title bar text here

allow binderservicedomain appdomain:binder transfer; allow binderservicedomain appdomain:fd use; allow binderservicedomain appdomain:fifo_file write; allow binderservicedomain audioserver:binder transfer; allow binderservicedomain cameraserver:binder transfer; allow binderservicedomain console_device:chr_file { append getattr ioctl lock map open read write }; allow binderservicedomain devpts:chr_file { append getattr ioctl lock map open read write }; allow binderservicedomain dumpstate:binder transfer; allow binderservicedomain dumpstate:fd use; allow binderservicedomain dumpstate:fifo_file { getattr write }; allow binderservicedomain dumpstate:unix_stream_socket { getattr getopt read write }; allow binderservicedomain ged_srv:binder transfer; allow binderservicedomain incidentd:fd use; allow binderservicedomain incidentd:fifo_file { getattr write }; allow binderservicedomain incidentd:unix_stream_socket { getattr getopt read write }; allow binderservicedomain keystore:binder { call transfer }; allow binderservicedomain keystore:fd use; allow binderservicedomain keystore:keystore_key { delete exist get get_state insert list sign verify }; allow binderservicedomain keystore_service:service_manager find; allow binderservicedomain mediacodec:binder transfer; allow binderservicedomain mediadrmserver:binder transfer; allow binderservicedomain mediaextractor:binder transfer; allow binderservicedomain mediametrics:binder transfer; allow binderservicedomain mediaserver:binder transfer; allow binderservicedomain permission_service:service_manager find; allow binderservicedomain shell_data_file:file { getattr write }; allow binderservicedomain surfaceflinger:binder transfer; allow binderservicedomain system_server:binder transfer; allow bluetoothdomain bluetooth:unix_stream_socket { getattr getopt ioctl read setopt shutdown write }; allow coredomain core_property_type:file { getattr ioctl lock map open read }; allow coredomain exported2_config_prop:file { getattr ioctl lock map open read }; allow coredomain exported2_radio_prop:file { getattr ioctl lock map open read }; allow coredomain exported2_system_prop:file { getattr ioctl lock map open read }; allow coredomain exported2_vold_prop:file { getattr ioctl lock map open read }; allow coredomain exported3_default_prop:file { getattr ioctl lock map open read }; allow coredomain exported3_radio_prop:file { getattr ioctl lock map open read }; allow coredomain exported3_system_prop:file { getattr ioctl lock map open read }; allow coredomain exported_dalvik_prop:file { getattr ioctl lock map open read }; allow coredomain exported_ffs_prop:file { getattr ioctl lock map open read }; allow coredomain exported_pm_prop:file { getattr ioctl lock map open read }; allow coredomain exported_system_radio_prop:file { getattr ioctl lock map open read }; allow coredomain pm_prop:file { getattr ioctl lock map open read }; allow coredomain system_data_file:dir getattr; allow coredomain vendor_file:dir { getattr ioctl lock open read search }; allow coredomain vendor_file:lnk_file { getattr read }; allow domain alarm_device:chr_file { getattr ioctl lock map open read }; allow domain ashmem_device:chr_file { append getattr ioctl lock map open read write }; allow domain cgroup:dir { search write }; allow domain cgroup:file { append lock map open write }; allow domain crash_dump:process { rlimitinh sigchld siginh transition }; allow domain crash_dump_exec:file { execute getattr map open read }; allow domain debug_prop:file { getattr ioctl lock map open read }; allow domain debugfs:dir search; allow domain debugfs_binder:dir search; allow domain debugfs_trace_marker:file { append lock map open write }; allow domain debugfs_tracing:dir search; allow domain debugfs_tracing_debug:dir search; allow domain dev_type:lnk_file { getattr ioctl lock map open read }; allow domain device:dir search; allow domain devpts:dir search; allow domain exm0_device:chr_file { append getattr ioctl lock map open read write }; allow domain exported2_default_prop:file { getattr ioctl lock map open read }; allow domain exported_config_prop:file { getattr ioctl lock map open read }; allow domain exported_default_prop:file { getattr ioctl lock map open read }; allow domain exported_dumpstate_prop:file { getattr ioctl lock map open read }; allow domain exported_fingerprint_prop:file { getattr ioctl lock map open read }; allow domain exported_radio_prop:file { getattr ioctl lock map open read }; allow domain exported_secure_prop:file { getattr ioctl lock map open read }; allow domain exported_system_prop:file { getattr ioctl lock map open read }; allow domain exported_vold_prop:file { getattr ioctl lock map open read }; allow domain fs_type:dir getattr; allow domain fs_type:filesystem getattr; allow domain init:fd use; allow domain init:key search; allow domain init:process sigchld; allow domain log_property_type:file { getattr ioctl lock map open read }; allow domain logd:unix_dgram_socket sendto; allow domain logd_prop:file { getattr ioctl lock map open read }; allow domain logdw_socket:sock_file write; allow domain mtk_core_property_type:file { getattr ioctl lock map open read }; allow domain null_device:chr_file { append getattr ioctl lock map open read write }; allow domain owntty_device:chr_file { append getattr ioctl lock map open read write }; allow domain pmsg_device:chr_file { append lock map open write }; allow domain proc:dir { getattr ioctl lock open read search }; allow domain proc:lnk_file { getattr read }; allow domain proc_cpuinfo:file { getattr ioctl lock map open read }; allow domain proc_net:dir search; allow domain proc_overcommit_memory:file { getattr ioctl lock map open read }; allow domain proc_perf:file { getattr ioctl lock map open read }; allow domain proc_random:dir { getattr ioctl lock open read search }; allow domain proc_random:file { getattr ioctl lock map open read }; allow domain properties_device:dir { getattr search }; allow domain properties_serial:file { getattr ioctl lock map open read }; allow domain property_contexts_file:file { getattr ioctl lock map open read }; allow domain property_info:file { getattr ioctl lock map open read }; allow domain ptmx_device:chr_file { append getattr ioctl lock map open read write }; allow domain public_vendor_default_prop:file { getattr ioctl lock map open read }; allow domain random_device:chr_file { append getattr ioctl lock map open read write }; allow domain rootfs:dir search; allow domain rootfs:lnk_file { getattr read }; allow domain same_process_hal_file:dir { getattr ioctl lock open read search }; allow domain same_process_hal_file:file { execute getattr map open read }; allow domain selinuxfs:dir search; allow domain selinuxfs:file getattr; allow domain selinuxfs:filesystem getattr; allow domain socket_device:dir { getattr ioctl lock open read search }; allow domain sysfs:dir search; allow domain sysfs:lnk_file { getattr read }; allow domain sysfs_devices_system_cpu:dir { getattr ioctl lock open read search }; allow domain sysfs_devices_system_cpu:file { getattr ioctl lock map open read }; allow domain sysfs_devices_system_cpu:lnk_file { getattr ioctl lock map open read }; allow domain sysfs_usb:dir { getattr ioctl lock open read search }; allow domain sysfs_usb:file { getattr ioctl lock map open read }; allow domain sysfs_usb:lnk_file { getattr ioctl lock map open read }; allow domain system_data_file:dir search; allow domain system_file:dir { getattr search }; allow domain system_file:file { execute getattr map open read }; allow domain system_file:lnk_file { getattr read }; allow domain vendor_configs_file:dir { getattr ioctl lock open read search }; allow domain vendor_configs_file:file { getattr open read }; allow domain vendor_data_file:dir { getattr search }; allow domain vendor_file:dir { getattr search }; allow domain vendor_file_type:lnk_file { getattr open read }; allow domain vendor_hal_file:dir { getattr ioctl lock open read search }; allow domain vendor_security_patch_level_prop:file { getattr ioctl lock map open read }; allow domain vndk_sp_file:dir { getattr ioctl lock open read search }; allow domain vndk_sp_file:file { execute getattr map open read }; allow domain vold:key search; allow domain zero_device:chr_file { append getattr ioctl lock map open read write }; allow domain zoneinfo_data_file:dir { getattr ioctl