fire855
Mister Oyster
parent
29502e9317
commit
8cba3a9b67
|
|
@ -1,6 +1,7 @@
|
|||
# nvram
|
||||
allow audioserver nvdata_file:dir rw_dir_perms;
|
||||
allow audioserver nvdata_file:file create_file_perms;
|
||||
allow audioserver nvdata_file:lnk_file r_file_perms;
|
||||
allow audioserver ccci_device:chr_file rw_file_perms;
|
||||
|
||||
# Audio
|
||||
|
|
|
|||
|
|
@ -4,5 +4,6 @@ allow bluetooth stpbt_device:chr_file rw_file_perms;
|
|||
# Allow nvram access
|
||||
allow bluetooth nvdata_file:dir search;
|
||||
allow bluetooth nvdata_file:file rw_file_perms;
|
||||
allow bluetooth nvdata_file:lnk_file r_file_perms;
|
||||
|
||||
allow bluetooth block_device:dir search;
|
||||
allow bluetooth block_device:dir search;
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ allow cameraserver proc:file { read ioctl open };
|
|||
allow cameraserver devmap_device:chr_file { ioctl r_file_perms };
|
||||
allow cameraserver sysfs_devinfo:file rw_file_perms;
|
||||
allow cameraserver sysfs_membw:file rw_file_perms;
|
||||
allow cameraserver proc_meminfo:file { open read getattr };
|
||||
|
||||
# PQ
|
||||
allow cameraserver pq_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -8,10 +8,11 @@ allow ccci_fsd ccci_cfg_file:dir create_dir_perms;
|
|||
allow ccci_fsd ccci_cfg_file:file create_file_perms;
|
||||
allow ccci_fsd nvdata_file:dir create_dir_perms;
|
||||
allow ccci_fsd nvdata_file:file create_file_perms;
|
||||
allow ccci_fsd nvdata_file:lnk_file r_file_perms;
|
||||
allow ccci_fsd protect_f_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_f_data_file:file create_file_perms;
|
||||
allow ccci_fsd protect_s_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_s_data_file:file create_file_perms;
|
||||
allow ccci_fsd sysfs_ccci:file rw_file_perms;
|
||||
allow ccci_fsd sysfs_ccci:dir search;
|
||||
allow ccci_fsd sysfs_wake_lock:file rw_file_perms;
|
||||
allow ccci_fsd sysfs_wake_lock:file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
|
|||
allow ccci_mdinit ccci_cfg_file:file create_file_perms;
|
||||
allow ccci_mdinit nvdata_file:dir rw_dir_perms;
|
||||
allow ccci_mdinit nvdata_file:file create_file_perms;
|
||||
allow ccci_mdinit nvdata_file:lnk_file r_file_perms;
|
||||
allow ccci_mdinit sysfs_ccci:dir search;
|
||||
allow ccci_mdinit sysfs_ccci:file rw_file_perms;
|
||||
allow ccci_mdinit sysfs_wake_lock:file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -31,4 +31,5 @@ type nvdata_device, dev_type;
|
|||
type protect1_device, dev_type;
|
||||
type protect2_device, dev_type;
|
||||
type logo_block_device, dev_type;
|
||||
type para_block_device, dev_type;
|
||||
type mmc_device, dev_type;
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ type proc_wmt, fs_type;
|
|||
|
||||
type agpsd_socket, file_type;
|
||||
type mnld_socket, file_type;
|
||||
type mal_mfi_socket, file_type;
|
||||
|
||||
# akmd
|
||||
type akmd_access_file1, file_type,data_file_type;
|
||||
|
|
|
|||
|
|
@ -1,31 +1,31 @@
|
|||
# Services
|
||||
/system/bin/6620_launcher u:object_r:conn_launcher_exec:s0
|
||||
/system/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
|
||||
/system/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
|
||||
/system/bin/md_ctrl u:object_r:md_ctrl_exec:s0
|
||||
/system/bin/fuelgauged u:object_r:fuelgauged_exec:s0
|
||||
/system/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
|
||||
/system/xbin/mnld u:object_r:mnld_exec:s0
|
||||
/system/bin/muxreport u:object_r:muxreport_exec:s0
|
||||
/system/bin/msensord u:object_r:msensord_exec:s0
|
||||
/system/bin/akmd09911 u:object_r:akmd09911_exec:s0
|
||||
/system/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
|
||||
/system/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
|
||||
/system/bin/pq u:object_r:pq_exec:s0
|
||||
/system/bin/terservice u:object_r:terservice_exec:s0
|
||||
/system/bin/thermal_manager u:object_r:thermal_manager_exec:s0
|
||||
/system/bin/mtkrild u:object_r:ril-daemon-mtk_exec:s0
|
||||
/system/bin/wifi2agps u:object_r:wifi2agps_exec:s0
|
||||
/system/bin/wmt_loader u:object_r:wmt_loader_exec:s0
|
||||
/system/bin/em_svr u:object_r:em_svr_exec:s0
|
||||
/system/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/md_ctrl u:object_r:md_ctrl_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/fuelgauged u:object_r:fuelgauged_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
