type rfsd, domain;
type rfsd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(rfsd)

# Allow to setuid from root to radio and chown of modem efs files
allow rfsd self:capability { chown setuid };

# Allow to search block device and mnt dir for modem EFS partitions
allow rfsd mnt_vendor_file:dir search;
allow rfsd block_device:dir search;

# Allow to operate with modem EFS file/dir
allow rfsd modem_efs_file:dir create_dir_perms;
allow rfsd modem_efs_file:file create_file_perms;

allow rfsd radio_vendor_data_file:dir r_dir_perms;
allow rfsd radio_vendor_data_file:file r_file_perms;

r_dir_file(rfsd, vendor_fw_file)

# Allow to access rfsd log file/dir
allow rfsd vendor_log_file:dir search;
allow rfsd vendor_rfsd_log_file:dir create_dir_perms;
allow rfsd vendor_rfsd_log_file:file create_file_perms;

# Allow to read/write modem block device
allow rfsd modem_block_device:blk_file rw_file_perms;

# Allow to operate with radio device
allow rfsd radio_device:chr_file rw_file_perms;

# Allow to set rild and modem property
set_prop(rfsd, vendor_modem_prop)
set_prop(rfsd, vendor_rild_prop)
set_prop(cbd, vendor_cbd_prop)

# Allow rfsd to access modem image file/dir
allow rfsd modem_img_file:dir r_dir_perms;
allow rfsd modem_img_file:file r_file_perms;
allow rfsd modem_img_file:lnk_file r_file_perms;