#============= credmgr ==============
allow credmgr iddd:unix_dgram_socket sendto;
allow credmgr iddd_file:sock_file write;
allow credmgr secd_data_file:file { write getattr setattr read lock open };
allow credmgr self:capability dac_override;
allow credmgr socket_device:sock_file write;
allow credmgr suntrold:unix_stream_socket connectto;
allow credmgr tad:unix_stream_socket connectto;
allow credmgr tad_socket:sock_file write;
allow credmgr tee_device:chr_file { read write open ioctl };

#============= iddd ==============
allow iddd default_prop:property_service set;
allow iddd iddd_file:dir { remove_name search add_name };
allow iddd iddd_file:file { rename create };
allow iddd init:unix_stream_socket connectto;
allow iddd property_socket:sock_file write;
allow iddd iddd_file:file unlink;
allow iddd iddd_file:sock_file { write create unlink setattr };
allow iddd logd:unix_stream_socket connectto;
allow iddd logdr_socket:sock_file write;
allow iddd self:netlink_socket { write bind create };
allow iddd system_file:file execute_no_trans;

#============= mediaserver ==============
allow mediaserver credmgr:unix_stream_socket connectto;
allow mediaserver socket_device:sock_file write;

#============= suntrold ==============
allow suntrold self:capability dac_override;
allow suntrold socket_device:dir add_name;
allow suntrold socket_device:sock_file { create setattr };
allow suntrold tad:unix_stream_socket connectto;
allow suntrold tad_socket:sock_file write;
allow suntrold tee_device:chr_file { read write ioctl open };

#============= system_server ==============
allow system_server ta_data_file:file { read open };

#============= ta_qmi ==============
allow ta_qmi self:capability { setuid setgid };

#============= tad ==============
allow tad block_device:blk_file { read write ioctl open };
allow tad iddd:unix_dgram_socket sendto;
allow tad iddd_file:sock_file write;

#============= thermanager ==============
allow thermanager sysfs_battery_supply:dir search;
allow thermanager sysfs_battery_supply:file { read write open };




#============= init ==============
allow init block_device:blk_file setattr;
allow init debugfs:dir mounton;
allow init self:socket { read bind create write ioctl };
allow init smem_log_device:chr_file { write ioctl };
allow init socket_device:sock_file { create unlink setattr };

#============= taimport ==============
allow taimport ta_data_file:file unlink;