device_xiaomi_sm6150-common/sepolicy/vendor/vendor_toolbox.te

type vendor_toolbox, domain;

init_daemon_domain(vendor_toolbox)

# Allow vendor_toolbox to use sys_admin capability
allow vendor_toolbox self:capability sys_admin;

# Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;

# Allow vendor_toolbox to read directories in rootfs
allow vendor_toolbox rootfs:dir r_dir_perms;

# Allow vendor_toolbox to remove "security.*" xattrs from /mnt/vendor/persist
allow vendor_toolbox {
    mnt_vendor_file
    persist_block_device
    unlabeled
    vendor_persist_alarm_file
    vendor_persist_audio_file
    vendor_persist_bluetooth_file
    vendor_persist_camera_file
    vendor_persist_data_file
    vendor_persist_display_file
    vendor_persist_drm_file
    vendor_persist_elabel_file
    vendor_persist_feature_enabler_file
    vendor_persist_file
    vendor_persist_haptics_file
    vendor_persist_hvdcp_file
    vendor_persist_iar_db_file
    vendor_persist_mmi_file
    vendor_persist_qti_fp_file
    vendor_persist_rfs_file
    vendor_persist_rfs_shared_hlos_file
    vendor_persist_secnvm_file
    vendor_persist_sensors_file
    vendor_persist_time_file
    vendor_persist_vpp_file
    vendor_persist_wcnss_service_file
}:dir { r_dir_perms setattr };