aoc/sepolicy/aocd.te - android_device_google_gs-common - Gitiles

 type aocd, domain;
 type aocd_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(aocd)

 # access persist files
 allow aocd mnt_vendor_file:dir search;
 allow aocd persist_file:dir search;
 r_dir_file(aocd, persist_aoc_file);

 # sysfs operations
 allow aocd sysfs_aoc:dir search;
 allow aocd sysfs_aoc_firmware:file w_file_perms;
 allow aocd sysfs_aoc_notifytimeout:file r_file_perms;

 # dev operations
 allow aocd aoc_device:chr_file rw_file_perms;

 # allow inotify to watch for additions/removals from /dev
 allow aocd device:dir r_dir_perms;

 # set properties
 set_prop(aocd, vendor_aoc_prop)
 set_prop(aocd, vendor_timeout_aoc_prop)
 get_prop(aocd, vendor_volte_mif_off)
	type aocd, domain;
	type aocd_exec, vendor_file_type, exec_type, file_type;
	init_daemon_domain(aocd)

	# access persist files
	allow aocd mnt_vendor_file:dir search;
	allow aocd persist_file:dir search;
	r_dir_file(aocd, persist_aoc_file);

	# sysfs operations
	allow aocd sysfs_aoc:dir search;
	allow aocd sysfs_aoc_firmware:file w_file_perms;
	allow aocd sysfs_aoc_notifytimeout:file r_file_perms;

	# dev operations
	allow aocd aoc_device:chr_file rw_file_perms;

	# allow inotify to watch for additions/removals from /dev
	allow aocd device:dir r_dir_perms;

	# set properties
	set_prop(aocd, vendor_aoc_prop)
	set_prop(aocd, vendor_timeout_aoc_prop)
	get_prop(aocd, vendor_volte_mif_off)