|
||||
/(system|system\/vendor|vendor)xbin/mnld u:object_r:mnld_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/muxreport u:object_r:muxreport_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/msensord u:object_r:msensord_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/akmd09911 u:object_r:akmd09911_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/pq u:object_r:pq_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/terservice u:object_r:terservice_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/thermal_manager u:object_r:thermal_manager_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/mtkrild u:object_r:ril-daemon-mtk_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/wifi2agps u:object_r:wifi2agps_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/wmt_loader u:object_r:wmt_loader_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/em_svr u:object_r:em_svr_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
|
||||
|
||||
# Meizupshelper
|
||||
/system/bin/meizupshelper u:object_r:meizupshelper_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/meizupshelper u:object_r:meizupshelper_exec:s0
|
||||
|
||||
# Meta mode
|
||||
/system/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/system/bin/factory u:object_r:factory_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/(system|system\/vendor|vendor)bin/factory u:object_r:factory_exec:s0
|
||||
|
||||
# Files from firmware/nv partitions
|
||||
/protect_f(/.*)? u:object_r:protect_f_data_file:s0
|
||||
|
|
@ -80,6 +80,7 @@
|
|||
/dev/socket/rild-mtk-ut u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-ut-2 u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-oem u:object_r:rild_socket:s0
|
||||
/dev/socket/mal-mfi u:object_r:mal_mfi_socket:s0
|
||||
/dev/socket/agpsd u:object_r:agpsd_socket:s0
|
||||
/dev/socket/agpsd[2-3] u:object_r:agpsd_socket:s0
|
||||
/dev/socket/mnld u:object_r:mnld_socket:s0
|
||||
|
|
@ -100,6 +101,7 @@
|
|||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/recovery u:object_r:recovery_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/para u:object_r:para_block_device:s0
|
||||
/dev/block/mmcblk1 u:object_r:mmc_device:s0
|
||||
/dev/block/zram0 u:object_r:swap_block_device:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
type ged_srv, domain, domain_deprecated;
|
||||
type ged_srv_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(ged_srv)
|
||||
|
||||
binder_use(ged_srv)
|
||||
binder_service(ged_srv)
|
||||
binder_call(ged_srv, system_server)
|
||||
|
||||
allow ged_srv servicemanager:binder call;
|
||||
allow ged_srv surfaceflinger:binder call;
|
||||
allow ged_srv surfaceflinger_service:service_manager find;
|
||||
allow ged_srv self:netlink_kobject_uevent_socket { bind create setopt read};
|
||||
|
|
@ -6,6 +6,8 @@ allow init nvdata_device:blk_file write;
|
|||
allow init protect1_device:blk_file write;
|
||||
allow init protect2_device:blk_file write;
|
||||
|
||||
allow init socket_device:sock_file { create setattr unlink };
|
||||
|
||||
allow init perf_control_sysfs:file getattr;
|
||||
|
||||
allow init tmpfs:lnk_file { create unlink };
|
||||
|
|
|
|||
|
|
@ -11,9 +11,13 @@ allow mediacodec proc:file { ioctl getattr open read };
|
|||
|
||||
allow mediacodec sysfs:file { open read write };
|
||||
allow mediacodec sysfs_devinfo:file { open read write };
|
||||
|
||||
# proc/meminfo
|
||||
allow mediacodec proc_meminfo:file { getattr open read };
|
||||
|
||||
allow mediacodec property_socket:sock_file write;
|
||||
allow mediacodec init:unix_stream_socket connectto;
|
||||
|
||||
# M4U
|
||||
allow mediacodec M4U_device_device:chr_file rw_file_perms;
|
||||
|
||||
# PQ
|
||||
allow mediacodec pq_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ allow mnld mnld_data_file:file create_file_perms;
|
|||
|
||||
allow mnld nvdata_file:dir rw_dir_perms;
|
||||
allow mnld nvdata_file:file create_file_perms;
|
||||
allow mnld nvdata_file:lnk_file r_file_perms;
|
||||
allow mnld nvram_device:blk_file rw_file_perms;
|
||||
|
||||
allow mnld sysfs_gps_file:dir search;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
type mtkmal_exec, exec_type, file_type;
|
||||
type mtkmal, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(mtkmal)
|
||||
|
||||
