device_google_zuma/radio/dmd.te

type dmd, domain;
type dmd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(dmd)

# Grant to access serial device for external logging tool
allow dmd serial_device:chr_file rw_file_perms;

# Grant to access radio device
allow dmd radio_device:chr_file rw_file_perms;

# Grant to access slog dir/file
allow dmd vendor_slog_file:dir create_dir_perms;
allow dmd vendor_slog_file:file create_file_perms;

# Grant to access tcp socket
allow dmd node:tcp_socket node_bind;
allow dmd self:tcp_socket { create_socket_perms_no_ioctl listen accept bind };

# Grant to access log related properties
set_prop(dmd, vendor_diag_prop)
set_prop(dmd, vendor_slog_prop)
set_prop(dmd, vendor_modem_prop)
get_prop(dmd, vendor_persist_config_default_prop)

# Grant to access hwservice manager
get_prop(dmd, hwservicemanager_prop)
allow dmd hidl_base_hwservice:hwservice_manager add;
allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
binder_call(dmd, hwservicemanager)
binder_call(dmd, modem_diagnostic_app)
binder_call(dmd, modem_logging_control)
binder_call(dmd, vendor_telephony_silentlogging_app)

# Allow proxy to register as android Service
binder_use(dmd)
add_service(dmd, liboemservice_proxy)
allow dmd radio_vendor_data_file:dir create_dir_perms;
allow dmd radio_vendor_data_file:file create_file_perms;