1 files changed, 51 insertions, 0 deletions

diff --git a/sepolicy/adbd.te b/sepolicy/adbd.te
new file mode 100644
index 0000000..e11c9ed
--- /dev/null
+++ b/sepolicy/adbd.te
@@ -0,0 +1,51 @@
+# ==============================================
+# MTK Policy Rule
+# ============
+
+
+#violate neverallow rule
+#allow adbd block_device:blk_file { read ioctl open };
+
+#violate neverallow rule
+#allow adbd labeledfs:filesystem remount;
+
+# Date : WK14.27
+# Operation : KK.AOSP SQC 
+# Purpose : MTK snapshot-related mechanism
+allow adbd graphics_device:chr_file { read ioctl open };
+
+# Date : WK14.27
+# Operation : KK.AOSP SQC 
+# Purpose : A process wants to access a specific path. For example : shell:ls -l /data/data/
+allow adbd platform_app_data_file:dir { write getattr add_name };
+allow adbd platform_app_data_file:file { read create open };
+allow adbd radio_data_file:file { read open };
+
+# Date : WK14.27
+# Operation : KK.AOSP SQC 
+# Purpose : shell:logcat -v threadtime
+allow adbd self:capability2 syslog;
+
+allow adbd block_device:dir search;
+allow adbd kernel:process setsched;
+allow adbd self:capability { net_raw ipc_lock dac_override };
+allow adbd system_data_file:dir { write remove_name add_name };
+allow adbd tmpfs:lnk_file read;
+
+# Date : WK14.46
+# Operation : Migration
+# Purpose : for MTK Emulator HW GPU
+allow adbd qemu_pipe_device:chr_file rw_file_perms;
+
+# user load adb pull /data/aee_exp db
+allow adbd aee_exp_data_file:dir r_dir_perms;
+allow adbd aee_exp_data_file:file r_file_perms;
+
+# call screencap by DDMS
+allow adbd surfaceflinger:dir search;
+allow adbd surfaceflinger:file r_file_perms;
+
+# Date : WK14.48
+# Operation : L0 SQC
+# Purpose : push/pull files to specific folders
+allow adbd sf_rtt_file:dir getattr;
\ No newline at end of file