# ==============================================
# Policy File of /system/br_app_data_service Executable File 

# ==============================================
# Type Declaration
# ==============================================
type br_app_data_service_exec , exec_type, file_type;
type br_app_data_service ,domain;

# ==============================================
# MTK Policy Rule
# ==============================================
#permissive br_app_data_service;
init_daemon_domain(br_app_data_service)

#============= br_app_data_service ==============
allow br_app_data_service app_data_file:dir create_dir_perms;
allow br_app_data_service self:capability { chown dac_override };
allow br_app_data_service app_data_file:file create_file_perms;
allow br_app_data_service app_data_file:dir { search open };
allow br_app_data_service app_data_file:lnk_file getattr;
allow br_app_data_service system_data_file:dir write;
allow br_app_data_service app_data_file:lnk_file unlink;
allow br_app_data_service system_data_file:dir remove_name;
typeattribute br_app_data_service mlstrustedsubject;
allow br_app_data_service radio_data_file:dir { read getattr search open };
allow br_app_data_service radio_data_file:dir create_dir_perms;
allow br_app_data_service radio_data_file:file create_file_perms;
allow br_app_data_service radio_data_file:lnk_file { getattr unlink };

#================================================
#add for chmod
allow br_app_data_service self:capability fowner;
allow br_app_data_service self:capability fsetid;

#==================================================
#setfilecon for selinux
allow br_app_data_service app_data_file:dir relabelfrom;
allow br_app_data_service app_data_file:dir relabelto;
allow br_app_data_service app_data_file:file relabelfrom;
allow br_app_data_service app_data_file:file relabelto;