type obdm_app, domain, coredomain; app_domain(obdm_app) net_domain(obdm_app) allow obdm_app proc_stat:file r_file_perms; # talk to /dev/diag allow obdm_app diag_device:chr_file rw_file_perms; allow obdm_app app_api_service:service_manager find; allow obdm_app radio_service:service_manager find; allow obdm_app surfaceflinger_service:service_manager find; allow obdm_app self:socket create_socket_perms; allowxperm obdm_app self:socket ioctl { 0x0000c302 0x0000c304 }; allow obdm_app sysfs:dir r_dir_perms; r_dir_file(obdm_app, sysfs_msm_subsys)