# ==============================================
# Policy File of /system/binpermission_check Executable File 


# ==============================================
# Type Declaration
# ==============================================

type permission_check_exec , exec_type, file_type;
type permission_check ,domain;

# ==============================================
# Android Policy Rule
# ==============================================

# ==============================================
# NSA Policy Rule
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================

#permissive permission_check;
init_daemon_domain(permission_check)
#unconfined_domain(permission_check)

allow permission_check   persist_md_prop: property_service set;

allow permission_check init:unix_stream_socket connectto;
allow permission_check nvram_data_file:dir { rw_dir_perms setattr };
allow permission_check nvram_data_file:file { write create open setattr getattr };
allow permission_check nvram_data_file:lnk_file read;
allow permission_check nvdata_file:dir { rw_dir_perms setattr };
allow permission_check nvdata_file:file { write create open setattr getattr };

allow permission_check property_socket:sock_file write;

allow permission_check protect_f_data_file:dir { read getattr open setattr search };
allow permission_check protect_s_data_file:dir { read getattr open setattr search };
allow permission_check protect_f_data_file:file { getattr setattr };
allow permission_check protect_s_data_file:file { getattr setattr };

allow permission_check self:capability { fowner chown dac_override fsetid };
allow permission_check shell_exec:file { read execute open execute_no_trans };
allow permission_check system_file:file { read getattr open execute execute_no_trans };

allow permission_check ccci_cfg_file:dir create_dir_perms;
allow permission_check ccci_cfg_file:file create_file_perms;

allow permission_check mdlog_data_file:dir { read search setattr open };
allow permission_check mdlog_data_file:fifo_file setattr;
allow permission_check mdlog_data_file:file setattr;