path: root/common/mdm_helper.te

#Policy for mdm_helper
#mdm_helper - mdm_helper domain
type mdm_helper, domain;
type mdm_helper_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(mdm_helper);

#block_suspend capability is needed by kickstart(ks)
wakelock_use(mdm_helper)

#Needed to power on the peripheral
allow mdm_helper ssr_device:chr_file r_file_perms;

#Needed to access the esoc device to control the mdm
allow mdm_helper esoc_device:dir r_dir_perms;
allow mdm_helper esoc_device:chr_file rw_file_perms;

#Needed to detect presence of hsic bridge and to xfer images
allow mdm_helper ksbridgehsic_device:chr_file rw_file_perms;

#Needed to detect efs sync and for kickstart to run the efs sync server
allow mdm_helper efsbridgehsic_device:chr_file rw_file_perms;

#Needed for communication with the HSIC driver
r_dir_file(mdm_helper, sysfs_hsic)
allow mdm_helper sysfs_hsic:file w_file_perms;

#Needed by libmdmdetect to figure out the system configuration
r_dir_file(mdm_helper, sysfs_esoc)

#Needed by libmdmdetect to get system information regarding subsystems and to check their states
r_dir_file(mdm_helper, sysfs_ssr)

#Needed in order to run kickstart
allow mdm_helper shell:fd use;
allow mdm_helper vendor_shell_exec:file rx_file_perms;
allow mdm_helper { system_file mdm_helper_exec }:file x_file_perms;

#Needed by ks in order to access the efs sync partitions.
allow mdm_helper block_device:dir rw_dir_perms;
allow mdm_helper efs_boot_dev:blk_file rw_file_perms;

#Needed to inform the hsic driver that mdm has booted up
allow mdm_helper sysfs:file w_file_perms;

#Needed in order to access the firmware partition
r_dir_file(mdm_helper, firmware_file)

#Needed in order to collect ramdumps
allow mdm_helper tombstone_data_file:dir create_dir_perms;
allow mdm_helper tombstone_data_file:file create_file_perms;

#Needed to allow boot over PCIe
allow mdm_helper bhi_device:chr_file rw_file_perms;
allow mdm_helper mhi_device:chr_file rw_file_perms;