sepolicy: switch to a better policy
* sepolicy: switch to CM sepolicy fixed by MAD team * sepolicy: remove fm & nfc rules * sepolicy: add akmd09911 and remove other sensors
This commit is contained in:
Mister Oyster
parent
9e1036e31d
commit
e876841aa8
|
|
@ -1,11 +1,11 @@
|
|||
# akmd09911
|
||||
type akmd09911_exec, exec_type, file_type;
|
||||
type akmd09911, domain;
|
||||
type akmd09911, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(akmd09911)
|
||||
|
||||
allow akmd09911 msensor_device:chr_file rw_file_perms;
|
||||
allow akmd09911 gsensor_device:chr_file rw_file_perms;;
|
||||
allow akmd09911 gsensor_device:chr_file rw_file_perms;
|
||||
allow akmd09911 input_device:dir { search open read write };
|
||||
allow akmd09911 input_device:file { open read };
|
||||
allow akmd09911 akmd_access_file1:file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
attribute mtk_property_type;
|
||||
|
|
@ -1,19 +1,11 @@
|
|||
# audioserver - audio services
|
||||
# Nvram / Nvdata
|
||||
allow audioserver nvdata_file:dir search;
|
||||
allow audioserver nvdata_file:file getattr;
|
||||
allow audioserver nvram_data_file:file { read write open getattr setattr create };
|
||||
allow audioserver nvram_data_file:dir { write add_name };
|
||||
# nvram
|
||||
allow audioserver nvdata_file:dir rw_dir_perms;
|
||||
allow audioserver nvdata_file:file create_file_perms;
|
||||
allow audioserver ccci_device:chr_file rw_file_perms;
|
||||
|
||||
allow audioserver audiohal_prop:file r_file_perms;
|
||||
|
||||
allow audioserver ccci_device:chr_file { read write open ioctl };
|
||||
|
||||
allow audioserver platformblk_device:dir search;
|
||||
|
||||
allow audioserver sysfs:file { read open };
|
||||
allow audioserver rootfs:lnk_file { getattr };
|
||||
|
||||
# Socket
|
||||
allow audioserver property_socket:sock_file { write };
|
||||
allow audioserver init:unix_stream_socket { connectto };
|
||||
# Audio
|
||||
allow audioserver sysfs:file { open read write };
|
||||
allow audioserver sysfs_devinfo:file { open read write };
|
||||
allow audioserver sysfs_ccci:file r_file_perms;
|
||||
allow audioserver sysfs_ccci:dir search;
|
||||
allow audioserver audiohal_prop:property_service set;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# Mtk sdcardfs fix
|
||||
allow blkid_untrusted voldblk_device:blk_file { getattr ioctl open read };
|
||||
|
|
@ -1,22 +1,8 @@
|
|||
# bluetooth
|
||||
# Nvram / Nvdata
|
||||
# Allow access to the hardware node
|
||||
allow bluetooth stpbt_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow nvram access
|
||||
allow bluetooth nvdata_file:dir search;
|
||||
allow bluetooth nvdata_file:file rw_file_perms;
|
||||
|
||||
allow bluetooth mediaserver:unix_dgram_socket sendto;
|
||||
allow bluetooth init:unix_dgram_socket sendto;
|
||||
|
||||
allow bluetooth bt_data_file:dir { write add_name remove_name search};
|
||||
allow bluetooth bt_data_file:file { open read write create setattr getattr append unlink rename};
|
||||
|
||||
allow bluetooth platform_app_tmpfs:file write;
|
||||
|
||||
allow bluetooth platformblk_device:dir search;
|
||||
|
||||
# Mtk fix
|
||||
allow bluetooth stpbt_device:chr_file { open read write };
|
||||
allow bluetooth wmt_prop:file { getattr open read };
|
||||
|
||||
# bt prop
|
||||
allow bluetooth bt_prop:file { getattr open read };
|
||||
allow bluetooth persist_bt_prop:file { getattr open read };
|
||||
allow bluetooth block_device:dir search;
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
# Bootanim.te
|
||||
allow bootanim self:netlink_socket create_socket_perms;
|
||||
|
||||
allow bootanim mediaserver:binder call;
|
||||
allow bootanim mediaserver:binder transfer;
|
||||
|
||||
allow bootanim terservice:binder call;
|
||||
allow bootanim property_socket:sock_file write;
|
||||
allow bootanim init:unix_stream_socket connectto;
|
||||
allow bootanim custom_file:dir search;
|
||||
allow bootanim custom_file:file open;
|
||||
allow bootanim custom_file:file read;
|
||||
allow bootanim bootani_prop:property_service set;
|
||||
|
||||
allow bootanim debug_prop:property_service set;
|
||||
|
||||
allow bootanim mediaserver_service:service_manager find;
|
||||
|
||||
# Nougat
|
||||
allow bootanim terservice_service:service_manager find;
|
||||
allow bootanim rootfs:lnk_file { getattr };
|
||||
|
|
@ -1,30 +1,15 @@
|
|||
# Cameraserver
|
||||
# Nvram / Nvdata
|
||||
allow cameraserver nvdata_file:dir search;
|
||||
allow cameraserver nvdata_file:file { getattr open read };
|
||||
# nvram
|
||||
allow cameraserver nvdata_file:dir rw_dir_perms;
|
||||
allow cameraserver nvdata_file:file create_file_perms;
|
||||
allow cameraserver ccci_device:chr_file rw_file_perms;
|
||||
|
||||
# Mtk fix
|
||||
allow cameraserver devmap_device:chr_file { ioctl open read };
|
||||
# camera
|
||||
allow cameraserver sensorservice_service:service_manager find;
|
||||
allow cameraserver system_server:unix_stream_socket { read write };
|
||||
allow cameraserver camera_device:chr_file rw_file_perms;
|
||||
allow cameraserver mtk_smi_device:chr_file rw_file_perms;
|
||||
allow cameraserver proc:file { read ioctl open };
|
||||
allow cameraserver devmap_device:chr_file { ioctl r_file_perms };
|
||||
|
||||
allow cameraserver mediatek_prop:file { getattr open read };
|
||||
|
||||
allow cameraserver platformblk_device:blk_file { open read write };
|
||||
allow cameraserver proc:file { ioctl open read };
|
||||
allow cameraserver proc_meminfo:file { getattr open read };
|
||||
|
||||
allow cameraserver serial_number_prop:file { getattr open read };
|
||||
allow cameraserver sysfs:file { getattr open read write };
|
||||
|
||||
# Flashlight
|
||||
allow cameraserver kd_camera_hw_device:chr_file { ioctl open read write };
|
||||
allow cameraserver kd_camera_flashlight_device:chr_file { ioctl open read write };
|
||||
|
||||
# Camera
|
||||
allow cameraserver BU64245_device:chr_file { ioctl open read write };
|
||||
allow cameraserver camera_isp_device:chr_file { ioctl open read write };
|
||||
allow cameraserver CAM_CAL_DRV_device:chr_file { ioctl open read write };
|
||||
allow cameraserver mtk_smi_device:chr_file { ioctl open read };
|
||||
|
||||
|
||||
# Nougat
|
||||
allow cameraserver rootfs:lnk_file { getattr };
|
||||
# PQ
|
||||
allow cameraserver pq_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -1,33 +1,17 @@
|
|||
# ccci_fsd
|
||||
type ccci_fsd_exec, exec_type, file_type;
|
||||
type ccci_fsd, domain;
|
||||
type ccci_fsd, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(ccci_fsd)
|
||||
|
||||
wakelock_use(ccci_fsd)
|
||||
|
||||
# Nvram / Nvdata
|
||||
allow ccci_fsd nvram_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd nvram_data_file:file create_file_perms;
|
||||
allow ccci_fsd nvram_data_file:lnk_file read;
|
||||
allow ccci_fsd nvdata_file:dir create_dir_perms;
|
||||
allow ccci_fsd nvdata_file:file create_file_perms;
|
||||
|
||||
allow ccci_fsd protect_f_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_f_data_file:file create_file_perms;
|
||||
allow ccci_fsd protect_s_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_s_data_file:file create_file_perms;
|
||||
|
||||
allow ccci_fsd ccci_device:chr_file rw_file_perms;
|
||||
allow ccci_fsd ccci_cfg_file:dir create_dir_perms;
|
||||
allow ccci_fsd ccci_cfg_file:file create_file_perms;
|
||||
|
||||
allow ccci_fsd otp_device:chr_file rw_file_perms;
|
||||
allow ccci_fsd block_device:dir search;
|
||||
allow ccci_fsd platformblk_device:blk_file { read write open ioctl };
|
||||
allow ccci_fsd platformblk_device:dir { search };
|
||||
|
||||
# for Nougat
|
||||
allow ccci_fsd sysfs:file r_file_perms;
|
||||
allow ccci_fsd mtk_md_prop:file r_file_perms;
|
||||
allow ccci_fsd rootfs:lnk_file { getattr };
|
||||
allow ccci_fsd nvdata_file:dir create_dir_perms;
|
||||
allow ccci_fsd nvdata_file:file create_file_perms;
|
||||
allow ccci_fsd protect_f_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_f_data_file:file create_file_perms;
|
||||
allow ccci_fsd protect_s_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_s_data_file:file create_file_perms;
|
||||
allow ccci_fsd sysfs_ccci:file rw_file_perms;
|
||||
allow ccci_fsd sysfs_ccci:dir search;
|
||||
allow ccci_fsd sysfs_wake_lock:file rw_file_perms;
|
||||
|
|
@ -1,66 +1,28 @@
|
|||
# ccci_mdinit
|
||||
type ccci_mdinit_exec, exec_type, file_type;
|
||||
type ccci_mdinit, domain;
|
||||
type ccci_mdinit, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(ccci_mdinit)
|
||||
|
||||
wakelock_use(ccci_mdinit)
|
||||
|
||||
# Nvram / Nvdata
|
||||
allow ccci_mdinit nvram_data_file:dir rw_dir_perms;
|
||||
allow ccci_mdinit nvram_data_file:file create_file_perms;
|
||||
allow ccci_mdinit nvram_data_file:lnk_file read;
|
||||
allow ccci_mdinit ccci_device:chr_file rw_file_perms;
|
||||
allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
|
||||
allow ccci_mdinit ccci_cfg_file:file create_file_perms;
|
||||
allow ccci_mdinit nvdata_file:dir rw_dir_perms;
|
||||
allow ccci_mdinit nvdata_file:file create_file_perms;
|
||||
allow ccci_mdinit nvram_device:blk_file { open read write };
|
||||
allow ccci_mdinit nvram_device:chr_file rw_file_perms;
|
||||
allow ccci_mdinit sysfs_ccci:dir search;
|
||||
allow ccci_mdinit sysfs_ccci:file rw_file_perms;
|
||||
allow ccci_mdinit sysfs_wake_lock:file rw_file_perms;
|
||||
allow ccci_mdinit sysfs_devinfo:file r_file_perms;
|
||||
|
||||
allow ccci_mdinit nvram_device:blk_file rw_file_perms;
|
||||
allow ccci_mdinit mtk_md_prop:property_service set;
|
||||
|
||||
allow ccci_mdinit ctl_ccci_fsd_prop:property_service set;
|
||||
allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set;
|
||||
allow ccci_mdinit { ctl_gsm0710muxd_prop ctl_gsm0710muxd-s_prop ctl_gsm0710muxd-d_prop ctl_gsm0710muxdmd2_prop}:property_service set;
|
||||
|
||||
allow ccci_mdinit ril_active_md_prop:property_service set;
|
||||
allow ccci_mdinit mtk_md_prop:property_service set;
|
||||
allow ccci_mdinit ctl_rildaemon_prop:property_service set;
|
||||
allow ccci_mdinit radio_prop:property_service set;
|
||||
|
||||
allow ccci_mdinit { ctl_ccci_fsd_prop ctl_ccci2_fsd_prop }:property_service set;
|
||||
allow ccci_mdinit { ctl_ccci_rpcd_prop ctl_ccci2_rpcd_prop }:property_service set;
|
||||
|
||||
allow ccci_mdinit ccci_device:chr_file rw_file_perms;
|
||||
allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms;
|
||||
|
||||
# TODO: Do not allow write access to all of /sys
|
||||
allow ccci_mdinit sysfs:file { write read open };
|
||||
allow ccci_mdinit sysfs_ccci:file rw_file_perms;
|
||||
allow ccci_mdinit sysfs_wake_lock:file rw_file_perms;
|
||||
|
||||
allow ccci_mdinit platformblk_device:blk_file { read write open };
|
||||
allow ccci_mdinit platformblk_device:dir search;
|
||||
|
||||
allow ccci_mdinit ril_mux_report_case_prop:property_service set;
|
||||
|
||||
allow ccci_mdinit mdlog_data_file:dir search;
|
||||
allow ccci_mdinit mdlog_data_file:file { read open };
|
||||
allow ccci_mdinit mdlog_data_file:file r_file_perms;
|
||||
allow ccci_mdinit mdlog_data_file:dir r_dir_perms;
|
||||
|
||||
allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
|
||||
allow ccci_mdinit ccci_cfg_file:file create_file_perms;
|
||||
allow ccci_mdinit block_device:dir search;
|
||||
|
||||
allow ccci_mdinit preloader_device:chr_file rw_file_perms;
|
||||
allow ccci_mdinit misc_sd_device:chr_file { read open };
|
||||
allow ccci_mdinit sec_ro_device:chr_file { read open };
|
||||
|
||||
allow ccci_mdinit custom_file:dir { search };
|
||||
allow ccci_mdinit custom_file:file { open read getattr };
|
||||
allow ccci_mdinit mtk_tele_prop:property_service set;
|
||||
|
||||
# Mtk fix
|
||||
allow ccci_mdinit init:unix_stream_socket connectto;
|
||||
allow ccci_mdinit property_socket:sock_file write;
|
||||
|
||||
# Nougat
|
||||
allow ccci_mdinit proc:file { read open ioctl };
|
||||
allow ccci_mdinit persist_ril_prop:file { read open getattr };
|
||||
allow ccci_mdinit mediatek_prop:file { read open getattr ioctl };
|
||||
allow ccci_mdinit mtk_md_prop:file { read open getattr ioctl };
|
||||
allow ccci_mdinit rootfs:lnk_file { getattr };
|
||||
unix_socket_connect(ccci_mdinit, property, init)
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
type conn_launcher_exec, exec_type, file_type;
|
||||
type conn_launcher, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(conn_launcher)
|
||||
|
||||
allow conn_launcher stpwmt_device:chr_file rw_file_perms;
|
||||
allow conn_launcher wmt_prop:property_service set;
|
||||
|
||||
unix_socket_connect(conn_launcher, property, init)
|
||||
|
|
@ -1,7 +1,5 @@
|
|||
# device
|
||||
# Radio devices
|
||||
type ccci_device, dev_type;
|
||||
type ccci_monitor_device, dev_type;
|
||||
type stpbt_device, dev_type;
|
||||
type stpgps_device, dev_type;
|
||||
type stpwmt_device, dev_type;
|
||||
|
|
@ -10,6 +8,7 @@ type wmtWifi_device, dev_type;
|
|||
type wmtdetect_device, dev_type;
|
||||
type gsm0710muxd_device, dev_type;
|
||||
type mdlog_device, dev_type;
|
||||
type pmic_adc_device, dev_type;
|
||||
|
||||
# Sensors
|
||||
type als_ps_device, dev_type;
|
||||
|
|
@ -25,113 +24,10 @@ type Vcodec_device, dev_type;
|
|||
type M4U_device_device, dev_type;
|
||||
type mtk_smi_device, dev_type;
|
||||
|
||||
type ttyMT_device, dev_type;
|
||||
type ttySDIO_device, dev_type;
|
||||
type vmodem_device, dev_type;
|
||||
type pmem_multimedia_device, dev_type;
|
||||
type MJC_device, dev_type;
|
||||
type smartpa_device, dev_type;
|
||||
type smartpa1_device, dev_type;
|
||||
type uio0_device, dev_type;
|
||||
type xt_qtaguid_device, dev_type;
|
||||
type rfkill_device, dev_type;
|
||||
type sw_sync_device, dev_type;
|
||||
type sec_device, dev_type;
|
||||
type hid_keyboard_device, dev_type;
|
||||
type btn_device, dev_type;
|
||||
type uinput_device, dev_type;
|
||||
type TV_out_device, dev_type;
|
||||
type camera_sysram_device, dev_type;
|
||||
type camera_isp_device, dev_type;
|
||||
type camera_fdvt_device, dev_type;
|
||||
type camera_pipemgr_device, dev_type;
|
||||
type mtk_jpeg_device, dev_type;
|
||||
type kd_camera_hw_device, dev_type;
|
||||
type kd_camera_flashlight_device, dev_type;
|
||||
type kd_camera_hw_bus2_device, dev_type;
|
||||
type MATV_device, dev_type;
|
||||
type mt_otg_test_device, dev_type;
|
||||
type mt_mdp_device, dev_type;
|
||||
type mtkg2d_device, dev_type;
|
||||
type misc_sd_device, dev_type;
|
||||
type mtk_sched_device, dev_type;
|
||||
type ampc0_device, dev_type;
|
||||
type mmp_device, dev_type;
|
||||
type ttyGS_device, dev_type;
|
||||
type CAM_CAL_DRV_device, dev_type;
|
||||
type mtk_rrc_device, dev_type;
|
||||
type ebc_device, dev_type;
|
||||
type vow_device, dev_type;
|
||||
type sensor_device, dev_type;
|
||||
type BOOT_device, dev_type;
|
||||
type MT_pmic_device, dev_type;
|
||||
type android_device, dev_type;
|
||||
type bmtpool_device, dev_type;
|
||||
type bootimg_device, dev_type;
|
||||
type btif_device, dev_type;
|
||||
type cache_device, dev_type;
|
||||
type cpu_dma_latency_device, dev_type;
|
||||
type dummy_cam_cal_device, dev_type;
|
||||
type ebr_device, dev_type;
|
||||
type expdb_device, dev_type;
|
||||
type fat_device, dev_type;
|
||||
type loop-control_device, dev_type;
|
||||
type m_acc_misc_device, dev_type;
|
||||
type m_batch_misc_device, dev_type;
|
||||
type m_mag_misc_device, dev_type;
|
||||
type mbr_device, dev_type;
|
||||
type met_device, dev_type;
|
||||
type misc_device, dev_type;
|
||||
type misc2_device, dev_type;
|
||||
type mtfreqhopping_device, dev_type;
|
||||
type mtgpio_device, dev_type;
|
||||
type mtk_kpd_device, dev_type;
|
||||
type network_device, dev_type;
|
||||
type nvram_device, dev_type;
|
||||
type nvdata_device, dev_type;
|
||||
type pmt_device, dev_type;
|
||||
type preloader_device, dev_type;
|
||||
type psaux_device, dev_type;
|
||||
type ptyp_device, dev_type;
|
||||
type recovery_device, dev_type;
|
||||
type sec_ro_device, dev_type;
|
||||
type seccfg_device, dev_type;
|
||||
type tee_part_device, dev_type;
|
||||
type snapshot_device, dev_type;
|
||||
type tgt_device, dev_type;
|
||||
type touch_device, dev_type;
|
||||
type tpd_em_log_device, dev_type;
|
||||
type ttyp_device, dev_type;
|
||||
type uboot_device, dev_type;
|
||||
type uibc_device, dev_type;
|
||||
type usrdata_device, dev_type;
