type ramoops, domain;
type ramoops_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(ramoops);

# kmod=crypto-gcm(aes)
dontaudit ramoops kernel:system module_request;

allow ramoops ramoops_exec:file rx_file_perms;
allow ramoops vendor_shell_exec:file rx_file_perms;
allow ramoops vendor_toolbox_exec:file rx_file_perms;

# Set the sys.ramoops.decrypted property
set_prop(ramoops, vendor_ramoops_prop);

allow ramoops sysfs_pstore:file rw_file_perms;
allow ramoops ramoops_device:chr_file rw_file_perms;
allow ramoops ramoops_vendor_data_file:file create_file_perms;
allow ramoops ramoops_vendor_data_file:dir rw_dir_perms;