# ==============================================
# Policy File of /system/bin/factory Executable File

# ==============================================
# Type Declaration
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================
#file_type_auto_trans(factory, system_data_file, factory_data_file)
type factory, domain;
type factory_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(factory)

#============= factory ==============
allow factory MTK_SMI_device:chr_file r_file_perms;
allow factory ashmem_device:chr_file execute;
allow factory ebc_device:chr_file rw_file_perms;
allow factory stpbt_device:chr_file rw_file_perms;

# Date: WK14.47
# Operation : Migration
# Purpose : CCCI
allow factory eemcs_device:chr_file rw_file_perms;
allow factory ccci_device:chr_file rw_file_perms;
allow factory gsm0710muxd_device:chr_file rw_file_perms;

#Purpose: file system requirement
allow factory debugfs_usb:file rw_file_perms;
allow factory debugfs_usb:dir search;
allow factory devpts:chr_file rw_file_perms;
allow factory vfat:dir w_dir_perms;
allow factory labeledfs:filesystem unmount;
allow factory rootfs:dir mounton;
allow factory vfat:dir { read open search mounton };
allow factory vfat:filesystem { mount unmount };

# Purpose : SDIO
allow factory ttySDIO_device:chr_file rw_file_perms;

#Purpose: USB
allow factory ttyMT_device:chr_file rw_file_perms;
allow factory ttyS_device:chr_file rw_file_perms;
allow factory ttyGS_device:chr_file rw_file_perms;

# Date: WK15.01
# Purpose : OTG Mount
allow factory sdcard_type:dir mounton;
# Date: WK15.07
# Purpose : use c2k flight mode;
allow factory vmodem_device:chr_file rw_file_perms;

# Date: WK15.13
# Purpose: for nand project
allow factory mtd_device:dir search;
allow factory mtd_device:chr_file rw_file_perms;
allow factory self:capability sys_resource;
allow factory pro_info_device:chr_file rw_file_perms;

# Data: WK15.28
# Purpose: for mt-ramdump reset
allow factory proc_mrdump_rst:file w_file_perms;

#Date: WK15.31
#Purpose: define factory_data_file instead of system_data_file
# because system_data_file is sensitive partition from M
#allow factory self:capability2 block_suspend;
wakelock_use(factory);
allow factory storage_file:dir { write create add_name search mounton };
#allow factory factory_data_file:file create_file_perms;
#allow factory shell_exec:file r_file_perms;

# Date: WK15.44
# Purpose: factory idle current status
typeattribute factory system_writes_vendor_properties_violators;
allow factory vendor_factory_idle_state_prop:property_service set;

# Date: WK15.46
# Purpose: gps factory mode
allow factory agpsd_data_file:dir search;
#allow factory apk_data_file:dir write;
#allow factory gps_data_file:dir r_dir_perms;
#allow factory gps_data_file:dir { write open };
#allow factory gps_data_file:file { read write };
allow factory gps_data_file:dir { write add_name search remove_name unlink};
allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
allow factory gps_data_file:lnk_file read;
# allow factory gps_emi_device:chr_file { read write };
#allow factory shell_exec:file x_file_perms;
allow factory storage_file:lnk_file r_file_perms;

#Date: WK15.48
#Purpose: capture for factory mode
allow factory devmap_device:chr_file r_file_perms;
allow factory sdcard_type:dir create_dir_perms;
allow factory sdcard_type:file create_file_perms;
allow factory mnt_user_file:dir search;
allow factory mnt_user_file:lnk_file read;
allow factory storage_file:lnk_file read;

#Date: WK16.05
#Purpose: For access NVRAM
allow factory factory:capability chown;
allow factory nvram_data_file:dir create_dir_perms;
allow factory nvram_data_file:file create_file_perms;
allow factory nvram_data_file:lnk_file r_file_perms;
allow factory nvdata_file:lnk_file r_file_perms;
allow factory nvram_device:chr_file rw_file_perms;
allow factory nvram_device:blk_file rw_file_perms;
allow factory nvdata_device:blk_file rw_file_perms;
# Purpose : Allow factory read /data/nvram link
#allow factory system_data_file:lnk_file read;

#Date: WK16.12
#Purpose: For sensor test
allow factory als_ps_device:chr_file r_file_perms;
allow factory barometer_device:chr_file r_file_perms;
allow factory gsensor_device:chr_file r_file_perms;
allow factory gyroscope_device:chr_file r_file_perms;
allow factory msensor_device:chr_file r_file_perms;
allow factory biometric_device:chr_file r_file_perms;

