1type cbd, domain;
2type cbd_exec, vendor_file_type, exec_type, file_type;
3init_daemon_domain(cbd)
4
5set_prop(cbd, vendor_modem_prop)
6set_prop(cbd, vendor_cbd_prop)
7set_prop(cbd, vendor_rild_prop)
8get_prop(cbd, telephony_modem_prop)
9
10# Allow cbd to setuid from root to radio
11# TODO: confirming with vendor via b/182334947
12allow cbd self:capability { setgid setuid };
13
14allow cbd mnt_vendor_file:dir r_dir_perms;
15
16allow cbd kmsg_device:chr_file rw_file_perms;
17
18allow cbd vendor_shell_exec:file execute_no_trans;
19allow cbd vendor_toolbox_exec:file execute_no_trans;
20
21# Allow cbd to access modem block device
22allow cbd block_device:dir search;
23allow cbd modem_block_device:blk_file r_file_perms;
24
25# Allow cbd to access sysfs chosen files
26allow cbd sysfs_chosen:file r_file_perms;
27allow cbd sysfs_chosen:dir r_dir_perms;
28
29allow cbd radio_device:chr_file rw_file_perms;
30
31allow cbd proc_cmdline:file r_file_perms;
32
33allow cbd persist_modem_file:dir create_dir_perms;
34allow cbd persist_modem_file:file create_file_perms;
35allow cbd persist_file:dir search;
36
37allow cbd radio_vendor_data_file:dir create_dir_perms;
38allow cbd radio_vendor_data_file:file create_file_perms;
39
40# Allow cbd to operate with modem EFS file/dir
41allow cbd modem_efs_file:dir create_dir_perms;
42allow cbd modem_efs_file:file create_file_perms;
43
44# Allow cbd to operate with modem userdata file/dir
45allow cbd modem_userdata_file:dir create_dir_perms;
46allow cbd modem_userdata_file:file create_file_perms;
47
48# Allow cbd to access modem image file/dir
49allow cbd modem_img_file:dir r_dir_perms;
50allow cbd modem_img_file:file r_file_perms;
51allow cbd modem_img_file:lnk_file r_file_perms;
52
53# Allow cbd to collect crash info
54allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
55allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;
56
57userdebug_or_eng(`
58  r_dir_file(cbd, vendor_slog_file)
59
60  allow cbd kernel:system syslog_read;
61
62  allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
63  allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
64')
65
66