lock open read search }; allow domain zoneinfo_data_file:file { getattr ioctl lock map open read }; allow hal_dfps_client hal_dfps_server:binder { call transfer }; allow hal_dfps_client hal_dfps_server:fd use; allow hal_dfps_client mtk_hal_dfps_hwservice:hwservice_manager find; allow hal_dms_client hal_dms_hwservice:hwservice_manager find; allow hal_dms_client hal_dms_server:binder { call transfer }; allow hal_dms_client hal_dms_server:fd use; allow hal_mtkcodecservice_client hal_mtkcodecservice_hwservice:hwservice_manager find; allow hal_mtkcodecservice_client hal_mtkcodecservice_server:binder { call transfer }; allow hal_mtkcodecservice_client hal_mtkcodecservice_server:fd use; allow hal_pq_client hal_pq_server:binder { call transfer }; allow hal_pq_client hal_pq_server:fd use; allow hal_pq_client mtk_hal_pq_hwservice:hwservice_manager find; allow hal_wfo_client hal_wfo_server:binder { call transfer }; allow hal_wfo_client hal_wfo_server:fd use; allow hal_wfo_client mtk_hal_wfo_hwservice:hwservice_manager find; allow mtk_hal_lbs_client mtk_hal_lbs_hwservice:hwservice_manager find; allow mtk_hal_lbs_client mtk_hal_lbs_server:binder { call transfer }; allow mtk_hal_lbs_client mtk_hal_lbs_server:fd use; allow mtk_hal_wifi_hostapd_client mtk_hal_wifi_hostapd_hwservice:hwservice_manager find; allow netdomain dnsproxyd_socket:sock_file write; allow netdomain fwmarkd_socket:sock_file write; allow netdomain mdnsd:unix_stream_socket connectto; allow netdomain mdnsd_socket:sock_file write; allow netdomain netd:unix_stream_socket connectto; allow netdomain port_type:tcp_socket name_connect; allow system_server RT_Monitor_device:chr_file { getattr ioctl lock map open read }; allow system_server adb_keys_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server adb_keys_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server adbd:fd use; allow system_server adbd:unix_stream_socket { connectto getattr getopt ioctl read shutdown write }; allow system_server adbd_socket:sock_file { append getattr ioctl lock map open read write }; allow system_server aee_core_data_file:dir { getattr ioctl lock open read search }; allow system_server aee_dumpsys_data_file:file { append lock map open write }; allow system_server aee_exp_data_file:file { append lock map open write }; allow system_server alarm_device:chr_file { append getattr ioctl lock map open read write }; allow system_server amazonfiled:binder { call transfer }; allow system_server amazonfiled:fd use; allow system_server amzn_emmc_diskstat_write_prop:file { getattr ioctl lock map open read }; allow system_server amzn_emmc_lifetime_prop:file { getattr ioctl lock map open read }; allow system_server amzn_hal_audiovideobridging_default:binder { call transfer }; allow system_server amzn_hal_audiovideobridging_default:fd use; allow system_server amzn_hal_audiovideobridging_hwservice:hwservice_manager find; allow system_server amzn_hal_camportal_default:binder transfer; allow system_server amzn_hal_camportal_hwservice:hwservice_manager find; allow system_server amzn_hal_connectivity_default:binder { call transfer }; allow system_server amzn_hal_connectivity_default:fd use; allow system_server amzn_hal_connectivity_hwservice:hwservice_manager find; allow system_server amzn_hal_diagnostictroublecode_default:binder { call transfer }; allow system_server amzn_hal_diagnostictroublecode_default:fd use; allow system_server amzn_hal_diagnostictroublecode_hwservice:hwservice_manager find; allow system_server amzn_hal_drmprov_default:binder { call transfer }; allow system_server amzn_hal_drmprov_default:fd use; allow system_server amzn_hal_drmprov_hwservice:hwservice_manager find; allow system_server amzn_hal_halo_default:binder { call transfer }; allow system_server amzn_hal_halo_default:fd use; allow system_server amzn_hal_halo_default:hwservice_manager find; allow system_server amzn_hal_hdcp_default:binder transfer; allow system_server amzn_hal_hdmicsi_default:binder { call transfer }; allow system_server amzn_hal_hdmicsi_default:fd use; allow system_server amzn_hal_hdmicsi_hwservice:hwservice_manager find; allow system_server amzn_hal_hdmitxinfo_default:binder { call transfer }; allow system_server amzn_hal_hdmitxinfo_default:fd use; allow system_server amzn_hal_hdmitxinfo_hwservice:hwservice_manager find; allow system_server amzn_hal_hmod_default:binder { call transfer }; allow system_server amzn_hal_hmod_default:fd use; allow system_server amzn_hal_hmod_hwservice:hwservice_manager find; allow system_server amzn_hal_idme_default:binder { call transfer }; allow system_server amzn_hal_idme_default:fd use; allow system_server amzn_hal_idme_hwservice:hwservice_manager find; allow system_server amzn_hal_iperftun_default:binder transfer; allow system_server amzn_hal_iperftun_hwservice:hwservice_manager find; allow system_server amzn_hal_irled_default:binder { call transfer }; allow system_server amzn_hal_irled_default:fd use; allow system_server amzn_hal_irled_hwservice:hwservice_manager find; allow system_server amzn_hal_mediametrics:binder transfer; allow system_server amzn_hal_mfi_default:binder { call transfer }; allow system_server amzn_hal_mfi_default:fd use; allow system_server amzn_hal_mfi_hwservice:hwservice_manager find; allow system_server amzn_hal_networkpower_default:binder { call transfer }; allow system_server amzn_hal_networkpower_default:fd use; allow system_server amzn_hal_networkpower_hwservice:hwservice_manager find; allow system_server amzn_hal_picturequality_default:binder { call transfer }; allow system_server amzn_hal_picturequality_default:fd use; allow system_server amzn_hal_picturequality_hwservice:hwservice_manager find; allow system_server amzn_hal_starboard_default:binder { call transfer }; allow system_server amzn_hal_starboard_default:fd use; allow system_server amzn_hal_starboard_hwservice:hwservice_manager find; allow system_server amzn_hal_thermal_default:binder { call transfer }; allow system_server amzn_hal_thermal_default:fd use; allow system_server amzn_hal_thermal_hwservice:hwservice_manager find; allow system_server amzn_hal_timemode_default:binder { call transfer }; allow system_server amzn_hal_timemode_default:fd use; allow system_server amzn_hal_timemode_hwservice:hwservice_manager find; allow system_server amzn_hal_uart_default:binder { call transfer }; allow system_server amzn_hal_uart_default:fd use; allow system_server amzn_hal_uart_hwservice:hwservice_manager find; allow system_server amzn_hal_usbcdc_default:binder { call transfer }; allow system_server amzn_hal_usbcdc_default:fd use; allow system_server amzn_hal_usbcdc_hwservice:hwservice_manager find; allow system_server amzn_hal_voicedsp_default:binder { call transfer }; allow system_server amzn_hal_voicedsp_default:fd use; allow system_server amzn_hal_voicedsp_hwservice:hwservice_manager find; allow system_server amzn_hal_zigbee_default:binder { call transfer }; allow system_server amzn_hal_zigbee_default:fd use; allow system_server amzn_hal_zigbee_hwservice:hwservice_manager find; allow system_server anr_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server anr_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server apk_data_file:dir { add_name create getattr ioctl lock open read relabelfrom relabelto remove_name rename reparent rmdir search setattr write }; allow system_server apk_data_file:file { append create getattr ioctl link lock map open read relabelfrom relabelto rename setattr unlink write }; allow system_server apk_data_file:lnk_file { append create getattr ioctl link lock map open read rename setattr unlink write }; allow system_server apk_private_data_file:dir { add_name create getattr ioctl lock open read relabelfrom relabelto remove_name rename reparent rmdir search setattr write }; allow system_server apk_private_data_file:file { append create getattr ioctl lock map open read relabelfrom relabelto rename setattr unlink write }; allow system_server apk_private_tmp_file:dir { add_name create getattr ioctl lock open read relabelfrom relabelto remove_name rename reparent rmdir search setattr write }; allow system_server apk_private_tmp_file:file { append create getattr ioctl lock map open read relabelfrom relabelto rename setattr unlink write }; allow system_server apk_tmp_file:dir { add_name create getattr ioctl lock open read relabelfrom relabelto remove_name rename reparent