blob: b5e98c29e291b2c7c05ba1b15affe51be87d190f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
type sensorservice, domain;
type sensorservice_exec, exec_type, file_type;
brillo_domain(sensorservice)
# Allow sensorservice to be discovered by servicemanager and use binder.
allow sensorservice sensorservice_service:service_manager add;
allow sensorservice servicemanager:binder { transfer call };
# Allow servicemanager to access sensorservice.
allow servicemanager sensorservice:dir search;
allow servicemanager sensorservice:file { read open };
allow servicemanager sensorservice:process getattr;
# Allow crash_reporter access to core dump files.
allow_crash_reporter(sensorservice)
allow sensorservice cgroup:dir search;
allow sensorservice cgroup:file w_file_perms;
allow sensorservice cpuctl_device:dir search;
allow sensorservice debugfs:dir search;
allow sensorservice debugfs:file w_file_perms;
allow sensorservice proc_net:dir search;
allow sensorservice proc_net:file r_file_perms;
allow sensorservice sysfs:dir r_dir_perms;
allow sensorservice sysfs:file r_file_perms;
allow sensorservice sysfs:lnk_file read;
allow sensorservice self:capability { net_admin sys_nice };
|
