type diag, domain;
type diag_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
  domain_auto_trans(shell, diag_exec, diag)
  #domain_auto_trans(adbd, diag_exec, diag)
  file_type_auto_trans(diag, system_data_file, diag_data_file);
  allow diag {
      diag_device
      devpts
      console_device
      # allow access to qseecom for drmdiagapp
      tee_device
  }:chr_file rw_file_perms;
  allow diag {
      shell
      su
  }:fd use;

  allow diag {
      cgroup
      fuse
      persist_drm_file
  }:dir create_dir_perms;

  allow diag port:tcp_socket name_connect;
  allow diag self:capability { setuid net_raw sys_admin setgid dac_override };
  allow diag self:capability2 syslog;
  allow diag self:tcp_socket { create connect setopt};
  wakelock_use(diag)
  allow diag kernel:system syslog_mod;
  # allow drmdiagapp access to drm related paths
  allow diag persist_file:dir r_dir_perms;
  r_dir_file(diag, persist_data_file)
  # Write to drm related pieces of persist partition
  allow diag persist_drm_file:file create_file_perms;

  # For DiagExample daemon
  init_daemon_domain(diag)
  net_domain(diag)

  allow diag fuse:dir r_dir_perms;
  allow diag fuse:file r_file_perms;
  r_dir_file(diag, storage_file)
  r_dir_file(diag, mnt_user_file)
  allow diag media_rw_data_file:file r_file_perms;
  r_dir_file(diag, sdcardfs)
')