# ==============================================
# Policy File of /vendor/bin/rild Executable File

# ==============================================
# Type Declaration
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================
# Access to wake locks
wakelock_use(rild)
# Trigger module auto-load.
allow rild kernel:system module_request;

# Capabilities assigned for rild
allow rild self:capability { setuid net_admin net_raw };

# Control cgroups
allow rild cgroup:dir create_dir_perms;

# Property service
# allow set RIL related properties (radio./net./system./etc)
auditallow rild net_radio_prop:property_service set;
auditallow rild system_radio_prop:property_service set;
set_prop(rild, ril_active_md_prop)
# allow set muxreport control properties
set_prop(rild, ril_cdma_report_prop)
set_prop(rild, ril_mux_report_case_prop)
set_prop(rild, ctl_muxreport-daemon_prop)

# Access to wake locks
wakelock_use(rild)

# Allow access permission to efs files
allow rild efs_file:dir create_dir_perms;
allow rild efs_file:file create_file_perms;
allow rild bluetooth_efs_file:file r_file_perms;
allow rild bluetooth_efs_file:dir r_dir_perms;

# Allow access permission to dir/files
# (radio data/system data/proc/etc)
# Violate Android P rule
allow rild sdcardfs:dir r_dir_perms;
#allow rild system_file:file x_file_perms;
allow rild proc_net:file w_file_perms;

# Allow rild to create and use netlink sockets.
# Set and get routes directly via netlink.
allow rild self:netlink_route_socket nlmsg_write;

# Allow read/write to devices/files
allow rild radio_device:chr_file rw_file_perms;
allow rild radio_device:blk_file r_file_perms;
allow rild mtd_device:dir search;
# Allow read/write to tty devices
allow rild tty_device:chr_file rw_file_perms;
allow rild eemcs_device:chr_file { rw_file_perms };

#allow rild Vcodec_device:chr_file { rw_file_perms };
allow rild devmap_device:chr_file { r_file_perms };
allow rild devpts:chr_file { rw_file_perms };
allow rild ccci_device:chr_file { rw_file_perms };
allow rild misc_device:chr_file { rw_file_perms };
allow rild proc_lk_env:file rw_file_perms;
allow rild sysfs_vcorefs_pwrctrl:file { w_file_perms };
#allow rild bootdevice_block_device:blk_file { rw_file_perms };
allow rild para_block_device:blk_file { rw_file_perms };

# Allow dir search, fd uses
allow rild block_device:dir search;
allow rild platform_app:fd use;
allow rild radio:fd use;

# For MAL MFI
allow rild mal_mfi_socket:sock_file { w_file_perms };

# For ccci sysfs node
allow rild sysfs_ccci:dir search;
allow rild sysfs_ccci:file r_file_perms;

#Date : W17.18
#Purpose: Treble SEpolicy denied clean up
add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice)
allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find;

#Date : W17.21
#Purpose: Grant permission to access binder dev node
vndbinder_use(rild)

#Dat: 2017/03/27
#Purpose: allow set telephony Sensitive property
set_prop(rild, mtk_telephony_sensitive_prop)

# For AGPSD
allow rild mtk_agpsd:unix_stream_socket connectto;

#Date 2017/10/12
#Purpose: allow set MTU size
#allow rild toolbox_exec:file getattr;
allow rild mtk_net_ipv6_prop:property_service set;

#Date: 2017/12/6
#Purpose: allow set the RS times for /proc/sys/net/ipv6/conf/ccmniX/router_solicitations
allow rild vendor_shell_exec:file {execute_no_trans};
allow rild vendor_toolbox_exec:file {execute_no_trans};

# Date : WK18.16
# Operation: P migration
# Purpose: Allow rild to get tel_switch_prop
get_prop(rild, tel_switch_prop)

#Date: W1817
#Purpose: allow rild access property of vendor_radio_prop
set_prop(rild, vendor_radio_prop)

#Date : W18.21
#Purpose: allow rild access to vendor.ril.ipo system property
set_prop(rild, vendor_ril_ipo_prop)

# Date : WK18.26
# Operation: P migration
# Purpose: Allow carrier express HIDL to set vendor property
set_prop(rild, mtk_cxp_vendor_prop)
allow rild mnt_vendor_file:dir search;
allow rild mnt_vendor_file:file create_file_perms;
allow rild nvdata_file:dir create_dir_perms;
allow rild nvdata_file:file create_file_perms;

#Date : W18.29
#Purpose: allow rild access binder to mtk_hal_secure_element
allow rild mtk_hal_secure_element:binder call;

# Date : WK18.31
# Operation: P migration
# Purpose: Allow supplementary service HIDL to set vendor property
set_prop(rild, mtk_ss_vendor_prop)

# Date : 2018/2/27
# Purpose : for NVRAM recovery mechanism
set_prop(rild,powerctl_prop);

# Date: 2019/06/14
# Operation : Migration
allow rild proc_cmdline:file r_file_perms;

# Date: 2019/07/18
# Operation: AP wifi path
# Purpose: Allow packet can be filtered by RILD process
allow rild self:netlink_netfilter_socket { create_socket_perms_no_ioctl };

# Date : 2019/08/29
# Purpose: Allow rild to access proc/aed/reboot-reason
allow rild proc_aed_reboot_reason:file rw_file_perms;

# Date : WK19.43
# Purpose: Allow wfc module from rild read system property from wfc module
get_prop(rild, mtk_wfc_serv_prop)

# Date: 2019/11/15
# Operation: RILD init flow
# Purpose: To handle illegal rild started
set_prop(rild, gsm0710muxd_prop)