# ==============================================
# Common SEPolicy Rule
# ==============================================

type emdlogger_exec, system_file_type, exec_type, file_type;
typeattribute emdlogger coredomain;
typeattribute emdlogger mlstrustedsubject;

init_daemon_domain(emdlogger)
binder_use(emdlogger)
binder_service(emdlogger)

# for modem logging sdcard access
allow emdlogger sdcard_type:dir create_dir_perms;
allow emdlogger sdcard_type:file create_file_perms;

# modem logger socket access
allow emdlogger platform_app:unix_stream_socket connectto;
allow emdlogger shell_exec:file rx_file_perms;
allow emdlogger system_file:file x_file_perms;
allow emdlogger zygote_exec:file rx_file_perms;

#modem logger SD logging in factory mode
allow emdlogger vfat:dir create_dir_perms;
allow emdlogger vfat:file create_file_perms;

#modem logger permission in storage in android M version
allow emdlogger mnt_user_file:dir search;
allow emdlogger mnt_user_file:lnk_file r_file_perms;
allow emdlogger storage_file:lnk_file r_file_perms;

#permission for storage link access in vzw Project
allow emdlogger mnt_media_rw_file:dir search;


#permission for use SELinux API
#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs"
allow emdlogger rootfs:file r_file_perms;

#permission for storage access storage
allow emdlogger storage_file:dir create_dir_perms;
allow emdlogger tmpfs:lnk_file r_file_perms;
allow emdlogger storage_file:file create_file_perms;

# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
allow emdlogger system_file:dir r_dir_perms;

# permission for android N policy
allow emdlogger toolbox_exec:file rx_file_perms;

# purpose: allow emdlogger to access storage in N version
allow emdlogger media_rw_data_file:file create_file_perms;
allow emdlogger media_rw_data_file:dir create_dir_perms;

## Android P migration
## purpose:  denied { read } for name="cmdline" dev="proc"
#denied { search } for name="android" dev="sysfs"
#for name="compatible" dev="sysfs" ino=2985 scontext=u
#:r:emdlogger:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0
#avc: denied { open } for path="/system/etc/mddb"
#avc: denied { read } for name="u:object_r:vendor_default_prop:s0"
allow emdlogger proc_cmdline:file r_file_perms;
allow emdlogger sysfs_dt_firmware_android:dir r_dir_perms;
allow emdlogger tmpfs:dir w_dir_perms;
allow emdlogger sysfs_dt_firmware_android:file r_file_perms;
set_prop(emdlogger, system_mtk_persist_mtklog_prop)
set_prop(emdlogger, system_mtk_mdl_prop)
set_prop(emdlogger, system_mtk_mdl_start_prop)
set_prop(emdlogger, system_mtk_debug_mdlogger_prop)
set_prop(emdlogger, system_mtk_persist_mdlog_prop)
set_prop(emdlogger, system_mtk_mdl_pulllog_prop)
set_prop(emdlogger, usb_prop)
set_prop(emdlogger, debug_prop)
set_prop(emdlogger, usb_control_prop)

## Android Q migration
## purpose:  read modem db and filter folder and file
allow emdlogger mddb_filter_data_file:dir r_dir_perms;
allow emdlogger mddb_filter_data_file:file r_file_perms;

# save log into /data/debuglogger
allow emdlogger debuglog_data_file:dir {relabelto create_dir_perms};
allow emdlogger debuglog_data_file:file create_file_perms;

# get persist.sys. proeprty
get_prop(emdlogger, system_prop)