# Mount debugfs on /sys/kernel/debug.
allow init debugfs:dir mounton;

# Mount EFS on /efs
allow init efs_file:dir  mounton;

# /dev/block/mmcblk0p[0-9]
allow init emmcblk_device:blk_file rw_file_perms;

allow init block_device:lnk_file { setattr };
allow init tmpfs:lnk_file create_file_perms;

# /sys/class/power_supply/battery and /sys/class/android_usb/android0
allow init proc:file { getattr setattr read write open };

# Shim libs
allow init cameraserver:process noatsecure;
allow init hal_fingerprint_default:process noatsecure;

# /data
allow init sdcardd_exec:file r_file_perms;

# sysfs iio:device[0-9]
allow init sysfs:lnk_file setattr;

# read/chown mDNIE symlinks
allow init sysfs_mdnie:lnk_file { read setattr };

# read/chown camera firmware
allow init sysfs_camera:file { relabelto setattr };
allow init sysfs_camera:filesystem associate;

# sysfs
allow init sysfs_bluetooth_writable:file setattr;
allow init sysfs_mdnie:file setattr;
allow init sysfs_multipdp:file setattr;
allow init sysfs_devices_system_cpu:file write;
allow init sysfs_gps:file setattr;
allow init sysfs_sec:file setattr ;
allow init sysfs_brightness:file setattr;
allow init sysfs_input:file setattr;
allow init sysfs_lcd:file { setattr open };
allow init sysfs_svc:file setattr;
allow init sysfs_modem:file { setattr open write };
allow init sysfs_wlan_fwpath:file setattr;
allow init sysfs_virtual:file { open setattr write };
allow init sysfs_virtual:lnk_file read;
allow init sysfs_charger:file setattr;
allow init sysfs:file setattr;

unix_socket_connect(init, property, rild)
allow init socket_device:sock_file { unlink create setattr };

allow init tee_device:chr_file { read write open ioctl getattr };
allow init system_file:file execute;
allow init sysfs_modem:file r_file_perms;