|
||||
type voldblk_device, dev_type;
|
||||
type platformblk_device, dev_type;
|
||||
type RT_Monitor_device, dev_type;
|
||||
type kick_powerkey_device, dev_type;
|
||||
type mnld_device, dev_type;
|
||||
type md32_device, dev_type;
|
||||
type etb_device, dev_type;
|
||||
type MT_pmic_adc_cali_device, dev_type;
|
||||
type MT_pmic_cali_device,dev_type;
|
||||
type barometer_device,dev_type;
|
||||
type otp_device, dev_type;
|
||||
type icusb_device, dev_type;
|
||||
type pmic_ftm_device, dev_type;
|
||||
type shf_device, dev_type;
|
||||
type keyblock_device, dev_type;
|
||||
type offloadservice_device, dev_type;
|
||||
type ttyACM_device, dev_type;
|
||||
type hrm_device, dev_type;
|
||||
|
||||
#agps
|
||||
type agps_device, dev_type;
|
||||
|
||||
# m2note
|
||||
type BU64245_device, dev_type;
|
||||
|
||||
# Block devices
|
||||
type proinfo_device, dev_type;
|
||||
type nvram_device, dev_type;
|
||||
type nvdata_device, dev_type;
|
||||
type protect1_device, dev_type;
|
||||
type protect2_device, dev_type;
|
||||
type logo_block_device, dev_type;
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
get_prop(domain, mtk_property_type)
|
||||
|
|
@ -1,27 +1 @@
|
|||
# drmserver
|
||||
allow drmserver platform_app:dir search;
|
||||
allow drmserver platform_app:file { read getattr open };
|
||||
allow drmserver property_socket:sock_file write;
|
||||
allow drmserver radio_data_file:file { read getattr open };
|
||||
allow drmserver tmpfs:lnk_file read;
|
||||
|
||||
allow drmserver system_app:dir search;
|
||||
allow drmserver system_app:file { read open getattr };
|
||||
|
||||
allow drmserver mediaserver:dir search;
|
||||
allow drmserver mediaserver:file { read open getattr };
|
||||
allow drmserver mediaserver:fifo_file read;
|
||||
allow drmserver mediaserver:fifo_file write;
|
||||
|
||||
allow drmserver untrusted_app:dir search;
|
||||
allow drmserver untrusted_app:file { read open getattr };
|
||||
|
||||
allow drmserver radio_data_file:dir search;
|
||||
|
||||
allow drmserver surfaceflinger:fd use;
|
||||
|
||||
allow drmserver persist_data_file:file { read getattr open };
|
||||
allow drmserver persist_data_file:dir search;
|
||||
|
||||
allow drmserver platform_app_tmpfs:file write;
|
||||
|
||||
allow drmserver sysfs_devinfo:file { open read write };
|
||||
|
|
@ -1,53 +1,9 @@
|
|||
# em_svr
|
||||
type em_svr_exec, exec_type, file_type;
|
||||
type em_svr, domain;
|
||||
type em_svr, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(em_svr)
|
||||
|
||||
# Nvram / Nvdata
|
||||
allow em_svr nvram_data_file:dir { write read open add_name search };
|
||||
allow em_svr nvram_data_file:file { write getattr setattr read create open };
|
||||
allow em_svr nvram_data_file:lnk_file read;
|
||||
allow em_svr nvdata_file:dir { write read open add_name search };
|
||||
allow em_svr nvdata_file:file { write getattr setattr read create open };
|
||||
allow em_svr nvram_device:chr_file { open read write ioctl };
|
||||
|
||||
allow em_svr proc:file write;
|
||||
allow em_svr sysfs:file write;
|
||||
allow em_svr platformblk_device:blk_file { read write open };
|
||||
allow em_svr platformblk_device:dir search;
|
||||
allow em_svr shell_exec:file { read execute open execute_no_trans };
|
||||
allow em_svr system_file:file execute_no_trans;
|
||||
allow em_svr block_device:dir search;
|
||||
allow em_svr graphics_device:chr_file { read write open ioctl};
|
||||
allow em_svr graphics_device:dir search;
|
||||
allow em_svr radio_data_file:dir { search write add_name create };
|
||||
allow em_svr radio_data_file:file { create write open read };
|
||||
allow em_svr sysfs_devices_system_cpu:file write;
|
||||
allow em_svr misc_sd_device:chr_file { read open ioctl };
|
||||
allow em_svr als_ps_device:chr_file { read ioctl open };
|
||||
allow em_svr gsensor_device:chr_file { read ioctl open };
|
||||
allow em_svr gyroscope_device:chr_file { read ioctl open };
|
||||
|
||||
allow em_svr thermal_manager_exec:file { getattr execute read open execute_no_trans };
|
||||
allow em_svr self:capability { dac_override sys_nice fowner chown fsetid };
|
||||
allow em_svr self:process execmem;
|
||||
allow em_svr proc_mtkcooler:dir search;
|
||||
allow em_svr proc_mtkcooler:file { read getattr open write };
|
||||
allow em_svr proc_thermal:dir search;
|
||||
allow em_svr proc_thermal:file { read getattr open write };
|
||||
allow em_svr proc_mtktz:dir search;
|
||||
allow em_svr proc_mtktz:file { read getattr open write };
|
||||
allow em_svr proc_slogger:file { read getattr open write };
|
||||
allow em_svr system_data_file:dir { write remove_name add_name relabelfrom create open };
|
||||
allow em_svr kernel:system module_request;
|
||||
allow em_svr fuse:dir create_dir_perms;
|
||||
allow em_svr fuse:file create_file_perms;
|
||||
allow em_svr tmpfs:lnk_file read;
|
||||
|
||||
# for use binder
|
||||
binder_use(em_svr)
|
||||
binder_call(em_svr, surfaceflinger)
|
||||
|
||||
# Nougat
|
||||
allow em_svr rootfs:lnk_file { getattr };
|
||||
allow em_svr nvdata_file:dir { write read open add_name search };
|
||||
allow em_svr nvdata_file:file { write getattr setattr read create open };
|
||||
|
|
@ -1,105 +1,66 @@
|
|||
# factory
|
||||
type factory_exec, exec_type, file_type;
|
||||
type factory, domain;
|
||||
type factory, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(factory)
|
||||
net_domain(factory)
|
||||
|
||||
# Nvram / Nvdata
|
||||
allow factory nvram_device:chr_file { read write ioctl open };
|
||||
allow factory nvdata_device:blk_file rw_file_perms;
|
||||
allow factory serial_device:chr_file rw_file_perms;
|
||||
|
||||
allow factory nvram_data_file:dir { write read open add_name getattr search setattr};
|
||||
allow factory nvram_data_file:file { write getattr setattr read create open };
|
||||
allow factory nvram_data_file:lnk_file read;
|
||||
|
||||
allow factory nvdata_file:dir { create_dir_perms };
|
||||
allow factory nvdata_file:file { create_file_perms };
|
||||
|
||||
allow factory mtk_smi_device:chr_file { read ioctl open };
|
||||
allow factory accdet_device:chr_file { read ioctl open };
|
||||
allow factory als_ps_device:chr_file { read ioctl open };
|
||||
# Hardware nodes
|
||||
allow factory accdet_device:chr_file r_file_perms;
|
||||
allow factory ashmem_device:chr_file execute;
|
||||
allow factory audio_device:chr_file { read write ioctl open };
|
||||
allow factory camera_isp_device:chr_file { read write ioctl open };
|
||||
allow factory camera_pipemgr_device:chr_file { read ioctl open };
|
||||
allow factory camera_sysram_device:chr_file { read ioctl open };
|
||||
allow factory ccci_device:chr_file { read write ioctl open };
|
||||
allow factory MT_pmic_cali_device:chr_file { read ioctl open };
|
||||
allow factory barometer_device:chr_file { read ioctl open };
|
||||
allow factory mtk_kpd_device:chr_file { read ioctl open };
|
||||
allow factory ebc_device:chr_file { read write open };
|
||||
allow factory fuse:dir { read search open };
|
||||
allow factory gps_device:chr_file { read write open };
|
||||
allow factory graphics_device:chr_file { read write ioctl open };
|
||||
allow factory gsensor_device:chr_file { read ioctl open };
|
||||
allow factory gsm0710muxd_device:chr_file { read write ioctl open };
|
||||
allow factory gyroscope_device:chr_file { read ioctl open };
|
||||
allow factory init:unix_stream_socket connectto;
|
||||
allow factory input_device:chr_file { read ioctl open };
|
||||
allow factory input_device:dir { read open };
|
||||
allow factory kd_camera_flashlight_device:chr_file { read write ioctl open };
|
||||
allow factory kd_camera_hw_device:chr_file { read write ioctl open };
|
||||
allow factory kernel:system module_request;
|
||||
allow factory misc_sd_device:chr_file { read ioctl open };
|
||||
allow factory mnld_device:chr_file { read write ioctl open };
|
||||
allow factory mnld_exec:file { read execute open execute_no_trans };
|
||||
allow factory msensor_device:chr_file { read ioctl open };
|
||||
allow factory node:tcp_socket node_bind;
|
||||
allow factory audio_device:dir r_dir_perms;
|
||||
allow factory audio_device:chr_file rw_file_perms;
|
||||
allow factory camera_device:chr_file rw_file_perms;
|
||||
allow factory ccci_device:chr_file rw_file_perms;
|
||||
allow factory devmap_device:chr_file r_file_perms;
|
||||
allow factory gsm0710muxd_device:chr_file rw_file_perms;
|
||||
allow factory graphics_device:dir search;
|
||||
allow factory graphics_device:chr_file rw_file_perms;
|
||||
allow factory input_device:dir r_dir_perms;
|
||||
allow factory input_device:chr_file r_file_perms;
|
||||
allow factory pmic_adc_device:chr_file rw_file_perms;
|
||||
allow factory rtc_device:chr_file rw_file_perms;
|
||||
allow factory stpbt_device:chr_file rw_file_perms;
|
||||
allow factory wmtWifi_device:chr_file rw_file_perms;
|
||||
|
||||
allow factory platformblk_device:blk_file { getattr ioctl open read write };
|
||||
allow factory platformblk_device:dir search;
|
||||
# NVRAM
|
||||
allow factory nvdata_file:dir create_dir_perms;
|
||||
allow factory nvdata_file:file create_file_perms;
|
||||
allow factory nvdata_device:blk_file rw_file_perms;
|
||||
allow factory nvram_device:blk_file rw_file_perms;
|
||||
allow factory proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
allow factory port:tcp_socket { name_bind name_connect };
|
||||
allow factory property_socket:sock_file write;
|
||||
allow factory rtc_device:chr_file { read write ioctl open };
|
||||
allow factory self:capability { sys_admin sys_boot sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time };
|
||||
allow factory self:netlink_route_socket { bind create };
|
||||
allow factory self:process execmem;
|
||||
allow factory self:tcp_socket { setopt read bind create accept write connect listen };
|
||||
allow factory self:udp_socket { create ioctl };
|
||||
allow factory stpbt_device:chr_file { read write open };
|
||||
# Storage
|
||||
allow factory mnt_user_file:dir search;
|
||||
allow factory mmc_device:blk_file rw_file_perms;
|
||||
allow factory storage_file:dir r_dir_perms;
|
||||
allow factory storage_file:lnk_file r_file_perms;
|
||||
allow factory storage_file:file r_file_perms;
|
||||
|
||||
# Configuration
|
||||
allow factory sysfs:file write;
|
||||
allow factory sysfs_gps_file:dir r_dir_perms;
|
||||
allow factory sysfs_gps_file:file rw_file_perms;
|
||||
allow factory sysfs_wake_lock:file { read write open };
|
||||
allow factory system_data_file:dir { write remove_name add_name };
|
||||
allow factory system_data_file:sock_file { write create setattr };
|
||||
allow factory system_file:file execute_no_trans;
|
||||
allow factory tmpfs:lnk_file read;
|
||||
allow factory ttyGS_device:chr_file { read write open };
|
||||
allow factory wmtWifi_device:chr_file { write open };
|
||||
|
||||
# Sensors
|
||||
allow factory als_ps_device:chr_file r_file_perms;
|
||||
allow factory gsensor_device:chr_file rw_file_perms;
|
||||
allow factory msensor_device:chr_file rw_file_perms;
|
||||
|
||||
allow factory system_data_file:dir { write add_name };
|
||||
allow factory rootfs:dir mounton;
|
||||
allow factory vfat:dir { read open search mounton };
|
||||
allow factory vfat:filesystem { mount unmount };
|
||||
allow factory block_device:dir search;
|
||||
allow factory graphics_device:dir search;
|
||||
allow factory input_device:dir search;
|
||||
|
||||
allow factory labeledfs:filesystem unmount;
|
||||
|
||||
allow factory shell_exec:file execute;
|
||||
allow factory MT_pmic_adc_cali_device:chr_file { read write ioctl open};
|
||||
allow factory audio_device:dir search;
|
||||
# GPS
|
||||
allow factory agpsd_data_file:dir r_dir_perms;
|
||||
allow factory agpsd_data_file:sock_file write;
|
||||
allow factory stpgps_device:chr_file rw_file_perms;
|
||||
allow factory gps_device:chr_file rw_file_perms;
|
||||
allow factory mnld_data_file:dir rw_dir_perms;
|
||||
allow factory mnld_data_file:file rw_file_perms;
|
||||
allow factory mnld_exec:file rx_file_perms;
|
||||
allow factory mnld_prop:property_service set;
|
||||
|
||||
# Other capabilities
|
||||
allow factory self:capability { dac_override net_admin net_raw sys_nice sys_time };
|
||||
allow factory self:process execmem;
|
||||
allow factory audiohal_prop:property_service set;
|
||||
allow factory pmic_ftm_device:chr_file { read write ioctl open};
|
||||
allow factory powerctl_prop:property_service set;
|
||||
allow factory ttyGS_device:chr_file { read write open ioctl};
|
||||
allow factory ttyMT_device:chr_file { read write open ioctl};
|
||||
allow factory devpts:chr_file { read write getattr ioctl };
|
||||
allow factory vfat:dir search;
|
||||
allow factory hrm_device:chr_file { read ioctl open };
|
||||
|
||||
allow factory ttySDIO_device:chr_file { read write ioctl open };
|
||||
|
||||
allow factory fuse:dir mounton;
|
||||
|
||||
allow factory vmodem_device:chr_file { read write ioctl open };
|
||||
|
||||
allow factory proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
# m2note
|
||||
allow factory BU64245_device:chr_file { read write ioctl open };
|
||||
unix_socket_connect(factory, property, init);
|
||||
|
|
|
|||
107
sepolicy/file.te
107
sepolicy/file.te
|
|
@ -1,93 +1,32 @@
|
|||
# file
|
||||
# Nvram / Nvdata
|
||||
type nvram_data_file, file_type, data_file_type;
|
||||
type nvdata_file, file_type, data_file_type;
|
||||
|
||||
type protect_s_data_file, file_type, data_file_type;
|
||||
type protect_f_data_file, file_type, data_file_type;
|
||||
|
||||
type custom_file, file_type, data_file_type;
|
||||
type lost_found_data_file, file_type, data_file_type;
|
||||
type dontpanic_data_file, file_type, data_file_type;
|
||||
type resource_cache_data_file, file_type, data_file_type;
|
||||
type http_proxy_cfg_data_file, file_type, data_file_type;
|
||||
type acdapi_data_file, file_type, data_file_type;
|
||||
type ppp_data_file, file_type, data_file_type;
|
||||
type wpa_supplicant_data_file, file_type, data_file_type;
|
||||
type radvd_data_file, file_type, data_file_type;
|
||||
type nvdata_file, file_type, data_file_type;
|
||||
|
||||
type bt_data_file, file_type, data_file_type;
|
||||
type sysfs_ccci, fs_type, sysfs_type;
|
||||
type proc_thermal, fs_type;
|
||||
type proc_mtkcooler, fs_type;
|
||||
type proc_mtktz, fs_type;
|
||||
type proc_slogger, fs_type;
|
||||
type proc_lk_env, fs_type;
|
||||
type sysfs_vcorefs_pwrctrl, fs_type, sysfs_type;
|
||||
|
||||
type agpsd_socket, file_type;
|
||||
type agpsd_data_file, file_type, data_file_type;
|
||||
type mnld_socket, file_type;
|
||||
type mnld_data_file, file_type, data_file_type;
|
||||
|
||||
type persist_data_file, file_type, data_file_type;
|
||||
type mediaserver_data_file, file_type, data_file_type;
|
||||
|
||||
allow asec_apk_file rootfs:filesystem associate;
|
||||
|
||||
allow cache_file rootfs:filesystem associate;
|
||||
|
||||
allow custom_file rootfs:filesystem associate;
|
||||
|
||||
# Modem Log folder
|
||||
type mdlog_data_file, file_type, data_file_type;
|
||||
|
||||
#mobilelog data/misc/mblog
|
||||
type ccci_cfg_file, file_type, data_file_type;
|
||||
type logmisc_data_file, file_type, data_file_type;
|
||||
|
||||
#mobilelog data/log_temp
|
||||
type logtemp_data_file, file_type, data_file_type;
|
||||
|
||||
type ccci_cfg_file, file_type, data_file_type;
|
||||
#For sensor
|
||||
type msensord_daemon, fs_type,sysfs_type;
|
||||
type msensord_daemon2, fs_type,sysfs_type;
|
||||
type akmd_access_file1, file_type,data_file_type;
|
||||
type akmd_access_file2, file_type,data_file_type;
|
||||
type gyroscope_mpud6050_chipinfo, fs_type,sysfs_type;
|
||||
type gyroscope_mpud6050_status, fs_type,sysfs_type;
|
||||
type gyroscope_mpud6050_use, fs_type,sysfs_type;
|
||||
type gyroscope_mpud6050_file, fs_type,sysfs_type;
|
||||
type sensor_data_file, file_type,data_file_type;
|
||||
type system_sensor_data_file, file_type;
|
||||
type bmm050_sensor_log_file, file_type,data_file_type;
|
||||
type sysfs_gsensor_file, file_type,sysfs_type;
|
||||
type sysfs_msensor_file, file_type,sysfs_type;
|
||||
type sysfs_keypad_file, file_type,sysfs_type;
|
||||
|
||||
#For icusb
|
||||
type proc_icusb, fs_type;
|
||||
|
||||
#for drm key install
|
||||
type provision_file, file_type, data_file_type;
