# Needed by hubconnection for sensor hub allow system_server sensors_device:chr_file rw_file_perms; allow system_server uhid_device:chr_file rw_file_perms; allow system_server sysfs_led:dir r_dir_perms; allow system_server sysfs_led:file rw_file_perms; allow system_server sysfs_gpu_tuning:dir r_dir_perms; allow system_server sysfs_gpu_tuning:file rw_file_perms; allow system_server sysfs_msm_subsys:dir r_dir_perms; allow system_server sysfs_msm_subsys:lnk_file r_file_perms; # Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services # (e.g., LocationManager) qmux_socket(system_server) # talk to perfd allow system_server perfd_data_file:dir search; allow system_server perfd_data_file:sock_file write; allow system_server perfd:unix_stream_socket connectto; allow system_server persist_file:dir search; allow system_server persist_file:file r_file_perms; # hubconnection to get and set sensors.contexthub.* properties set_prop(system_server, contexthub_prop); allow system_server per_mgr_service:service_manager find; # To improve app launch times - we would like to force all tasks to # run on big cores for app launch (sched_boost) - instead of just # boosting them to make it "more likely" to run on big cores. allow system_server zygote:process setsched; # remove fingerprint dataset when remove user account allow system_server fingerprintd_data_file:file r_file_perms; allow system_server fingerprintd_data_file:file create_file_perms; allow system_server fingerprintd_data_file:dir create_dir_perms; # Access /dev/graphics/fb0 for setting display persistence allow system_server graphics_device:dir search; allow system_server graphics_device:chr_file rw_file_perms; # Access for thermal-engine allow system_server sysfs_thermal:file write;