diff options
33 files changed, 457 insertions, 436 deletions
diff --git a/rootdir/ueventd.mt6735.rc b/rootdir/ueventd.mt6735.rc index 317a046..0807aaa 100644 --- a/rootdir/ueventd.mt6735.rc +++ b/rootdir/ueventd.mt6735.rc @@ -136,8 +136,6 @@ subsystem adf /sys/kernel/ccci modem_info 0644 radio radio /sys/kernel/ccci md1_postfix 0644 radio radio /sys/kernel/ccci md2_postfix 0644 radio radio -/dev/eemcs* 0660 radio radio -/dev/emd* 0660 radio radio /dev/ccci_pcm_rx 0660 audio audio /dev/ccci_pcm_tx 0660 audio audio /dev/ccci_aud 0660 audio audio diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te index c5921db..be9aa9f 100644 --- a/sepolicy/audioserver.te +++ b/sepolicy/audioserver.te @@ -1,10 +1,16 @@ # audioserver - audio services allow audioserver audiohal_prop:file r_file_perms; + +allow audioserver ccci_device:chr_file { read write open ioctl }; + allow audioserver nvram_data_file:file { read write open getattr setattr create }; allow audioserver nvram_data_file:dir { write add_name }; -allow audioserver ccci_device:chr_file { read write open ioctl }; + +allow audioserver platformblk_device:dir search; + allow audioserver sysfs:file { read open }; allow audioserver rootfs:lnk_file { getattr }; + allow audioserver property_socket:sock_file { write }; allow audioserver init:unix_stream_socket { connectto }; diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te index 68c735e..343d33d 100644 --- a/sepolicy/bluetooth.te +++ b/sepolicy/bluetooth.te @@ -1,5 +1,4 @@ # bluetooth - allow bluetooth bt_int_adp_socket:sock_file write; allow bluetooth mediaserver:unix_dgram_socket sendto; allow bluetooth init:unix_dgram_socket sendto; @@ -17,3 +16,6 @@ allow bluetooth nvdata_file:file rw_file_perms; allow bluetooth persist_bt_prop:file { getattr open read }; allow bluetooth stpbt_device:chr_file { open read write }; allow bluetooth wmt_prop:file { getattr open read }; + +# bt prop +allow bluetooth bt_prop:file { getattr open read }; diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te new file mode 100644 index 0000000..2157872 --- /dev/null +++ b/sepolicy/bootanim.te @@ -0,0 +1,23 @@ +# Bootanim.te + +allow bootanim self:netlink_socket { read bind create write}; +#allow bootanim proc_secmem:file { read open}; + +allow bootanim mediaserver:binder call; +allow bootanim mediaserver:binder transfer; + +allow bootanim terservice:binder call; +allow bootanim property_socket:sock_file write; +allow bootanim init:unix_stream_socket connectto; +allow bootanim custom_file:dir search; +allow bootanim custom_file:file open; +allow bootanim custom_file:file read; +allow bootanim bootani_prop:property_service set; + +allow bootanim debug_prop:property_service set; + +allow bootanim mediaserver_service:service_manager find; + +# Nougat +allow bootanim terservice_service:service_manager find; +allow bootanim rootfs:lnk_file { getattr }; diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te index 7716b8c..4794a9e 100644 --- a/sepolicy/cameraserver.te +++ b/sepolicy/cameraserver.te @@ -1,13 +1,29 @@ # Mtk fix -allow cameraserver camera_isp_device:chr_file { ioctl open read write }; allow cameraserver devmap_device:chr_file { ioctl open read }; -allow cameraserver kd_camera_hw_device:chr_file { ioctl open read write }; -allow cameraserver proc:file { open read }; -allow cameraserver sysfs:file { open read }; -allow cameraserver CAM_CAL_DRV_device:chr_file { ioctl open read write }; -allow cameraserver kd_camera_flashlight_device:chr_file { ioctl open read write }; + +allow cameraserver mediatek_prop:file { getattr open read }; + allow cameraserver nvdata_file:dir search; allow cameraserver nvdata_file:file { getattr open read }; + allow cameraserver platformblk_device:blk_file { open read write }; -allow cameraserver proc:file ioctl; +allow cameraserver proc:file { ioctl open read }; allow cameraserver proc_meminfo:file { getattr open read }; + +allow cameraserver serial_number_prop:file { getattr open read }; +allow cameraserver sysfs:file getattr; + +# Flashlight +allow cameraserver kd_camera_hw_device:chr_file { ioctl open read write }; +allow cameraserver kd_camera_flashlight_device:chr_file { ioctl open read write }; + +# Camera +allow cameraserver BU64245_device:chr_file { ioctl open read write }; +allow cameraserver camera_isp_device:chr_file { ioctl open read write }; + +allow cameraserver CAM_CAL_DRV_device:chr_file { ioctl open read write }; +allow cameraserver mtk_smi_device:chr_file { ioctl open read }; +allow cameraserver sysfs:file { getattr open read write }; + +# Nougat +allow cameraserver rootfs:lnk_file { getattr }; diff --git a/sepolicy/ccci_mdinit.te b/sepolicy/ccci_mdinit.te index 7547db8..6786199 100644 --- a/sepolicy/ccci_mdinit.te +++ b/sepolicy/ccci_mdinit.te @@ -10,13 +10,6 @@ wakelock_use(ccci_mdinit) allow ccci_mdinit ctl_ccci_fsd_prop:property_service set; allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set; -#=============allow ccci_mdinit to start emcsmdlogger============== -allow ccci_mdinit ctl_mdlogger_prop:property_service set; - -#unix_socket_connect(ccci_mdinit, property, init) -#allow ccci_mdinit ctl_mdlogger_prop:property_service set; -allow ccci_mdinit { ctl_mdlogger_prop ctl_emdlogger1_prop ctl_emdlogger2_prop ctl_dualmdlogger_prop }:property_service set; - #allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set; allow ccci_mdinit { ctl_gsm0710muxd_prop ctl_gsm0710muxd-s_prop ctl_gsm0710muxd-d_prop ctl_gsm0710muxdmd2_prop}:property_service set; diff --git a/sepolicy/debuggerd.te b/sepolicy/debuggerd.te new file mode 100644 index 0000000..c235add --- /dev/null +++ b/sepolicy/debuggerd.te @@ -0,0 +1,2 @@ +# Mtk fix +allow debuggerd self:capability sys_resource; diff --git a/sepolicy/device.te b/sepolicy/device.te index e0dc874..4d6b735 100644 --- a/sepolicy/device.te +++ b/sepolicy/device.te @@ -114,7 +114,6 @@ type platformblk_device, dev_type; type RT_Monitor_device, dev_type; type kick_powerkey_device, dev_type; type mnld_device, dev_type; -type hotknot_device, dev_type; type md32_device, dev_type; type etb_device, dev_type; type MT_pmic_adc_cali_device, dev_type; @@ -123,7 +122,6 @@ type MT_pmic_cali_device,dev_type; type barometer_device,dev_type; type otp_device, dev_type; type icusb_device, dev_type; -type irtx_device, dev_type; type pmic_ftm_device, dev_type; type shf_device, dev_type; type keyblock_device, dev_type; diff --git a/sepolicy/dnsmasq.te b/sepolicy/dnsmasq.te index 6df9334..5a458f3 100644 --- a/sepolicy/dnsmasq.te +++ b/sepolicy/dnsmasq.te @@ -1,3 +1,4 @@ # dnsmasq - allow dnsmasq netd:file read; + +allow dnsmasq unlabeled:file { getattr open read }; diff --git a/sepolicy/factory.te b/sepolicy/factory.te index 2d2f4f3..d4ec73b 100644 --- a/sepolicy/factory.te +++ b/sepolicy/factory.te @@ -51,6 +51,8 @@ allow factory self:tcp_socket { setopt read bind create accept write connect lis allow factory self:udp_socket { create ioctl }; allow factory stpbt_device:chr_file { read write open }; allow factory sysfs:file write; +allow factory sysfs_gps_file:dir r_dir_perms; +allow factory sysfs_gps_file:file rw_file_perms; allow factory sysfs_wake_lock:file { read write open }; allow factory system_data_file:dir { write remove_name add_name }; allow factory system_data_file:sock_file { write create setattr }; @@ -85,7 +87,6 @@ allow factory pmic_ftm_device:chr_file { read write ioctl open}; allow factory powerctl_prop:property_service set; allow factory ttyGS_device:chr_file { read write open ioctl}; allow factory ttyMT_device:chr_file { read write open ioctl}; -allow factory irtx_device:chr_file { read write ioctl open }; allow factory devpts:chr_file { read write getattr ioctl }; allow factory vfat:dir search; allow factory hrm_device:chr_file { read