rmdir search setattr write }; allow system_server apk_tmp_file:file { append create getattr ioctl lock map open read relabelfrom relabelto rename setattr unlink write }; allow system_server app_data_file:dir { getattr read search }; allow system_server app_data_file:file { append getattr read write }; allow system_server app_fuse_file:dir { add_name getattr ioctl lock open read remove_name search write }; allow system_server app_fuse_file:file { append getattr open read write }; allow system_server appdomain:binder { call transfer }; allow system_server appdomain:fd use; allow system_server appdomain:fifo_file { getattr read write }; allow system_server appdomain:file { append lock map open write }; allow system_server appdomain:process { getpgid getsched setsched sigkill signal }; allow system_server appdomain:tcp_socket { getattr getopt read setopt shutdown write }; allow system_server appdomain:udp_socket { getattr getopt read setopt shutdown write }; allow system_server appdomain:unix_stream_socket { getattr read write }; allow system_server asec_apk_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server asec_apk_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server asec_public_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server audio_device:chr_file { append getattr ioctl lock map open read write }; allow system_server audio_device:dir { getattr ioctl lock open read search }; allow system_server audioserver:file { append lock map open write }; allow system_server audioserver:process { getsched setsched signal }; allow system_server audioserver:tcp_socket { append bind connect getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server audioserver:udp_socket { append bind connect getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server audioserver_service:service_manager find; allow system_server backup_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server backup_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server batteryproperties_service:service_manager { add find }; allow system_server binder_device:chr_file { append getattr ioctl lock map open read write }; allow system_server binderservicedomain:binder { call transfer }; allow system_server binderservicedomain:fd use; allow system_server block_device:dir search; allow system_server bluetooth_data_file:dir { getattr read search }; allow system_server bluetooth_data_file:file { append getattr read write }; allow system_server bootanim:process { getsched setsched }; allow system_server bootloader_boot_reason_prop:file { getattr ioctl lock map open read }; allow system_server boottime_prop:file { getattr ioctl lock map open read }; allow system_server cache_backup_file:dir { add_name getattr ioctl lock open read remove_name search write }; allow system_server cache_backup_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server cache_file:dir { add_name create getattr ioctl lock open read relabelfrom remove_name rename reparent rmdir search setattr write }; allow system_server cache_file:fifo_file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server cache_file:file { append create getattr ioctl lock map open read relabelfrom rename setattr unlink write }; allow system_server cache_file:lnk_file { getattr ioctl lock map open read }; allow system_server cache_private_backup_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server cache_private_backup_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server cache_recovery_file:dir { add_name create getattr ioctl lock open read relabelfrom remove_name rename reparent rmdir search setattr write }; allow system_server cache_recovery_file:fifo_file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server cache_recovery_file:file { append create getattr ioctl lock map open read relabelfrom rename setattr unlink write }; allow system_server cameraserver:file { append lock map open write }; allow system_server cameraserver:process { getsched setsched signal }; allow system_server cameraserver_service:service_manager find; allow system_server cgroup:dir { getattr ioctl lock open read remove_name rmdir search }; allow system_server cgroup:file { getattr ioctl lock map open read }; allow system_server cgroup:lnk_file { getattr ioctl lock map open read }; allow system_server cirrus_dump_data_file:dir { add_name getattr ioctl lock open read remove_name search write }; allow system_server cirrus_dump_data_file:file { append create getattr ioctl lock map open read setattr unlink write }; allow system_server config_gz:file { open read }; allow system_server configfs:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server configfs:file { create getattr open unlink write }; allow system_server cppreopt_prop:file { getattr ioctl lock map open read }; allow system_server cppreopt_prop:property_service set; allow system_server crash_dump:process sigkill; allow system_server crashreport:binder transfer; allow system_server crashreport:fd use; allow system_server crashreport:fifo_file write; allow system_server crashreport_data_file:dir { add_name read remove_name search write }; allow system_server crashreport_data_file:file { append getattr open read setattr unlink write }; allow system_server ctl_bootanim_prop:property_service set; allow system_server ctl_bugreport_prop:file { getattr ioctl lock map open read }; allow system_server ctl_bugreport_prop:property_service set; allow system_server ctl_default_prop:file { getattr ioctl lock map open read }; allow system_server ctl_default_prop:property_service set; allow system_server dalvikcache_data_file:dir { getattr ioctl lock open read search }; allow system_server dalvikcache_data_file:file { getattr ioctl lock map open read }; allow system_server debug_prop:file { getattr ioctl lock map open read }; allow system_server debug_prop:property_service set; allow system_server debugfs:dir { getattr ioctl lock open read search }; allow system_server debugfs:file { getattr ioctl lock map open read }; allow system_server debugfs_binder:file { getattr open read }; allow system_server debugfs_gpu_img:dir search; allow system_server debugfs_ion:dir search; allow system_server debugfs_tracing_instances:dir search; allow system_server debugfs_wakeup_sources:file { getattr ioctl lock map open read }; allow system_server debugfs_wifi_tracing:dir search; allow system_server debugfs_wifi_tracing:file { append getattr ioctl lock map open read write }; allow system_server device:dir { getattr ioctl lock open read search }; allow system_server device_logging_prop:file { getattr ioctl lock map open read }; allow system_server device_logging_prop:property_service set; allow system_server devicetype_prop:file { getattr ioctl lock map open read }; allow system_server devmap_device:chr_file { getattr ioctl lock map open read }; allow system_server dhcp_data_file:dir { add_name getattr ioctl lock open read remove_name search write }; allow system_server dhcp_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server dhcp_prop:file { getattr ioctl lock map open read }; allow system_server dhcp_prop:property_service set; allow system_server domain:dir { getattr ioctl lock open read search }; allow system_server domain:file { getattr ioctl lock map open read }; allow system_server domain:lnk_file { getattr ioctl lock map open read }; allow system_server domain:process getattr; allow system_server dri_device:chr_file { ioctl open read write }; allow system_server drmserver:binder transfer; allow system_server drmserver:drmservice openDecryptSession; allow system_server drmserver:process signal; allow system_server drmserver_service:service_manager find; allow system_server dumpatrace_data_file:dir { add_name getattr ioctl lock open read remove_name search write }; allow system_server dumpatrace_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server dumpstate:binder { call transfer }; allow system_server dumpstate:fd use; allow system_server dumpstate:fifo_file append; allow system_server dumpstate_options_prop:file { getattr ioctl lock map open read }; allow system_server dumpstate_options_prop:property_service set; allow system_server dumpstate_service:service_manager find; allow system_server exec_type:file { getattr ioctl lock map open read }; allow system_server exported2_system_prop:file { getattr ioctl lock map open read }; allow system_server