|
||||
|
||||
# for labeling /mnt/cd-rom as iso9660
|
||||
type iso9660, fs_type;
|
||||
|
||||
# data_tmpfs_log
|
||||
type data_tmpfs_log_file, file_type, data_file_type;
|
||||
|
||||
# Gps
|
||||
type sysfs_gps_file, fs_type, sysfs_type;
|
||||
|
||||
# Gestures
|
||||
type gesture_sysfs, sysfs_type, file_type;
|
||||
|
||||
# Perf control
|
||||
type perf_control_sysfs, fs_type, sysfs_type;
|
||||
|
||||
# Thermal manager
|
||||
type mdlog_data_file, file_type, data_file_type;
|
||||
type thermal_manager_data_file, file_type, data_file_type;
|
||||
|
||||
# Thunderquake vibrator
|
||||
type sysfs_vibrator, sysfs_type, file_type;
|
||||
type sysfs_gps_file, fs_type, sysfs_type;
|
||||
type sysfs_ccci, fs_type, sysfs_type;
|
||||
type sysfs_devinfo, fs_type, sysfs_type;
|
||||
|
||||
type msensord_daemon_sysfs, fs_type, sysfs_type;
|
||||
|
||||
type gyro_orientation_sysfs, fs_type, sysfs_type;
|
||||
type perf_control_sysfs, fs_type, sysfs_type;
|
||||
|
||||
type proc_mtkcooler, fs_type;
|
||||
type proc_mtktz, fs_type;
|
||||
type proc_thermal, fs_type;
|
||||
type proc_wmt, fs_type;
|
||||
|
||||
type agpsd_socket, file_type;
|
||||
type mnld_socket, file_type;
|
||||
|
||||
# akmd
|
||||
type akmd_access_file1, file_type,data_file_type;
|
||||
type akmd_access_file2, file_type,data_file_type;
|
||||
|
|
|
|||
|
|
@ -1,242 +1,129 @@
|
|||
## Services ##
|
||||
/system/bin/6620_launcher u:object_r:mtk_6620_launcher_exec:s0
|
||||
/system/bin/wmt_loader u:object_r:wmt_loader_exec:s0
|
||||
# Services
|
||||
/system/bin/6620_launcher u:object_r:conn_launcher_exec:s0
|
||||
/system/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
|
||||
/system/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
|
||||
/system/bin/md_ctrl u:object_r:md_ctrl_exec:s0
|
||||
/system/bin/fuelgauged u:object_r:fuelgauged_exec:s0
|
||||
/system/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
|
||||
/system/xbin/mnld u:object_r:mnld_exec:s0
|
||||
/system/bin/muxreport u:object_r:muxreport_exec:s0
|
||||
/system/bin/msensord u:object_r:msensord_exec:s0
|
||||
/system/bin/akmd09911 u:object_r:akmd09911_exec:s0
|
||||
/system/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
|
||||
/system/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
|
||||
/system/bin/pq u:object_r:pq_exec:s0
|
||||
/system/bin/terservice u:object_r:terservice_exec:s0
|
||||
/system/bin/thermal_manager u:object_r:thermal_manager_exec:s0
|
||||
/system/bin/mtkrild u:object_r:ril-daemon-mtk_exec:s0
|
||||
/system/bin/wifi2agps u:object_r:wifi2agps_exec:s0
|
||||
/system/bin/wmt_loader u:object_r:wmt_loader_exec:s0
|
||||
/system/bin/em_svr u:object_r:em_svr_exec:s0
|
||||
/system/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
|
||||
|
||||
/system/bin/akmd09911 u:object_r:akmd09911_exec:s0
|
||||
/system/bin/msensord u:object_r:msensord_exec:s0
|
||||
/system/etc/sensor(/.*)? u:object_r:system_sensor_data_file:s0
|
||||
# Meta mode
|
||||
/system/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/system/bin/factory u:object_r:factory_exec:s0
|
||||
|
||||
/system/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
|
||||
/system/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
|
||||
/system/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
|
||||
/system/bin/md_ctrl u:object_r:md_ctrl_exec:s0
|
||||
/system/bin/mtkrild u:object_r:mtkrild_exec:s0
|
||||
/system/bin/muxreport u:object_r:muxreport_exec:s0
|
||||
/system/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
|
||||
/system/bin/terservice u:object_r:terservice_exec:s0
|
||||
# Files from firmware/nv partitions
|
||||
/protect_f(/.*)? u:object_r:protect_f_data_file:s0
|
||||
/protect_s(/.*)? u:object_r:protect_s_data_file:s0
|
||||
/nvdata(/.*)? u:object_r:nvdata_file:s0
|
||||
/data/nvram(/.*)? u:object_r:nvdata_file:s0
|
||||
|
||||
/system/bin/fuelgauged u:object_r:fuelgauged_exec:s0
|
||||
/system/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
|
||||
|
||||
/system/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
|
||||
/system/xbin/mnld u:object_r:mnld_exec:s0
|
||||
/system/bin/wifi2agps u:object_r:wifi2agps_exec:s0
|
||||
|
||||
/system/bin/em_svr u:object_r:em_svr_exec:s0
|
||||
/system/bin/pq u:object_r:pq_exec:s0
|
||||
/system/bin/factory u:object_r:factory_exec:s0
|
||||
/system/bin/meizupshelper u:object_r:meizupshelper_exec:s0
|
||||
/system/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/system/bin/thermal_manager u:object_r:thermal_manager_exec:s0
|
||||
|
||||
## Custom files ##
|
||||
/custom(/.*)? u:object_r:custom_file:s0
|
||||
|
||||
## Hardware nodes ##
|
||||
/dev/accdet(/.*)? u:object_r:accdet_device:s0
|
||||
/dev/als_ps(/.*)? u:object_r:als_ps_device:s0
|
||||
/dev/ampc0(/.*)? u:object_r:ampc0_device:s0
|
||||
/dev/android(/.*)? u:object_r:android_device:s0
|
||||
/dev/barometer(/.*)? u:object_r:barometer_device:s0
|
||||
/dev/block/platform(/.*)? u:object_r:platformblk_device:s0
|
||||
/dev/block/vold(/.*)? u:object_r:voldblk_device:s0
|
||||
/dev/bmtpool(/.*)? u:object_r:bmtpool_device:s0
|
||||
/dev/bootimg(/.*)? u:object_r:bootimg_device:s0
|
||||
/dev/BOOT(/.*)? u:object_r:BOOT_device:s0
|
||||
/dev/btif(/.*)? u:object_r:btif_device:s0
|
||||
/dev/btn(/.*)? u:object_r:btn_device:s0
|
||||
/dev/cache(/.*)? u:object_r:cache_device:s0
|
||||
/dev/CAM_CAL_DRV(/.*)? u:object_r:CAM_CAL_DRV_device:s0
|
||||
/dev/camera-fdvt(/.*)? u:object_r:camera_fdvt_device:s0
|
||||
/dev/camera-isp(/.*)? u:object_r:camera_isp_device:s0
|
||||
/dev/camera-pipemgr(/.*)? u:object_r:camera_pipemgr_device:s0
|
||||
/dev/camera-sysram(/.*)? u:object_r:camera_sysram_device:s0
|
||||
/dev/ccci_monitor u:object_r:ccci_monitor_device:s0
|
||||
/dev/ccci.* u:object_r:ccci_device:s0
|
||||
/dev/cpu_dma_latency(/.*)? u:object_r:cpu_dma_latency_device:s0
|
||||
/dev/devmap(/.*)? u:object_r:devmap_device:s0
|
||||
/dev/dummy_cam_cal(/.*)? u:object_r:dummy_cam_cal_device:s0
|
||||
/dev/ebc(/.*)? u:object_r:ebc_device:s0
|
||||
/dev/ebr[0-9]+ u:object_r:ebr_device:s0
|
||||
/dev/etb u:object_r:etb_device:s0
|
||||
/dev/expdb(/.*)? u:object_r:expdb_device:s0
|
||||
/dev/fat(/.*)? u:object_r:fat_device:s0
|
||||
/dev/gps(/.*)? u:object_r:gps_device:s0
|
||||
/dev/gsensor(/.*)? u:object_r:gsensor_device:s0
|
||||
/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0
|
||||
/dev/hdmitx(/.*)? u:object_r:graphics_device:s0
|
||||
/dev/hid-keyboard(/.*)? u:object_r:hid_keyboard_device:s0
|
||||
/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0
|
||||
/dev/ion(/.*)? u:object_r:ion_device:s0
|
||||
/dev/kd_camera_flashlight(/.*)? u:object_r:kd_camera_flashlight_device:s0
|
||||
/dev/kd_camera_hw_bus2(/.*)? u:object_r:kd_camera_hw_bus2_device:s0
|
||||
/dev/kd_camera_hw(/.*)? u:object_r:kd_camera_hw_device:s0
|
||||
/dev/loop-control(/.*)? u:object_r:loop-control_device:s0
|
||||
/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0
|
||||
/dev/m_acc_misc(/.*)? u:object_r:m_acc_misc_device:s0
|
||||
/dev/mali.* u:object_r:gpu_device:s0
|
||||
/dev/MATV(/.*)? u:object_r:MATV_device:s0
|
||||
/dev/m_batch_misc(/.*)? u:object_r:m_batch_misc_device:s0
|
||||
/dev/mbr(/.*)? u:object_r:mbr_device:s0
|
||||
/dev/md32(/.*)? u:object_r:md32_device:s0
|
||||
/dev/met(/.*)? u:object_r:met_device:s0
|
||||
/dev/misc-sd(/.*)? u:object_r:misc_sd_device:s0
|
||||
/dev/misc(/.*)? u:object_r:misc_device:s0
|
||||
/dev/misc2(/.*)? u:object_r:misc2_device:s0
|
||||
/dev/MJC(/.*)? u:object_r:MJC_device:s0
|
||||
/dev/m_mag_misc(/.*)? u:object_r:m_mag_misc_device:s0
|
||||
/dev/msensor(/.*)? u:object_r:msensor_device:s0
|
||||
/dev/mtfreqhopping(/.*)? u:object_r:mtfreqhopping_device:s0
|
||||
/dev/mtgpio(/.*)? u:object_r:mtgpio_device:s0
|
||||
/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0
|
||||
/dev/mtk_disp.* u:object_r:graphics_device:s0
|
||||
/dev/mtkfb_vsync(/.*)? u:object_r:graphics_device:s0
|
||||
/dev/mtkg2d(/.*)? u:object_r:mtkg2d_device:s0
|
||||
/dev/mtk_jpeg(/.*)? u:object_r:mtk_jpeg_device:s0
|
||||
/dev/mtk-kpd(/.*)? u:object_r:mtk_kpd_device:s0
|
||||
/dev/mtk_sched(/.*)? u:object_r:mtk_sched_device:s0
|
||||
/dev/MTK_SMI(/.*)? u:object_r:mtk_smi_device:s0
|
||||
/dev/mtk_rrc(/.*)? u:object_r:mtk_rrc_device:s0
|
||||
/dev/mt-mdp(/.*)? u:object_r:mt_mdp_device:s0
|
||||
/dev/mt_otg_test(/.*)? u:object_r:mt_otg_test_device:s0
|
||||
/dev/MT_pmic_adc_cali u:object_r:MT_pmic_adc_cali_device:s0
|
||||
/dev/MT_pmic_adc_cali(/.*)? u:object_r:MT_pmic_cali_device:s0
|
||||
/dev/MT_pmic(/.*)? u:object_r:MT_pmic_device:s0
|
||||
/dev/network.* u:object_r:network_device:s0
|
||||
/dev/nvram(/.*)? u:object_r:nvram_device:s0
|
||||
/dev/nxpspk(/.*)? u:object_r:smartpa_device:s0
|
||||
/dev/otp u:object_r:otp_device:s0
|
||||
/dev/pmem_multimedia(/.*)? u:object_r:pmem_multimedia_device:s0
|
||||
/dev/pmt(/.*)? u:object_r:pmt_device:s0
|
||||
/dev/preloader(/.*)? u:object_r:preloader_device:s0
|
||||
/dev/psaux(/.*)? u:object_r:psaux_device:s0
|
||||
/dev/ptmx(/.*)? u:object_r:ptmx_device:s0
|
||||
/dev/ptyp.* u:object_r:ptyp_device:s0
|
||||
/dev/pvr_sync(/.*)? u:object_r:gpu_device:s0
|
||||
/dev/recovery(/.*)? u:object_r:recovery_device:s0
|
||||
/dev/rfkill(/.*)? u:object_r:rfkill_device:s0
|
||||
/dev/rtc[0-9]+ u:object_r:rtc_device:s0
|
||||
/dev/RT_Monitor(/.*)? u:object_r:RT_Monitor_device:s0
|
||||
/dev/kick_powerkey(/.*)? u:object_r:kick_powerkey_device:s0
|
||||
/dev/seccfg(/.*)? u:object_r:seccfg_device:s0
|
||||
/dev/sec_ro(/.*)? u:object_r:sec_ro_device:s0
|
||||
/dev/sec(/.*)? u:object_r:sec_device:s0
|
||||
/dev/tee1 u:object_r:tee_part_device:s0
|
||||
/dev/tee2 u:object_r:tee_part_device:s0
|
||||
/dev/sensor(/.*)? u:object_r:sensor_device:s0
|
||||
/dev/smartpa_i2c(/.*)? u:object_r:smartpa1_device:s0
|
||||
/dev/snapshot(/.*)? u:object_r:snapshot_device:s0
|
||||
/dev/stpbt(/.*)? u:object_r:stpbt_device:s0
|
||||
/dev/stpgps u:object_r:mnld_device:s0
|
||||
/dev/stpgps(/.*)? u:object_r:stpgps_device:s0
|
||||
/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0
|
||||
/dev/sw_sync(/.*)? u:object_r:sw_sync_device:s0
|
||||
/dev/tgt(/.*)? u:object_r:tgt_device:s0
|
||||
/dev/touch(/.*)? u:object_r:touch_device:s0
|
||||
/dev/tpd_em_log(/.*)? u:object_r:tpd_em_log_device:s0
|
||||
/dev/ttyC0 u:object_r:gsm0710muxd_device:s0
|
||||
/dev/ttyC1 u:object_r:mdlog_device:s0
|
||||
/dev/ttyC2 u:object_r:agps_device:s0
|
||||
/dev/ttyC3 u:object_r:icusb_device:s0
|
||||
/dev/ttyGS.* u:object_r:ttyGS_device:s0
|
||||
/dev/ttyMT.* u:object_r:ttyMT_device:s0
|
||||
/dev/ttyp.* u:object_r:ttyp_device:s0
|
||||
/dev/ttySDIO.* u:object_r:ttySDIO_device:s0
|
||||
/dev/ttyUSB0 u:object_r:tty_device:s0
|
||||
/dev/ttyUSB1 u:object_r:tty_device:s0
|
||||
/dev/ttyUSB2 u:object_r:tty_device:s0
|
||||
/dev/ttyUSB3 u:object_r:tty_device:s0
|
||||
/dev/ttyUSB4 u:object_r:tty_device:s0
|
||||
/dev/TV-out(/.*)? u:object_r:TV_out_device:s0
|
||||
/dev/uboot(/.*)? u:object_r:uboot_device:s0
|
||||
/dev/uibc(/.*)? u:object_r:uibc_device:s0
|
||||
/dev/uinput(/.*)? u:object_r:uinput_device:s0
|
||||
/dev/uio0(/.*)? u:object_r:uio0_device:s0
|
||||
/dev/usrdata(/.*)? u:object_r:usrdata_device:s0
|
||||
/dev/Vcodec(/.*)? u:object_r:Vcodec_device:s0
|
||||
/dev/vmodem u:object_r:vmodem_device:s0
|
||||
/dev/vow(/.*)? u:object_r:vow_device:s0
|
||||
/dev/wmtdetect(/.*)? u:object_r:wmtdetect_device:s0
|
||||
/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0
|
||||
/dev/offloadservice(/.*)? u:object_r:offloadservice_device:s0
|
||||
|
||||
/dev/xt_qtaguid(/.*)? u:object_r:xt_qtaguid_device:s0
|
||||
/dev/pmic_ftm(/.*)? u:object_r:pmic_ftm_device:s0
|
||||
/dev/shf u:object_r:shf_device:s0
|
||||
/protect_f(/.*)? u:object_r:protect_f_data_file:s0
|
||||
/protect_s(/.*)? u:object_r:protect_s_data_file:s0
|
||||
/persist(/.*)? u:object_r:persist_data_file:s0
|
||||
/dev/ttyACM0 u:object_r:ttyACM_device:s0
|
||||
/dev/hrm u:object_r:hrm_device:s0
|
||||
|
||||
# Camera m2note
|
||||
/dev/BU64245(/.*)? u:object_r:BU64245_device:s0
|
||||
# Hardware nodes
|
||||
/dev/accdet u:object_r:accdet_device:s0
|
||||
/dev/devmap u:object_r:devmap_device:s0
|
||||
/dev/ttyC2 u:object_r:gps_device:s0
|
||||
/dev/ttyGS0 u:object_r:serial_device:s0
|
||||
/dev/gps(/.*)? u:object_r:gps_device:s0
|
||||
/dev/mali.* u:object_r:gpu_device:s0
|
||||
/dev/mtk_disp.* u:object_r:graphics_device:s0
|
||||
/dev/sw_sync u:object_r:graphics_device:s0
|
||||
/dev/stpbt(/.*)? u:object_r:stpbt_device:s0
|
||||
/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0
|
||||
/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0
|
||||
/dev/camera-isp u:object_r:camera_device:s0
|
||||
/dev/camera-fdvt u:object_r:camera_device:s0
|
||||
/dev/kd_camera_hw u:object_r:camera_device:s0
|
||||
/dev/kd_camera_flashlight u:object_r:camera_device:s0
|
||||
/dev/MAINAF u:object_r:camera_device:s0
|
||||
/dev/mtk_jpeg(/.*) u:object_r:camera_device:s0
|
||||
/dev/DW9714AF(/.*)? u:object_r:camera_device:s0
|
||||
/dev/CAM_CAL_DRV(/.*)? u:object_r:camera_device:s0
|
||||
/dev/MTK_SMI u:object_r:mtk_smi_device:s0
|
||||
/dev/MT_pmic_adc_cali u:object_r:pmic_adc_device:s0
|
||||
/dev/als_ps(/.*)? u:object_r:als_ps_device:s0
|
||||
/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0
|
||||
/dev/ccci.* u:object_r:ccci_device:s0
|
||||
/dev/gsensor(/.*)? u:object_r:gsensor_device:s0
|
||||
/dev/msensor(/.*)? u:object_r:msensor_device:s0
|
||||
/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0
|
||||
/dev/stpgps(/.*)? u:object_r:stpgps_device:s0
|
||||
/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0
|
||||
/dev/wmtdetect u:object_r:wmtdetect_device:s0
|
||||
/dev/ttyC0 u:object_r:gsm0710muxd_device:s0
|
||||
/dev/ttyC1 u:object_r:mdlog_device:s0
|
||||
/dev/radio(/.*)? u:object_r:radio_device:s0
|
||||
/dev/Vcodec u:object_r:Vcodec_device:s0
|
||||
/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0
|
||||
|
||||
# Sockets
|
||||
/dev/socket/rild[2-4] u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-atci u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-ims u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-modem u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-ut u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-ut-2 u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-oem u:object_r:rild_socket:s0
|
||||
/dev/socket/agpsd u:object_r:agpsd_socket:s0
|
||||
/dev/socket/agpsd[2-3] u:object_r:agpsd_socket:s0
|
||||
/dev/socket/mnld u:object_r:mnld_socket:s0
|
||||
/dev/socket/rild[2-4] u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-atci u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-ims u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-modem u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-ut u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-ut-2 u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-oem u:object_r:rild_socket:s0
|
||||
/dev/socket/agpsd u:object_r:agpsd_socket:s0
|
||||
/dev/socket/agpsd[2-3] u:object_r:agpsd_socket:s0
|
||||
/dev/socket/mnld u:object_r:mnld_socket:s0
|
||||
|
||||
## Sysfs nodes ##
|
||||
/sys/devices/virtual/gpsdrv(/.*)? u:object_r:sysfs_gps_file:s0
|
||||
/sys/bus/platform/drivers/msensor/daemon2 u:object_r:msensord_daemon2:s0
|
||||
/sys/bus/platform/drivers/msensor/daemon u:object_r:msensord_daemon:s0
|
||||
/sys/devices/platform/gsensor/driver(/.*)? u:object_r:sysfs_gsensor_file:s0
|
||||
/sys/devices/platform/msensor/driver(/.*)? u:object_r:sysfs_msensor_file:s0
|
||||
/sys/bus/platform/drivers/mtk-kpd(/.*)? u:object_r:sysfs_keypad_file:s0
|
||||
/sys/power/vcorefs/pwr_ctrl -- u:object_r:sysfs_vcorefs_pwrctrl:s0
|
||||
/sys/kernel/ccci/boot u:object_r:sysfs_ccci:s0
|
||||
/sys/devices/platform/mtk_disp_mgr.0/rgb u:object_r:livedisplay_sysfs:s0
|
||||
/sys/devices/virtual/meizu/ps/ps_calibration u:object_r:meizu_ps_calibration_trigger:s0
|
||||
/sys/devices/platform/mx-gs/gesture_control u:object_r:gesture_sysfs:s0
|
||||
/sys/kernel/thunderquake_engine/level u:object_r:sysfs_vibrator:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor u:object_r:perf_control_sysfs:s0
|
||||
/sys/block/mmcblk0/queue/scheduler u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/.*/queue/scheduler u:object_r:perf_control_sysfs:s0
|
||||
