common/untrusted_app.te - platform_device_qcom_sepolicy - Gitiles

 # access to perflock
 unix_socket_send(untrusted_app, mpctl, mpdecision)
 unix_socket_connect(untrusted_app, mpctl, mpdecision)

 # diag device node access is restricted to untrusted_app
 neverallow untrusted_app diag_device:chr_file rw_file_perms;

 # test apps needs to communicate with imscm
 # using binder call
 userdebug_or_eng(`
   binder_call(untrusted_app, imscm)
 ')

 # for finding wbc_service
 allow untrusted_app wbc_service:service_manager find;
	# access to perflock
	unix_socket_send(untrusted_app, mpctl, mpdecision)
	unix_socket_connect(untrusted_app, mpctl, mpdecision)

	# diag device node access is restricted to untrusted_app
	neverallow untrusted_app diag_device:chr_file rw_file_perms;

	# test apps needs to communicate with imscm
	# using binder call
	userdebug_or_eng(`
	binder_call(untrusted_app, imscm)
	')

	# for finding wbc_service
	allow untrusted_app wbc_service:service_manager find;