exported2_system_prop:property_service set; allow system_server exported3_system_prop:file { getattr ioctl lock map open read }; allow system_server exported3_system_prop:property_service set; allow system_server exported_audio_prop:file { getattr ioctl lock map open read }; allow system_server exported_fingerprint_prop:file { getattr ioctl lock map open read }; allow system_server exported_fingerprint_prop:property_service set; allow system_server exported_overlay_prop:file { getattr ioctl lock map open read }; allow system_server exported_overlay_prop:property_service set; allow system_server exported_pm_prop:file { getattr ioctl lock map open read }; allow system_server exported_pm_prop:property_service set; allow system_server exported_system_prop:file { getattr ioctl lock map open read }; allow system_server exported_system_prop:property_service set; allow system_server exported_system_radio_prop:file { getattr ioctl lock map open read }; allow system_server exported_system_radio_prop:property_service set; allow system_server file_contexts_file:file { getattr ioctl lock map open read }; allow system_server fingerprint_prop:file { getattr ioctl lock map open read }; allow system_server fingerprint_prop:property_service set; allow system_server fingerprintd:binder { call transfer }; allow system_server fingerprintd:fd use; allow system_server fingerprintd_data_file:dir { getattr ioctl lock open read relabelto remove_name rmdir search write }; allow system_server fingerprintd_data_file:file { getattr unlink }; allow system_server fingerprintd_service:service_manager find; allow system_server fireos_service_type:service_manager find; allow system_server firstboot_prop:file { getattr ioctl lock map open read }; allow system_server firstboot_prop:property_service set; allow system_server fm_hidl_service:binder { call transfer }; allow system_server frp_block_device:blk_file { append getattr ioctl lock map open read write }; allow system_server fs_bpf:dir search; allow system_server fs_bpf:file read; allow system_server fscklogs:dir { getattr ioctl lock open read remove_name search write }; allow system_server fscklogs:file { getattr ioctl lock map open read unlink }; allow system_server fscklogs:lnk_file { getattr ioctl lock map open read }; allow system_server functionfs:dir search; allow system_server functionfs:file { append getattr ioctl lock map open read write }; allow system_server fuse_device:chr_file { getattr ioctl read write }; allow system_server fwk_scheduler_hwservice:hwservice_manager { add find }; allow system_server fwk_sensor_hwservice:hwservice_manager { add find }; allow system_server gatekeeper_service:service_manager find; allow system_server gatekeeperd:binder { call transfer }; allow system_server gatekeeperd:fd use; allow system_server ged_srv:binder transfer; allow system_server ged_srv:fifo_file write; allow system_server gps_control:file { append getattr ioctl lock map open read write }; allow system_server gpu_device:chr_file { append getattr ioctl lock map open read write }; allow system_server gpu_device:dir search; allow system_server hal_allocator_server:binder { call transfer }; allow system_server hal_allocator_server:fd use; allow system_server hal_audio:process { getsched setsched }; allow system_server hal_audio_default:binder { call transfer }; allow system_server hal_audio_default:fd use; allow system_server hal_audio_hwservice:hwservice_manager find; allow system_server hal_audio_server:file { append lock map open write }; allow system_server hal_audio_server:process signal; allow system_server hal_authsecret_hwservice:hwservice_manager find; allow system_server hal_authsecret_server:binder { call transfer }; allow system_server hal_authsecret_server:fd use; allow system_server hal_bluetooth_default:process { getsched setsched }; allow system_server hal_bluetooth_server:process signal; allow system_server hal_broadcastradio_hwservice:hwservice_manager find; allow system_server hal_broadcastradio_server:binder { call transfer }; allow system_server hal_broadcastradio_server:fd use; allow system_server hal_camera:process { getsched setsched }; allow system_server hal_camera_server:process signal; allow system_server hal_codec2_hwservice:hwservice_manager find; allow system_server hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find; allow system_server hal_configstore_server:binder { call transfer }; allow system_server hal_configstore_server:fd use; allow system_server hal_contexthub_hwservice:hwservice_manager find; allow system_server hal_contexthub_server:binder { call transfer }; allow system_server hal_contexthub_server:fd use; allow system_server hal_fingerprint_hwservice:hwservice_manager find; allow system_server hal_fingerprint_server:binder { call transfer }; allow system_server hal_fingerprint_server:fd use; allow system_server hal_fingerprint_service:service_manager find; allow system_server hal_gnss_hwservice:hwservice_manager find; allow system_server hal_gnss_server:binder { call transfer }; allow system_server hal_gnss_server:fd use; allow system_server hal_graphics_allocator_hwservice:hwservice_manager find; allow system_server hal_graphics_allocator_server:binder { call transfer }; allow system_server hal_graphics_allocator_server:fd use; allow system_server hal_graphics_composer_default:fd use; allow system_server hal_graphics_composer_server:process signal; allow system_server hal_graphics_mapper_hwservice:hwservice_manager find; allow system_server hal_health_hwservice:hwservice_manager find; allow system_server hal_health_server:binder { call transfer }; allow system_server hal_health_server:fd use; allow system_server hal_ir_hwservice:hwservice_manager find; allow system_server hal_ir_server:binder { call transfer }; allow system_server hal_ir_server:fd use; allow system_server hal_light_hwservice:hwservice_manager find; allow system_server hal_light_server:binder { call transfer }; allow system_server hal_light_server:fd use; allow system_server hal_memtrack_hwservice:hwservice_manager find; allow system_server hal_memtrack_server:binder { call transfer }; allow system_server hal_memtrack_server:fd use; allow system_server hal_neuralnetworks_hwservice:hwservice_manager find; allow system_server hal_neuralnetworks_server:binder { call transfer }; allow system_server hal_neuralnetworks_server:fd use; allow system_server hal_oemlock_hwservice:hwservice_manager find; allow system_server hal_omx_hwservice:hwservice_manager find; allow system_server hal_power_hwservice:hwservice_manager find; allow system_server hal_power_server:binder { call transfer }; allow system_server hal_power_server:fd use; allow system_server hal_renderscript_hwservice:hwservice_manager find; allow system_server hal_sensors_hwservice:hwservice_manager find; allow system_server hal_sensors_server:binder { call transfer }; allow system_server hal_sensors_server:fd use; allow system_server hal_sensors_server:process signal; allow system_server hal_tetheroffload_hwservice:hwservice_manager find; allow system_server hal_tetheroffload_server:binder { call transfer }; allow system_server hal_tetheroffload_server:fd use; allow system_server hal_thermal_hwservice:hwservice_manager find; allow system_server hal_thermal_server:binder { call transfer }; allow system_server hal_thermal_server:fd use; allow system_server hal_tv_cec_hwservice:hwservice_manager find; allow system_server hal_tv_cec_server:binder { call transfer }; allow system_server hal_tv_cec_server:fd use; allow system_server hal_tv_input_hwservice:hwservice_manager find; allow system_server hal_tv_input_server:binder { call transfer }; allow system_server hal_tv_input_server:fd use; allow system_server hal_usb_gadget_hwservice:hwservice_manager find; allow system_server hal_usb_hwservice:hwservice_manager find; allow system_server hal_usb_server:binder { call transfer }; allow system_server hal_usb_server:fd use; allow system_server hal_vibrator_hwservice:hwservice_manager find; allow system_server hal_vibrator_server:binder { call transfer }; allow system_server hal_vibrator_server:fd use; allow system_server hal_vr_hwservice:hwservice_manager find; allow system_server hal_vr_server:binder { call transfer }; allow system_server hal_vr_server:fd use; allow system_server hal_vr_server:process signal; allow system_server