android_mt6572_jiabo/device/qcom/sepolicy/common/te_macros

#####################################
# qmux_socket(clientdomain)
# Allow client domain to connecto and send
# via a local socket to the qmux domain.
# Also allow the client domain to remove
# its own socket.
define(`qmux_socket', `
allow $1 qmuxd_socket:dir create_dir_perms;
unix_socket_connect($1, qmuxd, qmuxd)
allow $1 qmuxd_socket:sock_file { read getattr write setattr create unlink };
')

#####################################
# netmgr_socket(clientdomain)
# Allow client domain to connecto and send
# via a local socket to the netmgrd domain.
# Also allow the client domain to remove
# its own socket.
define(`netmgr_socket', `
allow $1 netmgrd_socket:dir r_dir_perms;
unix_socket_connect($1, netmgrd, netmgrd)
allow $1 netmgrd_socket:sock_file { read getattr write };
')

########################################
# peripheral_manager
# Allow clients to interact with peripheral
# manager
define(`use_per_mgr', `
binder_call(per_mgr, $1);
binder_call($1, per_mgr);
allow $1 per_mgr_service:service_manager find;
')

#####################################
# cnd_nims_socket_perm(clientdomain)
# allow cnd to read /proc/pid/cmdline to get appname
# allow cnd to use inet socket created by app.
define(`cnd_nims_socket_perm', `
allow cnd $1:dir r_dir_perms;
allow cnd $1:file r_file_perms;
allow cnd $1:fd use;
allow cnd $1:tcp_socket rw_socket_perms;
')

#####################################
# dpmd_socket_perm(clientdomain)
# allow dpmd to read /proc/pid/cmdline to get appname
# allow dpmd to use inet socket created by app.
define(`dpmd_socket_perm', `
allow dpmd $1:dir r_dir_perms;
allow dpmd $1:file r_file_perms;
allow dpmd $1:fd use;
allow dpmd $1:tcp_socket rw_socket_perms;
')
#####################################
# diag_use(clientdomain)
# allow clientdomain to read/write to diag
define(`diag_use', `
allow $1 diag_device:chr_file rw_file_perms;
')