allow system_server self:socket ioctl;
allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls;

# TODO(b/36867326): Remove this once system_server no longer communicates over binder
binder_call(system_server, per_mgr)
binder_call(system_server, folio_daemon)

allow system_server per_mgr_service:service_manager find;

# TODO(b/36613917): Remove this once system_server no longer communicates with netmgrd over sockets.
typeattribute netmgrd socket_between_core_and_vendor_violators;
unix_socket_connect(system_server, netmgrd, netmgrd)

allow system_server netmgrd_socket:dir search;
allow system_server persist_file:dir search;
allow system_server persist_sensors_file:dir search;
allow system_server persist_sensors_file:file r_file_perms;
allow system_server location_data_file:dir create_dir_perms;
allow system_server location_data_file:file create_file_perms;
allow system_server wlan_device:chr_file rw_file_perms;

userdebug_or_eng(`
  permissive system_server;
')

# TODO(b/30675296): Remove following dontaudit's upon resolution of this bug
# The timerslack_ns denials spam the system really horribly
dontaudit system_server audioserver:file write;
dontaudit system_server untrusted_app:file write;
dontaudit system_server hal_audio_default:file write;
dontaudit system_server appdomain:file write;