| # Remote storage process. |
| type rmt, domain; |
| type rmt_exec, exec_type, file_type; |
| |
| init_daemon_domain(rmt) |
| |
| allow rmt shared_log_device:chr_file rw_file_perms; |
| |
| wakelock_use(rmt) |
| allow rmt self:capability { setuid setgid setpcap net_raw sys_admin dac_override }; |
| |
| allow rmt modem_efs_partition_device:blk_file rw_file_perms; |
| allow rmt block_device:dir r_dir_perms; |
| allow rmt cgroup:dir create_dir_perms; |
| allow rmt smem_log_device:chr_file rw_file_perms; |
| |
| # Allow access to /dev/uio0. |
| allow rmt uio_device:chr_file rw_file_perms; |
| |
| allow rmt mmc_block_device:blk_file r_file_perms; |
| |
| allow rmt self:socket create_socket_perms; |
| allowxperm rmt self:socket ioctl msm_sock_ipc_ioctls; |
| |
| allow rmt root_block_device:blk_file r_file_perms; |
| allow rmt modem_block_device:blk_file rw_file_perms; |
| allow rmt block_device:dir search; |
| |
| set_prop(rmt, ctl_default_prop) |
| |
| allow rmt proc:dir search; |
| allow rmt sysfs:dir r_dir_perms; |
| allow rmt sysfs:file r_file_perms; |
| allow rmt sysfs:lnk_file read; |
| allow rmt sysfs_devices_system_cpu:dir search; |
| allow rmt sysfs_devices_system_cpu:file r_file_perms; |