# Block devices
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/boot u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/proinfo u:object_r:proinfo_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/proinfo u:object_r:proinfo_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/nvram u:object_r:nvram_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/nvram u:object_r:nvram_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/nvdata u:object_r:nvdata_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/logo u:object_r:logo_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/logo u:object_r:logo_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect1 u:object_r:protect1_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect2 u:object_r:protect2_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/cache u:object_r:cache_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/recovery u:object_r:recovery_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/mmcblk1 u:object_r:mmc_device:s0
|
||||
/dev/block/zram0 u:object_r:swap_block_device:s0
|
||||
|
||||
## Block devices ##
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/proinfo u:object_r:proinfo_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/proinfo u:object_r:proinfo_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/logo u:object_r:logo_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/logo u:object_r:logo_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect1 u:object_r:protect1_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect2 u:object_r:protect2_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/cache u:object_r:cache_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/recovery u:object_r:recovery_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/mmcblk1 u:object_r:mmc_device:s0
|
||||
/dev/block/zram0(/.*)? u:object_r:swap_block_device:s0
|
||||
# Sysfs nodes
|
||||
/sys/devices/virtual/gpsdrv(/.*)? u:object_r:sysfs_gps_file:s0
|
||||
/sys/kernel/ccci(/.*)? u:object_r:sysfs_ccci:s0
|
||||
/sys/bus/platform/drivers/dev_info/dev_info u:object_r:sysfs_devinfo:s0
|
||||
/sys/devices/platform/mtk_disp_mgr.0/rgb u:object_r:livedisplay_sysfs:s0
|
||||
/sys/bus/platform/drivers/msensor/daemon u:object_r:msensord_daemon_sysfs:s0
|
||||
/sys/bus/platform/drivers/gyroscope/gyro_orientation u:object_r:gyro_orientation_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor u:object_r:perf_control_sysfs:s0
|
||||
/sys/block/mmcblk0/queue/scheduler u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/.*/queue/scheduler u:object_r:perf_control_sysfs:s0
|
||||
|
||||
## Config/Runtime files ##
|
||||
/data/agps_supl(/.*)? u:object_r:agpsd_data_file:s0
|
||||
/data/app/cache.dat u:object_r:mnld_data_file:s0
|
||||
/data/gps_mnl(/.*)? u:object_r:mnld_data_file:s0
|
||||
/data/misc/gps(/.*)? u:object_r:mnld_data_file:s0
|
||||
/data/misc/GPS_CHIP.cfg u:object_r:mnld_data_file:s0
|
||||
/data/misc/gps.conf u:object_r:mnld_data_file:s0
|
||||
/data/misc/mnl_nlp.dat u:object_r:mnld_data_file:s0
|
||||
/data/misc/akmd_set.txt u:object_r:akmd_access_file1:s0
|
||||
/data/misc/PDC.ini u:object_r:akmd_access_file2:s0
|
||||
/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
|
||||
/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0
|
||||
/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
|
||||
/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
|
||||
/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0
|
||||
/data/.tp(/.*)? u:object_r:thermal_manager_data_file:s0
|
||||
/data/@btmtk(/.*)? u:object_r:bt_data_file:s0
|
||||
/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0
|
||||
/data/misc/sensor(/.*)? u:object_r:sensor_data_file:s0
|
||||
/data/misc/wpa_supplicant(/.*)? u:object_r:wpa_supplicant_data_file:s0
|
||||
/data/nvram(/.*)? u:object_r:nvram_data_file:s0
|
||||
/nvdata(/.*)? u:object_r:nvdata_file:s0
|
||||
# Config/Runtime files
|
||||
/data/agps_supl(/.*)? u:object_r:agpsd_data_file:s0
|
||||
/data/misc/akmd_set.txt u:object_r:akmd_access_file1:s0
|
||||
/data/misc/PDC.ini u:object_r:akmd_access_file2:s0
|
||||
/data/app/cache.dat u:object_r:mnld_data_file:s0
|
||||
/data/gps_mnl(/.*)? u:object_r:mnld_data_file:s0
|
||||
/data/misc/gps(/.*)? u:object_r:mnld_data_file:s0
|
||||
/data/misc/GPS_CHIP.cfg u:object_r:mnld_data_file:s0
|
||||
/data/misc/gps.conf u:object_r:mnld_data_file:s0
|
||||
/data/misc/mnl_nlp.dat u:object_r:mnld_data_file:s0
|
||||
/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
|
||||
/data/log_temp(/.*)? u:object_r:logmisc_data_file:s0
|
||||
/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
|
||||
/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
|
||||
/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0
|
||||
/data/.tp(/.*)? u:object_r:thermal_manager_data_file:s0
|
||||
|
|
|
|||
|
|
@ -1,11 +1,3 @@
|
|||
# Fsck
|
||||
# Nvram / Nvdata
|
||||
allow fsck nvdata_device:blk_file rw_file_perms;
|
||||
|
||||
allow fsck protect1_device:blk_file rw_file_perms;
|
||||
allow fsck protect2_device:blk_file rw_file_perms;
|
||||
|
||||
|
||||
# Mtk fix
|
||||
allow fsck platformblk_device:blk_file { getattr ioctl open read write };
|
||||
allow fsck platformblk_device:dir search;
|
||||
allow fsck protect1_device:blk_file rw_file_perms;
|
||||
allow fsck protect2_device:blk_file rw_file_perms;
|
||||
allow fsck nvdata_device:blk_file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# Mtk sdcardfs fix
|
||||
allow fsck_untrusted voldblk_device:blk_file { open read write };
|
||||
|
|
@ -1,18 +1,7 @@
|
|||
# fuelgauged
|
||||
type fuelgauged_exec, exec_type, file_type;
|
||||
type fuelgauged, domain;
|
||||
type fuelgauged, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(fuelgauged)
|
||||
|
||||
allow fuelgauged fuelgauged:netlink_kobject_uevent_socket { write create bind read};
|
||||
allow fuelgauged fuelgauged:netlink_socket { create bind write read};
|
||||
|
||||
allow fuelgauged input_device:dir { search open read write };
|
||||
allow fuelgauged input_device:file { open read };
|
||||
|
||||
allow fuelgauged kmsg_device:chr_file { open write };
|
||||
allow fuelgauged mtk-adc-cali_device:chr_file { open ioctl read write };
|
||||
|
||||
allow fuelgauged rootfs:lnk_file { getattr };
|
||||
|
||||
allow fuelgauged system_data_file:dir { write add_name create setattr };
|
||||
allow fuelgauged self:netlink_socket create_socket_perms;
|
||||
allow fuelgauged kmsg_device:chr_file w_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
genfscon proc /driver/thermal u:object_r:proc_thermal:s0
|
||||
genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0
|
||||
genfscon proc /mtktz u:object_r:proc_mtktz:s0
|
||||
genfscon proc /lk_env u:object_r:proc_lk_env:s0
|
||||
genfscon proc /driver/storage_logger u:object_r:proc_slogger:s0
|
||||
genfscon proc /driver/icusb u:object_r:proc_icusb:s0
|
||||
genfscon iso9660 / u:object_r:iso9660:s0
|
||||
genfscon proc /driver/thermal u:object_r:proc_thermal:s0
|
||||
genfscon proc /driver/wmt u:object_r:proc_wmt:s0
|
||||
genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0
|
||||
genfscon proc /mtktz u:object_r:proc_mtktz:s0
|
||||
|
|
|
|||
|
|
@ -1,27 +1,18 @@
|
|||
# gsm0710muxd
|
||||
type gsm0710muxd_exec, exec_type, file_type;
|
||||
type gsm0710muxd, domain;
|
||||
type gsm0710muxd, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(gsm0710muxd)
|
||||
|
||||
allow gsm0710muxd ctl_rildaemon_prop:property_service set;
|
||||
allow gsm0710muxd ctl_ril-daemon-mtk_prop:property_service set;
|
||||
allow gsm0710muxd gsm0710muxd_device:chr_file rw_file_perms;
|
||||
allow gsm0710muxd radio_device:dir w_dir_perms;
|
||||
allow gsm0710muxd radio_device:lnk_file create_file_perms;
|
||||
allow gsm0710muxd devpts:chr_file setattr;
|
||||
allow gsm0710muxd self:capability { setuid fowner chown };
|
||||
allow gsm0710muxd sysfs_ccci:dir search;
|
||||
allow gsm0710muxd sysfs_ccci:file r_file_perms;
|
||||
|
||||
allow gsm0710muxd devpts:chr_file setattr;
|
||||
allow gsm0710muxd device:dir { add_name remove_name write };
|
||||
allow gsm0710muxd device:lnk_file { create_file_perms unlink };
|
||||
allow gsm0710muxd ctl_rildaemon_prop:property_service set;
|
||||
allow gsm0710muxd radio_prop:property_service set;
|
||||
allow gsm0710muxd ril_mux_report_case_prop:property_service set;
|
||||
|
||||
allow gsm0710muxd gsm0710muxd_device:chr_file { open read write };
|
||||
allow gsm0710muxd gsm0710muxd_prop:file r_file_perms;
|
||||
allow gsm0710muxd gsm0710muxd_prop:property_service set;
|
||||
|
||||
allow gsm0710muxd persist_ril_prop:file { read open getattr };
|
||||
|
||||
allow gsm0710muxd rootfs:lnk_file { getattr };
|
||||
|
||||
allow gsm0710muxd self:capability { chown fowner setuid };
|
||||
allow gsm0710muxd sysfs:file { read open };
|
||||
|
||||
# Socket
|
||||
allow gsm0710muxd init:unix_stream_socket connectto;
|
||||
allow gsm0710muxd property_socket:sock_file write;
|
||||
unix_socket_connect(gsm0710muxd, property, init)
|
||||
|
|
|
|||
|
|
@ -1,9 +1 @@
|
|||
# healthd
|
||||
allow healthd app_data_file:file write;
|
||||
allow healthd device:dir {open read write};
|
||||
|
||||
allow healthd self:capability dac_override;
|
||||
allow healthd sysfs_vcorefs_pwrctrl:file write;
|
||||
|
||||
# Socket
|
||||
allow healthd mtkrild:unix_stream_socket connectto;
|
||||
allow healthd device:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
# hostapd
|
||||
allow hostapd system_wpa_socket:sock_file write;
|
||||
dontaudit hostapd kernel:system module_request;
|
||||
|
||||
# Mtk
|
||||
allow hostapd unlabeled:file read;
|
||||
|
||||
# Nougat
|
||||
allow hostapd wifi_data_file:sock_file write;
|
||||
|
|
@ -1,26 +1,7 @@
|
|||
# init
|
||||
# Nvram / Nvdata
|
||||
allow init nvram_data_file:dir { write search setattr read create open add_name };
|
||||
allow init nvdata_file:dir { write search setattr read create open add_name };
|
||||
allow init ccci_device:chr_file { write ioctl };
|
||||
allow init devpts:chr_file ioctl;
|
||||
|
||||
# Allow init to format formattable partitions…partitions
|
||||
allow init nvdata_device:blk_file write;
|
||||
allow init protect1_device:blk_file write;
|
||||
allow init protect2_device:blk_file write;
|
||||
|
||||
allow init platformblk_device:blk_file setattr;
|
||||
|
||||
# Debugfs
|
||||
allow init debugfs:dir mounton;
|
||||
allow init debugfs:file write;
|
||||
|
||||
# Gestures
|
||||
allow init gesture_sysfs:file setattr;
|
||||
|
||||
# Mtk fix
|
||||
allow init tmpfs:lnk_file create;
|
||||
allow init wmtWifi_device:chr_file write;
|
||||
|
||||
# Nougat
|
||||
allow init loop_device:blk_file { write };
|
||||
allow init block_device:lnk_file setattr;
|
||||
|
|
|
|||
|
|
@ -1,15 +1,6 @@
|
|||
# kernel
|
||||
# Nvram / Nvdata
|
||||
allow kernel nvdata_file:dir search;
|
||||
allow kernel nvdata_file:file { open read };
|
||||
allow kernel nvdata_file:dir search;
|
||||
allow kernel nvdata_file:file r_file_perms;
|
||||
allow kernel self:capability dac_override;
|
||||
allow kernel wifi_data_file:dir search;
|
||||
allow kernel wifi_data_file:file r_file_perms;
|
||||
|
||||
allow kernel block_device:blk_file { read write };
|
||||
allow kernel loop_device:blk_file { read };
|
||||
|
||||
allow kernel platformblk_device:blk_file { open read write };
|
||||
|
||||
allow kernel wifi_data_file:dir search;
|
||||
allow kernel wifi_data_file:file { open read };
|
||||
|
||||
# Mtk fix
|
||||
allow kernel self:capability dac_override;
|
||||
|
|
|
|||
|
|
@ -1,27 +1,25 @@
|
|||
# kpoc_charger
|
||||
type kpoc_charger, domain, domain_deprecated;
|
||||
type kpoc_charger_exec, exec_type, file_type;
|
||||
type kpoc_charger, domain;
|
||||
|
||||
init_daemon_domain(kpoc_charger)
|
||||
|
||||
allow kpoc_charger block_device:dir search;
|
||||
allow kpoc_charger logo_block_device:blk_file r_file_perms;
|
||||
allow kpoc_charger platformblk_device:dir search;
|
||||
allow kpoc_charger platformblk_device:blk_file { open read };
|
||||
|
||||
allow kpoc_charger alarm_device:chr_file write;
|
||||
allow kpoc_charger graphics_device:dir search;
|
||||
allow kpoc_charger graphics_device:chr_file { read write ioctl open };
|
||||
allow kpoc_charger input_device:dir { open read search };
|
||||
allow kpoc_charger input_device:chr_file { open read write ioctl };
|
||||
allow kpoc_charger kmsg_device:chr_file { write open };
|
||||
allow kpoc_charger rtc_device:chr_file { open read write };
|
||||
|
||||
allow kpoc_charger self:netlink_kobject_uevent_socket { create bind read setopt };
|
||||
allow kpoc_charger self:capability { dac_override net_admin sys_boot sys_nice };
|
||||
|
||||
allow kpoc_charger sysfs:file { open read write };
|
||||
|
||||
# Socket
|
||||
allow kpoc_charger init:unix_stream_socket connectto;
|
||||
allow kpoc_charger property_socket:sock_file write;
|
||||
allow kpoc_charger self:capability sys_nice;
|
||||
allow kpoc_charger self:capability net_admin;
|
||||
allow kpoc_charger self:capability dac_override;
|
||||
allow kpoc_charger self:netlink_kobject_uevent_socket { create bind read setopt };
|
||||
allow kpoc_charger sysfs:file write;
|
||||
allow kpoc_charger graphics_device:chr_file { read write ioctl open };
|
||||
allow kpoc_charger kmsg_device:chr_file { write open };
|
||||
allow kpoc_charger logo_block_device:blk_file { read open };
|
||||
allow kpoc_charger rtc_device:chr_file { open read write };
|
||||
allow kpoc_charger init:unix_stream_socket connectto;
|
||||
allow healthd self:capability dac_override;
|
||||
allow healthd app_data_file:file write;
|
||||
allow healthd device:dir {open read write};
|
||||
allow kpoc_charger self:capability sys_boot;
|
||||
allow kpoc_charger alarm_device:chr_file write;
|
||||
|
|
@ -1,12 +1,11 @@
|
|||
# md_ctrl
|
||||
type md_ctrl_exec, exec_type, file_type;
|
||||
type md_ctrl, domain;
|
||||
type md_ctrl, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(md_ctrl)
|
||||
|
||||
allow md_ctrl ccci_device:chr_file { read write ioctl open };
|
||||
allow md_ctrl devpts:chr_file { read write getattr open ioctl };
|
||||
allow md_ctrl muxreport_exec:file { read execute open execute_no_trans };
|
||||
allow md_ctrl ccci_device:chr_file rw_file_perms;
|
||||
allow md_ctrl devpts:chr_file rw_file_perms;
|
||||
allow md_ctrl muxreport_exec:file rx_file_perms;
|
||||
allow md_ctrl self:capability dac_override;
|
||||
|
||||
set_prop(md_ctrl,vold_encryption_type_prop);
|
||||
|
|
|
|||
|
|
@ -1,13 +1,15 @@
|
|||
# Mediacodec
|
||||
# Nvram / Nvdata
|
||||
# nvram
|
||||
allow mediacodec nvdata_file:dir rw_dir_perms;
|
||||
allow mediacodec nvdata_file:file create_file_perms;
|
||||
allow mediacodec ccci_device:chr_file rw_file_perms;
|
||||
|
||||
allow mediacodec proc:file { getattr ioctl open read };
|
||||
allow mediacodec proc_meminfo:file { getattr open read };
|
||||
allow mediacodec Vcodec_device:chr_file { ioctl open read write };
|
||||
|
||||
allow mediacodec mtk_smi_device:chr_file { ioctl open read };
|
||||
allow mediacodec proc:file { getattr ioctl open read };
|
||||
# video codec
|
||||
allow mediacodec Vcodec_device:chr_file rw_file_perms;
|
||||
allow mediacodec devmap_device:chr_file { ioctl r_file_perms };
|
||||
allow mediacodec mtk_smi_device:chr_file { ioctl read open };
|
||||
allow mediacodec proc:file { open read ioctl };
|
||||
allow mediacodec sysfs:file { open read write };
|
||||
allow mediacodec sysfs_devinfo:file { open read write };
|
||||
|
||||
# M4U
|
||||
allow mediacodec M4U_device_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# Mtk sn
|
||||
allow mediadrmserver serial_number_prop:file { getattr open read };
|
||||
|
|
@ -1,9 +1,7 @@
|
|||
# Mediaserver
|
||||
# Nvram / Nvdata
|
||||
# nvram
|
||||
allow mediaserver nvdata_file:dir rw_dir_perms;
|
||||
allow mediaserver nvdata_file:file create_file_perms;
|
||||
|
||||
# Bt
|
||||
allow mediaserver bt_data_file:file read;
|
||||
|
||||
allow mediaserver ccci_device:chr_file rw_file_perms;
|
||||
|
||||
# PQ
|
||||
allow mediaserver pq_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
# meizupshelper
|
||||
type meizu_ps_calibration_trigger, file_type;
|
||||
type meizupshelper_exec, exec_type, file_type;
|
||||
type meizupshelper, domain;
|
||||
init_daemon_domain(meizupshelper)
|
||||
|
||||
allow meizu_ps_calibration_trigger sysfs:filesystem { associate };
