allow cameraserver camera_socket:dir { search write add_name };
allow cameraserver camera_socket:file { read write getattr open };
allow mm-qcamerad camera_socket:dir { search write add_name };
allow mm-qcamerad camera_socket:file { read write getattr open };


#============= credmgr ==============
allow credmgr iddd_file:dir search;
allow credmgr tmpfs:lnk_file read;

#============= iddd ==============
allow iddd tmpfs:lnk_file read;

#============= mm-qcamerad ==============
allow mm-qcamerad devpts:chr_file { open read write };
allow mm-qcamerad mm-qcamerad_exec:file execute_no_trans;

#============= qti_init_shell ==============
allow qti_init_shell iddd_file:dir { getattr open read remove_name rmdir write };
allow qti_init_shell toolbox_exec:file entrypoint;

#============= scd ==============
allow scd scd_data:dir getattr;
allow scd scd_data:file { getattr open read write };

#============= tad ==============
allow tad proc:file getattr;

#============= vold ==============
allow vold iddd_file:dir { ioctl open read };



#============= credmgr ==============
allow credmgr iddd:unix_dgram_socket sendto;
allow credmgr iddd_file:sock_file write;
allow credmgr secd_data_file:file { write getattr setattr read lock open };
allow credmgr self:capability dac_override;
allow credmgr socket_device:sock_file write;
allow credmgr suntrold:unix_stream_socket connectto;
allow credmgr tad:unix_stream_socket connectto;
allow credmgr tad_socket:sock_file write;
allow credmgr tee_device:chr_file { read write open ioctl };

#============= iddd ==============
allow iddd default_prop:property_service set;
allow iddd iddd_file:dir { remove_name search add_name };
allow iddd iddd_file:file { rename create };
allow iddd init:unix_stream_socket connectto;
allow iddd property_socket:sock_file write;
allow iddd iddd_file:file unlink;
allow iddd iddd_file:sock_file { write create unlink setattr };
allow iddd logd:unix_stream_socket connectto;
allow iddd logdr_socket:sock_file write;
allow iddd self:netlink_socket { write bind create };
allow iddd system_file:file execute_no_trans;

#============= mediaserver ==============
allow mediaserver credmgr:unix_stream_socket connectto;
allow mediaserver socket_device:sock_file write;

#============= suntrold ==============
allow suntrold self:capability dac_override;
allow suntrold socket_device:dir add_name;
allow suntrold socket_device:sock_file { create setattr };
allow suntrold tad:unix_stream_socket connectto;
allow suntrold tad_socket:sock_file write;
allow suntrold tee_device:chr_file { read write ioctl open };

#============= system_server ==============
allow system_server ta_data_file:file { read open };

#============= ta_qmi ==============
allow ta_qmi self:capability { setuid setgid };

#============= tad ==============
allow tad block_device:blk_file { read write ioctl open };
allow tad iddd:unix_dgram_socket sendto;
allow tad iddd_file:sock_file write;

#============= thermanager ==============
allow thermanager sysfs_battery_supply:dir search;
allow thermanager sysfs_battery_supply:file { read write open };




#============= init ==============
allow init block_device:blk_file setattr;
allow init debugfs:dir mounton;
allow init self:socket { read bind create write ioctl };
allow init smem_log_device:chr_file { write ioctl };
allow init socket_device:sock_file { create unlink setattr };

#============= taimport ==============
allow taimport ta_data_file:file unlink;


#============= credmgr ==============
allow credmgr ion_device:chr_file { ioctl open read };

#============= init ==============
allow init debugfs:file write;

#============= qti_init_shell ==============
allow qti_init_shell tad:unix_stream_socket connectto;
allow qti_init_shell tad_socket:sock_file write;

#============= scd ==============
allow scd socket_device:dir { add_name write };
allow scd socket_device:sock_file { create setattr };
allow scd sysfs:file { getattr open read };

#============= suntrold ==============
allow suntrold ion_device:chr_file { ioctl open read };

#============= tad ==============
allow tad proc:file { open read };
allow tad rootfs:file { entrypoint read };

#============= taimport ==============
allow taimport adbsecure_prop:property_service set;
allow taimport init:unix_stream_socket connectto;
allow taimport property_socket:sock_file write;

#============= thermanager ==============
allow thermanager sysfs:file { open read };

