222 lines
6.9 KiB
Plaintext
Executable File
222 lines
6.9 KiB
Plaintext
Executable File
# ==============================================
|
|
# MTK Policy Rule
|
|
# ============
|
|
|
|
# Date : WK14.31
|
|
# Operation : Migration
|
|
# Purpose : for bring up
|
|
allow system_server hwmsensor_device:chr_file { read ioctl open };
|
|
allow system_server m_batch_misc_device:chr_file { read ioctl open };
|
|
allow system_server proc:file write;
|
|
allow system_server touch_device:chr_file { read ioctl open };
|
|
|
|
# Date : WK14.32
|
|
# Operation : Migration
|
|
# Purpose : for wifi p2p functionality
|
|
allow system_server dhcp_data_file:dir { read write remove_name search getattr };
|
|
allow system_server dhcp_data_file:file { read open unlink getattr };
|
|
|
|
# Date : WK14.33
|
|
# Operation : Migration
|
|
# Purpose : for wifi functionality
|
|
allow system_server wpa_wlan0_socket:sock_file write;
|
|
allow system_server hostapd:unix_dgram_socket sendto;
|
|
allow hostapd system_server:unix_dgram_socket sendto;
|
|
|
|
# Date : WK14.34
|
|
# Operation : Migration
|
|
# Purpose : for WFD functionality
|
|
allow system_server media_wfd_prop:property_service set;
|
|
|
|
# Date : WK14.34
|
|
# Operation : Migration
|
|
# Purpose : for idling on homescreen
|
|
allow system_server dontpanic_data_file:dir search;
|
|
allow system_server mnld:unix_dgram_socket sendto;
|
|
|
|
# Date : WK14.34
|
|
# Operation : Migration
|
|
# Purpose : for debug
|
|
allow system_server debuggerd:fd use;
|
|
allow system_server mnld_data_file:sock_file create_file_perms;
|
|
allow system_server mnld_data_file:sock_file rw_file_perms;
|
|
allow system_server mnld_data_file:dir create_file_perms;
|
|
allow system_server mnld_data_file:dir rw_dir_perms;
|
|
|
|
# Date : WK14.37
|
|
# Operation : Migration
|
|
# Purpose : for idling on homescreen
|
|
allow system_server guiext-server:binder { transfer call };
|
|
allow system_server touch_device:chr_file write;
|
|
|
|
# Date : WK14.37
|
|
# Operation : Migration
|
|
# Purpose : for relabeling files in /data/anr/ created at bootup
|
|
allow system_server anr_data_file:file relabelto;
|
|
|
|
# Date : WK14.38
|
|
# Operation : Migration
|
|
# Purpose : for debug
|
|
allow system_server debuggerd:binder call;
|
|
allow system_server resmon:fd use;
|
|
allow system_server resmon:fifo_file write;
|
|
|
|
# Date : WK14.39
|
|
# Operation : Migration
|
|
# Purpose : for operate HDMI device
|
|
allow system_server graphics_device:chr_file { read ioctl open };
|
|
|
|
# Date : WK14.40
|
|
# Operation : Migration
|
|
# Purpose : for operate ANT device driver
|
|
allow system_server stpant_device:chr_file { read open write ioctl};
|
|
|
|
# Date: WK14.40
|
|
# Operation : Migration
|
|
# Purpose : for ACTION_PREBOOT_IPO intent in ipo boot
|
|
binder_call(system_server, ipod)
|
|
|
|
# Date: wk14.40
|
|
# Operation : SQC
|
|
# Purpose : [ALPS01756200] wwop boot up fail
|
|
allow system_server custom_file:dir { read search open getattr};
|
|
allow system_server custom_file:file { read open getattr};
|
|
|
|
# Date: WK14.41
|
|
# Operation : Migration
|
|
# Purpose : boost surfaceflinger to RT
|
|
allow system_server surfaceflinger:process setsched;
|
|
|
|
# Date: WK14.41
|
|
# Operation : Migration
|
|
# Purpose : [ALPS01760531] for bring up after auto-merge
|
|
allow system_server zygote:binder impersonate;
|
|
|
|
# Date: WK14.41
|
|
# Operation : Migration
|
|
# Purpose : for system_server operate /dev/RT_Monitor when enable hang detect
|
|
allow system_server RT_Monitor_device:chr_file { read ioctl open };
|
|
|
|
# Date: WK14.42
|
|
# Operation : Migration
|
|
# Purpose : for system_server to start bootanim
|
|
allow system_server ctl_bootanim_prop:property_service set;
|
|
|
|
|
|
# Date : WK14.42
|
|
# Operation : SQC
|
|
# Purpose : ALPS01763317
|
|
# After connected to DHCPv6 enabled 6to4 IPv6 AP,
|
|
#the ipv6 related values of getprop command are wrong
|
|
#============= system_server ==============
|
|
allow system_server proc_net:file write;
|
|
allow system_server wide_dhcpv6_data_file:dir search;
|
|
allow system_server wide_dhcpv6_data_file:file { read getattr open };
|
|
|
|
# Date: WK14.41
|
|
# Operation : Migration
|
|
# Purpose : allow system_server to start ipod
|
|
allow system_server ctl_ipod_prop:property_service set;
