sepolicy/policy/chromeos/cros_iioservice.te - mirrors/cros/chromiumos/platform2 - Git at Google

 type cros_iioservice, chromeos_domain, domain;
 permissive cros_iioservice;

 domain_auto_trans(minijail, cros_iioservice_exec, cros_iioservice);

 # Allow access to dbus:
 unix_socket_connect(cros_iioservice, cros_system_bus, cros_browser);
 allow cros_iioservice cros_browser:unix_stream_socket { read write };

 # Used by libiio during scan context.
 allow cros_iioservice sysfs:file rw_file_perms;

 # Access to iio device character device.
 allow cros_iioservice iio_device:chr_file rw_file_perms;

 # Used by libiio to check if the device is "high speed". Not implemented by the kernel.
 allowxperm cros_iioservice iio_device:chr_file ioctl 27041;
	type cros_iioservice, chromeos_domain, domain;
	permissive cros_iioservice;

	domain_auto_trans(minijail, cros_iioservice_exec, cros_iioservice);

	# Allow access to dbus:
	unix_socket_connect(cros_iioservice, cros_system_bus, cros_browser);
	allow cros_iioservice cros_browser:unix_stream_socket { read write };

	# Used by libiio during scan context.
	allow cros_iioservice sysfs:file rw_file_perms;

	# Access to iio device character device.
	allow cros_iioservice iio_device:chr_file rw_file_perms;

	# Used by libiio to check if the device is "high speed". Not implemented by the kernel.
	allowxperm cros_iioservice iio_device:chr_file ioctl 27041;