| # remote storage process (runs as nobody) |
| type rmt, domain; |
| type rmt_exec, exec_type, file_type; |
| |
| # Started by init |
| init_daemon_domain(rmt) |
| |
| # Drop (user, group) to (nobody, nobody) |
| allow rmt self:capability { setuid setgid }; |
| |
| # opens and reads /dev/block/mmcblk0 |
| allow rmt root_block_device:blk_file r_file_perms; |
| allow rmt block_device:dir r_dir_perms; |
| |
| # Allow reads/writes to modem related block devices |
| allow rmt modem_block_device:blk_file rw_file_perms; |
| |
| # Allow shared memory logging access |
| allow rmt shared_log_device:chr_file rw_file_perms; |
| |
| allow rmt self:socket create_socket_perms; |
| allow rmt cgroup:dir { create add_name }; |
| |
| # Wake lock access |
| wakelock_use(rmt) |
| |
| # Allow access to /dev/uio0. |
| allow rmt uio_device:chr_file rw_file_perms; |
| |
| # rmt_storage shuts itself down if there is an unknown value of ro.baseband |
| unix_socket_connect(rmt, property, init) |
| allow rmt ctl_rmt_prop:property_service set; |