# rild.te get_prop(rild, vendor_radio_prop) get_prop(rild, radio_prop) set_prop(rild, vendor_call_prop) get_prop(rild, vendor_call_prop) allow rild block_device:dir search; allow rild mnt_vendor_file:dir { getattr search }; # audio hal allow rild hal_audio_default:dir search; allow rild hal_audio_default:file r_file_perms; # /data allow rild system_data_file:dir getattr; # /dev/drb allow rild drb_device:chr_file rw_file_perms; # /data/vendor/secradio allow rild radio_vendor_data_file:dir rw_dir_perms; allow rild radio_vendor_data_file:file create_file_perms; # /efs/FactoryApp/ allow rild app_efs_file:dir r_dir_perms; allow rild app_efs_file:file { rw_file_perms setattr }; # /efs/imei allow rild imei_efs_file:dir r_dir_perms; allow rild imei_efs_file:file r_file_perms; # /mnt/vendor/efs/ allow rild prov_efs_file:dir r_dir_perms; allow rild prov_efs_file:file r_file_perms; # /proc/net/xt_qtaguid/iface_stat_fmt allow rild proc_qtaguid_stat:file r_file_perms; # /proc/sys/net/ipv6/conf/*/accept_ra_defrtr allow rild proc_net:file rw_file_perms; allow rild tun_device:chr_file rw_file_perms; allowxperm rild tun_device:chr_file ioctl { 0x54ca 0x54cb }; allow rild self:tun_socket create; dontaudit rild { system_prop default_prop }:file read; dontaudit rild default_prop:property_service set;