ioctl open }; diff --git a/sepolicy/file.te b/sepolicy/file.te index 3496271..772fcf5 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -123,5 +123,11 @@ type iso9660, fs_type; # data_tmpfs_log type data_tmpfs_log_file, file_type, data_file_type; +# Gps +type sysfs_gps_file, fs_type, sysfs_type; + # Gestures type gesture_sysfs, sysfs_type, file_type; + +# Thunderquake vibrator +type sysfs_vibrator, sysfs_type, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index d4cef97..9976bc9 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -7,295 +7,301 @@ ############################# # Data files # -/data/agps_supl(/.*)? u:object_r:agpsd_data_file:s0 -/data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0 -/data/@btmtk(/.*)? u:object_r:bt_data_file:s0 -/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0 -/data/dontpanic(/.*)? u:object_r:dontpanic_data_file:s0 -/data/extmdl(/.*)? u:object_r:mdlog_data_file:s0 -/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0 -/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0 -/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0 -/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0 -/data/mdl(/.*)? u:object_r:mdlog_data_file:s0 -/data/mdl3(/.*)? u:object_r:mdlog_data_file:s0 -/data/mediaserver(/.*)? u:object_r:mediaserver_data_file:s0 -/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0 -/data/misc/akmd_set.txt u:object_r:akmd8963_access_file1:s0 -/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0 -/data/misc/PDC.ini u:object_r:akmd8963_access_file2:s0 -/data/misc/ppp(/.*)? u:object_r:ppp_data_file:s0 -/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0 -/data/misc/sensor.log u:object_r:bmm050_sensor_log_file:s0 -/data/misc/sensor(/.*)? u:object_r:sensor_data_file:s0 -/data/misc/wide-dhcpv6(/.*)? u:object_r:wide_dhcpv6_data_file:s0 -/data/misc/wpa_supplicant(/.*)? u:object_r:wpa_supplicant_data_file:s0 -/data/nvram(/.*)? u:object_r:nvram_data_file:s0 -/nvdata(/.*)? u:object_r:nvdata_file:s0 -/data/ipsec(./*)? u:object_r:wod_ipsec_conf_file:s0 -/data/ipsec/wo(./*)? u:object_r:wod_apn_conf_file:s0 -/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 -/data/tmp_mnt/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 +/data/agps_supl(/.*)? u:object_r:agpsd_data_file:s0 +/data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0 +/data/@btmtk(/.*)? u:object_r:bt_data_file:s0 +/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0 +/data/dontpanic(/.*)? u:object_r:dontpanic_data_file:s0 +/data/extmdl(/.*)? u:object_r:mdlog_data_file:s0 +/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0 +/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0 +/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0 +/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0 +/data/mdl(/.*)? u:object_r:mdlog_data_file:s0 +/data/mdl3(/.*)? u:object_r:mdlog_data_file:s0 +/data/mediaserver(/.*)? u:object_r:mediaserver_data_file:s0 +/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0 +/data/misc/akmd_set.txt u:object_r:akmd8963_access_file1:s0 +/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0 +/data/misc/PDC.ini u:object_r:akmd8963_access_file2:s0 +/data/misc/ppp(/.*)? u:object_r:ppp_data_file:s0 +/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0 +/data/misc/sensor.log u:object_r:bmm050_sensor_log_file:s0 +/data/misc/sensor(/.*)? u:object_r:sensor_data_file:s0 +/data/misc/wide-dhcpv6(/.*)? u:object_r:wide_dhcpv6_data_file:s0 +/data/misc/wpa_supplicant(/.*)? u:object_r:wpa_supplicant_data_file:s0 +/data/nvram(/.*)? u:object_r:nvram_data_file:s0 +/nvdata(/.*)? u:object_r:nvdata_file:s0 +/data/ipsec(./*)? u:object_r:wod_ipsec_conf_file:s0 +/data/ipsec/wo(./*)? u:object_r:wod_apn_conf_file:s0 +/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 +/data/tmp_mnt/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 ########################## # Devices # -/dev/aal_als(/.