|
||||
allow ueventd meizu_ps_calibration_trigger:file { getattr };
|
||||
allow meizupshelper self:capability { dac_override };
|
||||
allow meizupshelper meizu_ps_calibration_trigger:file { rw_file_perms };
|
||||
|
|
@ -1,98 +1,45 @@
|
|||
# meta_tst
|
||||
type meta_tst_exec, exec_type, file_type;
|
||||
type meta_tst, domain;
|
||||
type meta_tst, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(meta_tst)
|
||||
|
||||
allow meta_tst audio_device:chr_file { read write ioctl open };
|
||||
allow meta_tst audio_device:dir search;
|
||||
allow meta_tst nvram_data_file:dir search;
|
||||
allow meta_tst audiohal_prop:property_service set;
|
||||
allow meta_tst ccci_device:chr_file { read write ioctl open };
|
||||
allow meta_tst graphics_device:chr_file { read write ioctl open };
|
||||
allow meta_tst graphics_device:dir search;
|
||||
allow meta_tst mdlog_device:chr_file { read write open };
|
||||
allow meta_tst ccci_device:chr_file rw_file_perms;
|
||||
allow meta_tst serial_device:chr_file rw_file_perms;
|
||||
allow meta_tst mdlog_device:chr_file rw_file_perms;
|
||||
|
||||
allow meta_tst nvdata_file:dir create_dir_perms;
|
||||
allow meta_tst nvdata_file:file create_file_perms;
|
||||
|
||||
allow meta_tst nvdata_device:blk_file rw_file_perms;
|
||||
allow meta_tst nvdata_file:dir { write read open add_name remove_name search create getattr setattr };
|
||||
allow meta_tst nvdata_file:file { setattr read create write getattr unlink open append };
|
||||
allow meta_tst nvram_device:chr_file { read write open ioctl };
|
||||
allow meta_tst nvram_data_file:dir { write read open add_name remove_name search create getattr setattr };
|
||||
allow meta_tst nvram_data_file:file { setattr read create write getattr unlink open append };
|
||||
allow meta_tst nvram_data_file:lnk_file read;
|
||||
allow meta_tst nvram_device:blk_file rw_file_perms;
|
||||
allow meta_tst proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
allow meta_tst platformblk_device:blk_file { read write open };
|
||||
allow meta_tst platformblk_device:dir search;
|
||||
allow meta_tst port:tcp_socket { name_connect name_bind };
|
||||
allow meta_tst rootfs:file entrypoint;
|
||||
allow meta_tst rtc_device:chr_file { read ioctl open };
|
||||
allow meta_tst self:capability {chown dac_override fowner fsetid ipc_lock net_admin net_raw sys_admin sys_boot sys_nice };
|
||||
|
||||
allow meta_tst self:tcp_socket { create connect setopt bind };
|
||||
allow meta_tst self:udp_socket { create ioctl };
|
||||
allow meta_tst stpbt_device:chr_file { read write open };
|
||||
allow meta_tst sysfs:file write;
|
||||
allow meta_tst system_data_file:dir { write remove_name add_name };
|
||||
allow meta_tst system_data_file:sock_file { create setattr unlink write };
|
||||
|
||||
allow meta_tst ttyGS_device:chr_file { read write ioctl open };
|
||||
allow meta_tst wmtWifi_device:chr_file { write open };
|
||||
allow meta_tst als_ps_device:chr_file { read ioctl open };
|
||||
allow meta_tst camera_isp_device:chr_file { read write ioctl open };
|
||||
allow meta_tst camera_sysram_device:chr_file { read ioctl open };
|
||||
allow meta_tst gsensor_device:chr_file { read ioctl open };
|
||||
allow meta_tst kd_camera_flashlight_device:chr_file { read write ioctl open };
|
||||
allow meta_tst kd_camera_hw_device:chr_file { read write ioctl open };
|
||||
allow meta_tst msensor_device:chr_file { read ioctl open };
|
||||
allow meta_tst sysfs_wake_lock:file { read write open };
|
||||
allow meta_tst system_file:file execute_no_trans;
|
||||
allow meta_tst MT_pmic_adc_cali_device:chr_file { read write ioctl open };
|
||||
allow meta_tst block_device:dir search;
|
||||
allow meta_tst gyroscope_device:chr_file { read ioctl open };
|
||||
allow meta_tst mnld_exec:file { execute read open };
|
||||
allow meta_tst ttyMT_device:chr_file { read write ioctl open };
|
||||
allow meta_tst mnld_exec:file execute_no_trans;
|
||||
allow meta_tst mnld_device:chr_file { open read write ioctl };
|
||||
allow meta_tst property_socket:sock_file write;
|
||||
allow meta_tst vold_socket:sock_file write;
|
||||
allow meta_tst init:unix_stream_socket connectto;
|
||||
allow meta_tst vold:unix_stream_socket connectto;
|
||||
allow meta_tst gps_device:chr_file { read write open };
|
||||
allow meta_tst mnld_prop:property_service set;
|
||||
allow meta_tst agpsd_data_file:dir search;
|
||||
allow meta_tst self:tcp_socket { bind setopt listen accept read write };
|
||||
allow meta_tst agpsd_data_file:sock_file write;
|
||||
allow meta_tst node:tcp_socket node_bind;
|
||||
allow meta_tst powerctl_prop:property_service set;
|
||||
allow meta_tst labeledfs:filesystem unmount;
|
||||
allow meta_tst platformblk_device:blk_file { getattr ioctl };
|
||||
allow meta_tst shell_exec:file execute;
|
||||
|
||||
allow meta_tst persist_data_file:dir { create setattr write add_name search};
|
||||
allow meta_tst persist_data_file:file { read write create open getattr setattr};
|
||||
|
||||
allow meta_tst devmap_device:chr_file { open read write ioctl };
|
||||
allow meta_tst camera_pipemgr_device:chr_file { open read write ioctl };
|
||||
allow meta_tst mtk_smi_device:chr_file { open read write ioctl };
|
||||
allow meta_tst tmpfs:lnk_file read;
|
||||
|
||||
allow meta_tst shell_exec:file { read open execute_no_trans };
|
||||
allow meta_tst system_data_file:dir create;
|
||||
|
||||
allow meta_tst misc_device:chr_file { read write open };
|
||||
allow meta_tst proc_lk_env:file { read write ioctl open };
|
||||
|
||||
allow meta_tst ttyACM_device:chr_file { read write ioctl open };
|
||||
|
||||
allow meta_tst block_device:blk_file getattr;
|
||||
allow meta_tst shell_exec:file { read open };
|
||||
|
||||
allow meta_tst proinfo_device:chr_file rw_file_perms;
|
||||
|
||||
allow meta_tst ttySDIO_device:chr_file { read write ioctl open };
|
||||
|
||||
# Gps
|
||||
allow meta_tst sysfs_gps_file:dir search;
|
||||
allow meta_tst sysfs_gps_file:file rw_file_perms;
|
||||
|
||||
# m2note
|
||||
allow mediaserver BU64245_device:chr_file { read write ioctl open };
|
||||
allow meta_tst gps_device:chr_file { read write open };
|
||||
allow meta_tst agpsd_data_file:dir search;
|
||||
allow meta_tst agpsd_data_file:sock_file write;
|
||||
allow meta_tst gps_data_file:file create_file_perms;
|
||||
allow meta_tst gps_data_file:dir rw_dir_perms;
|
||||
|
||||
allow meta_tst mnld_exec:file { execute read open };
|
||||
allow meta_tst mnld_exec:file execute_no_trans;
|
||||
allow meta_tst stpgps_device:chr_file { open read write ioctl };
|
||||
allow meta_tst mnld_prop:property_service set;
|
||||
allow meta_tst mnld_data_file:file create_file_perms;
|
||||
allow meta_tst mnld_data_file:dir rw_dir_perms;
|
||||
|
||||
# For GPS
|
||||
allow meta_tst port:tcp_socket { name_connect name_bind };
|
||||
allow meta_tst self:tcp_socket { create connect setopt bind };
|
||||
allow meta_tst self:tcp_socket { bind setopt listen accept read write };
|
||||
allow meta_tst node:tcp_socket node_bind;
|
||||
|
||||
|
||||
allow meta_tst sysfs:file write;
|
||||
|
||||
allow meta_tst powerctl_prop:property_service set;
|
||||
unix_socket_connect(meta_tst, property, init)
|
||||
|
||||
allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner dac_override sys_admin };
|
||||
|
|
|
|||
|
|
@ -1,74 +1,45 @@
|
|||
# mnld
|
||||
type mnld, domain;
|
||||
type mnld_exec, exec_type, file_type;
|
||||
type mnld, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(mnld)
|
||||
net_domain(mnld)
|
||||
|
||||
# Nvram / Nvdata
|
||||
allow mnld nvram_data_file:dir create_dir_perms;
|
||||
allow mnld nvram_data_file:file create_file_perms;
|
||||
allow mnld nvram_data_file:lnk_file read;
|
||||
allow mnld gps_device:chr_file rw_file_perms;
|
||||
allow mnld stpgps_device:chr_file rw_file_perms;
|
||||
|
||||
allow mnld nvram_device:blk_file { open read write };
|
||||
allow mnld nvram_device:chr_file{ ioctl open read write};
|
||||
|
||||
allow mnld nvdata_file:dir create_dir_perms;
|
||||
allow mnld nvdata_file:file create_file_perms;
|
||||
allow mnld gps_data_file:dir create_dir_perms;
|
||||
allow mnld gps_data_file:file create_file_perms;
|
||||
|
||||
allow mnld agpsd_data_file:dir create_dir_perms;
|
||||
allow mnld agpsd_data_file:sock_file create_file_perms;
|
||||
|
||||
allow mnld mtk_agpsd:unix_dgram_socket sendto;
|
||||
|
||||
allow mnld sysfs:file rw_file_perms;
|
||||
allow mnld sysfs_wake_lock:file rw_file_perms;
|
||||
allow mnld mnld_data_file:dir rw_dir_perms;
|
||||
allow mnld mnld_data_file:sock_file create_file_perms;
|
||||
allow mnld mnld_data_file:file create_file_perms;
|
||||
|
||||
allow mnld nvdata_file:dir rw_dir_perms;
|
||||
allow mnld nvdata_file:file create_file_perms;
|
||||
allow mnld nvram_device:blk_file rw_file_perms;
|
||||
|
||||
allow mnld sysfs_gps_file:dir search;
|
||||
allow mnld sysfs_gps_file:file rw_file_perms;
|
||||
|
||||
allow mnld mnld_data_file:dir rw_dir_perms;
|
||||
allow mnld mnld_data_file:sock_file create_file_perms;
|
||||
allow mnld mnld_device:chr_file rw_file_perms;
|
||||
allow mnld mnld_prop:property_service set;
|
||||
allow mnld property_socket:sock_file write;
|
||||
|
||||
allow mnld gps_device:chr_file rw_file_perms;
|
||||
allow mnld init:unix_stream_socket connectto;
|
||||
allow mnld property_socket:sock_file rw_file_perms;
|
||||
allow mnld system_server:unix_dgram_socket { sendto write };
|
||||
|
||||
allow mnld system_data_file:dir rw_dir_perms;
|
||||
allow mnld system_data_file:dir create_dir_perms;
|
||||
allow mnld system_data_file:sock_file create_file_perms;
|
||||
allow mnld system_server:unix_dgram_socket sendto;
|
||||
allow mnld fuse:dir create_dir_perms;
|
||||
allow mnld fuse:file create_file_perms;
|
||||
|
||||
allow mnld block_device:dir search;
|
||||
allow mnld platformblk_device:dir search;
|
||||
allow mnld platformblk_device:blk_file rw_file_perms;
|
||||
|
||||
allow mnld init:udp_socket { read write };
|
||||
allow mnld mdlog_device:chr_file { read write };
|
||||
allow mnld self:capability { fsetid dac_override };
|
||||
allow mnld stpbt_device:chr_file { read write };
|
||||
allow mnld ttyGS_device:chr_file { read write };
|
||||
|
||||
allow mnld fuse:file { create rw_file_perms };
|
||||
allow mnld fuse:dir { add_name create open search read remove_name write };
|
||||
|
||||
allow mnld tmpfs:lnk_file { read create open };
|
||||
allow mnld tmpfs:dir search;
|
||||
|
||||
allow mnld platform_app:unix_stream_socket connectto;
|
||||
|
||||
# Nougat
|
||||
allow mnld wmt_prop:file r_file_perms;
|
||||
allow mnld rootfs:lnk_file { getattr };
|
||||
|
||||
# Mtk
|
||||
allow mnld media_rw_data_file:dir { open read search };
|
||||
allow mnld mnt_user_file:dir search;
|
||||
allow mnld mnt_user_file:lnk_file read;
|
||||
allow mnld storage_file:dir search;
|
||||
allow mnld storage_file:lnk_file read;
|
||||
|
||||
# SdcardFS
|
||||
allow mnld sdcardfs:dir search;
|
||||
allow mnld mdlog_device:chr_file { read write };
|
||||
|
||||
allow mnld block_device:dir search;
|
||||
|
||||
file_type_auto_trans(mnld,system_data_file,mnld_data_file);
|
||||
file_type_auto_trans(mnld,apk_data_file,mnld_data_file);
|
||||
|
|
|
|||
|
|
@ -1,13 +1,10 @@
|
|||
# msensord
|
||||
type msensord_exec, exec_type, file_type;
|
||||
type msensord, domain;
|
||||
type msensord, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(msensord)
|
||||
|
||||
allow msensord msensord_daemon:file r_file_perms;
|
||||
allow msensord ctl_msensord_prop:property_service set;
|
||||
allow msensord ctl_akmd09911_prop:property_service set;
|
||||
allow msensord msensord_daemon_sysfs:file r_file_perms;
|
||||
|
||||
allow msensord rootfs:lnk_file { getattr };
|
||||
allow msensord ctl_akmd09911_prop:property_service set;
|
||||
|
||||
unix_socket_connect(msensord,property,init)
|
||||
unix_socket_connect(msensord, property, init)
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
# mtk_6620_launcher
|
||||
type mtk_6620_launcher_exec, exec_type, file_type;
|
||||
type mtk_6620_launcher, domain;
|
||||
|
||||
allow mtk_6620_launcher stpwmt_device:chr_file rw_file_perms;
|
||||
allow mtk_6620_launcher devpts:chr_file rw_file_perms;
|
||||
|
||||
allow mtk_6620_launcher wmt_prop:property_service set;
|
||||
allow mtk_6620_launcher wmt_prop:file r_file_perms;
|
||||
|
||||
allow mtk_6620_launcher system_file:dir { read open };
|
||||
allow mtk_6620_launcher rootfs:lnk_file { getattr };
|
||||
|
||||
# Socket
|
||||
allow mtk_6620_launcher init:unix_stream_socket connectto;
|
||||
allow mtk_6620_launcher property_socket:sock_file write;
|
||||
init_daemon_domain(mtk_6620_launcher)
|
||||
|
||||
|
|
@ -1,31 +1,21 @@
|
|||
# mtk_agpsd
|
||||
type mtk_agpsd_exec, exec_type, file_type;
|
||||
type mtk_agpsd, domain;
|
||||
type mtk_agpsd, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(mtk_agpsd)
|
||||
net_domain(mtk_agpsd)
|
||||
|
||||
allow mtk_agpsd mnld:unix_dgram_socket sendto;
|
||||
allow mtk_agpsd agps_device:chr_file rw_file_perms;
|
||||
allow mtk_agpsd agpsd_data_file:dir create_dir_perms;
|
||||
allow mtk_agpsd agpsd_data_file:file create_file_perms;
|
||||
allow mtk_agpsd agpsd_data_file:sock_file create_file_perms;
|
||||
allow mtk_agpsd gps_device:chr_file rw_file_perms;
|
||||
allow mtk_agpsd self:udp_socket create;
|
||||
|
||||
allow mtk_agpsd storage_file:dir search;
|
||||
allow mtk_agpsd storage_file:lnk_file read;
|
||||
|
||||
allow mtk_agpsd ttySDIO_device:chr_file create_file_perms;
|
||||
allow mtk_agpsd tmpfs:lnk_file create_file_perms;
|
||||
allow mtk_agpsd ccci_device:chr_file create_file_perms;
|
||||
allow mtk_agpsd storage_file:lnk_file create_file_perms;
|
||||
allow mtk_agpsd mnt_user_file:dir create_dir_perms;
|
||||
allow mtk_agpsd mnt_user_file:lnk_file create_file_perms;
|
||||
allow mtk_agpsd rootfs:lnk_file { getattr };
|
||||
|
||||
allow mtk_agpsd fuse:dir create_dir_perms;
|
||||
allow mtk_agpsd fuse:file create_file_perms;
|
||||
|
||||
# Mtk
|
||||
allow mtk_agpsd media_rw_data_file:dir { open read search };
|
||||
allow mtk_agpsd storage_file:dir search;
|
||||
allow mtk_agpsd tmpfs:dir search;
|
||||
|
||||
# SdcardFS
|
||||
allow mtk_agpsd sdcardfs:dir search;
|
||||
unix_socket_send(mtk_agpsd, mnld, mnld);
|
||||
|
|
|
|||
|
|
@ -1,84 +0,0 @@
|
|||
# mtkrild
|
||||
type mtkrild_exec, exec_type, file_type;
|
||||
type mtkrild, domain;
|
||||
|
||||
init_daemon_domain(mtkrild)
|
||||
|
||||
net_domain(mtkrild)
|
||||
allow mtkrild self:netlink_route_socket nlmsg_write;
|
||||
allow mtkrild kernel:system module_request;
|
||||
#unix_socket_connect(mtkrild, property, init)
|
||||
allow mtkrild self:capability { setuid net_admin net_raw };
|
||||
allow mtkrild alarm_device:chr_file rw_file_perms;
|
||||
allow mtkrild cgroup:dir create_dir_perms;
|
||||
allow mtkrild radio_device:chr_file rw_file_perms;
|
||||
allow mtkrild radio_device:blk_file r_file_perms;
|
||||
allow mtkrild mtd_device:dir search;
|
||||
allow mtkrild efs_file:dir create_dir_perms;
|
||||
allow mtkrild efs_file:file create_file_perms;
|
||||
allow mtkrild shell_exec:file rx_file_perms;
|
||||
allow mtkrild bluetooth_efs_file:file r_file_perms;
|
||||
allow mtkrild bluetooth_efs_file:dir r_dir_perms;
|
||||
allow mtkrild radio_data_file:dir rw_dir_perms;
|
||||
allow mtkrild radio_data_file:file create_file_perms;
|
||||
allow mtkrild sdcard_type:dir r_dir_perms;
|
||||
allow mtkrild system_data_file:dir r_dir_perms;
|
||||
allow mtkrild system_data_file:file r_file_perms;
|
||||
allow mtkrild system_file:file x_file_perms;
|
||||
allow mtkrild proc:file write;
|
||||
allow mtkrild proc_net:file write;
|
||||
|
||||
# property service
|
||||
allow mtkrild radio_prop:property_service set;
|
||||
allow mtkrild net_radio_prop:property_service set;
|
||||
allow mtkrild system_radio_prop:property_service set;
|
||||
allow mtkrild persist_ril_prop:property_service set;
|
||||
auditallow mtkrild net_radio_prop:property_service set;
|
||||
auditallow mtkrild system_radio_prop:property_service set;
|
||||
|
||||
# Read/Write to uart driver (for GPS)
|
||||
allow mtkrild gps_device:chr_file rw_file_perms;
|
||||
|
||||
allow mtkrild tty_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow mtkrild to create and use netlink sockets.
