common/kernel.te - platform_device_qcom_sepolicy-legacy - Gitiles

 allow kernel block_device:blk_file rw_file_perms;

 userdebug_or_eng(`
  #allow kernel self:capability { dac_read_search dac_override };
   allow kernel self:socket create_socket_perms_no_ioctl;
   r_dir_file(kernel, qti_debugfs);
   allow kernel debugfs_mmc:dir search;
 ')

 # Access firmware_file
 r_dir_file(kernel, firmware_file)

 # Allow kernel to schedule process to different cpuset
 # when the current cpu is hotplugged out
 allow kernel domain:process setsched;
	allow kernel block_device:blk_file rw_file_perms;

	userdebug_or_eng(`
	#allow kernel self:capability { dac_read_search dac_override };
	allow kernel self:socket create_socket_perms_no_ioctl;
	r_dir_file(kernel, qti_debugfs);
	allow kernel debugfs_mmc:dir search;
	')

	# Access firmware_file
	r_dir_file(kernel, firmware_file)

	# Allow kernel to schedule process to different cpuset
	# when the current cpu is hotplugged out
	allow kernel domain:process setsched;