*)? u:object_r:aal_als_device:s0 -/dev/accdet(/.*)? u:object_r:accdet_device:s0 -/dev/als_ps(/.*)? u:object_r:als_ps_device:s0 -/dev/ampc0(/.*)? u:object_r:ampc0_device:s0 -/dev/android(/.*)? u:object_r:android_device:s0 -/dev/barometer(/.*)? u:object_r:barometer_device:s0 -/dev/block/mmcblk[0-9a-z]* u:object_r:mmcblk_device:s0 -/dev/block/platform(/.*)? u:object_r:platformblk_device:s0 -/dev/block/vold(/.*)? u:object_r:voldblk_device:s0 -/dev/bmtpool(/.*)? u:object_r:bmtpool_device:s0 -/dev/bootimg(/.*)? u:object_r:bootimg_device:s0 -/dev/BOOT(/.*)? u:object_r:BOOT_device:s0 -/dev/btif(/.*)? u:object_r:btif_device:s0 -/dev/btn(/.*)? u:object_r:btn_device:s0 -/dev/cache(/.*)? u:object_r:cache_device:s0 -/dev/CAM_CAL_DRV(/.*)? u:object_r:CAM_CAL_DRV_device:s0 -/dev/camera-fdvt(/.*)? u:object_r:camera_fdvt_device:s0 -/dev/camera-isp(/.*)? u:object_r:camera_isp_device:s0 -/dev/camera-pipemgr(/.*)? u:object_r:camera_pipemgr_device:s0 -/dev/camera-sysram(/.*)? u:object_r:camera_sysram_device:s0 -/dev/ccci_monitor u:object_r:ccci_monitor_device:s0 -/dev/ccci.* u:object_r:ccci_device:s0 -/dev/cpu_dma_latency(/.*)? u:object_r:cpu_dma_latency_device:s0 -/dev/devmap(/.*)? u:object_r:devmap_device:s0 -/dev/dummy_cam_cal(/.*)? u:object_r:dummy_cam_cal_device:s0 -/dev/ebc(/.*)? u:object_r:ebc_device:s0 -/dev/ebr[0-9]+ u:object_r:ebr_device:s0 -/dev/etb u:object_r:etb_device:s0 -/dev/expdb(/.*)? u:object_r:expdb_device:s0 -/dev/fat(/.*)? u:object_r:fat_device:s0 -/dev/gps(/.*)? u:object_r:gps_device:s0 -/dev/gsensor(/.*)? u:object_r:gsensor_device:s0 -/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0 -/dev/hdmitx(/.*)? u:object_r:graphics_device:s0 -/dev/hid-keyboard(/.*)? u:object_r:hid_keyboard_device:s0 -/dev/hotknot(/.*)? u:object_r:hotknot_device:s0 -/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0 -/dev/ion(/.*)? u:object_r:ion_device:s0 -/dev/kd_camera_flashlight(/.*)? u:object_r:kd_camera_flashlight_device:s0 -/dev/kd_camera_hw_bus2(/.*)? u:object_r:kd_camera_hw_bus2_device:s0 -/dev/kd_camera_hw(/.*)? u:object_r:kd_camera_hw_device:s0 -/dev/logo(/.*)? u:object_r:logo_device:s0 -/dev/loop-control(/.*)? u:object_r:loop-control_device:s0 -/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0 -/dev/m_acc_misc(/.*)? u:object_r:m_acc_misc_device:s0 -/dev/mali.* u:object_r:gpu_device:s0 -/dev/MATV(/.*)? u:object_r:MATV_device:s0 -/dev/m_batch_misc(/.*)? u:object_r:m_batch_misc_device:s0 -/dev/mbr(/.*)? u:object_r:mbr_device:s0 -/dev/md32(/.*)? u:object_r:md32_device:s0 -/dev/met(/.*)? u:object_r:met_device:s0 -/dev/misc-sd(/.*)? u:object_r:misc_sd_device:s0 -/dev/misc(/.*)? u:object_r:misc_device:s0 -/dev/misc2(/.*)? u:object_r:misc2_device:s0 -/dev/MJC(/.*)? u:object_r:MJC_device:s0 -/dev/m_mag_misc(/.*)? u:object_r:m_mag_misc_device:s0 -/dev/msensor(/.*)? u:object_r:msensor_device:s0 -/dev/mtfreqhopping(/.*)? u:object_r:mtfreqhopping_device:s0 -/dev/mtgpio(/.*)? u:object_r:mtgpio_device:s0 -/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0 -/dev/mtk_disp.* u:object_r:graphics_device:s0 -/dev/mtkfb_vsync(/.*)? u:object_r:graphics_device:s0 -/dev/mtkg2d(/.*)? u:object_r:mtkg2d_device:s0 -/dev/mtk_jpeg(/.*)? u:object_r:mtk_jpeg_device:s0 -/dev/mtk-kpd(/.*)? u:object_r:mtk_kpd_device:s0 -/dev/mtk_sched(/.*)? u:object_r:mtk_sched_device:s0 -/dev/MTK_SMI(/.*)? u:object_r:mtk_smi_device:s0 -/dev/mtk_rrc(/.*)? u:object_r:mtk_rrc_device:s0 -/dev/mt-mdp(/.*)? u:object_r:mt_mdp_device:s0 -/dev/mt_otg_test(/.*)? u:object_r:mt_otg_test_device:s0 -/dev/MT_pmic_adc_cali u:object_r:MT_pmic_adc_cali_device:s0 -/dev/MT_pmic_adc_cali(/.*)? u:object_r:MT_pmic_cali_device:s0 -/dev/MT_pmic(/.*)? u:object_r:MT_pmic_device:s0 -/dev/network.* u:object_r:network_device:s0 -/dev/nvram(/.*)? u:object_r:nvram_device:s0 -/dev/nxpspk(/.*)? u:object_r:smartpa_device:s0 -/dev/otp u:object_r:otp_device:s0 -/dev/pmem_multimedia(/.