1type mm-pp-daemon, domain; 2type mm-pp-daemon_exec, exec_type, vendor_file_type, file_type; 3 4init_daemon_domain(mm-pp-daemon) 5 6#Need to use fb/drm ioctls to communicate with kernel 7allow mm-pp-daemon graphics_device:chr_file rw_file_perms; 8allow mm-pp-daemon graphics_device:dir r_dir_perms; 9 10# Allow reading/writing data config files 11allow mm-pp-daemon display_vendor_data_file:dir create_dir_perms; 12allow mm-pp-daemon display_vendor_data_file:file create_file_perms; 13 14# Rule for IPC communication 15allow mm-pp-daemon qdisplay_service:service_manager find; 16vndbinder_use(mm-pp-daemon) 17hwbinder_use(mm-pp-daemon) 18hal_client_domain(mm-pp-daemon, hal_graphics_composer) 19allow mm-pp-daemon fwk_sensor_hwservice:hwservice_manager find; 20binder_call(mm-pp-daemon, system_server) 21 22# Allow mm-pp-daemon to change the brightness 23allow mm-pp-daemon sysfs_leds:dir r_dir_perms; 24allow mm-pp-daemon sysfs_leds:file rw_file_perms; 25allow mm-pp-daemon sysfs_leds:lnk_file read; 26r_dir_file(mm-pp-daemon, sysfs_leds) 27allow mm-pp-daemon sysfs_graphics:dir r_dir_perms; 28allow mm-pp-daemon sysfs_graphics:file rw_file_perms; 29