76 lines
2.5 KiB
Plaintext
76 lines
2.5 KiB
Plaintext
# ==============================================
|
|
# Policy File of /system/binmobile_log_d Executable File
|
|
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
type mobile_log_d_exec , exec_type, file_type;
|
|
type mobile_log_d ,domain;
|
|
|
|
# ==============================================
|
|
# Android Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# NSA Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
init_daemon_domain(mobile_log_d)
|
|
|
|
# Date : WK14.31
|
|
# Operation : Migration
|
|
# Purpose : for L early bring-up
|
|
allow mobile_log_d kernel:system syslog_mod;
|
|
allow mobile_log_d sdcard_internal:dir create_dir_perms;
|
|
allow mobile_log_d sdcard_internal:file create_file_perms;
|
|
allow mobile_log_d platform_app:fd use;
|
|
allow mobile_log_d platform_app_tmpfs:file write;
|
|
#allow mobile_log_d unlabeled:lnk_file read;
|
|
|
|
#GMO project
|
|
dontaudit mobile_log_d untrusted_app:fd use;
|
|
dontaudit mobile_log_d isolated_app:fd use;
|
|
|
|
#md32
|
|
#sysfs label need to be changed later
|
|
allow mobile_log_d sysfs:file write;
|
|
allow mobile_log_d md32_device:chr_file { read open };
|
|
|
|
#debug.MB.running
|
|
allow mobile_log_d debug_prop:property_service set;
|
|
|
|
allow mobile_log_d fuse:dir create_dir_perms;
|
|
allow mobile_log_d fuse:file create_file_perms;
|
|
allow mobile_log_d init:unix_stream_socket connectto;
|
|
allow mobile_log_d property_socket:sock_file write;
|
|
allow mobile_log_d system_file:file x_file_perms;
|
|
allow mobile_log_d tmpfs:lnk_file read;
|
|
|
|
allow mobile_log_d logd:unix_stream_socket connectto;
|
|
allow mobile_log_d logdr_socket:sock_file write;
|
|
allow mobile_log_d mtkbt:unix_stream_socket connectto;
|
|
allow mobile_log_d self:capability { setuid setgid };
|
|
allow mobile_log_d self:capability2 syslog;
|
|
allow mobile_log_d shell_exec:file rx_file_perms;
|
|
|
|
#factory mode
|
|
allow mobile_log_d vfat:dir create_dir_perms;
|
|
allow mobile_log_d vfat:file create_file_perms;
|
|
|
|
#data/misc/mblog
|
|
allow mobile_log_d system_data_file:dir { relabelfrom create_dir_perms };
|
|
allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms };
|
|
allow mobile_log_d logmisc_data_file:file create_file_perms;
|
|
#data/log_temp
|
|
allow mobile_log_d logtemp_data_file:dir { relabelto create_dir_perms };
|
|
allow mobile_log_d logtemp_data_file:file create_file_perms;
|
|
#data/data_tmpfs_log
|
|
allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms;
|
|
allow mobile_log_d data_tmpfs_log_file:file create_file_perms;
|