xavi
/
android_device_mt6753_common
mirror of https://github.com/Moyster/android_device_mt6753_common
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
android_device_mt6753_common/sepolicy/recovery.te

176 lines
7.7 KiB
Plaintext
Executable File
Raw Permalink Blame History

# ==============================================
# MTK Policy Rule
# ==============================================
# recovery console (used in recovery init.rc for /sbin/recovery)
# special factory reset & backup/restore needs permissive mode
# permissive recovery;
# Date : WK14.38
# Operation : Migration
# Purpose : for recovery operation
allow recovery misc_device:chr_file *;
allow recovery platformblk_device:dir *;
allow recovery platformblk_device:blk_file *;
allow recovery vfat:dir *;
allow recovery vfat:file ~{ execute entrypoint };
allow recovery vfat:lnk_file *;
allow recovery misc_sd_device:chr_file *;
# Date : WK14.39
# Operation : Migration
# Purpose : for CIP project access /custom partition
allow recovery custom_file:dir *;
allow recovery custom_file:file ~{ execute entrypoint };
allow recovery custom_file:lnk_file *;
allow recovery rootfs:dir *;
# Date : WK14.41
# Operation : Migration
# Purpose : Differential update
allow recovery bootimg_device:chr_file *;
allow recovery recovery_device:chr_file *;
allow recovery logo_device:chr_file *;
allow recovery preloader_device:chr_file *;
allow recovery uboot_device:chr_file *;
allow recovery init:dir *;
allow recovery init:file ~{ execute entrypoint };
allow recovery init:lnk_file *;
allow recovery kernel:dir *;
allow recovery kernel:file ~{ execute entrypoint };
allow recovery kernel:lnk_file *;
# Date : WK14.41
# Operation : Migration
# Purpose : Block full update
allow recovery healthd:dir *;
allow recovery healthd:file ~{ execute entrypoint };
allow recovery healthd:lnk_file *;
dontaudit recovery self:capability sys_ptrace;
allow recovery ueventd:dir *;
allow recovery ueventd:file ~{ execute entrypoint };
allow recovery ueventd:lnk_file *;
# Date : WK14.42
# Operation : Migration
# Purpose : for sepcial factory reset
allow recovery system_data_file:dir *;
allow recovery system_data_file:fifo_file *;
allow recovery system_data_file:file ~{ execute entrypoint };
allow recovery system_data_file:lnk_file *;
allow recovery system_data_file:sock_file *;
allow recovery apk_data_file:dir *;
allow recovery apk_data_file:file ~{ execute entrypoint };
allow recovery apk_data_file:lnk_file *;
userdebug_or_eng(`
allow recovery su:dir *;
allow recovery su:file *;
allow recovery su:lnk_file *;
')
# Date : WK14.43
# Operation : Migration
# Purpose : JB to L differential OTA
#allow recovery unlabeled:lnk_file *;
# Date : WK14.45
# Operation : SQC
# Purpose : partition size changed
allow recovery pmt_device:chr_file *;
allow recovery tee_part_device:chr_file *;
# Date : WK14.45
# Operation : Migration
# Purpose : KK->L->L legacy secure OTA
allow recovery proc_sysrq:file { write open };
allow recovery sec_device:chr_file { read ioctl open };
allow recovery sec_ro_device:chr_file { read open };
allow recovery seccfg_device:chr_file { read open };
allow recovery self:capability sys_boot;
# Date : WK14.46
# Operation : Migration
# Purpose : FOTA upgrade
allow recovery app_data_file:dir { write create add_name };
allow recovery app_data_file:dir { read open };
allow recovery app_data_file:file { read write create open };
allow recovery mobicore_data_file:dir { write remove_name search add_name };
allow recovery mobicore_data_file:file { rename setattr read create write getattr unlink open };
allow recovery mobicore_data_file:file { relabelfrom relabelto };
# Date : WK14.47
# Operation : Migration
# Purpose : Root Integrity Check
allow recovery md_ctrl:file { read getattr open };
allow recovery mobicore_data_file:dir { read open };
# add for adups FOTA start
allow recovery media_rw_data_file:dir { open read write getattr search rmdir remove_name };
allow recovery media_rw_data_file:file { read getattr open unlink };
allow recovery media_rw_data_file:dir search;
allow recovery media_rw_data_file:dir read;
allow recovery media_rw_data_file:dir open;
allow recovery media_rw_data_file:file { read getattr open };
allow recovery rootfs:dir { add_name create };
allow recovery rootfs:dir write;
allow recovery system_data_file:dir { write mounton create rmdir remove_name add_name open read write getattr search};
allow recovery system_data_file:file { create write unlink getattr };
allow recovery { apk_data_file adb_keys_file keychain_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { apk_data_file adb_keys_file keychain_data_file }:file { getattr unlink };
allow recovery keystore_data_file:dir { open read getattr search };
allow recovery keystore_data_file:file { getattr };
allow recovery { shell_data_file bluetooth_data_file net_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { shell_data_file bluetooth_data_file net_data_file }:file { getattr unlink };
allow recovery { apk_private_data_file vpn_data_file zoneinfo_data_file shared_relro_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { apk_private_data_file vpn_data_file zoneinfo_data_file shared_relro_file }:file { getattr unlink };
allow recovery { adb_data_file dhcp_data_file misc_user_data_file systemkeys_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { adb_data_file dhcp_data_file misc_user_data_file systemkeys_data_file }:file { getattr unlink };
allow recovery { wifi_data_file camera_data_file media_data_file wpa_socket }:dir { open read write getattr search rmdir remove_name };
allow recovery { wifi_data_file camera_data_file media_data_file wpa_socket }:file { getattr unlink };
allow recovery { app_data_file audio_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { app_data_file audio_data_file }:file { getattr unlink };
allow recovery { anr_data_file asec_image_file backup_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { anr_data_file asec_image_file backup_data_file }:file { getattr unlink };
allow recovery { radio_data_file system_app_data_file dalvikcache_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { radio_data_file system_app_data_file dalvikcache_data_file }:file { getattr unlink };
allow recovery { drm_data_file nfc_data_file resourcecache_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { drm_data_file nfc_data_file resourcecache_data_file }:file { getattr unlink };
allow recovery property_data_file:dir { open read getattr search };
allow recovery property_data_file:file { getattr };
allow recovery { tombstone_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { tombstone_data_file }:file { getattr unlink };
allow recovery security_file:dir { open read getattr search };
allow recovery { dalvikcache_profiles_data_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { dalvikcache_profiles_data_file }:file { getattr unlink };
allow recovery { cache_backup_file }:dir { open read write getattr search rmdir remove_name };
allow recovery { cache_backup_file }:file { getattr unlink };
allow recovery { wallpaper_file apk_private_tmp_file gps_data_file cache_file cache_backup_file efs_file }:file { getattr unlink};
allow recovery { asec_apk_file asec_public_file bluetooth_efs_file }:file { getattr unlink};
allow recovery { rootfs }:file { create write getattr unlink };
allow recovery { shell_data_file app_data_file system_app_data_file radio_data_file bluetooth_data_file system_data_file nfc_data_file }:lnk_file { getattr unlink read};
allow recovery { camera_data_file system_ndebug_socket system_wpa_socket wpa_socket }:sock_file { getattr unlink };
allow recovery { system_data_file }:fifo_file { open read write getattr rw_file_perms unlink };
# add for adups FOTA end
Reference in New Issue View Git Blame Copy Permalink