174 lines
6.5 KiB
Plaintext
174 lines
6.5 KiB
Plaintext
# ==============================================
|
|
# Policy File of /system/binmtkbt Executable File
|
|
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
type mtkbt_exec , exec_type, file_type;
|
|
type mtkbt ,domain;
|
|
|
|
# ==============================================
|
|
# Android Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# NSA Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# permissive mtkbt;
|
|
init_daemon_domain(mtkbt)
|
|
# unconfined_domain(mtkbt)
|
|
|
|
# Data : WK14.36
|
|
# Operation : Migration
|
|
# Purpose : Bt host stack files access & IPC mechanism
|
|
allow mtkbt platformblk_device:blk_file { read write open };
|
|
allow mtkbt self:udp_socket { create ioctl };
|
|
# Date : WK14.37
|
|
# Operation : Migration
|
|
# Purpose : Bt host stack binder access & IPC mechanism
|
|
binder_use(mtkbt)
|
|
# Date : WK14.43
|
|
# Operation : Migration
|
|
# Purpose : Bt host stack binder access & IPC mechanism
|
|
allow mtkbt bluetooth_service:service_manager add;
|
|
|
|
# result of audit2allow
|
|
allow mtkbt nvram_data_file:file { create setattr read write getattr open };
|
|
allow mtkbt nvram_data_file:lnk_file read;
|
|
allow mtkbt nvram_data_file:dir { write add_name search};
|
|
allow mtkbt nvdata_file:file { create setattr read write getattr open };
|
|
allow mtkbt nvdata_file:dir { write add_name search };
|
|
|
|
allow mtkbt block_device:dir search;
|
|
allow mtkbt bt_data_file:dir search;
|
|
allow mtkbt bt_int_adp_socket:sock_file write;
|
|
allow mtkbt platformblk_device:dir search;
|
|
allow mtkbt self:netlink_socket { write bind create setopt };
|
|
allow mtkbt sn:dir search;
|
|
allow mtkbt sn:file { read getattr open };
|
|
allow mtkbt sysfs_wake_lock:file { read write open };
|
|
allow mtkbt MtkCodecService:dir search;
|
|
allow mtkbt MtkCodecService:file { read getattr open };
|
|
allow mtkbt aal:dir search;
|
|
allow mtkbt aal:file { read getattr open };
|
|
allow mtkbt atci_service:dir search;
|
|
allow mtkbt atci_service:file { read getattr open };
|
|
allow mtkbt atcid:dir search;
|
|
allow mtkbt atcid:file { read getattr open };
|
|
allow mtkbt autokd:dir search;
|
|
allow mtkbt autokd:file { read getattr open };
|
|
allow mtkbt batterywarning:dir search;
|
|
allow mtkbt batterywarning:file { read getattr open };
|
|
allow mtkbt bluetooth:unix_dgram_socket sendto;
|
|
allow mtkbt bt_data_file:dir { write getattr read remove_name open add_name };
|
|
allow mtkbt bt_data_file:file { write getattr read create unlink open append};
|
|
allow mtkbt bluetooth:binder transfer;
|
|
allow mtkbt bt_data_file:dir create;
|
|
allow mtkbt bluetooth_data_file:dir search;
|
|
allow mtkbt system_data_file:dir write;
|
|
allow mtkbt system_data_file:dir add_name;
|
|
allow mtkbt ccci_fsd:dir search;
|
|
allow mtkbt ccci_fsd:file { read getattr open };
|
|
allow mtkbt ccci_mdinit:dir search;
|
|
allow mtkbt ccci_mdinit:file { read getattr open };
|
|
allow mtkbt debuggerd:dir search;
|
|
allow mtkbt debuggerd:file { read getattr open };
|
|
allow mtkbt drmserver:dir search;
|
|
allow mtkbt drmserver:file { read getattr open };
|
|
allow mtkbt em_svr:dir search;
|
|
allow mtkbt em_svr:file { read getattr open };
|
|
allow mtkbt geomagneticd:dir search;
|
|
allow mtkbt geomagneticd:file { read getattr open };
|
|
allow mtkbt guiext-server:dir search;
|
|
allow mtkbt guiext-server:file { read getattr open };
|
|
allow mtkbt healthd:dir search;
|
|
allow mtkbt healthd:file { read getattr open };
|
|
