# ==============================================
# Policy File of /system/bin/wfca Executable File 

# ==============================================
# Type Declaration
# ==============================================
type wfca, domain, mtkimsmddomain;
type wfca_exec, exec_type, file_type, vendor_file_type;

# ==============================================
# Common SEPolicy Rule
# ==============================================
# permissive wfca;
init_daemon_domain(wfca)
net_domain(wfca)

# Date : WK14.42
# Operation : Migration 
# Purpose : for WFCA send RTP/RTCP
allow wfca self:capability { net_raw setuid setgid net_admin};
allow wfca self:udp_socket { create write bind read setopt ioctl getattr shutdown };
allow wfca node:udp_socket node_bind;
allow wfca port:udp_socket name_bind;
allow wfca fwmarkd_socket:sock_file write;

# Date : 2015/03/27
# Operation : Migration
# Purpose : for access ccci device
allow wfca ccci_device:chr_file { read write open ioctl };

# Purpose : for WakeUpLock
allow wfca sysfs_wake_lock:file { read write open };

# Purpose : for raw socket
allow wfca self:rawip_socket { create write bind setopt read getattr};
allow wfca node:rawip_socket {node_bind}; 

# Date : 2015/06/25
# Purpose : for UA socket pass
allow wfca volte_ua:fd use;
allow wfca volte_ua:udp_socket {read write setopt getattr getopt shutdown};

# Purpose : For Ping ICMP feature
allow wfca self:packet_socket { read create setopt };

# Purpose : add Vinson permission 
dontaudit wfca self:capability dac_override;
allow wfca self:capability2 block_suspend;

allow wfca wfca_socket:sock_file write;