97 lines
3.5 KiB
Plaintext
97 lines
3.5 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# Date : WK14.37
|
|
# Operation : Migration
|
|
# Purpose : Access 'OMADM_USB' nvram
|
|
allow vold nvram_data_file:file { read getattr open write create setattr};
|
|
allow vold nvram_data_file:lnk_file read;
|
|
allow vold nvram_data_file:dir { read open write add_name create getattr setattr search};
|
|
allow vold nvdata_file:file { read getattr open write create setattr};
|
|
allow vold nvdata_file:dir { read ioctl open write add_name create getattr setattr search};
|
|
allow vold nvram_device:chr_file { read write open };
|
|
allow vold platformblk_device:blk_file { read write open };
|
|
allow vold platformblk_device:dir search;
|
|
allow vold proc:file write;
|
|
|
|
# Date : WK14.37
|
|
# Operation : Migration
|
|
# Purpose : re-init ExternalSD
|
|
allow vold misc_sd_device:chr_file { read ioctl open };
|
|
|
|
|
|
# Date : WK14.38
|
|
# Operation : Migration
|
|
# Purpose : encrypt phone
|
|
allow vold kernel:system module_request;
|
|
allow vold misc_device:chr_file { write open };
|
|
allow vold platformblk_device:blk_file { ioctl getattr };
|
|
allow vold zram0_device:blk_file getattr;
|
|
|
|
# Date : WK14.38
|
|
# Operation : Migration
|
|
# Purpose : symbolic link for /data/ext_sdcard_tool
|
|
allow vold system_data_file:lnk_file { create unlink };
|
|
|
|
# Date : WK14.40
|
|
# Operation : Migration
|
|
# Purpose : multi partition
|
|
allow vold sdcardd_exec:file { read open execute execute_no_trans };
|
|
allow vold self:capability { sys_resource setgid setuid };
|
|
allow vold install_data_file:file { read open };
|
|
allow vold fuse_device:chr_file { read write open };
|
|
allow vold system_data_file:file open;
|
|
|
|
# Date : WK14.40
|
|
# Operation : Migration
|
|
# Purpose : ptrace process
|
|
allow vold mediaserver:process ptrace;
|
|
|
|
# Date : WK14.43
|
|
# Purpose : grant permission to /protect_f and /protect_s for the command, fstrim dotrim
|
|
allow vold protect_f_data_file:dir { read getattr open ioctl };
|
|
allow vold protect_s_data_file:dir { read getattr open ioctl };
|
|
allow vold persist_data_file:dir { read getattr open ioctl };
|
|
|
|
# Date : WK14.44
|
|
# Operation : Migration
|
|
allow vold proc_lk_env:file { read write open ioctl};
|
|
allow vold media_rw_data_file:dir { read open };
|
|
|
|
# Date : WK14.46
|
|
# Operation : allow sdcard create tmpfs link file
|
|
allow vold tmpfs:lnk_file create;
|
|
|
|
# Date : WK14.46
|
|
# Operation : copy the logs in /data(tmpfs) to real userdata partition
|
|
allow vold logtemp_data_file:dir { read open getattr search};
|
|
allow vold logtemp_data_file:file { read getattr open };
|
|
allow vold logmisc_data_file:dir { read open getattr search};
|
|
allow vold logmisc_data_file:file { read getattr open };
|
|
allow vold mdlog_data_file:dir { read open getattr search};
|
|
allow vold mdlog_data_file:file { read getattr open };
|
|
allow vold aee_exp_data_file:dir { read open getattr search};
|
|
allow vold aee_exp_data_file:file { read getattr open };
|
|
allow vold data_tmpfs_log_file:dir { setattr getattr read create write rmdir relabelto remove_name open add_name search};
|
|
allow vold data_tmpfs_log_file:file { write setattr getattr relabelto create unlink open };
|
|
# mount crypto block device to /data/tmp_mnt/data_tmpfs_log and restorecon
|
|
allow vold system_data_file:dir { relabelfrom relabelto setattr };
|
|
allow vold system_data_file:file { relabelto };
|
|
|
|
# Date : WK14.49
|
|
# Purpose : ptrace process
|
|
allow vold platform_app:process ptrace;
|
|
allow vold mobile_log_d:process ptrace;
|
|
|
|
# Date : WK14.50
|
|
# Purpose : read/write sys env
|
|
allow vold misc_device:chr_file read;
|
|
|
|
# Date : WK15.02
|
|
# Purpose : fsck_msdos
|
|
allow vold platform_app:fd use;
|
|
|
|
#install APK move to SD
|
|
allow vold block_device:file create;
|