*)? u:object_r:pmem_multimedia_device:s0 -/dev/pmt(/.*)? u:object_r:pmt_device:s0 -/dev/preloader(/.*)? u:object_r:preloader_device:s0 -/dev/pro_info(/.*)? u:object_r:pro_info_device:s0 -/dev/protect_f(/.*)? u:object_r:protect_f_device:s0 -/dev/protect_s(/.*)? u:object_r:protect_s_device:s0 -/dev/psaux(/.*)? u:object_r:psaux_device:s0 -/dev/ptmx(/.*)? u:object_r:ptmx_device:s0 -/dev/ptyp.* u:object_r:ptyp_device:s0 -/dev/pvr_sync(/.*)? u:object_r:gpu_device:s0 -/dev/recovery(/.*)? u:object_r:recovery_device:s0 -/dev/rfkill(/.*)? u:object_r:rfkill_device:s0 -/dev/rtc[0-9]+ u:object_r:rtc_device:s0 -/dev/RT_Monitor(/.*)? u:object_r:RT_Monitor_device:s0 -/dev/kick_powerkey(/.*)? u:object_r:kick_powerkey_device:s0 -/dev/seccfg(/.*)? u:object_r:seccfg_device:s0 -/dev/sec_ro(/.*)? u:object_r:sec_ro_device:s0 -/dev/sec(/.*)? u:object_r:sec_device:s0 -/dev/tee1 u:object_r:tee_part_device:s0 -/dev/tee2 u:object_r:tee_part_device:s0 -/dev/sensor(/.*)? u:object_r:sensor_device:s0 -/dev/smartpa_i2c(/.*)? u:object_r:smartpa1_device:s0 -/dev/snapshot(/.*)? u:object_r:snapshot_device:s0 -/dev/socket/adbd(/.*)? u:object_r:adbd_socket:s0 -/dev/socket/agpsd2(/.*)? u:object_r:agpsd_socket:s0 -/dev/socket/agpsd3(/.*)? u:object_r:agpsd_socket:s0 -/dev/socket/agpsd(/.*)? u:object_r:agpsd_socket:s0 -/dev/socket/backuprestore(/.*)? u:object_r:backuprestore_socket:s0 -/dev/socket/bluetooth(/.*)? u:object_r:bluetooth_socket:s0 -/dev/socket/bt.a2dp.stream(/.*)? u:object_r:bt_a2dp_stream_socket:s0 -/dev/socket/bt.int.adp(/.*)? u:object_r:bt_int_adp_socket:s0 -/dev/socket/dbus_bluetooth(/.*)? u:object_r:dbus_bluetooth_socket:s0 -/dev/socket/dfo(/.*)? u:object_r:dfo_socket:s0 -/dev/socket/dnsproxyd(/.*)? u:object_r:dnsproxyd_socket:s0 -/dev/socket/dumpstate(/.*)? u:object_r:dumpstate_socket:s0 -/dev/socket/installd(/.*)? u:object_r:installd_socket:s0 -/dev/socket/mdnsd(/.*)? u:object_r:mdnsd_socket:s0 -/dev/socket/mdns(/.*)? u:object_r:mdns_socket:s0 -/dev/socket/mnld(/.*)? u:object_r:mnld_socket:s0 -/dev/socket/mtpd(/.*)? u:object_r:mtpd_socket:s0 -/dev/socket/netdiag(/.*)? u:object_r:netdiag_socket:s0 -/dev/socket/netd(/.*)? u:object_r:netd_socket:s0 -/dev/socket/racoon(/.*)? u:object_r:racoon_socket:s0 -/dev/socket/rild2-md2(/.*)? u:object_r:rild2_md2_socket:s0 -/dev/socket/rild2(/.*)? u:object_r:rild2_socket:s0 -/dev/socket/rild3(/.*)? u:object_r:rild3_socket:s0 -/dev/socket/rild4(/.*)? u:object_r:rild4_socket:s0 -/dev/socket/rild-ims(/.*)? u:object_r:rild_ims_socket:s0 -/dev/socket/rild-atci-md2(/.*)? u:object_r:rild_atci_md2_socket:s0 -/dev/socket/rild-atci(/.*)? u:object_r:rild_atci_socket:s0 -/dev/socket/rild-ctclient u:object_r:rild_ctclient_socket:s0 -/dev/socket/rild-debug-md2(/.*)? u:object_r:rild_debug_md2_socket:s0 -/dev/socket/rild-debug(/.*)? u:object_r:rild_debug_socket:s0 -/dev/socket/rild-md2(/.*)? u:object_r:rild_md2_socket:s0 -/dev/socket/rild-mtk-modem-md2(/.*)? u:object_r:rild_mtk_modem_md2_socket:s0 -/dev/socket/rild-mtk-modem(/.*)? u:object_r:rild_mtk_modem_socket:s0 -/dev/socket/rild-mtk-ut-2-md2(/.*)? u:object_r:rild_mtk_ut_2_md2_socket:s0 -/dev/socket/rild-mtk-ut-2(/.*)? u:object_r:rild_mtk_ut_2_socket:s0 -/dev/socket/rild-mtk-ut-md2(/.*)? u:object_r:rild_mtk_ut_md2_socket:s0 -/dev/socket/rild-mtk-ut(/.*)? u:object_r:rild_mtk_ut_socket:s0 -/dev/socket/rild-oem-md2(/.*)? u:object_r:rild_oem_md2_socket:s0 -/dev/socket/rild-oem(/.*)? u:object_r:rild_oem_socket:s0 -/dev/socket/rild(/.*)? u:object_r:rild_socket:s0 -/dev/socket/rild-via u:object_r:rild_via_socket:s0 -/dev/socket/rild-atci-c2k(/.*)? u:object_r:rild_atci_c2k_socket:s0 -/dev/socket/rpc u:object_r:rpc_socket:s0 -/dev/socket/soc_vt_stk(/.*)? u:object_r:soc_vt_stk_socket:s0 -/dev/socket/soc_vt_svc(/.*)? u:object_r:soc_vt_svc_socket:s0 -/dev/socket/soc_vt_tcv(/.