type udev, domain;
type udev_exec, exec_type, file_type;


init_daemon_domain(udev)
domain_auto_trans(shell, udev_exec, udev)

type udev_file, file_type;
type udev_conf, file_type;
type udev_rules, file_type;
type udev_helper_exec, file_type;

#*****************************
allow udev udev_conf:file {open read getattr};
allow udev udev_rules:dir {open getattr read search};
allow udev udev_rules:file {open getattr read};
allow udev udev_helper_exec:file {execute read open execute_no_trans};

#sh file such as mmc-dev-mapping.sh
allow udev shell_exec:file {execute read open execute_no_trans};
allow udev rootfs:file {execute_no_trans};

allow udev var_file:dir {search};
#*****************************
allow udev self:process {setfscreate};
allow udev self:capability {net_admin sys_nice dac_override sys_resource mknod chown};
allow udev self:netlink_kobject_uevent_socket {create bind getattr setopt read write};
#*****************************
allow udev kernel:security {check_context};
allow udev sysfs:file {write};
allow udev selinuxfs:file {write};
allow udev rootfs:file {execute  execmod};
#allow udev system_file:file {execmod};
#***********************************
allow udev device:dir {create read open write add_name remove_name};
allow udev device:file {create open getattr write rename unlink};
allow udev device:lnk_file {create};
allow udev device:chr_file {create setattr};

allow udev audio_device:chr_file {create setattr };
allow udev audio_device:dir {create getattr write add_name};
allow udev ashmem_device:chr_file {create setattr};
allow udev binder_device:chr_file { create setattr};
allow udev block_device:blk_file {create setattr};
allow udev block_device:dir { create getattr write add_name};
allow udev block_device:lnk_file { create};
allow udev console_device:chr_file {getattr setattr  read write};
allow udev cpu_dma_latency_device:chr_file {create setattr };
allow udev full_device:chr_file {create setattr};
allow udev fuse_device:chr_file { create setattr};
allow udev fusion_device:chr_file {create setattr };
allow udev gpu_device:chr_file { create setattr};
allow udev graphics_device:chr_file { create setattr};
allow udev input_device:chr_file {create setattr};
allow udev ion_device:chr_file { create setattr};
allow udev jpeg_device:chr_file { create setattr};
allow udev kmem_device:chr_file {create setattr};
allow udev kmsg_device:chr_file {create setattr};
allow udev log_device:chr_file {create setattr};
allow udev loop-control_device:chr_file { create setattr};
allow udev loop_device:blk_file {create setattr};
allow udev mmc_block_device:blk_file {create setattr};
allow udev network_latency_device:chr_file { create setattr};
allow udev network_throughput_device:chr_file { create setattr};
allow udev null_device:chr_file { setattr};
allow udev owntty_device:chr_file {create setattr };
allow udev ppp_device:chr_file { create setattr};
allow udev psaux_device:chr_file {create setattr};
allow udev ptmx_device:chr_file { create setattr};
allow udev ram_device:blk_file {create setattr};
allow udev random_device:chr_file {create setattr};
allow udev serial_device:chr_file {create getattr setattr write};
allow udev smmu_device:chr_file {create setattr};
allow udev tc_ns_client_device:chr_file { create setattr};
allow udev tty_device:chr_file { create setattr};
allow udev uhid_device:chr_file { create setattr};
allow udev urandom_device:chr_file {create setattr};
allow udev usb_device:dir { create getattr write add_name};
allow udev usb_device:chr_file { create setattr getattr};
allow udev vcs_device:chr_file { create setattr};
allow udev watchdog_device:chr_file {create setattr};
allow udev zero_device:chr_file {create setattr};

########################################3

allow udev adec_device:chr_file { create setattr};
allow udev aenc_device:chr_file { create setattr};
allow udev ai_device:chr_file { create setattr};
allow udev ao_device:chr_file { create setattr};

allow udev ca_device:chr_file { create setattr};
allow udev cipher_device:chr_file { create setattr};

allow udev demux_device:chr_file { create setattr};
allow udev disp_device:chr_file { create setattr};

allow udev gpio_device:chr_file { create setattr };

allow udev hdmi_device:chr_file { create setattr};

allow udev i2c_device:chr_file { create setattr};
allow udev ir_device:chr_file { create setattr};

allow udev omxvdec_device:chr_file { create setattr};
allow udev otp_device:chr_file { create setattr};

allow udev pdm_device:chr_file {create setattr};
allow udev pm_device:chr_file { create setattr};
allow udev png_device:chr_file { create setattr};

allow udev sci_device:chr_file { create setattr};
allow udev sync_device:chr_file { create setattr};

allow udev tuner_device:chr_file { create setattr};

allow udev vdec_device:chr_file { create setattr };
allow udev venc_device:chr_file { create setattr};
allow udev vo_device:chr_file { create setattr};
allow udev vpss_device:chr_file { create setattr};


########################################3

#media
allow udev adsp_device:chr_file { create setattr};
allow udev mce_device:chr_file { create setattr};
allow udev pq_device:chr_file { create setattr};
#graphics
allow udev dbe_device:chr_file { create setattr};
allow udev tde_device:chr_file { create setattr};
#common
allow udev module_device:chr_file { create setattr };
allow udev stat_device:chr_file { create setattr};
allow udev sys_device:chr_file { create setattr};
allow udev userproc_device:chr_file { create setattr};
#mem
allow udev mmz_userdev_device:chr_file { create setattr};

########################################3


allow udev udev_device:file {create open getattr write  rename};
allow udev udev_device:dir {create search getattr write add_name remove_name};