# ril-3gddaemon - radio interface layer daemon
type ril-3gddaemon, domain;
type ril-3gddaemon_exec, exec_type, file_type;
init_daemon_domain(ril-3gddaemon)
net_domain(ril-3gddaemon)

allow ril-3gddaemon self:netlink_route_socket nlmsg_write;
allow ril-3gddaemon kernel:system module_request;
unix_socket_connect(ril-3gddaemon, property, init)
allow ril-3gddaemon self:capability { setuid setgid net_admin net_raw dac_override sys_module };
allow ril-3gddaemon alarm_device:chr_file rw_file_perms;
allow ril-3gddaemon cgroup:dir create_dir_perms;
allow ril-3gddaemon radio_device:chr_file rw_file_perms;
allow ril-3gddaemon radio_device:blk_file r_file_perms;
allow ril-3gddaemon mtd_device:dir search;
allow ril-3gddaemon efs_file:dir create_dir_perms;
allow ril-3gddaemon efs_file:file create_file_perms;
allow ril-3gddaemon shell_exec:file rx_file_perms;
allow ril-3gddaemon radio_data_file:dir rw_dir_perms;
allow ril-3gddaemon radio_data_file:file create_file_perms;
allow ril-3gddaemon sdcard_type:dir r_dir_perms;
allow ril-3gddaemon system_data_file:dir r_dir_perms;
allow ril-3gddaemon system_data_file:file r_file_perms;
allow ril-3gddaemon system_file:file x_file_perms;

# property service
allow ril-3gddaemon radio_prop:property_service set;
allow ril-3gddaemon net_radio_prop:property_service set;
allow ril-3gddaemon system_radio_prop:property_service set;
allow ril-3gddaemon system_prop:property_service set;
auditallow ril-3gddaemon net_radio_prop:property_service set;
auditallow ril-3gddaemon system_radio_prop:property_service set;
allow ril-3gddaemon pppoe_ppp0_prop:property_service set;
allow ril-3gddaemon ctl_zpppdgprs_prop:property_service set;


# Read/Write to uart driver (for 3gdongle)
allow ril-3gddaemon tty_device:chr_file rw_file_perms;

# Allow ril-3gddaemon to create and use netlink sockets.
allow ril-3gddaemon self:netlink_socket create_socket_perms;
allow ril-3gddaemon self:netlink_kobject_uevent_socket create_socket_perms;

allow ril-3gddaemon init:dir { getattr open read search };
allow ril-3gddaemon ppp_exec:file { read open getattr execute execute_no_trans };
allow ril-3gddaemon ppp_device:chr_file { read write open ioctl };
allow ril-3gddaemon device:dir { read open write};

# Access to wake locks
wakelock_use(ril-3gddaemon)

allow ril-3gddaemon self:socket create_socket_perms;