diff options
Diffstat (limited to 'sepolicy/dm_agent_binder.te')
| -rw-r--r-- | sepolicy/dm_agent_binder.te | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/sepolicy/dm_agent_binder.te b/sepolicy/dm_agent_binder.te new file mode 100644 index 0000000..1218e1f --- /dev/null +++ b/sepolicy/dm_agent_binder.te @@ -0,0 +1,99 @@ +# ============================================== +# Policy File of /system/bin/dm_agent_binder Executable File + + +# ============================================== +# Type Declaration +# ============================================== + +type dm_agent_binder_exec , exec_type, file_type; +type dm_agent_binder ,domain; + +# ============================================== +# Android Policy Rule +# ============================================== + +# ============================================== +# NSA Policy Rule +# ============================================== + +# ============================================== +# MTK Policy Rule +# ============================================== + +init_daemon_domain(dm_agent_binder) + +# Date : WK14.37 +# Operation : access DmAgent by binder +# Purpose : ensure can access DmAgent api normally. +allow dm_agent_binder dm_agent_binder_service:service_manager add; + +# Date : WK14.37 +# Operation : access DmAgent by binder +# Purpose : ensure can access DmAgent api normally. +binder_use(dm_agent_binder) +binder_service(dm_agent_binder) + +# Date : WK14.42 +# Operation : Migration +# Purpose : Allow DmAgent access nvram_data_file. +allow dm_agent_binder nvram_data_file:dir { rw_dir_perms }; +allow dm_agent_binder nvdata_file:dir { rw_dir_perms }; + +# Date : WK14.42 +# Operation : Basic UT +# Purpose : Allow DmAgent access nvram_data_file. +allow dm_agent_binder nvram_data_file:file { create_file_perms }; +allow dm_agent_binder nvram_data_file:lnk_file read; +allow dm_agent_binder nvdata_file:file { create_file_perms }; + +# Date : WK14.42 +# Operation : Basic UT +# Purpose : Allow DmAgent access block_device. +allow dm_agent_binder block_device:dir search; + +# Date : WK14.42 +# Operation : Basic UT +# Purpose : Allow DmAgent access platformblk_device. +allow dm_agent_binder platformblk_device:dir search; + +# Date : WK14.42 +# Operation : Basic UT +# Purpose : Allow DmAgent access misc_device. +allow dm_agent_binder misc_device:chr_file { rw_file_perms }; + +# Date : WK14.42 +# Operation : Basic UT +# Purpose : Allow DmAgent write sock_file. +allow dm_agent_binder property_socket:sock_file write; + +# Date : WK14.42 +# Operation : Basic UT +# Purpose : Allow DmAgent connectto unix_stream_socket. +allow dm_agent_binder init:unix_stream_socket connectto; + +# Date : 2014/10/17 +# Operation : QC +# Purpose : [Privacy protection lock][dm_agent_binder call FileOp_BackupToBinRegionForDM to do nvram backup] +allow dm_agent_binder mmcblk_device:blk_file rw_file_perms; +allow dm_agent_binder platformblk_device:blk_file rw_file_perms; + +# Date : WK14.42 +# Operation : Basic UT +# Purpose : Allow DmAgent to set properties. +allow dm_agent_binder persist_dm_prop:property_service set; + +# Date : WK14.43 +# Operation : Basic UT +# Purpose : Allow DmAgent to access cache_file. +allow dm_agent_binder cache_file:dir { w_dir_perms create }; + +# Date : WK14.43 +# Operation : Basic UT +# Purpose : Allow DmAgent to access cache_file. +allow dm_agent_binder cache_file:file { create_file_perms }; + +# Date : WK14.44 +# Operation : Basic UT +# Purpose : Allow DmAgent to access nvram_device. +allow dm_agent_binder nvram_device:chr_file { rw_file_perms }; |