common/qcomsysd.te - platform_device_qcom_sepolicy-legacy - Gitiles

 #Policy file for qcom-system-daemon
 #qcomsysd = qcom-system-daemon domain
 type qcomsysd, domain;
 type qcomsysd_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(qcomsysd);

 #Needed for logging
 allow qcomsysd smem_log_device:chr_file rw_file_perms;

 #Needed to read/write cookies to the misc partition
 allow qcomsysd block_device:dir r_dir_perms;
 allow qcomsysd {
     #Needed to access the bootselect partition
     bootselect_device
 }:blk_file rw_file_perms;

 #Needed to get image info from socinfo
 r_dir_file(qcomsysd, sysfs_socinfo)
 allow qcomsysd sysfs_socinfo:file w_file_perms;

 allow qcomsysd self:capability { dac_override sys_boot };
 use_per_mgr(qcomsysd);
 #allow qcomsysd access boot mode switch
 set_prop(qcomsysd, boot_mode_prop)

 #diag
 userdebug_or_eng(`
     diag_use(qcomsysd)
     set_prop(qcomsysd, powerctl_prop)
     allow qcomsysd sysfs:file rw_file_perms;
     allow qcomsysd sysfs_data:file r_file_perms;
 ')
	#Policy file for qcom-system-daemon
	#qcomsysd = qcom-system-daemon domain
	type qcomsysd, domain;
	type qcomsysd_exec, exec_type, vendor_file_type, file_type;
	init_daemon_domain(qcomsysd);

	#Needed for logging
	allow qcomsysd smem_log_device:chr_file rw_file_perms;

	#Needed to read/write cookies to the misc partition
	allow qcomsysd block_device:dir r_dir_perms;
	allow qcomsysd {
	#Needed to access the bootselect partition
	bootselect_device
	}:blk_file rw_file_perms;

	#Needed to get image info from socinfo
	r_dir_file(qcomsysd, sysfs_socinfo)
	allow qcomsysd sysfs_socinfo:file w_file_perms;

	allow qcomsysd self:capability { dac_override sys_boot };
	use_per_mgr(qcomsysd);
	#allow qcomsysd access boot mode switch
	set_prop(qcomsysd, boot_mode_prop)

	#diag
	userdebug_or_eng(`
	diag_use(qcomsysd)
	set_prop(qcomsysd, powerctl_prop)
	allow qcomsysd sysfs:file rw_file_perms;
	allow qcomsysd sysfs_data:file r_file_perms;
	')