android_device_google_gs-common/aoc/sepolicy/aocd.te

type aocd, domain;
type aocd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(aocd)

# access persist files
allow aocd mnt_vendor_file:dir search;
allow aocd persist_file:dir search;
r_dir_file(aocd, persist_aoc_file);

# sysfs operations
allow aocd sysfs_aoc:dir search;
allow aocd sysfs_aoc_firmware:file w_file_perms;
allow aocd sysfs_aoc_notifytimeout:file r_file_perms;

# dev operations
allow aocd aoc_device:chr_file rw_file_perms;

# allow inotify to watch for additions/removals from /dev
allow aocd device:dir r_dir_perms;

# set properties
set_prop(aocd, vendor_aoc_prop)
set_prop(aocd, vendor_timeout_aoc_prop)
get_prop(aocd, vendor_volte_mif_off)