type seempd, domain, domain_deprecated, mlstrustedsubject;
type seempd_exec, exec_type, file_type;

init_daemon_domain(seempd)

allow seempd tee_device:chr_file rw_file_perms;
allow seempd seemplog_device:chr_file rw_file_perms;
#TODO: create the dir from init.rc instead.
allow seempd seemp_file:dir create_dir_perms;
allow seempd seemp_file:{ file fifo_file } create_file_perms;

# allow seempd to load firmware images
r_dir_file(seempd, firmware_file)

#allow access to packages.list
allow seempd system_data_file:file r_file_perms;

#allow binder calls
binder_use(seempd)
binder_call(seempd, system_server)
binder_call(seempd, appdomain)

#for seemp
allow seempd seemp_service:service_manager { find add };
allow seempd self:binder call;