*)? u:object_r:soc_vt_tcv_socket:s0 -/dev/socket/statusd u:object_r:statusd_socket:s0 -/dev/socket/sysctl(/.*)? u:object_r:sysctl_socket:s0 -/dev/socket/vold(/.*)? u:object_r:vold_socket:s0 -/dev/socket/wpa_wlan0(/.*)? u:object_r:wpa_wlan0_socket:s0 -/dev/socket/zygote(/.*)? u:object_r:zygote_socket:s0 -/dev/socket/wod_action(/.*)? u:object_r:wod_action_socket:s0 -/dev/socket/wod_sim(/.*)? u:object_r:wod_sim_socket:s0 -/dev/socket/wod_ipsec(/.*)? u:object_r:wod_ipsec_socket:s0 -/dev/stpbt(/.*)? u:object_r:stpbt_device:s0 -/dev/stpgps u:object_r:mnld_device:s0 -/dev/stpgps(/.*)? u:object_r:stpgps_device:s0 -/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0 -/dev/sw_sync(/.*)? u:object_r:sw_sync_device:s0 -/dev/tgt(/.*)? u:object_r:tgt_device:s0 -/dev/touch(/.*)? u:object_r:touch_device:s0 -/dev/tpd_em_log(/.*)? u:object_r:tpd_em_log_device:s0 -/dev/ttyC0 u:object_r:gsm0710muxd_device:s0 -/dev/ttyC1 u:object_r:mdlog_device:s0 -/dev/ttyC2 u:object_r:agps_device:s0 -/dev/ttyC3 u:object_r:icusb_device:s0 -/dev/ttyGS.* u:object_r:ttyGS_device:s0 -/dev/ttyMT.* u:object_r:ttyMT_device:s0 -/dev/ttyp.* u:object_r:ttyp_device:s0 -/dev/ttySDIO.* u:object_r:ttySDIO_device:s0 -/dev/ttyUSB0 u:object_r:tty_device:s0 -/dev/ttyUSB1 u:object_r:tty_device:s0 -/dev/ttyUSB2 u:object_r:tty_device:s0 -/dev/ttyUSB3 u:object_r:tty_device:s0 -/dev/ttyUSB4 u:object_r:tty_device:s0 -/dev/TV-out(/.*)? u:object_r:TV_out_device:s0 -/dev/uboot(/.*)? u:object_r:uboot_device:s0 -/dev/uibc(/.*)? u:object_r:uibc_device:s0 -/dev/uinput(/.*)? u:object_r:uinput_device:s0 -/dev/uio0(/.*)? u:object_r:uio0_device:s0 -/dev/usrdata(/.*)? u:object_r:usrdata_device:s0 -/dev/Vcodec(/.*)? u:object_r:Vcodec_device:s0 -/dev/vmodem u:object_r:vmodem_device:s0 -/dev/vow(/.*)? u:object_r:vow_device:s0 -/dev/wmtdetect(/.*)? u:object_r:wmtdetect_device:s0 -/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0 -/dev/offloadservice(/.*)? u:object_r:offloadservice_device:s0 -/dev/irtx u:object_r:irtx_device:s0 +/dev/aal_als(/.*)? u:object_r:aal_als_device:s0 +/dev/accdet(/.*)? u:object_r:accdet_device:s0 +/dev/als_ps(/.*)? u:object_r:als_ps_device:s0 +/dev/ampc0(/.*)? u:object_r:ampc0_device:s0 +/dev/android(/.*)? u:object_r:android_device:s0 +/dev/barometer(/.*)? u:object_r:barometer_device:s0 +/dev/block/mmcblk[0-9a-z]* u:object_r:mmcblk_device:s0 +/dev/block/platform(/.*)? u:object_r:platformblk_device:s0 +/dev/block/vold(/.*)? u:object_r:voldblk_device:s0 +/dev/bmtpool(/.*)? u:object_r:bmtpool_device:s0 +/dev/bootimg(/.*)? u:object_r:bootimg_device:s0 +/dev/BOOT(/.*)? u:object_r:BOOT_device:s0 +/dev/btif(/.*)? u:object_r:btif_device:s0 +/dev/btn(/.*)? u:object_r:btn_device:s0 +/dev/cache(/.*)? u:object_r:cache_device:s0 +/dev/CAM_CAL_DRV(/.*)? u:object_r:CAM_CAL_DRV_device:s0 +/dev/camera-fdvt(/.*)? u:object_r:camera_fdvt_device:s0 +/dev/camera-isp(/.*)? u:object_r:camera_isp_device:s0 +/dev/camera-pipemgr(/.*)? u:object_r:camera_pipemgr_device:s0 +/dev/camera-sysram(/.*)? u:object_r:camera_sysram_device:s0 +/dev/ccci_monitor u:object_r:ccci_monitor_device:s0 +/dev/ccci.* u:object_r:ccci_device:s0 +/dev/cpu_dma_latency(/.*)? u:object_r:cpu_dma_latency_device:s0 +/dev/devmap(/.*)? u:object_r:devmap_device:s0 +/dev/dummy_cam_cal(/.*)? u:object_r:dummy_cam_cal_device:s0 +/dev/ebc(/.*)? u:object_r:ebc_device:s0 +/dev/ebr[0-9]+ u:object_r:ebr_device:s0 +/dev/etb u:object_r:etb_device:s0 +/dev/expdb(/.*)? u:object_r:expdb_device:s0 +/dev/fat(/.*)? u:object_r:fat_device:s0 +/dev/gps(/.*)? u:object_r:gps_device:s0 +/dev/gsensor(/.*)? u:object_r:gsensor_device:s0 +/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0 +/dev/hdmitx(/.*)? u:object_r:graphics_device:s0 +/dev/hid-keyboard(/.*)? u:object_r:hid_keyboard_device:s0 +/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0 +/dev/ion(/.*)? u:object_r:ion_device:s0 +/dev/kd_camera_flashlight(/.*)? u:object_r:kd_camera_flashlight_device:s0 +/dev/kd_camera_hw_bus2(/.