android_device_mediatek_sepolicy/plat_private/kisd.te

# ==============================================
# Policy File of /system/bin/kisd Executable File


# ==============================================
# Type Declaration
# ==============================================

type kisd_exec, exec_type, file_type;
typeattribute kisd coredomain;

# ==============================================
# MTK Policy Rule
# ==============================================

init_daemon_domain(kisd)

allow kisd tee_device:chr_file {read write open ioctl};
typeattribute kisd data_between_core_and_vendor_violators;
allow kisd provision_file:dir {read write open ioctl add_name search remove_name};
allow kisd provision_file:file {create read write open getattr unlink};
allow kisd system_file:file {execute_no_trans};
allow kisd shell_exec:file {read open getattr execute execute_no_trans};
allow kisd toolbox_exec:file {read open getattr execute execute_no_trans};
allow kisd vendor_toolbox_exec:file getattr;
allow kisd block_device:dir {read write open ioctl search};
allow kisd kb_block_device:blk_file {read write open ioctl getattr};
allow kisd dkb_block_device:blk_file {read write open ioctl getattr};
allow kisd key_install_data_file:dir {write remove_name add_name};
allow kisd key_install_data_file:file {write getattr read create unlink open};
allow kisd key_install_data_file:dir search;
#allow kisd self:capability {dac_override dac_read_search};
allow kisd mtd_device:chr_file { open read write };
allow kisd mtd_device:dir { search };
allow kisd kb_block_device:chr_file {read write open ioctl getattr};
allow kisd dkb_block_device:chr_file {read write open ioctl getattr};