|
||||
allow mtkrild self:netlink_socket create_socket_perms;
|
||||
allow mtkrild self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
|
||||
# Access to wake locks
|
||||
wakelock_use(mtkrild)
|
||||
|
||||
allow mtkrild self:socket create_socket_perms;
|
||||
allow mtkrild Vcodec_device:chr_file { read write open };
|
||||
allow mtkrild devmap_device:chr_file { read ioctl open };
|
||||
allow mtkrild devpts:chr_file { read write open };
|
||||
allow mtkrild self:capability dac_override;
|
||||
|
||||
allow mtkrild ccci_device:chr_file { read write ioctl open };
|
||||
allow mtkrild devpts:chr_file ioctl;
|
||||
allow mtkrild misc_device:chr_file { read write open };
|
||||
allow mtkrild platformblk_device:blk_file { read write open };
|
||||
allow mtkrild proc_lk_env:file rw_file_perms;
|
||||
allow mtkrild sysfs_vcorefs_pwrctrl:file { open write };
|
||||
allow mtkrild ril_active_md_prop:property_service set;
|
||||
allow mtkrild ril_mux_report_case_prop:property_service set;
|
||||
allow mtkrild ctl_muxreport-daemon_prop:property_service set;
|
||||
allow mtkrild block_device:dir search;
|
||||
allow mtkrild platformblk_device:dir search;
|
||||
allow mtkrild platform_app:fd use;
|
||||
allow mtkrild radio:fd use;
|
||||
|
||||
# Mtk fix
|
||||
allow mtkrild init:unix_stream_socket connectto;
|
||||
allow mtkrild property_socket:sock_file write;
|
||||
|
||||
# Mtk sn
|
||||
allow mtkrild serial_number_prop:property_service set;
|
||||
|
||||
# Nougat
|
||||
allow mtkrild gsm0710muxd_prop:file { read open getattr };
|
||||
allow mtkrild persist_ril_prop:file { read open getattr };
|
||||
allow mtkrild proc:file { open read write };
|
||||
allow mtkrild ril_mux_report_case_prop:file { read open getattr };
|
||||
allow mtkrild sysfs:file { read open };
|
||||
allow mtkrild rootfs:lnk_file { getattr };
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
# muxreport
|
||||
type muxreport_exec, exec_type, file_type;
|
||||
type muxreport, domain;
|
||||
type muxreport, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(muxreport)
|
||||
|
||||
|
|
@ -10,9 +9,5 @@ allow muxreport init:unix_stream_socket connectto;
|
|||
allow muxreport property_socket:sock_file write;
|
||||
allow muxreport devpts:chr_file { read write getattr ioctl };
|
||||
allow muxreport self:capability dac_override;
|
||||
|
||||
# Nougat
|
||||
allow muxreport ril_mux_report_case_prop:file { read open getattr };
|
||||
allow muxreport persist_ril_prop:file { read open getattr };
|
||||
allow muxreport sysfs:file { read open };
|
||||
allow muxreport rootfs:lnk_file { getattr };
|
||||
allow muxreport sysfs_ccci:dir search;
|
||||
allow muxreport sysfs_ccci:file r_file_perms;
|
||||
|
|
@ -1,38 +1,2 @@
|
|||
# netd
|
||||
allow netd wmtWifi_device:chr_file { write open };
|
||||
|
||||
allow netd kernel:system module_request;
|
||||
allow netd self:capability { fsetid sys_module setgid setuid };
|
||||
|
||||
allow netd mtk_wifi_prop:property_service set;
|
||||
|
||||
allow netd platform_app:fd use;
|
||||
allow netd platform_app_tmpfs:file write;
|
||||
|
||||
allow netd ppp:process sigkill;
|
||||
|
||||
allow netd radvd_data_file:dir { read write search add_name remove_name};
|
||||
allow netd radvd_data_file:file { read write create open unlink};
|
||||
|
||||
allow netd self:capability { setuid net_bind_service setgid };
|
||||
|
||||
allow netd device:file { open write };
|
||||
|
||||
#============= netd ==============
|
||||
|
||||
allow netd isolated_app:fd use;
|
||||
allow netd isolated_app_tmpfs:file write;
|
||||
|
||||
allow netd untrusted_app:fd use;
|
||||
allow netd untrusted_app_tmpfs:file write;
|
||||
allow netd untrusted_app:unix_stream_socket { read write getopt setopt};
|
||||
|
||||
|
||||
allow netd radio_tmpfs:file write;
|
||||
|
||||
# Mtk fix
|
||||
allow netd unlabeled:file { getattr lock open read };
|
||||
|
||||
# Nougat
|
||||
allow netd wifi_data_file:dir { create setattr };
|
||||
allow netd wifi_data_file:sock_file { create setattr unlink };
|
||||
# Wifi
|
||||
allow netd wmtWifi_device:chr_file w_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,50 +1,24 @@
|
|||
# nvram_daemon
|
||||
type nvram_daemon_exec, exec_type, file_type;
|
||||
type nvram_daemon, domain;
|
||||
type nvram_daemon, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(nvram_daemon)
|
||||
|
||||
# Nvram / Nvdata
|
||||
allow nvram_daemon nvram_data_file:dir create_dir_perms;
|
||||
allow nvram_daemon nvram_data_file:file create_file_perms;
|
||||
allow nvram_daemon nvram_data_file:lnk_file read;
|
||||
allow nvram_daemon self:capability { fowner dac_override dac_read_search chown fsetid };
|
||||
allow nvram_daemon nvram_device:blk_file rw_file_perms;
|
||||
allow nvram_daemon nvdata_device:blk_file rw_file_perms;
|
||||
allow nvram_daemon nvdata_file:dir create_dir_perms;
|
||||
allow nvram_daemon nvdata_file:file create_file_perms;
|
||||
allow nvram_daemon nvram_device:blk_file rw_file_perms;
|
||||
allow nvram_daemon nvram_device:chr_file { read write open ioctl};
|
||||
allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
|
||||
allow nvram_daemon als_ps_device:chr_file r_file_perms;
|
||||
allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
|
||||
allow nvram_daemon gsensor_device:chr_file r_file_perms;
|
||||
allow nvram_daemon msensor_device:chr_file r_file_perms;
|
||||
allow nvram_daemon gyroscope_device:chr_file r_file_perms;
|
||||
|
||||
allow nvram_daemon proinfo_device:chr_file { read write open ioctl};
|
||||
allow nvram_daemon proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
allow nvram_daemon self:capability { chown dac_override dac_read_search fowner fsetid };
|
||||
allow nvram_daemon platformblk_device:blk_file rw_file_perms;
|
||||
|
||||
allow nvram_daemon system_prop:property_service set;
|
||||
|
||||
allow nvram_daemon shell_exec:file { x_file_perms read open };
|
||||
|
||||
allow nvram_daemon system_file:file execute_no_trans;
|
||||
|
||||
allow nvram_daemon als_ps_device:chr_file { read ioctl open };
|
||||
allow nvram_daemon mtk-adc-cali_device:chr_file { read write ioctl open };
|
||||
allow nvram_daemon gsensor_device:chr_file { read ioctl open };
|
||||
allow nvram_daemon gyroscope_device:chr_file { read ioctl open };
|
||||
allow nvram_daemon platformblk_device:dir search;
|
||||
|
||||
allow nvram_daemon sysfs:file write;
|
||||
|
||||
allow nvram_daemon system_data_file:dir {create write add_name};
|
||||
allow nvram_daemon nvram_prop:property_service set;
|
||||
allow nvram_daemon wmt_prop:property_service set;
|
||||
|
||||
allow nvram_daemon block_device:dir search;
|
||||
|
||||
# Nougat
|
||||
allow nvram_daemon sysfs:file { write read open };
|
||||
allow nvram_daemon rootfs:dir { read open };
|
||||
allow nvram_daemon rootfs:file r_file_perms;
|
||||
allow nvram_daemon rootfs:lnk_file { getattr };
|
||||
allow nvram_daemon toolbox_exec:file { r_file_perms execute execute_no_trans };
|
||||
|
||||
# Socket
|
||||
allow nvram_daemon init:unix_stream_socket connectto;
|
||||
allow nvram_daemon property_socket:sock_file write;
|
||||
unix_socket_connect(nvram_daemon, property, init)
|
||||
|
|
@ -1,18 +1,13 @@
|
|||
# pq
|
||||
type pq_exec, exec_type, file_type;
|
||||
type pq, domain;
|
||||
type pq, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(pq)
|
||||
|
||||
allow pq system_prop:property_service set;
|
||||
allow pq graphics_device:chr_file { read write open ioctl };
|
||||
binder_use(pq)
|
||||
binder_call(pq, binderservicedomain)
|
||||
binder_service(pq)
|
||||
|
||||
allow pq tmpfs:lnk_file read;
|
||||
allow pq pq_service:service_manager add;
|
||||
unix_socket_connect(pq, property, init)
|
||||
|
||||
# Nougat
|
||||
allow pq proc:file { read open ioctl };
|
||||
allow pq rootfs:lnk_file { getattr };
|
||||
|
||||
# Socket
|
||||
allow pq init:unix_stream_socket connectto;
|
||||
allow pq property_socket:sock_file write;
|
||||
allow pq pq_conf_prop:property_service set;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# Mtk sn
|
||||
allow priv_app serial_number_prop:file read;
|
||||
|
|
@ -1,118 +1,18 @@
|
|||
# property
|
||||
type mtk_default_prop, property_type;
|
||||
|
||||
neverallow { domain -init } default_prop:property_service set;
|
||||
neverallow { domain -init -system_server -system_app -recovery } ctl_default_prop:property_service set;
|
||||
|
||||
#=============allow ccci_mdinit to start gsm0710muxd==============
|
||||
type ctl_gsm0710muxd_prop, property_type;
|
||||
type ctl_gsm0710muxd-s_prop, property_type;
|
||||
type ctl_gsm0710muxd-d_prop, property_type;
|
||||
type ctl_gsm0710muxdmd2_prop, property_type;
|
||||
|
||||
#=============allow mtkrild to set persist.ril property==============
|
||||
type persist_ril_prop, property_type;
|
||||
#=============allow terserver to set terservice property==============
|
||||
type terservice_prop, property_type;
|
||||
#=============allow gsm0710muxd to set mux property==============
|
||||
type gsm0710muxd_prop, property_type;
|
||||
|
||||
#=============allow netlog running==============
|
||||
type debug_mtklog_prop, property_type;
|
||||
type persist_mtklog_prop, property_type;
|
||||
type debug_netlog_prop, property_type;
|
||||
#=============allow system_server to set media.wfd.*==============
|
||||
type media_wfd_prop, property_type;
|
||||
|
||||
#=============allow netd to set mtk_wifi.*=========================
|
||||
type mtk_wifi_prop, property_type;
|
||||
|
||||
#=============allow ccci_mdinit to stop rild==============
|
||||
type ctl_ril-daemon-mtk_prop, property_type;
|
||||
type ctl_ril-daemon-s_prop, property_type;
|
||||
type ctl_ril-daemon-d_prop, property_type;
|
||||
type ctl_ril-daemon-md2_prop, property_type;
|
||||
|
||||
#=============allow ccci_mdinit to start ccci_fsd==============
|
||||
type wmt_prop, property_type, mtk_property_type;
|
||||
type mtk_md_prop, property_type, mtk_property_type;
|
||||
type mnld_prop, property_type, mtk_property_type;
|
||||
type ctl_akmd09911_prop, property_type;
|
||||
type ctl_ccci_fsd_prop, property_type;
|
||||
type ctl_ccci2_fsd_prop, property_type;
|
||||
|
||||
#=============allow ccci_mdinit to start ccci_rpcd==============
|
||||
type ctl_ccci_rpcd_prop, property_type;
|
||||
type ctl_ccci2_rpcd_prop, property_type;
|
||||
|
||||
#=============allow ccci_mdinit to set ril_active_md_prop==============
|
||||
type ril_active_md_prop, property_type;
|
||||
|
||||
#=============allow ccci_mdinit to stop rild==============
|
||||
type ril_mux_report_case_prop, property_type;
|
||||
type ril_cdma_report_prop, property_type;
|
||||
|
||||
#=============allow ccci_mdinit to mtk_md_prop==============
|
||||
type mtk_md_prop, property_type;
|
||||
|
||||
#=============allow mtkrild to start muxreport==============
|
||||
type ctl_gsm0710muxd_prop, property_type;
|
||||
type ctl_gsm0710muxdmd2_prop, property_type;
|
||||
type ctl_muxreport-daemon_prop, property_type;
|
||||
|
||||
#=============allow ppp to set pppoe.ppp0==============
|
||||
type pppoe_ppp0_prop, property_type;
|
||||
|
||||
#=============allow rild to start pppd_via==============
|
||||
type ctl_pppd_via_prop, property_type;
|
||||
|
||||
#=============allow mediatek_prop ==============
|
||||
type mediatek_prop, property_type;
|
||||
|
||||
#=============allow bootanim==============
|
||||
type bootani_prop, property_type;
|
||||
|
||||
#=============allow mnld_prop==============
|
||||
type mnld_prop, property_type;
|
||||
|
||||
#=============allow audiohal==============
|
||||
type audiohal_prop, property_type;
|
||||
|
||||
#=============allow contrl ril3gd===========
|
||||
type ctl_ril3gd_prop, property_type;
|
||||
|
||||
#=============allow contrl zpppd_gprs===========
|
||||
type ctl_zpppdgprs_prop, property_type;
|
||||
|
||||
#=============allow DM==============
|
||||
type persist_dm_prop, property_type;
|
||||
type ctl_rbfota_prop, property_type;
|
||||
|
||||
#=============allow wmt==============
|
||||
type wmt_prop, property_type;
|
||||
|
||||
#============= permission_check ==============
|
||||
type persist_md_prop, property_type;
|
||||
|
||||
#=============allow statusd==============
|
||||
type net_cdma_mdmstat, property_type;
|
||||
type cdma_prop, property_type;
|
||||
|
||||
#=============allow saveLocale==============
|
||||
type save_locale_prop, property_type;
|
||||
|
||||
#=============allow bt==============
|
||||
type bt_prop, property_type;
|
||||
type persist_bt_prop, property_type;
|
||||
|
||||
#=============allow ccci_mdinit EVDO ==============
|
||||
type mtk_tele_prop, property_type;
|
||||
|
||||
#=============allow pppd ==============
|
||||
type pppd_gprs_prop, property_type;
|
||||
|
||||
#=============allow wifi offload deamon ==============
|
||||
type mtk_wod_prop, property_type;
|
||||
|
||||
type nvram_prop, property_type, mtk_property_type;
|
||||
type pq_conf_prop, property_type, mtk_property_type;
|
||||
type audiohal_prop, property_type, mtk_property_type;
|
||||
type ril_mux_report_case_prop, property_type, mtk_property_type;
|
||||
type ril_msim_power_prop, property_type, mtk_property_type;
|
||||
type ril_sim_inserted_status, property_type, mtk_property_type;
|
||||
type vold_encryption_type_prop, property_type;
|
||||
|
||||
# Sensors
|
||||
type ctl_msensord_prop, property_type;
|
||||
type ctl_akmd09911_prop, property_type;
|
||||
|
||||
# Mtk sn
|
||||
type serial_number_prop, property_type;
|
||||
# mtk sn
|
||||
type serial_number_prop, property_type, mtk_property_type;
|
||||
|
|
|
|||
|
|
@ -1,116 +1,26 @@
|
|||
# property_contexts
|
||||
#=============allow ccci_mdinit to start gsm0710muxd==============
|
||||
ctl.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0
|
||||
ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd-s_prop:s0
|
||||
ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd-d_prop:s0
|
||||
ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0
|
||||
|
||||
#=============allow mtkrild to set persist.ril property==============
|
||||
persist.ril u:object_r:persist_ril_prop:s0
|
||||
#=============allow terservice to set terservice property==============
|
||||
persist.ter u:object_r:terservice_prop:s0
|
||||
|
||||
#=============allow netlog==============
|
||||
#debug.mtklog.init.flag
|
||||
debug.mtklog u:object_r:debug_mtklog_prop:s0
|
||||
#persist.mtklog.log2sd.path
|
||||
persist.mtklog u:object_r:persist_mtklog_prop:s0
|
||||
#debug.netlog.stopreason
|
||||
debug.netlog u:object_r:debug_netlog_prop:s0
|
||||
|
||||
#=============allow system_server to set media.wfd.*==============
|
||||
media.wfd. u:object_r:media_wfd_prop:s0
|
||||
|
||||
#=============allow netd to set mtk_wifi.*========================
|
||||
mtk_wifi. u:object_r:mtk_wifi_prop:s0
|
||||
|
||||
#=============allow mux==============
|
||||
ril.mux. u:object_r:gsm0710muxd_prop:s0
|
||||
|
||||
#=============allow vold==============
|
||||
persist.vold. u:object_r:vold_prop:s0
|
||||
ctl.sdcard u:object_r:ctl_fuse_prop:s0
|
||||
|
||||
#=============allow mdinit==============
|
||||
ctl.ril-daemon-mtk u:object_r:ctl_ril-daemon-mtk_prop:s0
