#
# ot_rcp is the simulated Thread Radio Coprocessor device which is used by
# Thread Network HAL for simulating the Thread radio chip.
#
type ot_rcp, domain;
type ot_rcp_exec, exec_type, vendor_file_type, file_type;

domain_auto_trans(hal_threadnetwork_default, ot_rcp_exec, ot_rcp)
allow hal_threadnetwork_default devpts:chr_file {open read write ioctl};
allow hal_threadnetwork_default ot_rcp:process signal;
allow ot_rcp hal_threadnetwork_default:fd use;
allow ot_rcp hal_threadnetwork_default:fifo_file rw_file_perms;
allow ot_rcp devpts:chr_file {read write ioctl};
allow ot_rcp self:udp_socket { bind create ioctl read setopt write };
allow ot_rcp node:udp_socket node_bind;
allow ot_rcp port:udp_socket name_bind;
allow ot_rcp self:netlink_route_socket create_socket_perms_no_ioctl;
# For kernel < 6.13
allow ot_rcp self:netlink_route_socket { nlmsg_read nlmsg_readpriv };
# For kernel >= 6.13
allow ot_rcp self:netlink_route_socket nlmsg;
allowxperm ot_rcp self:netlink_route_socket nlmsg unpriv_route_socket_nlmsgs;
allowxperm ot_rcp self:netlink_route_socket nlmsg RTM_GETLINK;