app_domain(devicesettings_app)

# Allow devicesettings_app to find *_service
allow devicesettings_app {
  app_api_service
  audioserver_service
  cameraserver_service
  drmserver_service
  mediaextractor_service
  mediametrics_service
  mediaserver_service
}:service_manager find;

hal_client_domain(devicesettings_app, hal_motor)
hal_client_domain(devicesettings_app, hal_touchfeature)

# Allow devicesettings_app read and write /data/data subdirectory
allow devicesettings_app system_app_data_file:dir create_dir_perms;
allow devicesettings_app system_app_data_file:{ file lnk_file } create_file_perms;

# Allow binder communication with gpuservice
binder_call(devicesettings_app, gpuservice)
binder_call(devicesettings_app, hal_motor)
binder_call(devicesettings_app, hal_touchfeature)

# Allow devicesettings_app to read and write to cgroup/sysfs_leds/sysfs_thermal
allow devicesettings_app sysfs_leds:dir search;
#allow devicesettings_app sysfs_graphics:dir search;
allow devicesettings_app {
  cgroup
  sysfs_leds
  sysfs_thermal
}:{ file lnk_file } rw_file_perms;