| # in addition to ioctl commands granted to domain allow system_server to use: |
| allowxperm system_server self:udp_socket ioctl priv_sock_ioctls; |
| |
| # At a minimum, used for GPS (b/32290392) |
| allow system_server self:socket ioctl; # create already in core policy |
| allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls; |
| |
| # /dev/uhid |
| allow system_server uhid_device:chr_file rw_file_perms; |
| |
| # used to access the fwk_sensor_hwservice over hwbinder |
| binder_call(system_server, hal_camera_default) |
| binder_call(system_server, location) |
| |
| # interact with thermal_config |
| set_prop(system_server, thermal_prop) |
| |
| # rpm |
| r_dir_file(system_server, debugfs_rpm) |
| |
| # kgsl |
| allow system_server debugfs_kgsl:file { open read getattr }; |
| |
| userdebug_or_eng(` |
| allow system_server diag_device:chr_file rw_file_perms; |
| ') |