hal_weaver_hwservice:hwservice_manager find; allow system_server hal_wifi_hostapd_hwservice:hwservice_manager find; allow system_server hal_wifi_hostapd_server:binder { call transfer }; allow system_server hal_wifi_hostapd_server:fd use; allow system_server hal_wifi_hwservice:hwservice_manager find; allow system_server hal_wifi_offload_hwservice:hwservice_manager find; allow system_server hal_wifi_offload_server:binder { call transfer }; allow system_server hal_wifi_offload_server:fd use; allow system_server hal_wifi_server:binder { call transfer }; allow system_server hal_wifi_server:fd use; allow system_server hal_wifi_supplicant_hwservice:hwservice_manager find; allow system_server hal_wifi_supplicant_server:binder { call transfer }; allow system_server hal_wifi_supplicant_server:fd use; allow system_server heapdump_data_file:dir { add_name getattr ioctl lock open read remove_name search write }; allow system_server heapdump_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server hidl_allocator_hwservice:hwservice_manager find; allow system_server hidl_base_hwservice:hwservice_manager add; allow system_server hidl_manager_hwservice:hwservice_manager find; allow system_server hidl_memory_hwservice:hwservice_manager find; allow system_server hidl_token_hwservice:hwservice_manager find; allow system_server hw_random_device:chr_file { getattr ioctl lock map open read }; allow system_server hwbinder_device:chr_file { append getattr ioctl lock map open read write }; allow system_server hwservicemanager:binder { call transfer }; allow system_server hwservicemanager:hwservice_manager list; allow system_server hwservicemanager_prop:file { getattr ioctl lock map open read }; allow system_server icon_file:file { append getattr ioctl lock map open read relabelto unlink write }; allow system_server iio_device:chr_file { append getattr ioctl lock map open read write }; allow system_server incident_data_file:file read; allow system_server incident_service:service_manager find; allow system_server incidentd:binder { call transfer }; allow system_server incidentd:fd use; allow system_server incidentd:fifo_file append; allow system_server init:unix_stream_socket connectto; allow system_server input_device:chr_file { append getattr ioctl lock map open read write }; allow system_server input_device:dir { getattr ioctl lock open read search }; allow system_server input_prewarm_enable_prop:file { getattr ioctl lock map open read }; allow system_server input_prewarm_enable_prop:property_service set; allow system_server inputflinger:binder transfer; allow system_server inputflinger:process signal; allow system_server installd:binder { call transfer }; allow system_server installd:fd use; allow system_server installd_service:service_manager find; allow system_server ion_device:chr_file { getattr ioctl lock map open read }; allow system_server irtx_device:chr_file { append getattr ioctl lock map open read write }; allow system_server kernel:security compute_av; allow system_server kernel:system module_request; allow system_server keychain_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server keychain_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server keychain_data_file:lnk_file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server keystore:binder transfer; allow system_server keystore:keystore_key { add_auth clear_uid delete duplicate exist get get_state grant insert is_empty list lock password reset sign unlock user_changed verify }; allow system_server keystore_service:service_manager find; allow system_server last_boot_reason_prop:file { getattr ioctl lock map open read }; allow system_server leakrecovery_enable_prop:file { getattr ioctl lock map open read }; allow system_server leakrecovery_enable_prop:property_service set; allow system_server leakrecoveryd:binder { call transfer }; allow system_server leakrecoveryd:fd use; allow system_server leakrecoveryd_enable_prop:file { getattr ioctl lock map open read }; allow system_server leakrecoveryd_enable_prop:property_service set; allow system_server leakrecoveryd_service:service_manager find; allow system_server lmkd:unix_stream_socket connectto; allow system_server lmkd_socket:sock_file write; allow system_server log_tag_prop:property_service set; allow system_server logcat_exec:file { execute execute_no_trans getattr ioctl lock map open read }; allow system_server logd:unix_stream_socket connectto; allow system_server logd_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server logd_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server logd_prop:file { getattr ioctl lock map open read }; allow system_server logd_prop:property_service set; allow system_server logdr_socket:sock_file write; allow system_server logmuch_prop:file { getattr ioctl lock map open read }; allow system_server logmuch_prop:property_service set; allow system_server mac_perms_file:file { getattr ioctl lock map open read }; allow system_server mdns_socket:sock_file { append getattr ioctl lock map open read write }; allow system_server media_rw_data_file:dir { getattr open read search }; allow system_server media_rw_data_file:file { append getattr read write }; allow system_server media_wfd_prop:property_service set; allow system_server mediacodec:binder { call transfer }; allow system_server mediacodec:fd use; allow system_server mediacodec:file { append lock map open write }; allow system_server mediacodec:process { getsched setsched signal }; allow system_server mediacodec_service:service_manager find; allow system_server mediadrmserver:process signal; allow system_server mediadrmserver:tcp_socket { append bind connect getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server mediadrmserver:udp_socket { append bind connect getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server mediadrmserver_service:service_manager find; allow system_server mediaextractor:process signal; allow system_server mediaextractor_service:service_manager find; allow system_server mediametrics:process signal; allow system_server mediametrics_service:service_manager find; allow system_server mediaserver:process { getsched setsched signal }; allow system_server mediaserver:tcp_socket { append bind connect getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server mediaserver:udp_socket { append bind connect getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server mediaserver_service:service_manager find; allow system_server mnld:binder { call transfer }; allow system_server mnld:fd use; allow system_server mnt_expand_file:dir { getattr ioctl lock open read search }; allow system_server mnt_user_file:dir { getattr search }; allow system_server mnt_user_file:lnk_file { getattr read }; allow system_server mobicore_vendor_file:dir { getattr open read }; allow system_server mtk_amsaal_prop:file { getattr ioctl lock map open read }; allow system_server mtk_amsaal_prop:property_service set; allow system_server mtk_amslog_prop:file { getattr ioctl lock map open read }; allow system_server mtk_amslog_prop:property_service set; allow system_server mtk_bgdata_disabled:file { getattr ioctl lock map open read }; allow system_server mtk_em_net_auto_tethering_prop:file { getattr ioctl lock map open read }; allow system_server mtk_em_tel_log_prop:file { getattr ioctl lock map open read }; allow system_server mtk_hal_audio:process { getsched setsched }; allow system_server mtk_hal_bluetooth:binder { call transfer }; allow system_server mtk_hal_bluetooth:fd use; allow system_server mtk_hal_bluetooth:process { getsched setsched }; allow system_server mtk_hal_camera:binder { call transfer }; allow system_server mtk_hal_camera:fd use; allow system_server mtk_hal_fm:binder { call transfer }; allow system_server mtk_hal_fm:fd use; allow system_server mtk_hal_fm_hwservice:hwservice_manager find; allow system_server mtk_hal_imsa:binder { call transfer }; allow system_server mtk_hal_imsa:fd use; allow system_server mtk_hal_light:binder { call transfer }; allow system_server mtk_hal_light:fd use; allow system_server mtk_hal_netdagent_hwservice:hwservice_manager find; allow system_server mtk_hal_power_hwservice:hwservice_manager find; allow system_server mtk_hal_sensors:binder { call transfer }; allow system_server mtk_hal_sensors:fd use; allow system_server mtk_hal_wfo:binder transfer; allow system_server mtk_hal_wifi:binder { call