| Bruce Po | 6b92b30 | 2023-12-26 23:27:00 +0000 | [diff] [blame] | 1 | # aocxd server domain |
| 2 | type aocxd, domain; |
| 3 | type aocxd_exec, vendor_file_type, exec_type, file_type; |
| 4 | init_daemon_domain(aocxd) |
| 5 | |
| 6 | # sysfs operations |
| 7 | allow aocxd sysfs_aoc:dir search; |
| 8 | |
| 9 | # dev operations |
| 10 | allow aocxd aoc_device:chr_file rw_file_perms; |
| 11 | |
| 12 | # allow inotify to watch for additions/removals from /dev |
| 13 | allow aocxd device:dir r_dir_perms; |
| 14 | |
| 15 | # set properties |
| 16 | set_prop(aocxd, vendor_aoc_prop); |
| 17 | |
| 18 | # allow binder access |
| 19 | vndbinder_use(aocxd); |
| 20 | |
| 21 | # allow managing wakelocks |
| 22 | wakelock_use(aocxd); |
| 23 | |
| 24 | # add aocx service to the domain |
| 25 | add_service(aocxd, aocx); |
| Bruce Po | d202a34 | 2024-01-12 19:28:00 +0000 | [diff] [blame] | 26 | |
| 27 | # allow managing thread priority |
| 28 | allow aocxd self:global_capability_class_set sys_nice; |
| Bruce Po | e15af04 | 2024-06-14 15:26:53 -0700 | [diff] [blame] | 29 | |
| 30 | allow aocxd dumpstate:fd use; |
| 31 | allow aocxd dumpstate:fifo_file write; |