# macloader.te

type macloader, domain;
type macloader_exec, exec_type, vendor_file_type, file_type;

# macloader is started by init, type transit from init domain to macloader domain
init_daemon_domain(macloader)

set_prop(macloader, vendor_wifi_prop);

allow macloader self:capability { net_admin sys_module };

allow macloader self:udp_socket create_socket_perms;
allowxperm macloader self:udp_socket ioctl { 0x8913 0x8914 };

# /data/vendor/conn
allow macloader conn_vendor_data_file:dir rw_dir_perms;
allow macloader conn_vendor_data_file:file create_file_perms;

# /mnt/vendor
allow macloader mnt_vendor_file:dir search;

# /mnt/vendor/efs
allow macloader efs_file:dir rw_dir_perms;

# /mnt/vendor/efs/wifi
allow macloader wifi_efs_file:dir rw_dir_perms;
allow macloader wifi_efs_file:file rw_file_perms;

# /sys/class/net
allow macloader sysfs_net:dir r_dir_perms;
allow macloader sysfs_net:file r_file_perms;

allow macloader sysfs_wifi_writable:dir r_dir_perms;
allow macloader sysfs_wifi_writable:file rw_file_perms;

# /sys/wifi
allow macloader sysfs_wifi:dir r_dir_perms;
allow macloader sysfs_wifi:file r_file_perms;

# /sys/kernel/boot_wlan
allow macloader sysfs_wifi_writable:file { write open };

set_prop(macloader, vendor_wifi_prop)