blob: 1de109df1e13a6b9258e8f2e57c6af6bc5c90861 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
# ==============================================
# Policy File of /system/binmtkbt Executable File
# ==============================================
# Type Declaration
# ==============================================
type mtkbt_exec , exec_type, file_type;
type mtkbt ,domain;
# ==============================================
# Android Policy Rule
# ==============================================
# ==============================================
# NSA Policy Rule
# ==============================================
# ==============================================
# MTK Policy Rule
# ==============================================
# permissive mtkbt;
init_daemon_domain(mtkbt)
# unconfined_domain(mtkbt)
# Data : WK14.36
# Operation : Migration
# Purpose : Bt host stack files access & IPC mechanism
allow mtkbt platformblk_device:blk_file { read write open };
allow mtkbt self:udp_socket { create ioctl };
# Date : WK14.37
# Operation : Migration
# Purpose : Bt host stack binder access & IPC mechanism
binder_use(mtkbt)
# Date : WK14.43
# Operation : Migration
# Purpose : Bt host stack binder access & IPC mechanism
allow mtkbt bluetooth_service:service_manager add;
# result of audit2allow
allow mtkbt nvram_data_file:file { create setattr read write getattr open };
allow mtkbt nvram_data_file:lnk_file read;
allow mtkbt nvram_data_file:dir { write add_name search};
allow mtkbt nvdata_file:file { create setattr read write getattr open };
allow mtkbt nvdata_file:dir { write add_name search };
allow mtkbt block_device:dir search;
allow mtkbt bt_data_file:dir search;
allow mtkbt bt_int_adp_socket:sock_file write;
allow mtkbt platformblk_device:dir search;
allow mtkbt self:netlink_socket { write bind create setopt };
allow mtkbt sn:dir search;
allow mtkbt sn:file { read getattr open };
allow mtkbt sysfs_wake_lock:file { read write open };
allow mtkbt MtkCodecService:dir search;
allow mtkbt MtkCodecService:file { read getattr open };
allow mtkbt aal:dir search;
allow mtkbt aal:file { read getattr open };
allow mtkbt atci_service:dir search;
allow mtkbt atci_service:file { read getattr open };
allow mtkbt atcid:dir search;
allow mtkbt atcid:file { read getattr open };
allow mtkbt autokd:dir search;
allow mtkbt autokd:file { read getattr open };
allow mtkbt batterywarning:dir search;
allow mtkbt batterywarning:file { read getattr open };
allow mtkbt bluetooth:unix_dgram_socket sendto;
allow mtkbt bt_data_file:dir { write getattr read remove_name open add_name };
allow mtkbt bt_data_file:file { write getattr read create unlink open append};
allow mtkbt bluetooth:binder transfer;
allow mtkbt bt_data_file:dir create;
allow mtkbt bluetooth_data_file:dir search;
allow mtkbt system_data_file:dir write;
allow mtkbt system_data_file:dir add_name;
allow mtkbt ccci_fsd:dir search;
allow mtkbt ccci_fsd:file { read getattr open };
allow mtkbt ccci_mdinit:dir search;
allow mtkbt ccci_mdinit:file { read getattr open };
allow mtkbt debuggerd:dir search;
allow mtkbt debuggerd:file { read getattr open };
allow mtkbt drmserver:dir search;
allow mtkbt drmserver:file { read getattr open };
allow mtkbt em_svr:dir search;
allow mtkbt em_svr:file { read getattr open };
allow mtkbt geomagneticd:dir search;
allow mtkbt geomagneticd:file { read getattr open };
allow mtkbt guiext-server:dir search;
allow mtkbt guiext-server:file { read getattr open };
allow mtkbt healthd:dir search;
allow mtkbt healthd:file { read getattr open };
allow mtkbt init:dir search;
allow mtkbt init:file { read getattr open };
allow mtkbt init:unix_stream_socket connectto;
allow mtkbt installd:dir search;
allow mtkbt installd:file { read getattr open };
allow mtkbt kernel:dir search;
allow mtkbt kernel:file { read getattr open };
allow mtkbt keystore:dir search;
allow mtkbt keystore:file { read getattr open };
allow mtkbt lmkd:dir search;
allow mtkbt lmkd:file { read getattr open };
allow mtkbt logd:dir search;
allow mtkbt logd:file { read getattr open };
allow mtkbt mediaserver:dir search;
allow mtkbt mediaserver:file { read getattr open };
allow mtkbt mnld:dir search;
allow mtkbt mnld:file { read getattr open };
allow mtkbt mobile_log_d:dir search;
allow mtkbt mobile_log_d:file { read getattr open };
allow mtkbt mtk_6620_launcher:dir search;
allow mtkbt mtk_6620_launcher:file { read getattr open };
allow mtkbt mtk_agpsd:dir search;
allow mtkbt mtk_agpsd:file { read getattr open };
allow mtkbt netd:dir search;
allow mtkbt netd:file { read getattr open };
allow mtkbt netdiag:dir search;
allow mtkbt netdiag:file { read getattr open };
allow mtkbt nvram_agent_binder:dir search;
allow mtkbt nvram_agent_binder:file { read getattr open };
allow mtkbt orientationd:dir search;
allow mtkbt orientationd:file { read getattr open };
allow mtkbt ppl_agent:dir search;
allow mtkbt ppl_agent:file { read getattr open };
allow mtkbt proc_mtkcooler:dir search;
allow mtkbt proc_mtktz:dir search;
allow mtkbt property_socket:sock_file write;
allow mtkbt resmon:dir search;
allow mtkbt resmon:file { read getattr open };
allow mtkbt self:capability net_admin;
allow mtkbt self:netlink_socket read;
allow mtkbt self:tun_socket create;
allow mtkbt servicemanager:dir search;
allow mtkbt servicemanager:file { read getattr open };
allow mtkbt shell:dir search;
allow mtkbt shell:file { read getattr open };
allow mtkbt stpbt_device:chr_file { read write ioctl getattr open };
allow mtkbt surfaceflinger:dir search;
allow mtkbt surfaceflinger:file { read getattr open };
allow mtkbt thermal:dir search;
allow mtkbt thermal:file { read getattr open };
allow mtkbt thermald:dir search;
allow mtkbt thermald:file { read getattr open };
allow mtkbt tun_device:chr_file { read write ioctl open };
allow mtkbt ueventd:dir search;
allow mtkbt ueventd:file { read getattr open };
allow mtkbt uhid_device:chr_file { read write open };
allow mtkbt vold:dir search;
allow mtkbt vold:file { read getattr open };
allow mtkbt wifi2agps:dir search;
allow mtkbt wifi2agps:file { read getattr open };
allow mtkbt zygote:dir search;
allow mtkbt zygote:file { read getattr open };
userdebug_or_eng(`
allow mtkbt su:dir search;
allow mtkbt su:file { read getattr open };
')
# prop
allow mtkbt bt_prop:property_service set;
allow mtkbt persist_bt_prop:property_service set;
# add for ftp to create file on sdcard
allow mtkbt tmpfs:lnk_file read;
# add for BPP
allow mtkbt bluetooth_data_file:file { read open getattr};
allow mtkbt system_data_file:dir create;
allow mtkbt fuse:dir { search write add_name write getattr read remove_name open };
allow mtkbt fuse:file { read open getattr write create unlink };
allow mtkbt system_data_file:dir { read remove_name };
allow mtkbt nvram_device:chr_file open;
|