|
||||
ctl.ril-daemon-s u:object_r:ctl_ril-daemon-s_prop:s0
|
||||
ctl.ril-daemon-d u:object_r:ctl_ril-daemon-d_prop:s0
|
||||
ctl.ril-daemon-md2 u:object_r:ctl_ril-daemon-md2_prop:s0
|
||||
|
||||
ctl.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0
|
||||
ctl.ccci2_fsd u:object_r:ctl_ccci2_fsd_prop:s0
|
||||
ctl.ccci_rpcd u:object_r:ctl_ccci_rpcd_prop:s0
|
||||
ctl.ccci2_rpcd u:object_r:ctl_ccci2_rpcd_prop:s0
|
||||
service.wcn u:object_r:wmt_prop:s0
|
||||
persist.mtk.wcn u:object_r:wmt_prop:s0
|
||||
wlan.mtk.wifi.5g u:object_r:wmt_prop:s0
|
||||
mtk.md u:object_r:mtk_md_prop:s0
|
||||
gps.clock.type u:object_r:mnld_prop:s0
|
||||
gps.gps.version u:object_r:mnld_prop:s0
|
||||
ctl.akmd09911 u:object_r:ctl_akmd09911_prop:s0
|
||||
ctl.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0
|
||||
ctl.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0
|
||||
ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd_prop:s0
|
||||
ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd_prop:s0
|
||||
ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0
|
||||
ctl.muxreport-daemon u:object_r:ctl_muxreport-daemon_prop:s0
|
||||
|
||||
ril.active.md u:object_r:ril_active_md_prop:s0
|
||||
ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0
|
||||
ril.cdma.report u:object_r:ril_cdma_report_prop:s0
|
||||
|
||||
#=============allow pppd_via==============
|
||||
ctl.pppd_via u:object_r:ctl_pppd_via_prop:s0
|
||||
|
||||
#=============allow ppp to set pppoe.ppp0.*========================
|
||||
pppoe.ppp0. u:object_r:pppoe_ppp0_prop:s0
|
||||
|
||||
#=============allow mediatek_prop ==============
|
||||
mediatek. u:object_r:mediatek_prop:s0
|
||||
|
||||
#=============allow bootanim==============
|
||||
persist.bootanim. u:object_r:bootani_prop:s0
|
||||
|
||||
#=============allow mnld_prop ==============
|
||||
gps.clock.type u:object_r:mnld_prop:s0
|
||||
gps.gps.version u:object_r:mnld_prop:s0
|
||||
|
||||
#=============allow audiohal==============
|
||||
streamout. u:object_r:audiohal_prop:s0
|
||||
af. u:object_r:audiohal_prop:s0
|
||||
streamin. u:object_r:audiohal_prop:s0
|
||||
a2dp. u:object_r:audiohal_prop:s0
|
||||
persist.af. u:object_r:audiohal_prop:s0
|
||||
|
||||
#=============allow DM==============
|
||||
# persist.dm.lock
|
||||
persist.dm. u:object_r:persist_dm_prop:s0
|
||||
# dm fota
|
||||
ctl.rbfota u:object_r:ctl_rbfota_prop:s0
|
||||
|
||||
#=============allow wmt ==============
|
||||
persist.mtk.wcn u:object_r:wmt_prop:s0
|
||||
service.wcn u:object_r:wmt_prop:s0
|
||||
|
||||
#============= permission_check ==============
|
||||
#persist.md.perm.checked
|
||||
persist.md u:object_r:persist_md_prop:s0
|
||||
|
||||
#=============allow statusd==============
|
||||
net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0
|
||||
|
||||
#=============allow c2k_prop ==============
|
||||
cdma. u:object_r:cdma_prop:s0
|
||||
|
||||
#=============allow saveLocale==============
|
||||
user.language u:object_r:save_locale_prop:s0
|
||||
user.region u:object_r:save_locale_prop:s0
|
||||
|
||||
#=============allow bt prop==============
|
||||
bt. u:object_r:bt_prop:s0
|
||||
persist.bt. u:object_r:persist_bt_prop:s0
|
||||
#=============allow ccci_mdinit EVDO ==============
|
||||
mtk_telephony u:object_r:mtk_tele_prop:s0
|
||||
#=============allow ccci_mdinit md status ==============
|
||||
mtk.md u:object_r:mtk_md_prop:s0
|
||||
#=============allow pppd ==============
|
||||
ctl.pppd_gprs u:object_r:pppd_gprs_prop:s0
|
||||
|
||||
#=============allow wifi offload deamon ==============
|
||||
net.wo. u:object_r:mtk_wod_prop:s0
|
||||
|
||||
# Sensors
|
||||
ctl.msensord u:object_r:ctl_msensord_prop:s0
|
||||
ctl.akmd09911 u:object_r:ctl_akmd09911_prop:s0
|
||||
service.nvram_init u:object_r:nvram_prop:s0
|
||||
persist.sys.pq u:object_r:pq_conf_prop:s0
|
||||
af. u:object_r:audiohal_prop:s0
|
||||
persist.af. u:object_r:audiohal_prop:s0
|
||||
ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0
|
||||
sys.msim.power.slot0 u:object_r:ril_msim_power_prop:s0
|
||||
sys.msim.power.slot1 u:object_r:ril_msim_power_prop:s0
|
||||
sys.sim_inserted_status_0 u:object_r:ril_sim_inserted_status:s0
|
||||
sys.sim_inserted_status_1 u:object_r:ril_sim_inserted_status:s0
|
||||
vold.encryption.type u:object_r:vold_encryption_type_prop:s0
|
||||
|
||||
# Mtk sn
|
||||
ro.serialno u:object_r:serial_number_prop:s0
|
||||
vold.encryption.type u:object_r:vold_encryption_type_prop:s0
|
||||
|
|
|
|||
|
|
@ -1,42 +1,4 @@
|
|||
# radio
|
||||
allow radio custom_file:dir getattr;
|
||||
allow radio zygote:unix_stream_socket { getopt getattr };
|
||||
|
||||
# Purpose : for mtkrild and viarild
|
||||
allow radio mtkrild:unix_stream_socket connectto;
|
||||
|
||||
# Purpose : for engineermode
|
||||
allow radio mediatek_prop:property_service set;
|
||||
allow radio em_svr:unix_stream_socket connectto;
|
||||
allow radio mt_otg_test_device:chr_file { read write ioctl open };
|
||||
allow radio mtgpio_device:chr_file { read ioctl open };
|
||||
allow radio platformblk_device:dir search;
|
||||
allow radio stpbt_device:chr_file { read write open };
|
||||
allow radio persist_ril_prop:property_service set;
|
||||
allow radio system_prop:property_service set;
|
||||
|
||||
# Purpose : [ALPS01756200] wwop boot up fail
|
||||
allow radio custom_file:dir { search getattr open read };
|
||||
allow radio custom_file:file { read open getattr};
|
||||
|
||||
# C2K System Property
|
||||
allow radio cdma_prop:property_service set;
|
||||
|
||||
# Purpose : mtk_agpsd establishes the local socket as agpsd for all A-GPS
|
||||
# application to do something with mtk_agpsd
|
||||
unix_socket_connect(radio, agpsd, mtk_agpsd)
|
||||
|
||||
# Purpose : allow to access kpd driver file
|
||||
allow radio sysfs_keypad_file:dir { open write };
|
||||
allow radio sysfs_keypad_file:file { open write };
|
||||
|
||||
# Purpose : for bluetooth relayer mode
|
||||
allow radio block_device:dir search;
|
||||
allow radio ttyGS_device:chr_file { open read write ioctl };
|
||||
|
||||
# Purpose : for engineermode sensor can work normal
|
||||
allow radio als_ps_device:chr_file { read open ioctl };
|
||||
|
||||
# Purpose : for engineermode camera
|
||||
allow radio debug_prop:property_service set;
|
||||
unix_socket_connect(radio, rild, ril-daemon-mtk)
|
||||
|
||||
allow radio ril_mux_report_case_prop:property_service set;
|
||||
allow radio ril_msim_power_prop:property_service set;
|
||||
|
|
|
|||
|
|
@ -1,46 +0,0 @@
|
|||
# recovery
|
||||
allow recovery misc_device:chr_file *;
|
||||
allow recovery platformblk_device:dir *;
|
||||
allow recovery platformblk_device:blk_file *;
|
||||
allow recovery vfat:dir *;
|
||||
allow recovery misc_sd_device:chr_file *;
|
||||
|
||||
allow recovery rootfs:dir *;
|
||||
|
||||
allow recovery bootimg_device:chr_file *;
|
||||
allow recovery recovery_device:chr_file *;
|
||||
allow recovery logo_block_device:chr_file r_file_perms;
|
||||
allow recovery preloader_device:chr_file *;
|
||||
allow recovery uboot_device:chr_file *;
|
||||
allow recovery init:dir *;
|
||||
allow recovery init:file ~{ execute execute_no_trans entrypoint };
|
||||
allow recovery init:lnk_file *;
|
||||
allow recovery kernel:dir *;
|
||||
allow recovery kernel:file ~{ execute execute_no_trans entrypoint };
|
||||
allow recovery kernel:lnk_file *;
|
||||
|
||||
allow recovery healthd:dir *;
|
||||
allow recovery healthd:file ~{ execute execute_no_trans entrypoint };
|
||||
allow recovery healthd:lnk_file *;
|
||||
dontaudit recovery self:capability sys_ptrace;
|
||||
allow recovery ueventd:dir *;
|
||||
allow recovery ueventd:file ~{ execute execute_no_trans entrypoint };
|
||||
allow recovery ueventd:lnk_file *;
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow recovery su:dir *;
|
||||
allow recovery su:lnk_file *;
|
||||
')
|
||||
|
||||
allow recovery pmt_device:chr_file *;
|
||||
allow recovery tee_part_device:chr_file *;
|
||||
|
||||
allow recovery proc_sysrq:file { write open };
|
||||
allow recovery sec_device:chr_file { read ioctl open };
|
||||
allow recovery sec_ro_device:chr_file { read open };
|
||||
allow recovery seccfg_device:chr_file { read open };
|
||||
allow recovery self:capability sys_boot;
|
||||
|
||||
allow recovery app_data_file:file { read open };
|
||||
|
||||
allow recovery md_ctrl:file { read getattr open };
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
type ril-daemon-mtk_exec, exec_type, file_type;
|
||||
type ril-daemon-mtk, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(ril-daemon-mtk)
|
||||
net_domain(ril-daemon-mtk)
|
||||
|
||||
allow ril-daemon-mtk ccci_device:chr_file rw_file_perms;
|
||||
allow ril-daemon-mtk devpts:chr_file rw_file_perms;
|
||||
allow ril-daemon-mtk self:capability setuid;
|
||||
allow ril-daemon-mtk sysfs_wake_lock:file rw_file_perms;
|
||||
allow ril-daemon-mtk sysfs_ccci:dir search;
|
||||
allow ril-daemon-mtk sysfs_ccci:file r_file_perms;
|
||||
|
||||
allow ril-daemon-mtk self:udp_socket create_socket_perms;
|
||||
allow ril-daemon-mtk self:capability { setuid net_admin net_raw };
|
||||
|
||||
allow ril-daemon-mtk radio_device:dir search;
|
||||
allow ril-daemon-mtk radio_prop:property_service set;
|
||||
|
||||
allow ril-daemon-mtk ctl_muxreport-daemon_prop:property_service set;
|
||||
allow ril-daemon-mtk ril_mux_report_case_prop:property_service set;
|
||||
allow ril-daemon-mtk ril_sim_inserted_status:property_service set;
|
||||
allow ril-daemon-mtk serial_number_prop:property_service set;
|
||||
|
||||
unix_socket_connect(ril-daemon-mtk, property, init)
|
||||
|
|
@ -1,6 +1,2 @@
|
|||
# service
|
||||
type pq_service, service_manager_type;
|
||||
|
||||
type nvram_agent_service, service_manager_type;
|
||||
type dm_agent_binder_service, service_manager_type;
|
||||
type terservice_service, service_manager_type;
|
||||
type nvram_agent_service, service_manager_type;
|
||||
|
|
@ -1,7 +1,2 @@
|
|||
# service_contexts
|
||||
PQ u:object_r:pq_service:s0
|
||||
NvRAMAgent u:object_r:nvram_agent_service:s0
|
||||
phoneEx u:object_r:radio_service:s0
|
||||
DmAgent u:object_r:dm_agent_binder_service:s0
|
||||
terservice u:object_r:terservice_service:s0
|
||||
media.mmsdk u:object_r:mediaserver_service:s0
|
||||
PQ u:object_r:pq_service:s0
|
||||
NvRAMAgent u:object_r:nvram_agent_service:s0
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
# Mtk sdcardfs fix
|
||||
allow sgdisk voldblk_device:blk_file { getattr ioctl open read write };
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
# shell
|
||||
allow shell mtk_6620_launcher_exec:file rx_file_perms;
|
||||
allow shell akmd09911_exec:file rx_file_perms;
|
||||
allow shell zygote_exec:file rx_file_perms;
|
||||
allow shell bootanim_exec:file rx_file_perms;
|
||||
allow shell ccci_fsd_exec:file rx_file_perms;
|
||||
allow shell ccci_mdinit_exec:file rx_file_perms;
|
||||
allow shell clatd_exec:file rx_file_perms;
|
||||
allow shell debuggerd_exec:file rx_file_perms;
|
||||
allow shell dex2oat_exec:file rx_file_perms;
|
||||
allow shell dnsmasq_exec:file rx_file_perms;
|
||||
allow shell drmserver_exec:file rx_file_perms;
|
||||
allow shell dumpstate_exec:file rx_file_perms;
|
||||
allow shell em_svr_exec:file rx_file_perms;
|
||||
allow shell factory_exec:file rx_file_perms;
|
||||
allow shell gsm0710muxd_exec:file rx_file_perms;
|
||||
allow shell hostapd_exec:file rx_file_perms;
|
||||
allow shell installd_exec:file rx_file_perms;
|
||||
allow shell keystore_exec:file rx_file_perms;
|
||||
allow shell lmkd_exec:file rx_file_perms;
|
||||
allow shell logd_exec:file rx_file_perms;
|
||||
allow shell mdnsd_exec:file rx_file_perms;
|
||||
allow shell mediaserver_exec:file rx_file_perms;
|
||||
allow shell msensord_exec:file rx_file_perms;
|
||||
allow shell mtk_agpsd_exec:file rx_file_perms;
|
||||
allow shell mtkrild_exec:file rx_file_perms;
|
||||
allow shell mtp_exec:file rx_file_perms;
|
||||
allow shell muxreport_exec:file rx_file_perms;
|
||||
allow shell nvram_daemon_exec:file rx_file_perms;
|
||||
allow shell dex2oat_exec:file rx_file_perms;
|
||||
allow shell pq_exec:file rx_file_perms;
|
||||
allow shell racoon_exec:file rx_file_perms;
|
||||
allow shell runas_exec:file rx_file_perms;
|
||||
allow shell sdcardd_exec:file rx_file_perms;
|
||||
allow shell shell_exec:file rx_file_perms;
|
||||
allow shell thermal_manager_exec:file rx_file_perms;
|
||||
allow shell wifi2agps_exec:file rx_file_perms;
|
||||
allow shell wmt_loader_exec:file rx_file_perms;
|
||||
allow shell wpa_exec:file rx_file_perms;
|
||||
|
||||
allow shell tmpfs:lnk_file read;
|
||||
allow shell tmpfs:lnk_file getattr;
|
||||
allow shell block_device:dir search;
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow shell su_exec:file rx_file_perms;
|
||||
')
|
||||
|
|
@ -1,39 +1,5 @@
|
|||
# surfaceflinger
|
||||
allow surfaceflinger pq_service:service_manager find;
|
||||
|
||||
# for debug purpose
|
||||
allow surfaceflinger self:capability { dac_override net_admin sys_nice };
|
||||
allow surfaceflinger self:netlink_socket { read bind create };
|
||||
allow surfaceflinger debug_prop:property_service set;
|
||||
allow surfaceflinger system_data_file:dir { write add_name create};
|
||||
allow surfaceflinger system_data_file:file { open };
|
||||
allow surfaceflinger proc:file write;
|
||||
allow surfaceflinger shell_exec:file { read execute open execute_no_trans };
|
||||
allow surfaceflinger anr_data_file:dir { write search create add_name };
|
||||
allow surfaceflinger anr_data_file:file { create write};
|
||||
allow surfaceflinger custom_file:dir search;
|
||||
binder_call(surfaceflinger, debuggerd)
|
||||
allow surfaceflinger RT_Monitor_device:chr_file { read ioctl open };
|
||||
|
||||
# for using toolbox
|
||||
allow surfaceflinger system_file:file x_file_perms;
|
||||
|
||||
# for bootanimation
|
||||
allow surfaceflinger bootanim:dir search;
|
||||
allow surfaceflinger bootanim:file { read getattr open };
|
||||
|
||||
# for watchdog
|
||||
allow surfaceflinger anr_data_file:dir { relabelfrom read remove_name getattr };
|
||||
allow surfaceflinger anr_data_file:file { rename getattr unlink open };
|
||||
|
||||
# for system shrinks memory pages when low memory
|
||||
allow surfaceflinger platform_app_tmpfs:file write;
|
||||
allow surfaceflinger isolated_app_tmpfs:file write;
|
||||
allow surfaceflinger untrusted_app_tmpfs:file write;
|
||||
|
||||
#for BufferQueue check process name of em_svr
|
||||
allow surfaceflinger em_svr:dir search;
|
||||
allow surfaceflinger em_svr:file { read getattr open };
|
||||
|
||||
# /dev/mtk_smi
|
||||
allow surfaceflinger mtk_smi_device:chr_file { read write open ioctl };
|
||||
allow surfaceflinger mtk_smi_device:chr_file { read write open ioctl };
|
||||
|
|
@ -1,54 +1,4 @@
|
|||
# system_app
|
||||
allow system_app touch_device:chr_file { read ioctl open };
|
||||
|
||||
# Purpose: [MTKThermalManager][View thermal zones and coolers, and change thermal policies]
|
||||
# Package Name: com.mediatek.mtkthermalmanager
|
||||
allow system_app apk_private_data_file:dir getattr;
|
||||
