type cnd, domain; type cnd_exec, exec_type, file_type; # cnd creates /dev/socket/nims file_type_auto_trans(cnd, socket_device, cnd_socket); allow cnd socket_device:dir remove_name; init_daemon_domain(cnd) net_domain(cnd) wakelock_use(cnd) # do not grant net_raw, net_admin, or dac_override allow cnd self:capability { chown fsetid setgid setuid net_bind_service}; # Grant access to Qualcomm MSM Interface (QMI) radio sockets qmux_socket(cnd) set_prop(cnd, system_prop) allow cnd proc_meminfo:file r_file_perms; allow cnd self:netlink_tcpdiag_socket create_socket_perms; allow cnd self:socket create_socket_perms; allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls; r_dir_file(cnd, sysfs_type) userdebug_or_eng(` allow cnd diag_device:chr_file rw_file_perms; ') # use for mobile hostspot allow cnd shell_exec:file rx_file_perms; allow cnd system_file:file rx_file_perms;