| type rfs_access, domain; |
| type rfs_access_exec, exec_type, vendor_file_type, file_type; |
| |
| init_daemon_domain(rfs_access) |
| |
| #For tftp server |
| allow rfs_access self:capability { chown setgid setpcap setuid net_bind_service }; |
| |
| wakelock_use(rfs_access) |
| |
| r_dir_file(rfs_access, firmware_file); |
| |
| # For tftp server file access |
| allow rfs_access mnt_vendor_file:dir search; |
| allow rfs_access mnt_vendor_file:file r_file_perms; |
| allow rfs_access persist_file:dir search; |
| allow rfs_access persist_rfs_file:dir create_dir_perms; |
| allow rfs_access persist_rfs_file:file create_file_perms; |
| allow rfs_access mpss_rfs_data_file:dir create_dir_perms; |
| allow rfs_access mpss_rfs_data_file:file create_file_perms; |
| allow rfs_access rfs_tombstone_data_file:dir create_dir_perms; |
| allow rfs_access rfs_tombstone_data_file:file create_file_perms; |
| |
| allow rfs_access self:socket create_socket_perms_no_ioctl; |
| userdebug_or_eng(` |
| allow rfs_access wifidump_vendor_data_file:dir rw_dir_perms; |
| allow rfs_access wifidump_vendor_data_file:file create_file_perms; |
| ') |
| |
| dontaudit rfs_access kernel:system module_request; |