#Purpose: For camera Test
allow factory kd_camera_flashlight_device:chr_file rw_file_perms;
allow factory kd_camera_hw_device:chr_file rw_file_perms;
allow factory seninf_device:chr_file rw_file_perms;

#Purpose: For reboot the target
allow factory powerctl_prop:property_service set;

#Purpose: For memory card test
allow factory misc_sd_device:chr_file r_file_perms;
allow factory mmcblk1_block_device:blk_file rw_file_perms;
allow factory bootdevice_block_device:blk_file rw_file_perms;
allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
allow factory block_device:dir w_dir_perms;

#Purpose: For EMMC test
allow factory nvdata_file:dir create_dir_perms;
allow factory nvdata_file:file create_file_perms;

#Purpose: For HRM test
allow factory hrm_device:chr_file r_file_perms;

#Purpose: For IrTx LED test
allow factory irtx_device:chr_file rw_file_perms;

#Purpose: For battery test, ext_buck test and ext_vbat_boost test
allow factory pmic_ftm_device:chr_file rw_file_perms;
allow factory MT_pmic_adc_cali_device:chr_file rw_file_perms;
allow factory MT_pmic_cali_device:chr_file r_file_perms;
allow factory charger_ftm_device:chr_file r_file_perms;

#Purpose: For HDMI test
allow factory graphics_device:dir w_dir_perms;
allow factory graphics_device:chr_file rw_file_perms;

#Purpose: For WIFI test
allow factory wmtWifi_device:chr_file rw_file_perms;

#Purpose: For rtc test
allow factory rtc_device:chr_file rw_file_perms;

#Purpose: For nfc test
allow factory mt6605_device:chr_file rwx_file_perms;

#Purpose: For gps test
allow factory mnld_device:chr_file rw_file_perms;

#Purpose: For keypad test
allow factory mtk_kpd_device:chr_file r_file_perms;

#Purpose: For Humidity test
allow factory humidity_device:chr_file r_file_perms;

#Purpose: For camera test
allow factory camera_isp_device:chr_file rw_file_perms;
allow factory camera_dip_device:chr_file rw_file_perms;
allow factory camera_pipemgr_device:chr_file r_file_perms;
allow factory camera_sysram_device:chr_file r_file_perms;
allow factory ccu_device:chr_file rw_file_perms;
allow factory vpu_device:chr_file rw_file_perms;
allow factory MAINAF_device:chr_file rw_file_perms;
allow factory MAIN2AF_device:chr_file rw_file_perms;
allow factory SUBAF_device:chr_file rw_file_perms;
allow factory FM50AF_device:chr_file rw_file_perms;
allow factory AD5820AF_device:chr_file rw_file_perms;
allow factory DW9714AF_device:chr_file rw_file_perms;
allow factory DW9714A_device:chr_file rw_file_perms;
allow factory LC898122AF_device:chr_file rw_file_perms;
allow factory LC898212AF_device:chr_file rw_file_perms;
allow factory BU6429AF_device:chr_file rw_file_perms;
allow factory DW9718AF_device:chr_file rw_file_perms;
allow factory BU64745GWZAF_device:chr_file rw_file_perms;
allow factory cct_data_file:dir create_dir_perms;
allow factory cct_data_file:file create_file_perms;
allow factory camera_tsf_device:chr_file rw_file_perms;
allow factory camera_rsc_device:chr_file rw_file_perms;
allow factory camera_gepf_device:chr_file rw_file_perms;
allow factory camera_fdvt_device:chr_file rw_file_perms;
allow factory camera_wpe_device:chr_file rw_file_perms;
allow factory camera_owe_device:chr_file rw_file_perms;
allow factory camera_mfb_device:chr_file rw_file_perms;

#Purpose: For FM test and headset test
allow factory accdet_device:chr_file r_file_perms;
allow factory fm_device:chr_file rw_file_perms;

#Purpose: For audio test
allow factory audio_device:chr_file rw_file_perms;
allow factory audio_device:dir w_dir_perms;
allow factory audiohal_prop:property_service set;

#Purpose: For key and touch event
allow factory input_device:chr_file r_file_perms;
allow factory input_device:dir rw_dir_perms;

#Purpose: For gps test
#allow factory gps_device:chr_file rw_file_perms;