transfer }; allow system_server mtk_hal_wifi:fd use; allow system_server mtk_mdmi_prop:file { getattr ioctl lock map open read }; allow system_server mtk_rtt_prop:file { getattr ioctl lock map open read }; allow system_server mtk_telephony_sensitive_prop:file { getattr ioctl lock map open read }; allow system_server mtk_thermal_config_prop:file { getattr open read }; allow system_server mtp:unix_stream_socket connectto; allow system_server mtpd_socket:sock_file write; allow system_server net_dns_prop:file { getattr ioctl lock map open read }; allow system_server net_dns_prop:property_service set; allow system_server net_radio_prop:file { getattr ioctl lock map open read }; allow system_server net_radio_prop:property_service set; allow system_server netd:binder { call transfer }; allow system_server netd:bpf map_read; allow system_server netd:fd use; allow system_server netd:process signal; allow system_server netd:unix_stream_socket connectto; allow system_server netd_service:service_manager find; allow system_server netd_socket:sock_file write; allow system_server netdagent:binder call; allow system_server network_watchlist_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server network_watchlist_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server nfc_data_file:dir { getattr read search }; allow system_server nfc_data_file:file { append getattr read write }; allow system_server nfc_service:service_manager find; allow system_server node:rawip_socket node_bind; allow system_server node_type:tcp_socket node_bind; allow system_server node_type:udp_socket node_bind; allow system_server oemfs:dir { getattr ioctl lock open read search }; allow system_server oemfs:file { getattr ioctl lock map open read }; allow system_server oemfs:lnk_file { getattr ioctl lock map open read }; allow system_server overlay_prop:file { getattr ioctl lock map open read }; allow system_server overlay_prop:property_service set; allow system_server perfetto:binder transfer; allow system_server perfetto:fd use; allow system_server perfetto_traces_data_file:file read; allow system_server perfmonitord_service:service_manager find; allow system_server performanced:binder transfer; allow system_server persist_mtk_aee_prop:file { getattr ioctl lock map open read }; allow system_server persist_vendor_vzw_device_type:file { getattr ioctl lock map open read }; allow system_server pm_prop:file { getattr ioctl lock map open read }; allow system_server pm_prop:property_service set; allow system_server port_type:tcp_socket name_bind; allow system_server port_type:udp_socket name_bind; allow system_server postinstall:binder { call transfer }; allow system_server postinstall:fd use; allow system_server postinstall:fifo_file write; allow system_server powerctl_prop:file { getattr ioctl lock map open read }; allow system_server powerctl_prop:property_service set; allow system_server preloads_data_file:dir { getattr ioctl lock open read remove_name rmdir search write }; allow system_server preloads_data_file:file { getattr ioctl lock map open read unlink }; allow system_server preloads_media_file:dir { getattr ioctl lock open read remove_name rmdir search write }; allow system_server preloads_media_file:file { getattr ioctl lock map open read unlink }; allow system_server proc_asound:dir { getattr ioctl lock open read search }; allow system_server proc_asound:file { getattr ioctl lock map open read }; allow system_server proc_asound:lnk_file { getattr ioctl lock map open read }; allow system_server proc_bootprof:file { append getattr ioctl lock map open read write }; allow system_server proc_cpu_loading:file { getattr open write }; allow system_server proc_ged:file { getattr ioctl open read write }; allow system_server proc_idme:dir search; allow system_server proc_idme:file { getattr ioctl lock map open read }; allow system_server proc_last_kmsg:file { getattr ioctl lock map open read }; allow system_server proc_life_cycle_reason:file { getattr ioctl lock map open read }; allow system_server proc_lmk_logs:file { getattr ioctl lock map open read }; allow system_server proc_loadavg:file { getattr ioctl lock map open read }; allow system_server proc_meminfo:file { getattr ioctl lock map open read }; allow system_server proc_mtktz:dir search; allow system_server proc_mtktz:file { getattr ioctl lock map open read }; allow system_server proc_net:dir { getattr ioctl lock open read search }; allow system_server proc_net:file { getattr ioctl lock map open read }; allow system_server proc_net:lnk_file { getattr ioctl lock map open read }; allow system_server proc_pagetypeinfo:file { getattr ioctl lock map open read }; allow system_server proc_perfmgr:dir { read search }; allow system_server proc_perfmgr:file { ioctl open read }; allow system_server proc_pipe_conf:file { getattr ioctl lock map open read }; allow system_server proc_qtaguid_stat:dir { getattr ioctl lock open read search }; allow system_server proc_qtaguid_stat:file { getattr ioctl lock map open read }; allow system_server proc_qtaguid_stat:lnk_file { getattr ioctl lock map open read }; allow system_server proc_secmem:file { append getattr ioctl lock map open read write }; allow system_server proc_stat:file { getattr ioctl lock map open read }; allow system_server proc_sysrq:file { append getattr ioctl lock map open read write }; allow system_server proc_uid_concurrent_active_time:file { getattr ioctl lock map open read }; allow system_server proc_uid_concurrent_policy_time:file { getattr ioctl lock map open read }; allow system_server proc_uid_cpupower:file { getattr ioctl lock map open read }; allow system_server proc_uid_cputime_removeuid:file { append getattr lock map open write }; allow system_server proc_uid_cputime_showstat:file { getattr ioctl lock map open read }; allow system_server proc_uid_procstat_set:file { append getattr lock map open write }; allow system_server proc_uid_time_in_state:dir { getattr ioctl lock open read search }; allow system_server proc_uid_time_in_state:file { getattr ioctl lock map open read }; allow system_server proc_version:file { getattr ioctl lock map open read }; allow system_server proc_vmallocinfo:file { getattr ioctl lock map open read }; allow system_server profman_dump_data_file:dir { add_name lock open remove_name search write }; allow system_server profman_dump_data_file:file { append create getattr lock map open setattr unlink write }; allow system_server property_socket:sock_file write; allow system_server pstorefs:dir { getattr ioctl lock open read search }; allow system_server pstorefs:file { getattr ioctl lock map open read }; allow system_server qemu_pipe_device:chr_file { append getattr ioctl lock map open read write }; allow system_server qtaguid_device:chr_file { append getattr ioctl lock map open read write }; allow system_server qtaguid_proc:file { append getattr ioctl lock map open read write }; allow system_server racoon:unix_stream_socket connectto; allow system_server racoon_socket:sock_file write; allow system_server radio_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server radio_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server radio_device:chr_file { getattr ioctl lock map open read }; allow system_server radio_service:service_manager find; allow system_server recovery_data_file:dir search; allow system_server recovery_data_file:file { getattr open read }; allow system_server rescue_party_prop:file { getattr ioctl lock map open read }; allow system_server resourcecache_data_file:dir { getattr ioctl lock open read search }; allow system_server resourcecache_data_file:file { getattr ioctl lock map open read }; allow system_server ringtone_file:dir { add_name create getattr ioctl lock open read relabelto remove_name rename reparent rmdir search setattr write }; allow system_server ringtone_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server rootfs:dir { getattr ioctl lock open read search }; allow system_server rootfs:file { getattr ioctl lock map open read }; allow system_server rootfs:lnk_file { getattr ioctl lock map open read }; allow system_server rtc_device:chr_file { append getattr ioctl lock map open read write }; allow system_server runtime_event_log_tags_file:file { getattr ioctl lock map open read }; allow system_server safemode_prop:file { getattr ioctl lock map open read }; allow system_server