|
|
|
|
# Date: WK14.43
|
|
# Operation : Migration
|
|
# Purpose : access to atcid from system server for GPS AT Command.
|
|
allow system_server atci_service:unix_dgram_socket sendto;
|
|
allow system_server atci_service:dir write;
|
|
allow system_server atci_service:dir add_name;
|
|
|
|
# Date: WK14.43
|
|
# Operation : Migration
|
|
# Purpose : for bring up
|
|
allow system_server anr_data_file:dir relabelfrom;
|
|
allow system_server sf_rtt_file:dir relabelto;
|
|
|
|
# Date: WK14.44
|
|
# Operation : Migration
|
|
# Purpose : for debug
|
|
allow system_server sf_rtt_file:dir r_dir_perms;
|
|
|
|
# Date: WK14.44
|
|
# Operation : Migration
|
|
# Purpose : for mtk gps epos library useage
|
|
allow system_server devmap_device:chr_file r_file_perms;
|
|
|
|
allow system_server irtx_device:chr_file { read write ioctl open };
|
|
|
|
# Date : WK14.46
|
|
# Operation : Migration
|
|
# Purpose : for MTK Emulator HW GPU
|
|
allow system_server qemu_pipe_device:chr_file rw_file_perms;
|
|
|
|
# Date: WK14.46
|
|
# Operation : Migration
|
|
# Purpose : for sensorhubservice
|
|
allow system_server shf_device:chr_file rw_file_perms;
|
|
|
|
# Date: W14.46
|
|
# Operation : Migration
|
|
# Purpose : for GpsLocationProvider.java to check ESUPL status
|
|
allow system_server agpsd_data_file:dir search;
|
|
|
|
# Date: WK14.46
|
|
# Operation : Migration
|
|
# Purpose : for saveLocale to set SystemProperties
|
|
allow system_server save_locale_prop:property_service set;
|
|
|
|
# Date: WK14.47
|
|
# Operation : Sanity
|
|
# Purpose : for /system/app/mcRegistry and /proc/secmem (TEE enable)
|
|
allow system_server mobicore_data_file:dir r_dir_perms;
|
|
allow system_server proc_secmem:file { rw_file_perms };
|
|
|
|
# Date: WK14.47
|
|
# Operation : Sanity
|
|
# Purpose : for avoid SELinux warning after dex2oat execv failed
|
|
allow system_server dex2oat_exec:file rx_file_perms;
|
|
|
|
# Date: WK14.47
|
|
# Operation : Sanity
|
|
# Purpose : for searching directories in sdcard by VoldConnector
|
|
allow system_server fuse:dir r_dir_perms;
|
|
|
|
# Date: WK14.47
|
|
# Operation : CTS
|
|
# Purpose : for executing recovery.dex
|
|
allow system_server system_data_file:file execute;
|
|
|
|
# Date: WK14.47
|
|
# Operation : MTBF
|
|
# Purpose : for debug
|
|
allow system_server sf_rtt_file:file r_file_perms;
|
|
|
|
# Date: WK14.47
|
|
# Operation : MTBF
|
|
# Purpose : for native process backtrace dump
|
|
allow system_server exec_type:file r_file_perms;
|
|
|
|
# Date: WK14.48
|
|
# Operation : SQC
|
|
# Purpose : for accessing exm0 tmpfs device
|
|
allow system_server exm0_device:chr_file { read write open };
|
|
|
|
# Date: WK14.48
|
|
# Operation : SQC
|
|
# Purpose : for querying zygote socket
|
|
allow system_server zygote:unix_stream_socket { getopt getattr };
|
|
|
|
# Date: WK14.52
|
|
# Operation : Feature developing
|
|
# Purpose : Communicate with native daemon (epdg_wod)
|
|
unix_socket_connect(system_server, wod_action, epdg_wod)
|
|
unix_socket_connect(system_server, wod_sim, epdg_wod)
|
|
|
|
# Date: WK15.05
|
|
# Purpose : for kill-switch should only grant to access frp partition, to be fix
|
|
allow system_server platformblk_device:blk_file { ioctl getattr open write read };
|
|
allow system_server platformblk_device:dir search;
|
|
|
|
allow system_server sensor_data_file:dir {search open read write add_name create getattr setattr };
|
|
allow system_server sensor_data_file:file { open read write create append unlink ioctl getattr setattr };
|
|
allow system_server sensor_data_file:fifo_file { read write open create setattr};
|
|
|