# ==============================================
# Policy File of /system/binmobile_log_d Executable File 


# ==============================================
# Type Declaration
# ==============================================

type mobile_log_d_exec , exec_type, file_type;
type mobile_log_d ,domain;

# ==============================================
# Android Policy Rule
# ==============================================

# ==============================================
# NSA Policy Rule
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================

init_daemon_domain(mobile_log_d)

# Date : WK14.31
# Operation : Migration 
# Purpose : for L early bring-up
allow mobile_log_d kernel:system syslog_mod;
allow mobile_log_d sdcard_internal:dir create_dir_perms;
allow mobile_log_d sdcard_internal:file create_file_perms;
allow mobile_log_d platform_app:fd use;
allow mobile_log_d platform_app_tmpfs:file write;
#allow mobile_log_d unlabeled:lnk_file read;

#GMO project
dontaudit mobile_log_d untrusted_app:fd use;
dontaudit mobile_log_d isolated_app:fd use;

#md32 
#sysfs label need to be changed later
allow mobile_log_d sysfs:file write;
allow mobile_log_d md32_device:chr_file { read open };

#debug.MB.running
allow mobile_log_d debug_prop:property_service set;

allow mobile_log_d fuse:dir create_dir_perms;
allow mobile_log_d fuse:file create_file_perms;
allow mobile_log_d init:unix_stream_socket connectto;
allow mobile_log_d property_socket:sock_file write;
allow mobile_log_d system_file:file x_file_perms;
allow mobile_log_d tmpfs:lnk_file read;

allow mobile_log_d logd:unix_stream_socket connectto;
allow mobile_log_d logdr_socket:sock_file write;
allow mobile_log_d mtkbt:unix_stream_socket connectto;
allow mobile_log_d self:capability { setuid setgid  };
allow mobile_log_d self:capability2 syslog;
allow mobile_log_d shell_exec:file rx_file_perms;

#factory mode
allow mobile_log_d vfat:dir create_dir_perms;
allow mobile_log_d vfat:file create_file_perms;

#data/misc/mblog
allow mobile_log_d system_data_file:dir { relabelfrom create_dir_perms  };
allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms   };
allow mobile_log_d logmisc_data_file:file create_file_perms;
#data/log_temp
allow mobile_log_d logtemp_data_file:dir { relabelto create_dir_perms   };
allow mobile_log_d logtemp_data_file:file create_file_perms;
#data/data_tmpfs_log
allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms;
allow mobile_log_d data_tmpfs_log_file:file create_file_perms;