# ==============================================
# MTK Policy Rule
# ==============================================

# New added for move to /system
type emdlogger_exec, system_file_type, exec_type, file_type;
typeattribute emdlogger coredomain;

init_daemon_domain(emdlogger)
binder_use(emdlogger)
binder_service(emdlogger)


# for modem logging sdcard access
allow emdlogger sdcard_type:dir { create_dir_perms };
allow emdlogger sdcard_type:file { create_file_perms };


# modem logger socket access
#allow emdlogger property_socket:sock_file write;
#allow emdlogger init:unix_stream_socket connectto;
allow emdlogger platform_app:unix_stream_socket connectto;
allow emdlogger shell_exec:file { rx_file_perms };
allow emdlogger system_file:file execute_no_trans;
allow emdlogger zygote_exec:file { rx_file_perms };

#modem logger SD logging in factory mode
allow emdlogger vfat:dir create_dir_perms;
allow emdlogger vfat:file create_file_perms;

#modem logger permission in storage in android M version
allow emdlogger mnt_user_file:dir search;
allow emdlogger mnt_user_file:lnk_file read;
allow emdlogger storage_file:lnk_file read;

#permission for storage link access in vzw Project
allow emdlogger mnt_media_rw_file:dir search;


#permission for use SELinux API
#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs"
allow emdlogger rootfs:file r_file_perms;

#permission for storage access storage
allow emdlogger storage_file:dir { create_dir_perms };
allow emdlogger tmpfs:lnk_file read;
allow emdlogger storage_file:file { create_file_perms };

# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 
# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
allow emdlogger system_file:dir read;

# permission for android N policy
allow emdlogger toolbox_exec:file rx_file_perms;

# purpose: allow emdlogger to access storage in N version
allow emdlogger media_rw_data_file:file  { create_file_perms };
allow emdlogger media_rw_data_file:dir { create_dir_perms };

## purpose: avc: denied { read } for name="plat_file_contexts"
#allow emdlogger file_contexts_file:file { read getattr open };

## Android P migration
## purpose:  denied { read } for name="cmdline" dev="proc"
#denied { search } for name="android" dev="sysfs"
#for name="compatible" dev="sysfs" ino=2985 scontext=u
#:r:emdlogger:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0
#avc: denied { open } for path="/system/etc/mddb"
#avc: denied { read } for name="u:object_r:vendor_default_prop:s0"
allow emdlogger proc_cmdline:file { read getattr open };
allow emdlogger sysfs_dt_firmware_android:dir { read open search };
allow emdlogger tmpfs:dir write;
allow emdlogger sysfs_dt_firmware_android:file { read open getattr };
allow emdlogger system_file:dir open;
allow emdlogger vendor_default_prop:file { read getattr open };

## Android Q migration
## purpose:  read modem db and filter folder and file
allow emdlogger mddb_filter_data_file:dir { r_dir_perms };
allow emdlogger mddb_filter_data_file:file { r_file_perms };

# save log into /data/debuglogger
allow emdlogger debuglog_data_file:dir {relabelto create_dir_perms};
allow emdlogger debuglog_data_file:file create_file_perms;
# get persist.sys. proeprty
get_prop(emdlogger, system_prop)