safemode_prop:property_service set; allow system_server sdcard_type:dir { getattr search }; allow system_server sdcardd:binder { call transfer }; allow system_server sdcardd:fd use; allow system_server sdcardd:process signal; allow system_server selinuxfs:dir { getattr ioctl lock open read search }; allow system_server selinuxfs:file { append getattr ioctl lock map open read write }; allow system_server selinuxfs:lnk_file { getattr ioctl lock map open read }; allow system_server serialno_prop:file { getattr ioctl lock map open read }; allow system_server servicemanager:binder { call transfer }; allow system_server sf_rtt_file:dir { getattr ioctl lock open read relabelto search }; allow system_server sf_rtt_file:file { getattr ioctl lock map open read }; allow system_server shell_data_file:dir { getattr read search }; allow system_server shell_data_file:file { append getattr read write }; allow system_server shell_prop:file { getattr ioctl lock map open read }; allow system_server shell_prop:property_service set; allow system_server shipmode_service_prop:file { getattr ioctl lock map open read }; allow system_server shipmode_service_prop:property_service set; allow system_server shortcut_manager_icons:dir { add_name create getattr ioctl lock open read relabelto remove_name rename reparent rmdir search setattr write }; allow system_server shortcut_manager_icons:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server stats_data_file:dir { open read remove_name search write }; allow system_server stats_data_file:file unlink; allow system_server stats_service:service_manager find; allow system_server statsd:binder { call transfer }; allow system_server statsd:fd use; allow system_server statsd:process signal; allow system_server statsd:unix_dgram_socket sendto; allow system_server statsdw_socket:sock_file write; allow system_server storage_file:dir { getattr search }; allow system_server storage_file:lnk_file { getattr read }; allow system_server storaged:binder { call transfer }; allow system_server storaged:fd use; allow system_server storaged_service:service_manager find; allow system_server stpant_device:chr_file { append getattr ioctl lock map open read write }; allow system_server surfaceflinger:fifo_file { append getattr ioctl lock map open read write }; allow system_server surfaceflinger:process signal; allow system_server surfaceflinger:unix_stream_socket { read setopt write }; allow system_server surfaceflinger_service:service_manager find; allow system_server sw_sync_device:chr_file { getattr ioctl open read write }; allow system_server sysfs_android_usb:dir { getattr ioctl lock open read search }; allow system_server sysfs_android_usb:file { append getattr ioctl lock map open read write }; allow system_server sysfs_android_usb:lnk_file { getattr ioctl lock map open read }; allow system_server sysfs_batteryinfo:file { getattr ioctl lock map open read }; allow system_server sysfs_dcm:file { append getattr ioctl lock map open read write }; allow system_server sysfs_devinfo:file { getattr ioctl lock map open read }; allow system_server sysfs_ipv4:dir { getattr ioctl lock open read search }; allow system_server sysfs_ipv4:file { append getattr ioctl lock map open read write }; allow system_server sysfs_ipv4:lnk_file { getattr ioctl lock map open read }; allow system_server sysfs_lowmemorykiller:file { append getattr lock map open write }; allow system_server sysfs_mac_address:file { getattr ioctl lock map open read }; allow system_server sysfs_nfc_power_writable:file { append getattr ioctl lock map open read write }; allow system_server sysfs_power:dir search; allow system_server sysfs_power:file { append getattr ioctl lock map open read write }; allow system_server sysfs_rtc:dir { getattr ioctl lock open read search }; allow system_server sysfs_rtc:file { getattr ioctl lock map open read }; allow system_server sysfs_rtc:lnk_file { getattr ioctl lock map open read }; allow system_server sysfs_switch:dir { getattr ioctl lock open read search }; allow system_server sysfs_switch:file { getattr ioctl lock map open read }; allow system_server sysfs_switch:lnk_file { getattr ioctl lock map open read }; allow system_server sysfs_thermal:dir search; allow system_server sysfs_thermal:file { getattr ioctl lock map open read }; allow system_server sysfs_type:dir search; allow system_server sysfs_usb:file { append lock map open write }; allow system_server sysfs_vibrator:file { append write }; allow system_server sysfs_wake_lock:file { append getattr ioctl lock map open read write }; allow system_server sysfs_wakeup_reasons:dir { getattr ioctl lock open read search }; allow system_server sysfs_wakeup_reasons:file { getattr ioctl lock map open read }; allow system_server sysfs_wakeup_reasons:lnk_file { getattr ioctl lock map open read }; allow system_server sysfs_zram:dir search; allow system_server sysfs_zram:file { getattr ioctl lock map open read }; allow system_server system_app_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server system_app_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server system_data_file:dir { add_name create getattr ioctl lock open read relabelfrom remove_name rename reparent rmdir search setattr write }; allow system_server system_data_file:fifo_file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server system_data_file:file { append create getattr ioctl link lock map open read relabelfrom rename setattr unlink write }; allow system_server system_data_file:lnk_file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server system_data_file:sock_file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server system_file:dir { getattr ioctl lock open read search }; allow system_server system_file:lnk_file { getattr ioctl lock map open read }; allow system_server system_lmk_logs:file { getattr ioctl lock map open read }; allow system_server system_ndebug_socket:sock_file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server system_prop:file { getattr ioctl lock map open read }; allow system_server system_prop:property_service set; allow system_server system_radio_prop:file { getattr ioctl lock map open read }; allow system_server system_radio_prop:property_service set; allow system_server system_server:cap2_userns { block_suspend wake_alarm }; allow system_server system_server:cap_userns { ipc_lock kill net_admin net_bind_service net_broadcast net_raw sys_boot sys_nice sys_ptrace sys_time sys_tty_config }; allow system_server system_server:capability { ipc_lock kill net_admin net_bind_service net_broadcast net_raw sys_boot sys_nice sys_ptrace sys_time sys_tty_config }; allow system_server system_server:capability2 { block_suspend wake_alarm }; allow system_server system_server:dir { getattr ioctl lock open read search }; allow system_server system_server:fd use; allow system_server system_server:fifo_file { append getattr ioctl lock map open read write }; allow system_server system_server:file { append getattr ioctl lock map open read write }; allow system_server system_server:icmp_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server system_server:lnk_file { getattr ioctl lock map open read }; allow system_server system_server:netlink_generic_socket { append bind connect create getattr getopt lock read setattr setopt shutdown write }; allow system_server system_server:netlink_kobject_uevent_socket { append bind connect create getattr getopt lock read setattr setopt shutdown write }; allow system_server system_server:netlink_netfilter_socket { append bind connect create getattr getopt lock read setattr setopt shutdown write }; allow system_server system_server:netlink_route_socket { append bind connect create getattr getopt lock nlmsg_read nlmsg_write read setattr setopt shutdown write }; allow system_server system_server:netlink_selinux_socket { accept append bind connect create getattr getopt listen lock name_bind read recvfrom relabelfrom relabelto sendto setattr setopt shutdown write }; allow system_server system_server:netlink_socket { append bind connect create getattr getopt lock read setattr setopt shutdown write }; allow system_server system_server:packet_socket { append bind connect create getattr getopt lock read setattr setopt shutdown write }; allow system_server system_server:process { fork getattr getcap getpgid getsched getsession ptrace setcap setpgid setrlimit