allow cpboot-daemon cbd_device:chr_file create_file_perms;
allow cpboot-daemon cgroup:dir { create add_name };
allow cpboot-daemon device:dir { write add_name };
allow cpboot-daemon efs_file:file { read write open };
allow cpboot-daemon efs_block_device:blk_file r_file_perms;
allow cpboot-daemon radio_device:chr_file rw_file_perms;
allow cpboot-daemon self:capability setuid;
allow cpboot-daemon { block_device efs_file }:dir search;

# Talk to init over the property socket
unix_socket_connect(cpboot-daemon, property, init)

allow cpboot-daemon radio_prop:property_service set;

# neverallow failures - FIX ME if needed
# allow cpboot-daemon self:capability mknod;