# ==============================================================================
# Type Declaration
# ==============================================================================
type merged_hal_service, domain;
#type merged_hal_service, domain;
type merged_hal_service_exec, exec_type, file_type, vendor_file_type;

init_daemon_domain(merged_hal_service)

hwbinder_use(merged_hal_service)
hal_server_domain(merged_hal_service, hal_vibrator)
hal_server_domain(merged_hal_service, hal_light)
hal_server_domain(merged_hal_service, hal_power)
hal_server_domain(merged_hal_service, hal_thermal)
hal_server_domain(merged_hal_service, hal_memtrack)

#mtk libs_hidl_service permissions
hal_server_domain(merged_hal_service, mtk_hal_lbs)
vndbinder_use(merged_hal_service)
#r_dir_file(merged_hal_service, system_file)
unix_socket_connect(merged_hal_service, agpsd, mtk_agpsd);
allow merged_hal_service mtk_agpsd:unix_dgram_socket sendto;

#mtk_gnss permissions
hal_server_domain(merged_hal_service, hal_gnss);
allow merged_hal_service mnld_data_file:sock_file create_file_perms;
allow merged_hal_service mnld_data_file:sock_file rw_file_perms;
allow merged_hal_service mnld_data_file:dir create_file_perms;
allow merged_hal_service mnld_data_file:dir rw_dir_perms;
allow merged_hal_service mnld:unix_dgram_socket sendto;

#graphics allocator permissions
hal_server_domain(merged_hal_service, hal_graphics_allocator)
allow merged_hal_service gpu_device:dir search;
allow merged_hal_service sw_sync_device:chr_file rw_file_perms;
allow merged_hal_service debugfs_ion:dir search;
allow merged_hal_service debugfs_tracing:file write;
allow merged_hal_service debugfs_tracing:file open;

#for ape hidl permissions
hal_server_domain(merged_hal_service,hal_mtkcodecservice)
allow merged_hal_service hidl_allocator_hwservice:hwservice_manager find;
allow merged_hal_service hidl_memory_hwservice:hwservice_manager find;
hal_client_domain(merged_hal_service, hal_allocator)

#for default drm permissions
hal_server_domain(merged_hal_service, hal_drm)
allow merged_hal_service mediacodec:fd use;
allow merged_hal_service { appdomain -isolated_app }:fd use;
allow merged_hal_service debugfs_tracing:file write;

# Date : WK18.23
# Operation : P Migration
# Purpose : add grant permission for Thermal HAL mtktz and proc
allow merged_hal_service proc_mtktz:dir search;
allow merged_hal_service proc_mtktz:file {open read getattr};
allow merged_hal_service proc_stat:file {open read getattr };

# Date : WK19.11
# Operation : Q Migration
allowxperm merged_hal_service proc_ged:file ioctl { proc_ged_ioctls };

# Date: 2019/06/14
# Operation : Migration
allow merged_hal_service nvram_agent_binder_hwservice:hwservice_manager find;