152 lines
4.7 KiB
Plaintext
152 lines
4.7 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ============
|
|
|
|
# Date : WK14.32
|
|
# Operation : AEE UT
|
|
# Purpose : for AEE module
|
|
domain_auto_trans(debuggerd, dmlog_exec, dmlog)
|
|
|
|
allow debuggerd aed_device:chr_file { read write ioctl open };
|
|
allow debuggerd expdb_device:chr_file { read write ioctl open };
|
|
allow debuggerd platformblk_device:blk_file { read write ioctl open };
|
|
allow debuggerd ccci_device:chr_file { read ioctl open };
|
|
allow debuggerd etb_device:chr_file { read write ioctl open };
|
|
allow debuggerd graphics_device:dir search;
|
|
allow debuggerd graphics_device:chr_file r_file_perms;
|
|
allow debuggerd Vcodec_device:chr_file r_file_perms;
|
|
allow debuggerd camera_isp_device:chr_file r_file_perms;
|
|
|
|
# AED start: /dev/block/expdb
|
|
allow debuggerd block_device:dir search;
|
|
allow debuggerd platformblk_device:dir search;
|
|
|
|
# NE flow: /dev/RT_Monitor
|
|
allow debuggerd RT_Monitor_device:chr_file { read ioctl open };
|
|
|
|
# /dev/_GPU_ dev/pvrsrvkm
|
|
allow debuggerd gpu_device:chr_file rw_file_perms;
|
|
|
|
# /dev/exm0
|
|
allow debuggerd exm0_device:chr_file r_file_perms;
|
|
|
|
allow debuggerd shell_exec:file { execute execute_no_trans };
|
|
allow debuggerd dex2oat_exec:file { execute execute_no_trans };
|
|
|
|
# aee db dir and db files
|
|
allow debuggerd sdcard_internal:dir create_dir_perms;
|
|
allow debuggerd sdcard_internal:file create_file_perms;
|
|
|
|
#data/anr
|
|
allow debuggerd anr_data_file:dir create_dir_perms;
|
|
allow debuggerd anr_data_file:file create_file_perms;
|
|
|
|
#data/aee_exp
|
|
allow debuggerd aee_exp_data_file:dir { relabelto create_dir_perms };
|
|
allow debuggerd aee_exp_data_file:file create_file_perms;
|
|
|
|
#data/dumpsys
|
|
allow debuggerd aee_dumpsys_data_file:dir { relabelto create_dir_perms };
|
|
allow debuggerd aee_dumpsys_data_file:file create_file_perms;
|
|
|
|
#/data/core
|
|
allow debuggerd aee_core_data_file:dir create_dir_perms;
|
|
allow debuggerd aee_core_data_file:file create_file_perms;
|
|
|
|
# /data/data_tmpfs_log
|
|
allow debuggerd data_tmpfs_log_file:dir create_dir_perms;
|
|
allow debuggerd data_tmpfs_log_file:file create_file_perms;
|
|
|
|
allow debuggerd shell_data_file:dir search;
|
|
allow debuggerd shell_data_file:file r_file_perms;
|
|
|
|
#/data/anr/SF_RTT
|
|
allow debuggerd sf_rtt_file:dir search;
|
|
allow debuggerd sf_rtt_file:file r_file_perms;
|
|
|
|
allow debuggerd sysfs:file write;
|
|
allow debuggerd proc:file write;
|
|
allow debuggerd sysfs_lowmemorykiller:file { read open };
|
|
allow debuggerd debugfs:file read;
|
|
#allow debuggerd proc_security:file { write open };
|
|
|
|
allow debuggerd self:capability { fsetid sys_nice sys_resource net_admin sys_module };
|
|
|
|
allow debuggerd domain:process { sigkill getattr getsched};
|
|
allow debuggerd domain:lnk_file getattr;
|
|
|
|
#core-pattern
|
|
allow debuggerd usermodehelper:file { read open };
|
|
|
|
#suid_dumpable
|
|
allow debuggerd proc_security:file { read open };
|
|
|
|
#kptr_restrict
|
|
#allow debuggerd proc_security:file { write open };
|
|
|
|
#dmesg
|
|
allow debuggerd kernel:system syslog_read;
|
|
|
|
#property
|
|
allow debuggerd init:unix_stream_socket connectto;
|
|
allow debuggerd property_socket:sock_file write;
|
|
|
|
# dumpstate ION_MM_HEAP
|
|
allow debuggerd debugfs:lnk_file read;
|
|
|
|
allow debuggerd tmpfs:lnk_file read;
|
|
|
|
|
|
# aed set property
|
|
allow debuggerd persist_mtk_aee_prop:property_service set;
|
|
allow debuggerd persist_aee_prop:property_service set;
|
|
allow debuggerd debug_mtk_aee_prop:property_service set;
|
|
|
|
# aee_dumpstate set property
|
|
allow debuggerd debug_bq_dump_prop:property_service set;
|
|
|
|
#com.android.settings NE
|
|
allow debuggerd system_app_data_file:dir search;
|
|
|
|
# sogou NE
|
|
allow debuggerd app_data_file:dir search;
|
|
|
|
# open and read /data/data/com.android.settings/databases/search_index.db-journal
|
|
allow debuggerd system_app_data_file:file r_file_perms;
|
|
allow debuggerd app_data_file:file r_file_perms;
|
|
|
|
# /system/bin/am
|
|
allow debuggerd system_file:file execute_no_trans;
|
|
allow debuggerd zygote_exec:file { execute execute_no_trans };
|
|
|
|
#/proc/driver/storage_logger
|
|
allow debuggerd proc_slogger:file { write read open };
|
|
|
|
# MOTA upgrade from JB->L: aee_dumpstate(ps top df dmesg)
|
|
# allow debuggerd unlabeled:lnk_file read;
|
|
|
|
binder_use(debuggerd)
|
|
allow debuggerd system_server:binder call;
|
|
allow debuggerd surfaceflinger:binder call;
|
|
allow debuggerd surfaceflinger:fd use;
|
|
allow debuggerd platform_app:fd use;
|
|
allow debuggerd platform_app_tmpfs:file write;
|
|
|
|
# aed and MTKLogger.apk socket connect
|
|
allow debuggerd platform_app:unix_stream_socket connectto;
|
|
|
|
allow debuggerd self:udp_socket { create ioctl };
|
|
|
|
allow debuggerd init:process getsched;
|
|
allow debuggerd kernel:process getsched;
|
|
|
|
# for SF_dump
|
|
allow debuggerd sf_bqdump_data_file:dir { read write open remove_name search};
|
|
allow debuggerd sf_bqdump_data_file:file { read getattr unlink open };
|
|
|
|
|
|
allow debuggerd custom_file:dir search;
|
|
|
|
# avc: denied { read } for pid=4503 comm="screencap" name="secmem0" dev="proc"
|
|
allow debuggerd proc_secmem:file r_file_perms;
|