allow mtkbt init:dir search;
|
|
allow mtkbt init:file { read getattr open };
|
|
allow mtkbt init:unix_stream_socket connectto;
|
|
allow mtkbt installd:dir search;
|
|
allow mtkbt installd:file { read getattr open };
|
|
allow mtkbt kernel:dir search;
|
|
allow mtkbt kernel:file { read getattr open };
|
|
allow mtkbt keystore:dir search;
|
|
allow mtkbt keystore:file { read getattr open };
|
|
allow mtkbt lmkd:dir search;
|
|
allow mtkbt lmkd:file { read getattr open };
|
|
allow mtkbt logd:dir search;
|
|
allow mtkbt logd:file { read getattr open };
|
|
allow mtkbt mediaserver:dir search;
|
|
allow mtkbt mediaserver:file { read getattr open };
|
|
allow mtkbt mnld:dir search;
|
|
allow mtkbt mnld:file { read getattr open };
|
|
allow mtkbt mobile_log_d:dir search;
|
|
allow mtkbt mobile_log_d:file { read getattr open };
|
|
allow mtkbt mtk_6620_launcher:dir search;
|
|
allow mtkbt mtk_6620_launcher:file { read getattr open };
|
|
allow mtkbt mtk_agpsd:dir search;
|
|
allow mtkbt mtk_agpsd:file { read getattr open };
|
|
allow mtkbt netd:dir search;
|
|
allow mtkbt netd:file { read getattr open };
|
|
allow mtkbt netdiag:dir search;
|
|
allow mtkbt netdiag:file { read getattr open };
|
|
allow mtkbt nvram_agent_binder:dir search;
|
|
allow mtkbt nvram_agent_binder:file { read getattr open };
|
|
allow mtkbt orientationd:dir search;
|
|
allow mtkbt orientationd:file { read getattr open };
|
|
allow mtkbt ppl_agent:dir search;
|
|
allow mtkbt ppl_agent:file { read getattr open };
|
|
allow mtkbt proc_mtkcooler:dir search;
|
|
allow mtkbt proc_mtktz:dir search;
|
|
allow mtkbt property_socket:sock_file write;
|
|
allow mtkbt resmon:dir search;
|
|
allow mtkbt resmon:file { read getattr open };
|
|
allow mtkbt self:capability net_admin;
|
|
allow mtkbt self:netlink_socket read;
|
|
allow mtkbt self:tun_socket create;
|
|
allow mtkbt servicemanager:dir search;
|
|
allow mtkbt servicemanager:file { read getattr open };
|
|
allow mtkbt shell:dir search;
|
|
allow mtkbt shell:file { read getattr open };
|
|
allow mtkbt stpbt_device:chr_file { read write ioctl getattr open };
|
|
allow mtkbt surfaceflinger:dir search;
|
|
allow mtkbt surfaceflinger:file { read getattr open };
|
|
allow mtkbt thermal:dir search;
|
|
allow mtkbt thermal:file { read getattr open };
|
|
allow mtkbt thermald:dir search;
|
|
allow mtkbt thermald:file { read getattr open };
|
|
allow mtkbt tun_device:chr_file { read write ioctl open };
|
|
allow mtkbt ueventd:dir search;
|
|
allow mtkbt ueventd:file { read getattr open };
|
|
allow mtkbt uhid_device:chr_file { read write open };
|
|
allow mtkbt vold:dir search;
|
|
allow mtkbt vold:file { read getattr open };
|
|
allow mtkbt wifi2agps:dir search;
|
|
allow mtkbt wifi2agps:file { read getattr open };
|
|
allow mtkbt zygote:dir search;
|
|
allow mtkbt zygote:file { read getattr open };
|
|
userdebug_or_eng(`
|
|
allow mtkbt su:dir search;
|
|
allow mtkbt su:file { read getattr open };
|
|
')
|
|
|
|
# prop
|
|
allow mtkbt bt_prop:property_service set;
|
|
allow mtkbt persist_bt_prop:property_service set;
|
|
|
|
# add for ftp to create file on sdcard
|
|
allow mtkbt tmpfs:lnk_file read;
|
|
|
|
# add for BPP
|
|
allow mtkbt bluetooth_data_file:file { read open getattr};
|
|
allow mtkbt system_data_file:dir create;
|
|
allow mtkbt fuse:dir { search write add_name write getattr read remove_name open };
|
|
allow mtkbt fuse:file { read open getattr write create unlink };
|
|
|
|
allow mtkbt system_data_file:dir { read remove_name };
|
|
allow mtkbt nvram_device:chr_file open; |