sepolicy/private/vncflinger.te - android_vendor_omni - Gitiles

 type vncflinger_exec, exec_type, file_type;
 type vncflinger, domain;
 typeattribute vncflinger coredomain;

 init_daemon_domain(vncflinger)
 binder_use(vncflinger)
 net_domain(vncflinger);

 # uinput
 allow vncflinger uhid_device:chr_file rw_file_perms;

 # read buffers from surfaceflinger
 allow vncflinger ion_device:chr_file r_file_perms;
 allow vncflinger surfaceflinger_service:service_manager find;
 binder_call(vncflinger, surfaceflinger);

 # buffer callbacks
 binder_call(surfaceflinger, vncflinger);

 get_prop(vncflinger, hwservicemanager_prop)
 allow vncflinger hal_graphics_allocator:fd use;
 allow vncflinger same_process_hal_file:file { execute read open getattr map };
 hal_client_domain(vncflinger, hal_graphics_allocator);
 hwbinder_use(vncflinger);
	type vncflinger_exec, exec_type, file_type;
	type vncflinger, domain;
	typeattribute vncflinger coredomain;

	init_daemon_domain(vncflinger)
	binder_use(vncflinger)
	net_domain(vncflinger);

	# uinput
	allow vncflinger uhid_device:chr_file rw_file_perms;

	# read buffers from surfaceflinger
	allow vncflinger ion_device:chr_file r_file_perms;
	allow vncflinger surfaceflinger_service:service_manager find;
	binder_call(vncflinger, surfaceflinger);

	# buffer callbacks
	binder_call(surfaceflinger, vncflinger);

	get_prop(vncflinger, hwservicemanager_prop)
	allow vncflinger hal_graphics_allocator:fd use;
	allow vncflinger same_process_hal_file:file { execute read open getattr map };
	hal_client_domain(vncflinger, hal_graphics_allocator);
	hwbinder_use(vncflinger);