1# remote storage process (runs as nobody) 2type rmt, domain; 3type rmt_exec, exec_type, file_type; 4 5# Started by init 6init_daemon_domain(rmt) 7 8# Drop (user, group) to (nobody, nobody) 9allow rmt self:capability { setuid setgid }; 10 11# opens and reads /dev/block/mmcblk0 12allow rmt root_block_device:blk_file r_file_perms; 13allow rmt block_device:dir r_dir_perms; 14 15# Needed for ioprio_set(IOPRIO_WHO_PROCESS, 0, IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT); 16allow rmt self:capability sys_admin; 17 18# Allow reads/writes to modem related block devices 19allow rmt modem_block_device:blk_file rw_file_perms; 20allow rmt ssd_block_device:blk_file rw_file_perms; 21 22# Allow shared memory logging access 23allow rmt shared_log_device:chr_file rw_file_perms; 24 25allow rmt self:socket create_socket_perms; 26allow rmt cgroup:dir { create add_name }; 27 28# Wake lock access 29wakelock_use(rmt) 30 31# Allow access to /dev/uio0. 32allow rmt uio_device:chr_file rw_file_perms; 33