diff options
Diffstat (limited to 'sepolicy/mobile_log_d.te')
| -rw-r--r-- | sepolicy/mobile_log_d.te | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/sepolicy/mobile_log_d.te b/sepolicy/mobile_log_d.te new file mode 100644 index 0000000..3849a79 --- /dev/null +++ b/sepolicy/mobile_log_d.te @@ -0,0 +1,75 @@ +# ============================================== +# Policy File of /system/binmobile_log_d Executable File + + +# ============================================== +# Type Declaration +# ============================================== + +type mobile_log_d_exec , exec_type, file_type; +type mobile_log_d ,domain; + +# ============================================== +# Android Policy Rule +# ============================================== + +# ============================================== +# NSA Policy Rule +# ============================================== + +# ============================================== +# MTK Policy Rule +# ============================================== + +init_daemon_domain(mobile_log_d) + +# Date : WK14.31 +# Operation : Migration +# Purpose : for L early bring-up +allow mobile_log_d kernel:system syslog_mod; +allow mobile_log_d sdcard_internal:dir create_dir_perms; +allow mobile_log_d sdcard_internal:file create_file_perms; +allow mobile_log_d platform_app:fd use; +allow mobile_log_d platform_app_tmpfs:file write; +#allow mobile_log_d unlabeled:lnk_file read; + +#GMO project +dontaudit mobile_log_d untrusted_app:fd use; +dontaudit mobile_log_d isolated_app:fd use; + +#md32 +#sysfs label need to be changed later +allow mobile_log_d sysfs:file write; +allow mobile_log_d md32_device:chr_file { read open }; + +#debug.MB.running +allow mobile_log_d debug_prop:property_service set; + +allow mobile_log_d fuse:dir create_dir_perms; +allow mobile_log_d fuse:file create_file_perms; +allow mobile_log_d init:unix_stream_socket connectto; +allow mobile_log_d property_socket:sock_file write; +allow mobile_log_d system_file:file x_file_perms; +allow mobile_log_d tmpfs:lnk_file read; + +allow mobile_log_d logd:unix_stream_socket connectto; +allow mobile_log_d logdr_socket:sock_file write; +allow mobile_log_d mtkbt:unix_stream_socket connectto; +allow mobile_log_d self:capability { setuid setgid }; +allow mobile_log_d self:capability2 syslog; +allow mobile_log_d shell_exec:file rx_file_perms; + +#factory mode +allow mobile_log_d vfat:dir create_dir_perms; +allow mobile_log_d vfat:file create_file_perms; + +#data/misc/mblog +allow mobile_log_d system_data_file:dir { relabelfrom create_dir_perms }; +allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms }; +allow mobile_log_d logmisc_data_file:file create_file_perms; +#data/log_temp +allow mobile_log_d logtemp_data_file:dir { relabelto create_dir_perms }; +allow mobile_log_d logtemp_data_file:file create_file_perms; +#data/data_tmpfs_log +allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms; +allow mobile_log_d data_tmpfs_log_file:file create_file_perms; |