diff options
| author | Mister Oyster <oysterized@gmail.com> | 2017-01-02 12:44:35 +0100 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-01-02 12:44:35 +0100 |
| commit | a184d985bf43d3fe6eeba971bc6b32f79ea38b37 (patch) | |
| tree | 6f6e56e090777cc149bc1ab39e5987cc2b03e867 /sepolicy/statusd.te | |
initial releasecm-13.0
Diffstat (limited to 'sepolicy/statusd.te')
| -rw-r--r-- | sepolicy/statusd.te | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/sepolicy/statusd.te b/sepolicy/statusd.te new file mode 100644 index 0000000..647512e --- /dev/null +++ b/sepolicy/statusd.te @@ -0,0 +1,49 @@ +# ============================================== +# Policy File of /system/bin/statusd Executable File + +type statusd_exec, exec_type, file_type; +type statusd, domain; + +#permissive statusd; + +init_daemon_domain(statusd) + +allow statusd block_device:dir search; +allow statusd ctl_pppd_via_prop:property_service set; +allow statusd flashlessd_exec:file { read execute open execute_no_trans }; +allow statusd init:unix_stream_socket connectto; +allow statusd mtk_md_prop:property_service set; +allow statusd net_cdma_mdmstat:property_service set; +allow statusd net_radio_prop:property_service set; +allow statusd nvram_data_file:dir { search add_name write remove_name read open}; +allow statusd nvram_data_file:file { create write open read getattr setattr}; +allow statusd nvram_data_file:lnk_file { read}; +allow statusd nvdata_file:dir { search add_name write remove_name read open}; +allow statusd nvdata_file:file { create write open read getattr setattr}; +allow statusd platformblk_device:blk_file { read write open }; +allow statusd platformblk_device:dir search; +allow statusd property_socket:sock_file write; +allow statusd radio_prop:property_service set; +allow statusd ril_cdma_report_prop:property_service set; +allow statusd self:capability net_admin; +allow statusd self:udp_socket { create ioctl }; +allow statusd statusd_socket:sock_file { write setattr }; +allow statusd sysfs_wake_lock:file { read write open }; +allow statusd system_data_file:dir { write add_name }; +allow statusd system_data_file:sock_file { write create setattr }; +allow statusd system_file:file execute_no_trans; +allow statusd ttyMT_device:chr_file { read write ioctl open }; +allow statusd ttySDIO_device:chr_file { read write open setattr ioctl}; +allow statusd viarild_exec:file { read execute open execute_no_trans }; +allow statusd vmodem_device:chr_file { read write open setattr ioctl}; + +# property service +allow statusd system_prop:property_service set; +allow statusd system_radio_prop:property_service set; +allow statusd persist_ril_prop:property_service set; +allow statusd ril_mux_report_case_prop:property_service set; +auditallow statusd net_radio_prop:property_service set; +auditallow statusd system_radio_prop:property_service set; + +#Search permission for findPidByName +allow statusd domain:dir search; |