| # Policies for hbtp (host based touch processing) |
| type hbtp, domain; |
| type hbtp_exec, exec_type, file_type; |
| |
| init_daemon_domain(hbtp) |
| |
| # Allow access for /dev/hbtp_input and /dev/jdi-bu21150 |
| allow hbtp { hbtp_device qdsp_device bu21150_device }:chr_file rw_file_perms; |
| |
| allow hbtp hbtp_log_file:dir rw_dir_perms; |
| allow hbtp hbtp_log_file:file create_file_perms; |
| |
| allow hbtp sysfs_usb_supply:dir search; |
| allow hbtp sysfs_usb_supply:file rw_file_perms; |
| |
| allow hbtp sysfs:file write; |
| |
| allow hbtp self:netlink_kobject_uevent_socket { create read setopt bind }; |
| |
| binder_use(hbtp); |
| |
| allow hbtp improve_touch_service:service_manager add; |
| |
| userdebug_or_eng(` |
| binder_call(hbtp, untrusted_app); |
| ') |
| |
| binder_call(hbtp, platform_app); |
| |
| binder_call(hbtp, surfaceflinger); |
| |
| # Allow the service to access wakelock sysfs |
| allow hbtp sysfs_wake_lock:file r_file_perms; |
| |
| # Allow the service to change to system from root |
| allow hbtp self:capability { setgid setuid }; |
| |
| # Allow the service to access wakelock capability |
| wakelock_use(hbtp) |