# remote storage process
type rmt, domain;
type rmt_exec, exec_type, file_type;

init_daemon_domain(rmt)

allow rmt shared_log_device:chr_file rw_file_perms;

wakelock_use(rmt)
allow rmt self:capability { setuid setgid setpcap net_raw sys_admin dac_override };

allow rmt modem_efs_partition_device:blk_file rw_file_perms;
allow rmt block_device:dir r_dir_perms;
allow rmt cgroup:dir create_dir_perms;
allow rmt smem_log_device:chr_file rw_file_perms;

# Allow access to /dev/uio0.
allow rmt uio_device:chr_file rw_file_perms;

allow rmt mmc_block_device:blk_file r_file_perms;

allow rmt self:socket create_socket_perms;

allow rmt root_block_device:blk_file r_file_perms;
allow rmt modem_block_device:blk_file rw_file_perms;
allow rmt block_device:dir search;

unix_socket_connect(rmt, property, init)
allow rmt ctl_default_prop:property_service set;

allow rmt proc:dir search;
allow rmt sysfs:dir r_dir_perms;
allow rmt sysfs:file r_file_perms;
allow rmt sysfs:lnk_file read;
allow rmt sysfs_devices_system_cpu:dir search;
allow rmt sysfs_devices_system_cpu:file r_file_perms;