49 lines
1.6 KiB
Plaintext
49 lines
1.6 KiB
Plaintext
# ==============================================
|
|
# Policy File of enableswap.sh
|
|
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
type enableswap_exec , exec_type, file_type;
|
|
type enableswap ,domain;
|
|
|
|
# ==============================================
|
|
# Android Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# NSA Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# Date : WK14.34
|
|
# Operation : Migration
|
|
# Purpose : Add new swap areas
|
|
init_daemon_domain(enableswap)
|
|
allow enableswap block_device:dir search;
|
|
allow enableswap self:capability sys_admin;
|
|
allow enableswap shell_exec:file { entrypoint read };
|
|
allow enableswap sysfs:file write;
|
|
allow enableswap tiny_mkswap_exec:file { read getattr open execute execute_no_trans };
|
|
allow enableswap tiny_swapon_exec:file { read getattr open execute execute_no_trans };
|
|
allow enableswap zram0_device:blk_file { read write getattr open ioctl };
|
|
|
|
# Date : WK14.46
|
|
# Operation : Migration
|
|
# Purpose : Allow more operations on swap areas
|
|
allow enableswap proc:file write;
|
|
allow enableswap system_file:file execute_no_trans;
|
|
allow enableswap system_data_file:file { open };
|
|
allow enableswap system_data_file:dir { write add_name };
|
|
allow enableswap self:capability dac_override;
|
|
|
|
# Date : WK15.05
|
|
# Operation : Migration
|
|
# Purpose : Allow more operations on init_tmpfs
|
|
allow enableswap init_tmpfs:file write;
|