# Date: WK16.17
# Purpose:  N Migration For ccci sysfs node
# Allow read to sys/kernel/ccci/* files
allow factory sysfs_ccci:dir search;
allow factory sysfs_ccci:file r_file_perms;

# Date: WK16.18
# Purpose: N Migration For boot_mode
# Allow to read boot mode
# avc: denied { read } for name="boot_mode" dev="sysfs" ino=117
# scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0
# tclass=file permissive=0
allow factory sysfs_boot_mode:file { read open };
allow factory sysfs_boot_type:file { read open };

# Date: WK16.30
#Purpose: For gps test
#allow factory media_rw_data_file:dir search;
#allow factory gps_data_file:dir add_name;
#TODO:: MTK need to remove later
not_full_treble(`
	allow factory mnld:unix_dgram_socket sendto;
')

# Date: WK16.31
#Purpose: For gps test
allow factory mnld_prop:property_service set;
#allow factory media_rw_data_file:dir { read open };
#allow factory gps_data_file:file create_file_perms;

# Date: WK16.33
#Purpose: for unmount sdcardfs and stop services which are using data partition
allow factory sdcard_type:filesystem unmount;
#allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
allow factory ctl_default_prop:property_service set;

# Date : WK16.35
# Operation : Migration
# Purpose : Update camera flashlight driver device file
allow factory flashlight_device:chr_file rw_file_perms;


# Date: WK15.25
#Purpose: for unmount sdcardfs and stop services which are using data partition
allow factory ctl_emdlogger1_prop:property_service set;
# Date: WK17.07
# Purpose: Clear bootdevice (eMMC/UFS) may need to unmount tmpfs
allow factory tmpfs:filesystem unmount;
allow factory sysfs:dir { read open };
allow factory sysfs_leds:dir search;
allow factory sysfs_leds:lnk_file read;
allow factory sysfs_vibrator:file {open read write};
allow factory ion_device:chr_file { read open ioctl };
allow factory debugfs_ion:dir search;
#allow factory proc:file ioctl;
# Date: WK17.27
# Purpose: STMicro NFC solution integration
allow factory st21nfc_device:chr_file { open read getattr write ioctl };
#allow factory nfc_socket:dir search;
#allow factory vendor_file:file { getattr execute execute_no_trans read open };
set_prop(factory,hwservicemanager_prop);
hwbinder_use(factory);
hal_client_domain(factory, hal_nfc);
#allow factory debugfs_tracing:file { open write };

# Date : WK17.32
# Operation : O Migration
# Purpose: Allow to access cmdq driver
allow factory mtk_cmdq_device:chr_file { read ioctl open };

# Date: WK1733
# Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode
set_prop(factory,ctl_ccci_fsd_prop);

# Date : WK17.38
# Operation : O Migration
# Purpose: Allow to access sysfs
allow factory sysfs_therm:dir search;
allow factory sysfs_therm:file {open read write};

#Date: W18.22
# Purpose:  P Migration for factory get com port type and uart port info
# detail avc log: [   11.751803] <1>.(1)[227:logd.auditd]type=1400 audit(1262304016.560:10):
#avc: denied { read } for pid=203 comm="factory" name="meta_com_type_info" dev=
#"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
allow factory sysfs_comport_type:file rw_file_perms;
allow factory sysfs_uart_info:file rw_file_perms;


# from private
allow factory property_socket:sock_file write;
allow factory init:unix_stream_socket connectto;
allow factory kernel:system module_request;
allow factory node:tcp_socket node_bind;
allow factory userdata_block_device:blk_file rw_file_perms;
allow factory port:tcp_socket { name_bind name_connect };
#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
allow factory sdcard_type:dir r_dir_perms;
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
#allow factory self:netlink_route_socket create_socket_perms;
allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
allow factory proc_net:file { read getattr open };
allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};

allow factory self:process execmem;
allow factory self:tcp_socket create_stream_socket_perms;
allow factory self:udp_socket create_socket_perms;

allow factory sysfs_wake_lock:file rw_file_perms;
##allow factory system_data_file:dir w_dir_perms;
##allow factory system_data_file:sock_file create_file_perms;
allow factory system_file:file x_file_perms;

# For Light HIDL permission
allow factory hal_light_hwservice:hwservice_manager find;
allow factory mtk_hal_light:binder call;
# For vibrator test permission
allow factory sysfs_vibrator:file rw_file_perms;
allow factory sysfs_vibrator:dir search;