platform_system_sepolicy/private/lmkd.te

typeattribute lmkd coredomain;
typeattribute lmkd bpfdomain;

init_daemon_domain(lmkd)

# Set sys.lmk.* properties.
set_prop(lmkd, system_lmk_prop)

# Set lmkd.* properties.
set_prop(lmkd, lmkd_prop)

# Get persist.device_config.lmk_native.* properties.
get_prop(lmkd, device_config_lmkd_native_prop)

allow lmkd fs_bpf:dir search;
allow lmkd fs_bpf:file read;
allow lmkd bpfloader:bpf map_read;

neverallow { domain -init -lmkd -vendor_init } lmkd_prop:property_service set;