type chre, domain; type chre_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(chre) # Permit communication with AoC allow chre aoc_device:chr_file rw_file_perms; # Allow CHRE to determine AoC's current clock allow chre sysfs_aoc:dir search; allow chre sysfs_aoc_boottime:file r_file_perms; # Allow CHRE to create thread to watch AOC's device allow chre device:dir r_dir_perms; # Allow CHRE to use the USF low latency transport usf_low_latency_transport(chre) # Allow CHRE to talk to the WiFi HAL allow chre hal_wifi_ext:binder { call transfer }; allow chre hal_wifi_ext_hwservice:hwservice_manager find; allow chre hal_wifi_ext_service:service_manager find; # Allow CHRE host to talk to stats service allow chre fwk_stats_service:service_manager find; binder_call(chre, stats_service_server) # Allow CHRE to use WakeLock wakelock_use(chre) # Allow CHRE to block suspend, which is required to use EPOLLWAKEUP. allow chre self:global_capability2_class_set block_suspend;