android_device_mediatek_sepolicy/plat_private/kisd.te

# ==============================================
# Policy File of /vendor/bin/kisd Executable File


# ==============================================
# Type Declaration
# ==============================================

type kisd_exec, exec_type, file_type, vendor_file_type;
typeattribute kisd mlstrustedsubject;

# ==============================================
# MTK Policy Rule
# ==============================================

init_daemon_domain(kisd)

allow kisd tee_device:chr_file {read write open ioctl};
allow kisd provision_file:dir {read write open ioctl add_name search remove_name};
allow kisd provision_file:file {create read write open getattr unlink};
allow kisd system_file:file {execute_no_trans};
allow kisd block_device:dir {read write open ioctl search};
allow kisd kb_block_device:blk_file {read write open ioctl getattr};
allow kisd dkb_block_device:blk_file {read write open ioctl getattr};
allow kisd key_install_data_file:dir {write remove_name add_name};
allow kisd key_install_data_file:file {write getattr read create unlink open};
allow kisd key_install_data_file:dir search;
allow kisd mtd_device:chr_file { open read write };
allow kisd mtd_device:dir { search };
allow kisd kb_block_device:chr_file {read write open ioctl getattr};
allow kisd dkb_block_device:chr_file {read write open ioctl getattr};