setsched sigchld sigkill signal signull sigstop }; allow system_server system_server:rawip_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server system_server:socket { append bind connect create getattr getopt lock read setattr setopt shutdown write }; allow system_server system_server:tcp_socket { accept append bind connect create getattr getopt ioctl listen lock read setattr setopt shutdown write }; allow system_server system_server:tun_socket { append bind connect create getattr getopt lock read setattr setopt shutdown write }; allow system_server system_server:udp_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; allow system_server system_server:unix_dgram_socket { append bind connect create getattr getopt ioctl lock read sendto setattr setopt shutdown write }; allow system_server system_server:unix_stream_socket { accept append bind connect connectto create getattr getopt ioctl listen lock read setattr setopt shutdown write }; allow system_server system_server_service:service_manager { add find }; allow system_server system_server_tmpfs:file { getattr map read write }; allow system_server systemkeys_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server systemkeys_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server teei_client_device:chr_file { getattr ioctl lock map open read }; allow system_server teei_fp_device:chr_file { append getattr ioctl lock map open read write }; allow system_server textclassifier_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server textclassifier_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server tmpfs:dir { getattr search }; allow system_server tombstone_data_file:dir { getattr ioctl lock open read search }; allow system_server tombstone_data_file:file { getattr ioctl lock map open read }; allow system_server tombstoned:fd use; allow system_server tombstoned:unix_stream_socket connectto; allow system_server tombstoned_intercept_socket:sock_file write; allow system_server tombstoned_java_trace_socket:sock_file write; allow system_server toolbox_exec:file { execute execute_no_trans getattr ioctl lock map open read }; allow system_server touch_device:chr_file { append getattr ioctl lock map open read write }; allow system_server touch_gesture_prop:file { getattr ioctl lock map open read }; allow system_server touch_gesture_prop:property_service set; allow system_server trace_data_file:dir { getattr ioctl lock open read search }; allow system_server trace_data_file:file { getattr ioctl lock map open read }; allow system_server ttyMT_device:chr_file { append getattr ioctl lock map open read write }; allow system_server ttyS_device:chr_file { append getattr ioctl lock map open read write }; allow system_server tty_device:chr_file { append getattr ioctl lock map open read write }; allow system_server tun_device:chr_file { append getattr ioctl lock map open read write }; allow system_server uhid_device:chr_file { ioctl open read write }; allow system_server uncrypt:unix_stream_socket connectto; allow system_server uncrypt_socket:sock_file write; allow system_server unlabeled:dir { getattr ioctl lock open read search }; allow system_server unlabeled:file { getattr ioctl lock map open read }; allow system_server update_engine:fd use; allow system_server update_engine:fifo_file write; allow system_server usb_device:chr_file { append getattr ioctl lock map open read write }; allow system_server usb_device:dir { getattr ioctl lock open read search }; allow system_server usbaccessory_device:chr_file { append getattr ioctl lock map open read write }; allow system_server user_profile_data_file:dir { getattr search }; allow system_server user_profile_data_file:file { getattr open read }; allow system_server vendor_app_file:dir { getattr ioctl lock open read search }; allow system_server vendor_app_file:file { getattr ioctl lock map open read }; allow system_server vendor_app_file:lnk_file { getattr ioctl lock map open read }; allow system_server vendor_framework_file:dir { getattr ioctl lock map open read search }; allow system_server vendor_framework_file:file { getattr ioctl lock map open read }; allow system_server vendor_framework_file:lnk_file { getattr ioctl lock map open read }; allow system_server vendor_overlay_file:dir { getattr ioctl lock open read search }; allow system_server vendor_overlay_file:file { getattr ioctl lock map open read }; allow system_server vendor_overlay_file:lnk_file { getattr ioctl lock map open read }; allow system_server video_device:chr_file { append getattr ioctl lock map open read write }; allow system_server video_device:dir { getattr ioctl lock open read search }; allow system_server virtual_touchpad:binder transfer; allow system_server vold:binder { call transfer }; allow system_server vold:fd use; allow system_server vold_service:service_manager find; allow system_server vpn_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server vpn_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server vr_hwc:binder transfer; allow system_server vr_hwc:fd use; allow system_server wallpaper_file:file { append getattr ioctl link lock map open read relabelto rename unlink write }; allow system_server webview_zygote:process sigkill; allow system_server webview_zygote:unix_stream_socket { connectto read setopt write }; allow system_server wifi_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server wifi_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server wifi_log_levels_prop:file { getattr ioctl lock map open read }; allow system_server wifi_prop:file { getattr ioctl lock map open read }; allow system_server wifi_prop:property_service set; allow system_server wificond:binder { call transfer }; allow system_server wificond:fd use; allow system_server wificond_service:service_manager find; allow system_server wmtWifi_device:chr_file { append lock map open write }; allow system_server wpantund:binder { call transfer }; allow system_server wpantund:fd use; allow system_server zoneinfo_data_file:dir { add_name create getattr ioctl lock open read remove_name rename reparent rmdir search setattr write }; allow system_server zoneinfo_data_file:file { append create getattr ioctl lock map open read rename setattr unlink write }; allow system_server zygote:binder impersonate; allow system_server zygote:fd use; allow system_server zygote:process { sigchld sigkill }; allow system_server zygote:unix_dgram_socket write; allow system_server zygote:unix_stream_socket { connectto getattr getopt }; allow system_server zygote_exec:file { getattr ioctl lock map open read }; allow system_server zygote_socket:sock_file write; allow system_server zygote_tmpfs:file read; allowxperm domain devpts:chr_file ioctl { 0x5401-0x5403 0x540b 0x540e-0x5411 0x5413-0x5414 0x5451 }; allowxperm domain domain:icmp_socket ioctl { 0x5401-0x5403 0x540b 0x540e-0x5411 0x5413-0x5414 0x5451 }; allowxperm domain domain:icmp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 }; allowxperm domain domain:icmp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d }; allowxperm domain domain:rawip_socket ioctl { 0x5401-0x5403 0x540b 0x540e-0x5411 0x5413-0x5414 0x5451 }; allowxperm domain domain:rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 }; allowxperm domain domain:rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d }; allowxperm domain domain:tcp_socket ioctl { 0x5401-0x5403 0x540b 0x540e-0x5411 0x5413-0x5414 0x5451 }; allowxperm domain domain:tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 }; allowxperm domain domain:tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d }; allowxperm domain domain:udp_socket ioctl { 0x5401-0x5403 0x540b 0x540e-0x5411 0x5413-0x5414 0x5451 }; allowxperm domain domain:udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 }; allowxperm domain domain:udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d }; allowxperm domain domain:unix_dgram_socket ioctl { 0x5401 0x5411 0x5413-0x5414 0x541b 0x5451 }; allowxperm domain domain:unix_stream_socket ioctl { 0x5401 0x5411 0x5413-0x5414 0x541b 0x5451 }; allowxperm system_server system_server:udp_socket ioctl { 0x6900 0x6902 }; allowxperm system_server system_server:udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8939 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff }; allowxperm system_server system_server:udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };