# ==============================================
# Policy File of /system/bin/dm_agent_binder Executable File 


# ==============================================
# Type Declaration
# ==============================================

type dm_agent_binder_exec , exec_type, file_type;
type dm_agent_binder ,domain;

# ==============================================
# Android Policy Rule
# ==============================================

# ==============================================
# NSA Policy Rule
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================

init_daemon_domain(dm_agent_binder)

# Date : WK14.37
# Operation : access DmAgent by binder 
# Purpose : ensure can access DmAgent api normally.
allow dm_agent_binder dm_agent_binder_service:service_manager add;

# Date : WK14.37
# Operation : access DmAgent by binder 
# Purpose : ensure can access DmAgent api normally.
binder_use(dm_agent_binder)
binder_service(dm_agent_binder)

# Date : WK14.42
# Operation : Migration 
# Purpose : Allow DmAgent access nvram_data_file.
allow dm_agent_binder nvram_data_file:dir { rw_dir_perms };
allow dm_agent_binder nvdata_file:dir { rw_dir_perms };

# Date : WK14.42
# Operation : Basic UT 
# Purpose : Allow DmAgent access nvram_data_file.
allow dm_agent_binder nvram_data_file:file { create_file_perms };
allow dm_agent_binder nvram_data_file:lnk_file read;
allow dm_agent_binder nvdata_file:file { create_file_perms };

# Date : WK14.42
# Operation : Basic UT 
# Purpose : Allow DmAgent access block_device.
allow dm_agent_binder block_device:dir search;

# Date : WK14.42
# Operation : Basic UT 
# Purpose : Allow DmAgent access platformblk_device.
allow dm_agent_binder platformblk_device:dir search;

# Date : WK14.42
# Operation : Basic UT 
# Purpose : Allow DmAgent access misc_device.
allow dm_agent_binder misc_device:chr_file { rw_file_perms };

# Date : WK14.42
# Operation : Basic UT 
# Purpose : Allow DmAgent write sock_file.
allow dm_agent_binder property_socket:sock_file write;

# Date : WK14.42
# Operation : Basic UT 
# Purpose : Allow DmAgent connectto unix_stream_socket.
allow dm_agent_binder init:unix_stream_socket connectto;

# Date : 2014/10/17
# Operation : QC
# Purpose : [Privacy protection lock][dm_agent_binder call FileOp_BackupToBinRegionForDM to do nvram backup] 
allow dm_agent_binder mmcblk_device:blk_file rw_file_perms;
allow dm_agent_binder platformblk_device:blk_file rw_file_perms;

# Date : WK14.42
# Operation : Basic UT 
# Purpose : Allow DmAgent to set properties.
allow dm_agent_binder persist_dm_prop:property_service set;

# Date : WK14.43
# Operation : Basic UT 
# Purpose : Allow DmAgent to access cache_file.
allow dm_agent_binder cache_file:dir { w_dir_perms create }; 

# Date : WK14.43
# Operation : Basic UT 
# Purpose : Allow DmAgent to access cache_file.
allow dm_agent_binder cache_file:file { create_file_perms };

# Date : WK14.44
# Operation : Basic UT 
# Purpose : Allow DmAgent to access nvram_device.
allow dm_agent_binder nvram_device:chr_file { rw_file_perms };