diff options
Diffstat (limited to 'sepolicy/autokd.te')
| -rwxr-xr-x | sepolicy/autokd.te | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/sepolicy/autokd.te b/sepolicy/autokd.te new file mode 100755 index 0000000..b021c3d --- /dev/null +++ b/sepolicy/autokd.te @@ -0,0 +1,45 @@ +# ============================================== +# Policy File of /system/bin/autokd Executable File + +# ============================================== +# Type Declaration +# ============================================== +type autokd, domain; +type autokd_exec, exec_type, file_type; + +# ============================================== +# MTK Policy Rule +# ============================================== +# Date : WK14.43 +# Operation : Migration +# Purpose : Start autokd +init_daemon_domain(autokd) +allow init autokd_exec:file execute_no_trans; +allow init self:tcp_socket create; + +# Date : WK14.43 +# Operation : Migration +# Purpose : Interact with kernel to perform autok +allow autokd debugfs:file read; +allow autokd init:unix_stream_socket connectto; +allow autokd property_socket:sock_file write; +allow autokd self:netlink_kobject_uevent_socket { read bind create setopt }; +allow autokd self:tcp_socket create; +allow autokd shell_exec:file { read execute open execute_no_trans }; + +# Date : WK14.43 +# Operation : Migration +# Purpose : Read/Write autok result in data paritition +# To do: Consider to move files into a sub-directory in /data, said, /data/autokd +allow autokd sysfs:file write; +allow autokd system_data_file:dir { read write open add_name remove_name }; +allow autokd system_data_file:file { write create open append }; +allow autokd system_file:file execute_no_trans; +allow autokd block_device:dir search; +allow autokd nvram_data_file:dir {search read write getattr add_name remove_name }; +allow autokd nvram_data_file:file { read write getattr create open }; +allow autokd platformblk_device:dir search; +allow autokd platformblk_device:blk_file { open read write }; +allow autokd nvdata_file:dir {search read write getattr add_name remove_name }; +allow autokd nvdata_file:file { read write getattr create open setattr }; + |