90 lines
3.2 KiB
Plaintext
Executable File
90 lines
3.2 KiB
Plaintext
Executable File
# ==============================================
|
|
# Policy File of /system/binipod Executable File
|
|
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
type ipod_exec , exec_type, file_type;
|
|
type ipod ,domain;
|
|
|
|
# ==============================================
|
|
# Android Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# NSA Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# permissive ipod;
|
|
init_daemon_domain(ipod)
|
|
# unconfined_domain(ipod)
|
|
|
|
# date: 2014/09/19
|
|
# operation : migration
|
|
# purpose : allow ipod to perform binder IPC to control screen on/off via PowerManager
|
|
binder_use(ipod)
|
|
binder_service(ipod)
|
|
binder_call(ipod, system_server)
|
|
binder_call(ipod, surfaceflinger)
|
|
|
|
allow ipod ctl_bootanim_prop:property_service set;
|
|
allow ipod ctl_ipod_prop:property_service set;
|
|
allow ipod ipod_prop:property_service set;
|
|
allow ipod powerctl_prop:property_service set;
|
|
allow ipod audiohal_prop:property_service set;
|
|
allow ipod system_prop:property_service set;
|
|
allow ipod shell_exec:file { read open execute_no_trans execute };
|
|
allow ipod system_file:file execute_no_trans;
|
|
|
|
# permissions for IPO with phone encrypted
|
|
# removed due to IPO will be disabled when phone is encrypted
|
|
# allow ipod vdc_exec:file { getattr execute read open execute_no_trans };
|
|
# allow ipod vold_socket:sock_file write;
|
|
# allow ipod vold:unix_stream_socket connectto;
|
|
|
|
allow ipod platformblk_device:blk_file { read open write };
|
|
allow ipod platformblk_device:dir search;
|
|
|
|
allow ipod self:capability dac_override;
|
|
allow ipod self:capability net_admin;
|
|
allow ipod kmsg_device:chr_file { open write };
|
|
allow ipod property_socket:sock_file write;
|
|
|
|
allow ipod init:dir getattr;
|
|
allow ipod init:unix_stream_socket connectto;
|
|
allow ipod sysfs_wake_lock:file { read write open getattr };
|
|
allow ipod block_device:dir search;
|
|
allow ipod gpu_device:chr_file { read write open ioctl };
|
|
allow ipod ipod:netlink_kobject_uevent_socket { create bind read setopt };
|
|
allow ipod input_device:dir { open read search };
|
|
allow ipod input_device:file { open read write ioctl };
|
|
allow ipod input_device:chr_file { open read write ioctl };
|
|
allow ipod rtc_device:chr_file { open read write ioctl };
|
|
allow ipod sysfs:file { open read write getattr };
|
|
allow ipod alarm_device:chr_file write;
|
|
allow ipod system_server:unix_stream_socket connectto;
|
|
allow ipod proc:file { open read write };
|
|
allow ipod proc:dir { search getattr };
|
|
allow ipod logo_device:chr_file { open read };
|
|
|
|
# reboot syscall to switch to recovery/factory mode instantly
|
|
allow ipod self:capability sys_boot;
|
|
allow ipod proc_sysrq:file { open write };
|
|
|
|
allow ipod debugfs:file { open read getattr };
|
|
|
|
# IPOH
|
|
allow ipod system_data_file:dir { open read write add_name create remove_name };
|
|
allow ipod system_data_file:file { create open write ioctl setattr };
|
|
allow ipod cache_file:dir { open read write add_name create remove_name };
|
|
allow ipod cache_file:file { create open write ioctl setattr };
|
|
allow ipod proc_lk_env:file { open read write };
|
|
allow ipod misc_device:chr_file { open read write };
|
|
allow ipod self:capability { chown sys_admin };
|