allow system_app asec_image_file:dir getattr;
|
||||
allow system_app dontpanic_data_file:dir getattr;
|
||||
allow system_app drm_data_file:dir getattr;
|
||||
allow system_app install_data_file:file getattr;
|
||||
allow system_app lost_found_data_file:dir getattr;
|
||||
allow system_app media_data_file:dir getattr;
|
||||
allow system_app property_data_file:dir getattr;
|
||||
allow system_app shell_data_file:dir search;
|
||||
allow system_app thermal_manager_exec:file { read execute open execute_no_trans };
|
||||
allow system_app proc_thermal:dir search;
|
||||
allow system_app proc_thermal:file { read getattr open write };
|
||||
allow system_app proc_mtkcooler:dir search;
|
||||
allow system_app proc_mtkcooler:file { read getattr open write };
|
||||
allow system_app proc_mtktz:dir search;
|
||||
allow system_app proc_mtktz:file { read getattr open write };
|
||||
allow system_app proc_slogger:file { read getattr open write };
|
||||
|
||||
# Purpose : ALPS01761930
|
||||
# Package: com.android.settings
|
||||
allow system_app asec_apk_file:file r_file_perms;
|
||||
|
||||
# Purpose : for oma dm fota recovery update
|
||||
allow system_app ctl_rbfota_prop:property_service set;
|
||||
|
||||
# Purpose: [Settings][Browser][warning kernel API'selinux enforce violation:sdcardd' when do stress test with ' AT_ST_Browser_Test.rar']
|
||||
# Package: com.android.settings
|
||||
allow system_app platform_app_tmpfs:file write;
|
||||
|
||||
# Purpose: access ashmem of isolated_app
|
||||
# Package: com.fw.upgrade.sysoper
|
||||
dontaudit system_app isolated_app_tmpfs:file write;
|
||||
|
||||
# Purpose: access ashmem of untrusted_app
|
||||
# Package: android.ui
|
||||
dontaudit system_app untrusted_app_tmpfs:file write;
|
||||
|
||||
# Purpose: It's not normal behavior, that system_app want to access radio_file_data
|
||||
# Package: android.ui
|
||||
dontaudit system_app radio_data_file:dir search;
|
||||
|
||||
# Mtk Agps
|
||||
unix_socket_connect(system_app, agpsd, mtk_agpsd);
|
||||
|
||||
# Perf control
|
||||
allow system_app gyro_orientation_sysfs:file rw_file_perms;
|
||||
allow system_app perf_control_sysfs:file rw_file_perms;
|
||||
|
||||
# Gestures
|
||||
allow system_app gesture_sysfs:file rw_file_perms;
|
||||
allow system_app em_svr:unix_stream_socket connectto;
|
||||
|
|
|
|||
|
|
@ -1,104 +1,15 @@
|
|||
# system_server
|
||||
# Purpose : for 120Hz Smart Switch
|
||||
allow system_server mtk_rrc_device:chr_file { read write ioctl open };
|
||||
# Purpose : for bring up
|
||||
allow system_server hwmsensor_device:chr_file { read ioctl open };
|
||||
allow system_server m_batch_misc_device:chr_file { read ioctl open };
|
||||
allow system_server proc:file write;
|
||||
allow system_server touch_device:chr_file { read ioctl open };
|
||||
|
||||
# Purpose : for wifi functionality
|
||||
allow system_server hostapd:unix_dgram_socket sendto;
|
||||
allow hostapd system_server:unix_dgram_socket sendto;
|
||||
|
||||
# Purpose : for WFD functionality
|
||||
allow system_server media_wfd_prop:property_service set;
|
||||
|
||||
# Purpose : for idling on homescreen
|
||||
allow system_server dontpanic_data_file:dir search;
|
||||
# GPS
|
||||
allow system_server mnld:unix_dgram_socket sendto;
|
||||
|
||||
# Purpose : for debug
|
||||
allow system_server debuggerd:fd use;
|
||||
allow system_server mnld_data_file:dir w_dir_perms;
|
||||
allow system_server mnld_data_file:sock_file create_file_perms;
|
||||
allow system_server mnld_data_file:sock_file rw_file_perms;
|
||||
allow system_server mnld_data_file:dir create_file_perms;
|
||||
allow system_server mnld_data_file:dir rw_dir_perms;
|
||||
|
||||
# Purpose : for idling on homescreen
|
||||
allow system_server touch_device:chr_file write;
|
||||
|
||||
# Purpose : for relabeling files in /data/anr/ created at bootup
|
||||
allow system_server anr_data_file:file relabelto;
|
||||
|
||||
# Purpose : for debug
|
||||
allow system_server debuggerd:binder call;
|
||||
|
||||
# Purpose : for operate HDMI device
|
||||
allow system_server graphics_device:chr_file { read ioctl open };
|
||||
|
||||
# Purpose : [ALPS01756200] wwop boot up fail
|
||||
allow system_server custom_file:dir { read search open getattr};
|
||||
allow system_server custom_file:file { read open getattr};
|
||||
|
||||
# Purpose : boost surfaceflinger to RT
|
||||
allow system_server surfaceflinger:process setsched;
|
||||
|
||||
# Purpose : [ALPS01760531] for bring up after auto-merge
|
||||
allow system_server zygote:binder impersonate;
|
||||
|
||||
# Purpose : for system_server operate /dev/RT_Monitor when enable hang detect
|
||||
allow system_server RT_Monitor_device:chr_file { read ioctl open };
|
||||
|
||||
# Purpose : for system_server to start bootanim
|
||||
allow system_server ctl_bootanim_prop:property_service set;
|
||||
|
||||
# After connected to DHCPv6 enabled 6to4 IPv6 AP,
|
||||
#the ipv6 related values of getprop command are wrong
|
||||
#============= system_server ==============
|
||||
allow system_server proc_net:file write;
|
||||
|
||||
# Purpose : for bring up
|
||||
allow system_server anr_data_file:dir relabelfrom;
|
||||
|
||||
# Purpose : for mtk gps epos library useage
|
||||
allow system_server devmap_device:chr_file r_file_perms;
|
||||
|
||||
# Purpose : for sensorhubservice
|
||||
allow system_server shf_device:chr_file rw_file_perms;
|
||||
|
||||
# Purpose : for saveLocale to set SystemProperties
|
||||
allow system_server save_locale_prop:property_service set;
|
||||
|
||||
# Purpose : for native process backtrace dump
|
||||
allow system_server exec_type:file r_file_perms;
|
||||
|
||||
# Purpose : for querying zygote socket
|
||||
allow system_server zygote:unix_stream_socket { getopt getattr };
|
||||
|
||||
# Purpose : for kill-switch should only grant to access frp partition, to be fix
|
||||
allow system_server platformblk_device:dir search;
|
||||
|
||||
# Agps
|
||||
allow system_server agpsd_data_file:dir search;
|
||||
allow system_server mnld_data_file:file create_file_perms;
|
||||
|
||||
# Persist
|
||||
allow system_server protect_s_data_file:dir r_dir_perms;
|
||||
|
||||
# Debugfs
|
||||
allow system_server debugfs:dir { read open };
|
||||
allow system_server debugfs:file { read open };
|
||||
|
||||
# Nougat
|
||||
allow system_server unlabeled:file unlink;
|
||||
allow system_server wmt_prop:file { read open getattr };
|
||||
allow system_server wifi_data_file:sock_file { unlink };
|
||||
|
||||
# Sensor
|
||||
# Sensors
|
||||
allow system_server akmd_access_file1:file { getattr open read setattr write };
|
||||
allow system_server hwmsensor_device:chr_file r_file_perms;
|
||||
|
||||
# Mtk sn
|
||||
allow system_server serial_number_prop:file read;
|
||||
|
||||
# Thunderquake vibrator
|
||||
allow system_server sysfs_vibrator:file rw_file_perms;
|
||||
# Wifi
|
||||
allow system_server wmtWifi_device:chr_file w_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,14 +1,4 @@
|
|||
# terservice
|
||||
type terservice_exec, exec_type, file_type;
|
||||
type terservice, domain;
|
||||
type terservice, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(terservice)
|
||||
|
||||
allow terservice ccci_device:chr_file { read write ioctl open };
|
||||
allow terservice persist_ril_prop:file { read open getattr };
|
||||
allow terservice rootfs:lnk_file { getattr };
|
||||
allow terservice terservice_prop:property_service set;
|
||||
allow terservice terservice_service:service_manager add;
|
||||
|
||||
binder_use(terservice)
|
||||
binder_service(terservice)
|
||||
|
|
|
|||
|
|
@ -1,17 +1,14 @@
|
|||
# thermal_manager
|
||||
type thermal_manager_exec, exec_type, file_type;
|
||||
type thermal_manager, domain;
|
||||
type thermal_manager, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermal_manager)
|
||||
file_type_auto_trans(thermal_manager, system_data_file, thermal_manager_data_file)
|
||||
|
||||
allow thermal_manager self:capability { chown dac_override fowner fsetid };
|
||||
allow thermal_manager self:capability { fowner fsetid chown fsetid dac_override };
|
||||
allow thermal_manager proc_thermal:dir search;
|
||||
allow thermal_manager proc_thermal:file rw_file_perms;
|
||||
allow thermal_manager proc_mtkcooler:dir search;
|
||||
allow thermal_manager proc_mtkcooler:file rw_file_perms;
|
||||
allow thermal_manager proc_mtktz:dir search;
|
||||
allow thermal_manager proc_mtktz:file rw_file_perms;
|
||||
allow thermal_manager system_data_file:dir { add_name write };
|
||||
|
||||
allow thermal_manager rootfs:lnk_file { getattr };
|
||||
allow thermal_manager thermal_manager_data_file:dir rw_dir_perms;
|
||||
allow thermal_manager thermal_manager_data_file:file create_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,3 +1 @@
|
|||
# ueventd
|
||||
allow ueventd sysfs:file setattr;
|
||||
allow ueventd sysfs_gps_file:file w_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
# Mtk fix
|
||||
allow uncrypt kmsg_device:chr_file rw_file_perms;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# untrusted_app
|
||||
allow untrusted_app dalvikcache_data_file:lnk_file read;
|
||||
allow untrusted_app fuse:file execute;
|
||||
allow untrusted_app proc_lk_env:file getattr;
|
||||
allow untrusted_app proc_sysrq:file getattr;
|
||||
|
|
@ -1,64 +1,14 @@
|
|||
# vold
|
||||
# Nvram / Nvdata
|
||||
allow vold nvram_data_file:file { read getattr open write create setattr};
|
||||
allow vold nvram_data_file:lnk_file read;
|
||||
allow vold nvram_data_file:dir { read open write add_name create getattr setattr search};
|
||||
allow vold nvdata_file:file { read getattr open write create setattr};
|
||||
allow vold nvdata_file:dir { read ioctl open write add_name create getattr setattr search};
|
||||
allow vold nvdata_device:blk_file rw_file_perms;
|
||||
allow vold nvram_device:chr_file rw_file_perms;
|
||||
allow vold cache_block_device:blk_file rw_file_perms;
|
||||
allow vold protect1_device:blk_file rw_file_perms;
|
||||
allow vold protect2_device:blk_file rw_file_perms;
|
||||
|
||||
allow vold nvdata_file:dir create_dir_perms;
|
||||
allow vold nvdata_file:file create_file_perms;
|
||||
allow vold protect_f_data_file:dir create_dir_perms;
|
||||
allow vold protect_f_data_file:file create_file_perms;
|
||||
allow vold protect_s_data_file:dir create_dir_perms;
|
||||
allow vold protect_s_data_file:file create_file_perms;
|
||||
allow vold protect1_device:blk_file rw_file_perms;
|
||||
allow vold protect2_device:blk_file rw_file_perms;
|
||||
|
||||
allow vold platformblk_device:blk_file rw_file_perms;
|
||||
allow vold platformblk_device:dir search;
|
||||
allow vold proc:file write;
|
||||
|
||||
allow vold misc_sd_device:chr_file { read ioctl open };
|
||||
|
||||
allow vold kernel:system module_request;
|
||||
allow vold misc_device:chr_file { write open };
|
||||
|
||||
allow vold system_data_file:lnk_file { create unlink };
|
||||
|
||||
allow vold sdcardd_exec:file { read open execute execute_no_trans };
|
||||
allow vold self:capability { sys_resource setgid setuid };
|
||||
allow vold install_data_file:file { read open };
|
||||
allow vold fuse_device:chr_file { read write open };
|
||||
allow vold system_data_file:file open;
|
||||
|
||||
allow vold mediaserver:process ptrace;
|
||||
|
||||
allow vold persist_data_file:dir { read getattr open ioctl };
|
||||
|
||||
allow vold proc_lk_env:file rw_file_perms;
|
||||
allow vold media_rw_data_file:dir { read open };
|
||||
|
||||
allow vold tmpfs:lnk_file create;
|
||||
|
||||
allow vold logtemp_data_file:dir { read open getattr search};
|
||||
allow vold logtemp_data_file:file { read getattr open };
|
||||
allow vold logmisc_data_file:dir { read open getattr search};
|
||||
allow vold logmisc_data_file:file { read getattr open };
|
||||
allow vold mdlog_data_file:dir { read open getattr search};
|
||||
allow vold mdlog_data_file:file { read getattr open };
|
||||
allow vold data_tmpfs_log_file:dir { setattr getattr read create write rmdir relabelto remove_name open add_name search};
|
||||
allow vold data_tmpfs_log_file:file { write setattr getattr relabelto create unlink open };
|
||||
# mount crypto block device to /data/tmp_mnt/data_tmpfs_log and restorecon
|
||||
allow vold system_data_file:dir { relabelfrom relabelto setattr };
|
||||
allow vold system_data_file:file { relabelto };
|
||||
|
||||
allow vold platform_app:process ptrace;
|
||||
allow vold platform_app:fd use;
|
||||
|
||||
allow vold misc_device:chr_file read;
|
||||
|
||||
allow vold block_device:file create;
|
||||
|
||||
# sdcardfs
|
||||
allow vold voldblk_device:blk_file { create unlink rw_file_perms };
|
||||
allow vold proc_mtkcooler:dir r_dir_perms;
|
||||
allow vold proc_mtktz:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
# wifi2agps
|
||||
type wifi2agps_exec, exec_type, file_type;
|
||||
type wifi2agps, domain;
|
||||
type wifi2agps, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(wifi2agps)
|
||||
|
||||
|
|
@ -8,8 +7,3 @@ allow wifi2agps agpsd_data_file:sock_file write;
|
|||
allow wifi2agps agpsd_data_file:dir search;
|
||||
allow wifi2agps mtk_agpsd:unix_dgram_socket sendto;
|
||||
allow wifi2agps self:netlink_socket create_socket_perms;
|
||||
allow wifi2agps self:udp_socket { create ioctl };
|
||||
|
||||
# for Nougat
|
||||
allow wifi2agps proc_net:file r_file_perms;
|
||||
allow wifi2agps rootfs:lnk_file { getattr };
|
||||
|
|
|
|||
|
|
@ -1,19 +1,11 @@
|
|||
# wmt_loader
|
||||
type wmt_loader_exec, exec_type, file_type;
|
||||
type wmt_loader, domain;
|
||||
type wmt_loader, domain, domain_deprecated;
|
||||
|
||||
allow wmt_loader wmt_prop:property_service set;
|
||||
allow wmt_loader init:unix_stream_socket connectto;
|
||||
allow wmt_loader proc:file setattr;
|
||||
allow wmt_loader property_socket:sock_file write;
|
||||
allow wmt_loader self:capability { chown dac_override };
|
||||
allow wmt_loader wmtdetect_device:chr_file { read write ioctl open };
|
||||
allow wmt_loader stpwmt_device:chr_file { read write ioctl open };
|
||||
allow wmt_loader devpts:chr_file { read write getattr ioctl };
|
||||
|
||||
# Nougat
|
||||
allow wmt_loader wmt_prop:file r_file_perms;
|
||||
allow wmt_loader device:chr_file { unlink };
|
||||
allow wmt_loader rootfs:lnk_file { getattr };
|
||||
init_daemon_domain(wmt_loader)
|
||||
|
||||
allow wmt_loader wmtdetect_device:chr_file create_file_perms;
|
||||
allow wmt_loader self:capability { chown dac_override };
|
||||
allow wmt_loader proc_wmt:file setattr;
|
||||
allow wmt_loader wmt_prop:property_service set;
|
||||
|
||||
unix_socket_connect(wmt_loader, property, init)
|
||||
|
|
|
|||
|
|
@ -1,8 +0,0 @@
|
|||
# wpa
|
||||
allow wpa mtkrild:unix_stream_socket connectto;
|
||||
allow wpa platform_app:fd use;
|
||||
allow wpa platform_app_tmpfs:file write;
|
||||
|
||||
# Nougat
|
||||
allow wpa wifi_data_file:sock_file { create setattr unlink };
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# Mtk sn
|
||||
allow zygote serial_number_prop:file { getattr open read };
|
||||
|
||||
# Mtk fix
|
||||
allow zygote self:capability { sys_nice };
|
||||
Loading…
Reference in New Issue