# init runs /system/bin/touchfwup.sh which runs rmi4update
type rmi4update, domain, device_domain_deprecated;
type rmi4update_exec, exec_type, file_type;

init_daemon_domain(rmi4update)

# access to /dev/hidraw0
allow rmi4update hidraw_device:chr_file rw_file_perms;

# TODO give the files being access a more specific label.
allow rmi4update sysfs:dir search;
allow rmi4update sysfs:file rw_file_perms;

# Allow rmi4update to use file descriptor passed from touchfwup.sh
allow rmi4update touch_fw_update:fd use;

# Allow rmi4update to getattr and append to log file.
allow rmi4update touch_fw_update_log_file:file { getattr append };