common/te_macros - platform_device_qcom_sepolicy - Gitiles

 #####################################
 # qmux_socket(clientdomain)
 # Allow client domain to connecto and send
 # via a local socket to the qmux domain.
 # Also allow the client domain to remove
 # its own socket.
 define(`qmux_socket', `
 allow $1 qmuxd_socket:dir create_dir_perms;
 unix_socket_connect($1, qmuxd, qmuxd)
 allow $1 qmuxd_socket:sock_file { read getattr write setattr create unlink };
 ')

 #####################################
 # netmgr_socket(clientdomain)
 # Allow client domain to connecto and send
 # via a local socket to the netmgrd domain.
 # Also allow the client domain to remove
 # its own socket.
 define(`netmgr_socket', `
 allow $1 netmgrd_socket:dir r_dir_perms;
 unix_socket_connect($1, netmgrd, netmgrd)
 allow $1 netmgrd_socket:sock_file { read getattr write };
 ')

 ########################################
 # peripheral_manager
 # Allow clients to interact with peripheral
 # manager
 define(`use_per_mgr', `
 binder_call(per_mgr, $1);
 binder_call($1, per_mgr);
 allow $1 per_mgr_service:service_manager find;
 ')

 #####################################
 # cnd_nims_socket_perm(clientdomain)
 # allow cnd to read /proc/pid/cmdline to get appname
 # allow cnd to use inet socket created by app.
 define(`cnd_nims_socket_perm', `
 allow cnd $1:dir r_dir_perms;
 allow cnd $1:file r_file_perms;
 allow cnd $1:fd use;
 allow cnd $1:tcp_socket rw_socket_perms;
 ')

 #####################################
 # dpmd_socket_perm(clientdomain)
 # allow dpmd to read /proc/pid/cmdline to get appname
 # allow dpmd to use inet socket created by app.
 define(`dpmd_socket_perm', `
 allow dpmd $1:dir r_dir_perms;
 allow dpmd $1:file r_file_perms;
 allow dpmd $1:fd use;
 allow dpmd $1:tcp_socket rw_socket_perms;
 ')
	#####################################
	# qmux_socket(clientdomain)
	# Allow client domain to connecto and send
	# via a local socket to the qmux domain.
	# Also allow the client domain to remove
	# its own socket.
	define(`qmux_socket', `
	allow $1 qmuxd_socket:dir create_dir_perms;
	unix_socket_connect($1, qmuxd, qmuxd)
	allow $1 qmuxd_socket:sock_file { read getattr write setattr create unlink };
	')

	#####################################
	# netmgr_socket(clientdomain)
	# Allow client domain to connecto and send
	# via a local socket to the netmgrd domain.
	# Also allow the client domain to remove
	# its own socket.
	define(`netmgr_socket', `
	allow $1 netmgrd_socket:dir r_dir_perms;
	unix_socket_connect($1, netmgrd, netmgrd)
	allow $1 netmgrd_socket:sock_file { read getattr write };
	')

	########################################
	# peripheral_manager
	# Allow clients to interact with peripheral
	# manager
	define(`use_per_mgr', `
	binder_call(per_mgr, $1);
	binder_call($1, per_mgr);
	allow $1 per_mgr_service:service_manager find;
	')

	#####################################
	# cnd_nims_socket_perm(clientdomain)
	# allow cnd to read /proc/pid/cmdline to get appname
	# allow cnd to use inet socket created by app.
	define(`cnd_nims_socket_perm', `
	allow cnd $1:dir r_dir_perms;
	allow cnd $1:file r_file_perms;
	allow cnd $1:fd use;
	allow cnd $1:tcp_socket rw_socket_perms;
	')

	#####################################
	# dpmd_socket_perm(clientdomain)
	# allow dpmd to read /proc/pid/cmdline to get appname
	# allow dpmd to use inet socket created by app.
	define(`dpmd_socket_perm', `
	allow dpmd $1:dir r_dir_perms;
	allow dpmd $1:file r_file_perms;
	allow dpmd $1:fd use;
	allow dpmd $1:tcp_socket rw_socket_perms;
	')