53 lines
2.1 KiB
Plaintext
53 lines
2.1 KiB
Plaintext
# ==============================================
|
|
# Policy File of /system/binpermission_check Executable File
|
|
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
type permission_check_exec , exec_type, file_type;
|
|
type permission_check ,domain;
|
|
|
|
# ==============================================
|
|
# Android Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# NSA Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
#permissive permission_check;
|
|
init_daemon_domain(permission_check)
|
|
#unconfined_domain(permission_check)
|
|
|
|
allow permission_check persist_md_prop: property_service set;
|
|
|
|
allow permission_check init:unix_stream_socket connectto;
|
|
allow permission_check nvram_data_file:dir { rw_dir_perms setattr };
|
|
allow permission_check nvram_data_file:file { write create open setattr getattr };
|
|
allow permission_check nvram_data_file:lnk_file read;
|
|
allow permission_check nvdata_file:dir { rw_dir_perms setattr };
|
|
allow permission_check nvdata_file:file { write create open setattr getattr };
|
|
|
|
allow permission_check property_socket:sock_file write;
|
|
|
|
allow permission_check protect_f_data_file:dir { read getattr open setattr search };
|
|
allow permission_check protect_s_data_file:dir { read getattr open setattr search };
|
|
allow permission_check protect_f_data_file:file { getattr setattr };
|
|
allow permission_check protect_s_data_file:file { getattr setattr };
|
|
|
|
allow permission_check self:capability { fowner chown dac_override fsetid };
|
|
allow permission_check shell_exec:file { read execute open execute_no_trans };
|
|
allow permission_check system_file:file { read getattr open execute execute_no_trans };
|
|
|
|
allow permission_check ccci_cfg_file:dir create_dir_perms;
|
|
allow permission_check ccci_cfg_file:file create_file_perms;
|
|
|
|
allow permission_check mdlog_data_file:dir { read search setattr open };
|
|
allow permission_check mdlog_data_file:fifo_file setattr;
|
|
allow permission_check mdlog_data_file:file setattr; |