| type fidotest, domain; |
| type fidotest_exec, exec_type, file_type; |
| init_daemon_domain(fidotest) |
| userdebug_or_eng(` |
| #Allow fido test daemons to use Binder IPC |
| binder_use(fidotest) |
| |
| #Allow apps to interact with fido test daemons |
| binder_call(fidotest, platform_app) |
| binder_call(platform_app, fidotest) |
| binder_call(fidotest, system_app) |
| binder_call(system_app, fidotest) |
| |
| # Mark fido test daemons as a Binder service domain |
| binder_service(fidotest) |
| |
| #Allow fido test daemons to be registered with service manager |
| allow fidotest fidotest_service:service_manager add; |
| |
| # Allow communication with init over property server |
| unix_socket_connect(fidotest, property, init); |
| |
| # Allow access to tee device |
| allow fidotest tee_device:chr_file rw_file_perms; |
| |
| # Allow access to firmware |
| allow fidotest firmware_file:dir r_dir_perms; |
| allow fidotest firmware_file:file r_file_perms; |
| ') |