type hal_graphics_allocator_default, domain; 
type proc_ged, file_type; 
allowxperm domain proc_ged:file ioctl { 0x6700-0x67ff };

allow init mnt_product_file:dir mounton;

type mtk_hal_audio, domain;
typeattribute mtk_hal_audio hal_broadcastradio_client;

type mtk_hal_power, domain;
allow mtk_hal_power system_data_root_file:file create_file_perms;
allow zygote ashmem_device:chr_file execute;

attribute hal_mms_server;
binder_call({appdomain -isolated_app}, hal_mms_server)
binder_call(hal_mms_server, {appdomain -isolated_app})

type mtk_hal_mms_hwservice, hwservice_manager_type;
allow { appdomain -isolated_app }  mtk_hal_mms_hwservice:hwservice_manager find;

#denied { read } for comm="tkuinit" name="u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
#denied { open } for comm="tkuinit" path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
#denied { getattr } for comm="tkuinit" path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1

type tkcore, domain;
permissive tkcore;