*)? u:object_r:kd_camera_hw_bus2_device:s0 +/dev/kd_camera_hw(/.*)? u:object_r:kd_camera_hw_device:s0 +/dev/logo(/.*)? u:object_r:logo_device:s0 +/dev/loop-control(/.*)? u:object_r:loop-control_device:s0 +/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0 +/dev/m_acc_misc(/.*)? u:object_r:m_acc_misc_device:s0 +/dev/mali.* u:object_r:gpu_device:s0 +/dev/MATV(/.*)? u:object_r:MATV_device:s0 +/dev/m_batch_misc(/.*)? u:object_r:m_batch_misc_device:s0 +/dev/mbr(/.*)? u:object_r:mbr_device:s0 +/dev/md32(/.*)? u:object_r:md32_device:s0 +/dev/met(/.*)? u:object_r:met_device:s0 +/dev/misc-sd(/.*)? u:object_r:misc_sd_device:s0 +/dev/misc(/.*)? u:object_r:misc_device:s0 +/dev/misc2(/.*)? u:object_r:misc2_device:s0 +/dev/MJC(/.*)? u:object_r:MJC_device:s0 +/dev/m_mag_misc(/.*)? u:object_r:m_mag_misc_device:s0 +/dev/msensor(/.*)? u:object_r:msensor_device:s0 +/dev/mtfreqhopping(/.*)? u:object_r:mtfreqhopping_device:s0 +/dev/mtgpio(/.*)? u:object_r:mtgpio_device:s0 +/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0 +/dev/mtk_disp.* u:object_r:graphics_device:s0 +/dev/mtkfb_vsync(/.*)? u:object_r:graphics_device:s0 +/dev/mtkg2d(/.*)? u:object_r:mtkg2d_device:s0 +/dev/mtk_jpeg(/.*)? u:object_r:mtk_jpeg_device:s0 +/dev/mtk-kpd(/.*)? u:object_r:mtk_kpd_device:s0 +/dev/mtk_sched(/.*)? u:object_r:mtk_sched_device:s0 +/dev/MTK_SMI(/.*)? u:object_r:mtk_smi_device:s0 +/dev/mtk_rrc(/.*)? u:object_r:mtk_rrc_device:s0 +/dev/mt-mdp(/.*)? u:object_r:mt_mdp_device:s0 +/dev/mt_otg_test(/.*)? u:object_r:mt_otg_test_device:s0 +/dev/MT_pmic_adc_cali u:object_r:MT_pmic_adc_cali_device:s0 +/dev/MT_pmic_adc_cali(/.*)? u:object_r:MT_pmic_cali_device:s0 +/dev/MT_pmic(/.*)? u:object_r:MT_pmic_device:s0 +/dev/network.* u:object_r:network_device:s0 +/dev/nvram(/.*)? u:object_r:nvram_device:s0 +/dev/nxpspk(/.*)? u:object_r:smartpa_device:s0 +/dev/otp u:object_r:otp_device:s0 +/dev/pmem_multimedia(/.*)? u:object_r:pmem_multimedia_device:s0 +/dev/pmt(/.*)? u:object_r:pmt_device:s0 +/dev/preloader(/.*)? u:object_r:preloader_device:s0 +/dev/pro_info(/.*)? u:object_r:pro_info_device:s0 +/dev/protect_f(/.*)? u:object_r:protect_f_device:s0 +/dev/protect_s(/.*)? u:object_r:protect_s_device:s0 +/dev/psaux(/.*)? u:object_r:psaux_device:s0 +/dev/ptmx(/.*)? u:object_r:ptmx_device:s0 +/dev/ptyp.* u:object_r:ptyp_device:s0 +/dev/pvr_sync(/.*)? u:object_r:gpu_device:s0 +/dev/recovery(/.*)? u:object_r:recovery_device:s0 +/dev/rfkill(/.*)? u:object_r:rfkill_device:s0 +/dev/rtc[0-9]+ u:object_r:rtc_device:s0 +/dev/RT_Monitor(/.*)? u:object_r:RT_Monitor_device:s0 +/dev/kick_powerkey(/.*)? u:object_r:kick_powerkey_device:s0 +/dev/seccfg(/.*)? u:object_r:seccfg_device:s0 +/dev/sec_ro(/.*)? u:object_r:sec_ro_device:s0 +/dev/sec(/.*)? u:object_r:sec_device:s0 +/dev/tee1 u:object_r:tee_part_device:s0 +/dev/tee2 u:object_r:tee_part_device:s0 +/dev/sensor(/.*)? u:object_r:sensor_device:s0 +/dev/smartpa_i2c(/.*)? u:object_r:smartpa1_device:s0 +/dev/snapshot(/.*)? u:object_r:snapshot_device:s0 +/dev/socket/adbd(/.*)? u:object_r:adbd_socket:s0 +/dev/socket/agpsd2(/.*)? u:object_r:agpsd_socket:s0 +/dev/socket/agpsd3(/.*)? u:object_r:agpsd_socket:s0 +/dev/socket/agpsd(/.*)? u:object_r:agpsd_socket:s0 +/dev/socket/backuprestore(/.*)? u:object_r:backuprestore_socket:s0 +/dev/socket/bluetooth(/.*)? u:object_r:bluetooth_socket:s0 +/dev/socket/bt.a2dp.stream(/.*)? u:object_r:bt_a2dp_stream_socket:s0 +/dev/socket/bt.int.adp(/.*)? u:object_r:bt_int_adp_socket:s0 +/dev/socket/dbus_bluetooth(/.*)? u:object_r:dbus_bluetooth_socket:s0 +/dev/socket/dfo(/.*)? u:object_r:dfo_socket:s0 +/dev/socket/dnsproxyd(/.*)? u:object_r:dnsproxyd_socket:s0 +/dev/socket/dumpstate(/.*)? u:object_r:dumpstate_socket:s0 +/dev/socket/installd(/.*)? u:object_r:installd_socket:s0 +/dev/socket/mdnsd(/.*)? u:object_r:mdnsd_socket:s0 +/dev/socket/mdns(/.*)? u:object_r:mdns_socket:s0 +/dev/socket/mnld(/.