diff options
Diffstat (limited to 'sepolicy/aal.te')
| -rw-r--r-- | sepolicy/aal.te | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/sepolicy/aal.te b/sepolicy/aal.te new file mode 100644 index 0000000..bbaa1bb --- /dev/null +++ b/sepolicy/aal.te @@ -0,0 +1,40 @@ +# ============================================== +# Policy File of /system/binaal Executable File + +# ============================================== +# Type Declaration +# ============================================== + +type aal_exec , exec_type, file_type; +type aal ,domain; + +# ============================================== +# Android Policy Rule +# ============================================== + +# ============================================== +# NSA Policy Rule +# ============================================== + +# ============================================== +# MTK Policy Rule +# ============================================== + +# permissive aal; +init_daemon_domain(aal) +# unconfined_domain(aal) + +# Date : 2014/09/09 (or WK14.37) +# Operation : Migration +# Purpose : allow Binder IPC +binder_use(aal) +binder_call(aal, binderservicedomain) +binder_service(aal) + +# Date : WK14.41 +# Operation : Migration +# Purpose : All enforing mode +allow aal aal_als_device:chr_file { read open ioctl }; +allow aal graphics_device:chr_file { read open ioctl }; +allow aal graphics_device:dir search; +allow aal aal_service:service_manager add; |