats_service_server) |
| |
| # Allow CHRE to use WakeLock |
| wakelock_use(chre) |
| |
| # Allow CHRE to block suspend, which is required to use EPOLLWAKEUP. |
| allow chre self:global_capability2_class_set block_suspend; |
