35 lines
1.2 KiB
Plaintext
35 lines
1.2 KiB
Plaintext
##
|
|
# Trustonic TEE (mobicore) daemon
|
|
#
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
type mobicore, domain;
|
|
type mobicore_exec, exec_type, file_type;
|
|
type mobicore_admin_device, dev_type;
|
|
type mobicore_user_device, dev_type;
|
|
type mobicore_tui_device, dev_type;
|
|
type mobicore_data_file, file_type, data_file_type;
|
|
|
|
# ==============================================
|
|
# Type Declaration for secmem
|
|
# ==============================================
|
|
type proc_secmem, fs_type;
|
|
# genfscon proc /secmem0 u:object_r:proc_secmem:s0;
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
# permissive mobicore;
|
|
init_daemon_domain(mobicore)
|
|
allow mobicore self:capability { dac_override };
|
|
allow mobicore mobicore_admin_device:chr_file rw_file_perms;
|
|
allow mobicore mobicore_user_device:chr_file rw_file_perms;
|
|
allow mobicore mobicore_data_file:dir rw_dir_perms;
|
|
allow mobicore mobicore_data_file:file create_file_perms;
|
|
allow mobicore self:netlink_socket create_socket_perms;
|
|
allow mobicore apk_data_file:dir write;
|
|
allow mobicore mobicore_data_file:dir create;
|
|
allow mobicore mobicore_data_file:file rw_file_perms;
|