blob: 8671685423871af697e3e7469ba6921a5c016f2f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
# ==============================================
# MTK Policy Rule
# ============
# Date : WK14.31
# Operation : Migration
# Purpose : for bring up
allow system_server hwmsensor_device:chr_file { read ioctl open };
allow system_server m_batch_misc_device:chr_file { read ioctl open };
allow system_server proc:file write;
allow system_server touch_device:chr_file { read ioctl open };
# Date : WK14.32
# Operation : Migration
# Purpose : for wifi p2p functionality
allow system_server dhcp_data_file:dir { read write remove_name search getattr };
allow system_server dhcp_data_file:file { read open unlink getattr };
# Date : WK14.33
# Operation : Migration
# Purpose : for wifi functionality
allow system_server wpa_wlan0_socket:sock_file write;
allow system_server hostapd:unix_dgram_socket sendto;
allow hostapd system_server:unix_dgram_socket sendto;
# Date : WK14.34
# Operation : Migration
# Purpose : for WFD functionality
allow system_server media_wfd_prop:property_service set;
# Date : WK14.34
# Operation : Migration
# Purpose : for idling on homescreen
allow system_server dontpanic_data_file:dir search;
allow system_server mnld:unix_dgram_socket sendto;
# Date : WK14.34
# Operation : Migration
# Purpose : for debug
allow system_server debuggerd:fd use;
allow system_server mnld_data_file:sock_file create_file_perms;
allow system_server mnld_data_file:sock_file rw_file_perms;
allow system_server mnld_data_file:dir create_file_perms;
allow system_server mnld_data_file:dir rw_dir_perms;
# Date : WK14.37
# Operation : Migration
# Purpose : for idling on homescreen
allow system_server guiext-server:binder { transfer call };
allow system_server touch_device:chr_file write;
# Date : WK14.37
# Operation : Migration
# Purpose : for relabeling files in /data/anr/ created at bootup
allow system_server anr_data_file:file relabelto;
# Date : WK14.38
# Operation : Migration
# Purpose : for debug
allow system_server debuggerd:binder call;
allow system_server resmon:fd use;
allow system_server resmon:fifo_file write;
# Date : WK14.39
# Operation : Migration
# Purpose : for operate HDMI device
allow system_server graphics_device:chr_file { read ioctl open };
# Date : WK14.40
# Operation : Migration
# Purpose : for operate ANT device driver
allow system_server stpant_device:chr_file { read open write ioctl};
# Date: WK14.40
# Operation : Migration
# Purpose : for ACTION_PREBOOT_IPO intent in ipo boot
binder_call(system_server, ipod)
# Date: wk14.40
# Operation : SQC
# Purpose : [ALPS01756200] wwop boot up fail
allow system_server custom_file:dir { read search open getattr};
allow system_server custom_file:file { read open getattr};
# Date: WK14.41
# Operation : Migration
# Purpose : boost surfaceflinger to RT
allow system_server surfaceflinger:process setsched;
# Date: WK14.41
# Operation : Migration
# Purpose : [ALPS01760531] for bring up after auto-merge
allow system_server zygote:binder impersonate;
# Date: WK14.41
# Operation : Migration
# Purpose : for system_server operate /dev/RT_Monitor when enable hang detect
allow system_server RT_Monitor_device:chr_file { read ioctl open };
# Date: WK14.42
# Operation : Migration
# Purpose : for system_server to start bootanim
allow system_server ctl_bootanim_prop:property_service set;
# Date : WK14.42
# Operation : SQC
# Purpose : ALPS01763317
# After connected to DHCPv6 enabled 6to4 IPv6 AP,
#the ipv6 related values of getprop command are wrong
#============= system_server ==============
allow system_server proc_net:file write;
allow system_server wide_dhcpv6_data_file:dir search;
allow system_server wide_dhcpv6_data_file:file { read getattr open };
# Date: WK14.41
# Operation : Migration
# Purpose : allow system_server to start ipod
allow system_server ctl_ipod_prop:property_service set;
# Date: WK14.43
# Operation : Migration
# Purpose : access to atcid from system server for GPS AT Command.
allow system_server atci_service:unix_dgram_socket sendto;
allow system_server atci_service:dir write;
allow system_server atci_service:dir add_name;
# Date: WK14.43
# Operation : Migration
# Purpose : for bring up
allow system_server anr_data_file:dir relabelfrom;
allow system_server sf_rtt_file:dir relabelto;
# Date: WK14.44
# Operation : Migration
# Purpose : for debug
allow system_server sf_rtt_file:dir r_dir_perms;
# Date: WK14.44
# Operation : Migration
# Purpose : for mtk gps epos library useage
allow system_server devmap_device:chr_file r_file_perms;
allow system_server irtx_device:chr_file { read write ioctl open };
# Date : WK14.46
# Operation : Migration
# Purpose : for MTK Emulator HW GPU
allow system_server qemu_pipe_device:chr_file rw_file_perms;
# Date: WK14.46
# Operation : Migration
# Purpose : for sensorhubservice
allow system_server shf_device:chr_file rw_file_perms;
# Date: W14.46
# Operation : Migration
# Purpose : for GpsLocationProvider.java to check ESUPL status
allow system_server agpsd_data_file:dir search;
# Date: WK14.46
# Operation : Migration
# Purpose : for saveLocale to set SystemProperties
allow system_server save_locale_prop:property_service set;
# Date: WK14.47
# Operation : Sanity
# Purpose : for /system/app/mcRegistry and /proc/secmem (TEE enable)
allow system_server mobicore_data_file:dir r_dir_perms;
allow system_server proc_secmem:file { rw_file_perms };
# Date: WK14.47
# Operation : Sanity
# Purpose : for avoid SELinux warning after dex2oat execv failed
allow system_server dex2oat_exec:file rx_file_perms;
# Date: WK14.47
# Operation : Sanity
# Purpose : for searching directories in sdcard by VoldConnector
allow system_server fuse:dir r_dir_perms;
# Date: WK14.47
# Operation : CTS
# Purpose : for executing recovery.dex
allow system_server system_data_file:file execute;
# Date: WK14.47
# Operation : MTBF
# Purpose : for debug
allow system_server sf_rtt_file:file r_file_perms;
# Date: WK14.47
# Operation : MTBF
# Purpose : for native process backtrace dump
allow system_server exec_type:file r_file_perms;
# Date: WK14.48
# Operation : SQC
# Purpose : for accessing exm0 tmpfs device
allow system_server exm0_device:chr_file { read write open };
# Date: WK14.48
# Operation : SQC
# Purpose : for querying zygote socket
allow system_server zygote:unix_stream_socket { getopt getattr };
# Date: WK14.52
# Operation : Feature developing
# Purpose : Communicate with native daemon (epdg_wod)
unix_socket_connect(system_server, wod_action, epdg_wod)
unix_socket_connect(system_server, wod_sim, epdg_wod)
# Date: WK15.05
# Purpose : for kill-switch should only grant to access frp partition, to be fix
allow system_server platformblk_device:blk_file { ioctl getattr open write read };
allow system_server platformblk_device:dir search;
allow system_server sensor_data_file:dir {search open read write add_name create getattr setattr };
allow system_server sensor_data_file:file { open read write create append unlink ioctl getattr setattr };
allow system_server sensor_data_file:fifo_file { read write open create setattr};
|
