summaryrefslogtreecommitdiff
path: root/sepolicy/whitechapel/vendor/google/chre.te
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy/whitechapel/vendor/google/chre.te')
-rw-r--r--sepolicy/whitechapel/vendor/google/chre.te27
1 files changed, 27 insertions, 0 deletions
diff --git a/sepolicy/whitechapel/vendor/google/chre.te b/sepolicy/whitechapel/vendor/google/chre.te
new file mode 100644
index 00000000..26c1675f
--- /dev/null
+++ b/sepolicy/whitechapel/vendor/google/chre.te
@@ -0,0 +1,27 @@
+type chre, domain;
+type chre_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(chre)
+
+# Permit communication with AoC
+allow chre aoc_device:chr_file rw_file_perms;
+
+# Allow CHRE to determine AoC's current clock
+allow chre sysfs_aoc:dir search;
+allow chre sysfs_aoc_boottime:file r_file_perms;
+
+# Allow CHRE to create thread to watch AOC's device
+allow chre device:dir r_dir_perms;
+
+# Allow CHRE to use the USF low latency transport
+usf_low_latency_transport(chre)
+
+# Allow CHRE to talk to the WiFi HAL
+allow chre hal_wifi_ext:binder { call transfer };
+allow chre hal_wifi_ext_hwservice:hwservice_manager find;
+
+# Allow CHRE host to talk to stats service
+allow chre fwk_stats_service:service_manager find;
+binder_call(chre, stats_service_server)
+
+# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
+allow chre self:global_capability2_class_set block_suspend;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 03:25:23 +0000