#============= wv ==============
allow wv ion_device:chr_file { ioctl open read };
allow wv socket_device:sock_file write;
allow wv suntrold:unix_stream_socket connectto;
allow wv tad:unix_stream_socket connectto;
allow wv tad_socket:sock_file write;
allow wv tee_device:chr_file { ioctl open read write };





#============= cameraserver ==============
allow cameraserver ta_data_file:dir { getattr open read };
allow cameraserver sudaemon:unix_dgram_socket sendto;
allow cameraserver sudaemon:unix_stream_socket connectto;
allow cameraserver mm-qcamerad:unix_stream_socket sendto;
allow cameraserver mm-qcamerad:unix_stream_socket connectto;



#============r credmgr ==============
allow credmgr ion_device:chr_file { ioctl open read };

#============= init ==============
allow init debugfs:file write;

#============= mm-qcamerad ==============
allow mm-qcamerad system_file:file execmod;
allow mm-qcamerad system_prop:property_service set;
allow mm-qcamerad ta_data_file:dir { getattr open read };

#============= qti_init_shell ==============
allow qti_init_shell tad:unix_stream_socket connectto;
allow qti_init_shell tad_socket:sock_file write;

#============= scd ==============
allow scd socket_device:dir { add_name write };
allow scd socket_device:sock_file { create setattr };
allow scd sysfs:file { getattr open read };

#============= suntrold ==============
allow suntrold ion_device:chr_file { ioctl open read };

#============= tad ==============
allow tad proc:file { open read };
allow tad rootfs:file { entrypoint read };

#============= taimport ==============
allow taimport adbsecure_prop:property_service set;
allow taimport init:unix_stream_socket connectto;
allow taimport property_socket:sock_file write;

#============= thermanager ==============
allow thermanager sysfs:file { open read };

#============= wv ==============
allow wv ion_device:chr_file { ioctl open read };
allow wv socket_device:sock_file write;
allow wv suntrold:unix_stream_socket connectto;
allow wv tad:unix_stream_socket connectto;
allow wv tad_socket:sock_file write;
allow wv tee_device:chr_file { ioctl open read write };


#============= mm-qcamerad_exec ==============
allow mm-qcamerad_exec camera_data_file:dir { add_name remove_name search write };
allow mm-qcamerad_exec camera_data_file:sock_file { create unlink };
allow mm-qcamerad_exec debug_prop:file { getattr open read };
allow mm-qcamerad_exec debugfs:dir search;
allow mm-qcamerad_exec debugfs_trace_marker:file { open write };
allow mm-qcamerad_exec debugfs_tracing:dir search;
allow mm-qcamerad_exec default_prop:file { getattr open read };
allow mm-qcamerad_exec device:dir search;
allow mm-qcamerad_exec init:fd use;
allow mm-qcamerad_exec init:process sigchld;
allow mm-qcamerad_exec ion_device:chr_file { open read };
allow mm-qcamerad_exec kernel:system module_request;
allow mm-qcamerad_exec null_device:chr_file { read write };
allow mm-qcamerad_exec proc:lnk_file read;
allow mm-qcamerad_exec properties_device:dir { getattr search };
allow mm-qcamerad_exec properties_serial:file { getattr open read };
allow mm-qcamerad_exec property_contexts:file { getattr open read };
allow mm-qcamerad_exec rootfs:lnk_file { getattr read };
allow mm-qcamerad_exec self:dir { read search };
allow mm-qcamerad_exec self:file { getattr open read };
allow mm-qcamerad_exec self:lnk_file read;
allow mm-qcamerad_exec self:process { fork setsched };
allow mm-qcamerad_exec self:unix_dgram_socket { bind create read };
allow mm-qcamerad_exec self:unix_stream_socket { bind connect create listen write };
allow mm-qcamerad_exec sysfs:dir search;
allow mm-qcamerad_exec sysfs_devices_system_cpu:dir search;
allow mm-qcamerad_exec sysfs_devices_system_cpu:file { getattr open read };
allow mm-qcamerad_exec system_data_file:dir search;
allow mm-qcamerad_exec urandom_device:chr_file { getattr ioctl open read };
allow mm-qcamerad_exec video_device:chr_file { ioctl open read write };


#============= cameraserver ==============
allow cameraserver mm-qcamerad_exec:unix_dgram_socket sendto;
allow cameraserver credmgr:unix_stream_socket connectto;
allow cameraserver secd_socket:sock_file write;