allow mtkmal init:unix_stream_socket connectto;
|
||||
allow mtkmal property_socket:sock_file write;
|
||||
allow mtkmal mal_mfi_socket:sock_file write;
|
||||
|
||||
allow mtkmal self:capability { setuid setgid };
|
||||
|
|
@ -1,2 +1,4 @@
|
|||
# Wifi
|
||||
allow netd wmtWifi_device:chr_file w_file_perms;
|
||||
|
||||
allow netd self:capability sys_module;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ allow nvram_daemon nvram_device:blk_file rw_file_perms;
|
|||
allow nvram_daemon nvdata_device:blk_file rw_file_perms;
|
||||
allow nvram_daemon nvdata_file:dir create_dir_perms;
|
||||
allow nvram_daemon nvdata_file:file create_file_perms;
|
||||
allow nvram_daemon nvdata_file:lnk_file r_file_perms;
|
||||
allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
|
||||
allow nvram_daemon als_ps_device:chr_file r_file_perms;
|
||||
allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -1 +1,7 @@
|
|||
allow platform_app sysfs_devinfo:file { open read };
|
||||
|
||||
# Guiext
|
||||
allow platform_app guiext-server_service:service_manager find;
|
||||
|
||||
# PQ
|
||||
allow platform_app pq_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# Guiext
|
||||
allow priv_app guiext-server_service:service_manager find;
|
||||
|
||||
# PQ
|
||||
allow priv_app pq_service:service_manager find;
|
||||
|
|
@ -10,10 +10,15 @@ allow ril-daemon-mtk self:capability setuid;
|
|||
allow ril-daemon-mtk sysfs_wake_lock:file rw_file_perms;
|
||||
allow ril-daemon-mtk sysfs_ccci:dir search;
|
||||
allow ril-daemon-mtk sysfs_ccci:file r_file_perms;
|
||||
allow ril-daemon-mtk block_device:dir search;
|
||||
allow ril-daemon-mtk para_block_device:blk_file rw_file_perms;
|
||||
|
||||
allow ril-daemon-mtk self:udp_socket create_socket_perms;
|
||||
allow ril-daemon-mtk self:capability { setuid net_admin net_raw };
|
||||
|
||||
allow ril-daemon-mtk mal_mfi_socket:sock_file { w_file_perms };
|
||||
allow ril-daemon-mtk mtkmal:unix_stream_socket connectto;
|
||||
|
||||
allow ril-daemon-mtk radio_device:dir search;
|
||||
allow ril-daemon-mtk radio_prop:property_service set;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,2 +1,3 @@
|
|||
type pq_service, service_manager_type;
|
||||
type nvram_agent_service, service_manager_type;
|
||||
type guiext-server_service, service_manager_type;
|
||||
type nvram_agent_service, service_manager_type;
|
||||
|
|
|
|||
|
|
@ -1,2 +1,3 @@
|
|||
PQ u:object_r:pq_service:s0
|
||||
NvRAMAgent u:object_r:nvram_agent_service:s0
|
||||
GuiExtService u:object_r:guiext-server_service:s0
|
||||
NvRAMAgent u:object_r:nvram_agent_service:s0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
allow surfaceflinger pq_service:service_manager find;
|
||||
|
||||
allow surfaceflinger guiext-server_service:service_manager { find add };
|
||||
|
||||
allow surfaceflinger debug_prop:property_service set;
|
||||
|
||||
allow surfaceflinger mtk_smi_device:chr_file { read write open ioctl };
|
||||
|
|
|
|||
|
|
@ -20,3 +20,6 @@ allow system_server sysfs_devinfo:file { open read };
|
|||
|
||||
# Debugfs
|
||||
allow system_server debugfs:dir r_file_perms;
|
||||
|
||||
# Guiext
|
||||
allow system_server guiext-server_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
type thermal_exec, exec_type, file_type;
|
||||
type thermal, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermal)
|
||||
|
||||
allow thermal proc_thermal:dir search;
|
||||
allow thermal proc_thermal:file rw_file_perms;
|
||||
allow thermal rild_socket:sock_file w_file_perms;
|
||||
|
||||
allow thermal ril-daemon-mtk:unix_stream_socket connectto;
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
type thermald_exec, exec_type, file_type;
|
||||
type thermald, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermald)
|
||||
|
||||
allow thermald proc_thermal:dir search;
|
||||
allow thermald proc_thermal:file rw_file_perms;
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
type thermalloadalgo_exec, exec_type, file_type;
|
||||
type thermalloadalgo, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermalloadalgo)
|
||||
|
||||
allow thermalloadalgo thermalloadalgo:netlink_socket { create bind write read };
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
# PQ
|
||||
allow untrusted_app pq_service:service_manager find;
|
||||
Loading…
Reference in New Issue