type wcnss_service, domain;
type wcnss_service_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(wcnss_service)
net_domain(wcnss_service)

vndbinder_use(wcnss_service)
binder_call(wcnss_service, per_mgr)

allow wcnss_service per_mgr_service:service_manager find;

allow wcnss_service vendor_shell_exec:file rx_file_perms;
allow wcnss_service vendor_toolbox_exec:file rx_file_perms;


allow wcnss_service self:socket create_socket_perms;
allowxperm wcnss_service self:socket ioctl msm_sock_ipc_ioctls;
allowxperm wcnss_service self:udp_socket ioctl { SIOCIWFIRSTPRIV_05 SIOCSIFFLAGS };
allow wcnss_service self:netlink_generic_socket create_socket_perms_no_ioctl;
allow wcnss_service self:netlink_socket create_socket_perms_no_ioctl;

allow wcnss_service cnss_vendor_data_file:dir create_dir_perms;
allow wcnss_service cnss_vendor_data_file:file create_file_perms;

r_dir_file(wcnss_service, sysfs_msm_subsys)
# pkt logging for cnss_diag
userdebug_or_eng(`
  allow wcnss_service wifi_vendor_log_data_file:dir create_dir_perms;
  allow wcnss_service wifi_vendor_log_data_file:file create_file_perms;
  r_dir_file(wcnss_service, proc_wifi_dbg)
')

allow wcnss_service sysfs_soc:dir search;
allow wcnss_service sysfs_soc:file r_file_perms;

# request_firmware causes a denial. It can be safely ignored
dontaudit wcnss_service firmware_file:dir search;

r_dir_file(wcnss_service, sysfs_net)

# used for collecting the sku for radio for BDF file selection
get_prop(wcnss_service, vendor_radio_sku_prop)

dontaudit wcnss_service kernel:system module_request;