| type aocd, domain; |
| type aocd_exec, vendor_file_type, exec_type, file_type; |
| init_daemon_domain(aocd) |
| |
| # access persist files |
| allow aocd mnt_vendor_file:dir search; |
| allow aocd persist_file:dir search; |
| r_dir_file(aocd, persist_aoc_file); |
| |
| # sysfs operations |
| allow aocd sysfs_aoc:dir search; |
| allow aocd sysfs_aoc_firmware:file w_file_perms; |
| |
| # dev operations |
| allow aocd aoc_device:chr_file r_file_perms; |
| |
| # allow inotify to watch for additions/removals from /dev |
| allow aocd device:dir r_dir_perms; |
| |
| # set properties |
| set_prop(aocd, vendor_aoc_prop) |