*)? u:object_r:mnld_socket:s0 +/dev/socket/mtpd(/.*)? u:object_r:mtpd_socket:s0 +/dev/socket/netdiag(/.*)? u:object_r:netdiag_socket:s0 +/dev/socket/netd(/.*)? u:object_r:netd_socket:s0 +/dev/socket/racoon(/.*)? u:object_r:racoon_socket:s0 +/dev/socket/rild2-md2(/.*)? u:object_r:rild2_md2_socket:s0 +/dev/socket/rild2(/.*)? u:object_r:rild2_socket:s0 +/dev/socket/rild3(/.*)? u:object_r:rild3_socket:s0 +/dev/socket/rild4(/.*)? u:object_r:rild4_socket:s0 +/dev/socket/rild-ims(/.*)? u:object_r:rild_ims_socket:s0 +/dev/socket/rild-atci-md2(/.*)? u:object_r:rild_atci_md2_socket:s0 +/dev/socket/rild-atci(/.*)? u:object_r:rild_atci_socket:s0 +/dev/socket/rild-ctclient u:object_r:rild_ctclient_socket:s0 +/dev/socket/rild-debug-md2(/.*)? u:object_r:rild_debug_md2_socket:s0 +/dev/socket/rild-debug(/.*)? u:object_r:rild_debug_socket:s0 +/dev/socket/rild-md2(/.*)? u:object_r:rild_md2_socket:s0 +/dev/socket/rild-mtk-modem-md2(/.*)? u:object_r:rild_mtk_modem_md2_socket:s0 +/dev/socket/rild-mtk-modem(/.*)? u:object_r:rild_mtk_modem_socket:s0 +/dev/socket/rild-mtk-ut-2-md2(/.*)? u:object_r:rild_mtk_ut_2_md2_socket:s0 +/dev/socket/rild-mtk-ut-2(/.*)? u:object_r:rild_mtk_ut_2_socket:s0 +/dev/socket/rild-mtk-ut-md2(/.*)? u:object_r:rild_mtk_ut_md2_socket:s0 +/dev/socket/rild-mtk-ut(/.*)? u:object_r:rild_mtk_ut_socket:s0 +/dev/socket/rild-oem-md2(/.*)? u:object_r:rild_oem_md2_socket:s0 +/dev/socket/rild-oem(/.*)? u:object_r:rild_oem_socket:s0 +/dev/socket/rild(/.*)? u:object_r:rild_socket:s0 +/dev/socket/rild-via u:object_r:rild_via_socket:s0 +/dev/socket/rild-atci-c2k(/.*)? u:object_r:rild_atci_c2k_socket:s0 +/dev/socket/rpc u:object_r:rpc_socket:s0 +/dev/socket/soc_vt_stk(/.*)? u:object_r:soc_vt_stk_socket:s0 +/dev/socket/soc_vt_svc(/.*)? u:object_r:soc_vt_svc_socket:s0 +/dev/socket/soc_vt_tcv(/.*)? u:object_r:soc_vt_tcv_socket:s0 +/dev/socket/statusd u:object_r:statusd_socket:s0 +/dev/socket/sysctl(/.*)? u:object_r:sysctl_socket:s0 +/dev/socket/vold(/.*)? u:object_r:vold_socket:s0 +/dev/socket/wpa_wlan0(/.*)? u:object_r:wpa_wlan0_socket:s0 +/dev/socket/zygote(/.*)? u:object_r:zygote_socket:s0 +/dev/socket/wod_action(/.*)? u:object_r:wod_action_socket:s0 +/dev/socket/wod_sim(/.*)? u:object_r:wod_sim_socket:s0 +/dev/socket/wod_ipsec(/.*)? u:object_r:wod_ipsec_socket:s0 +/dev/stpbt(/.*)? u:object_r:stpbt_device:s0 +/dev/stpgps u:object_r:mnld_device:s0 +/dev/stpgps(/.*)? u:object_r:stpgps_device:s0 +/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0 +/dev/sw_sync(/.*)? u:object_r:sw_sync_device:s0 +/dev/tgt(/.*)? u:object_r:tgt_device:s0 +/dev/touch(/.*)? u:object_r:touch_device:s0 +/dev/tpd_em_log(/.*)? u:object_r:tpd_em_log_device:s0 +/dev/ttyC0 u:object_r:gsm0710muxd_device:s0 +/dev/ttyC1 u:object_r:mdlog_device:s0 +/dev/ttyC2 u:object_r:agps_device:s0 +/dev/ttyC3 u:object_r:icusb_device:s0 +/dev/ttyGS.* u:object_r:ttyGS_device:s0 +/dev/ttyMT.* u:object_r:ttyMT_device:s0 +/dev/ttyp.* u:object_r:ttyp_device:s0 +/dev/ttySDIO.* u:object_r:ttySDIO_device:s0 +/dev/ttyUSB0 u:object_r:tty_device:s0 +/dev/ttyUSB1 u:object_r:tty_device:s0 +/dev/ttyUSB2 u:object_r:tty_device:s0 +/dev/ttyUSB3 u:object_r:tty_device:s0 +/dev/ttyUSB4 u:object_r:tty_device:s0 +/dev/TV-out(/.*)? u:object_r:TV_out_device:s0 +/dev/uboot(/.*)? u:object_r:uboot_device:s0 +/dev/uibc(/.*)? u:object_r:uibc_device:s0 +/dev/uinput(/.*)? u:object_r:uinput_device:s0 +/dev/uio0(/.*)? u:object_r:uio0_device:s0 +/dev/usrdata(/.*)? u:object_r:usrdata_device:s0 +/dev/Vcodec(/.*)? u:object_r:Vcodec_device:s0 +/dev/vmodem u:object_r:vmodem_device:s0 +/dev/vow(/.*)? u:object_r:vow_device:s0 +/dev/wmtdetect(/.*)? u:object_r:wmtdetect_device:s0 +/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0 +/dev/offloadservice(/.*)? u:object_r:offloadservice_device:s0 -/dev/xt_qtaguid(/.*)? u:object_r:xt_qtaguid_device:s0 -/dev/pmic_ftm(/.*)? u:object_r:pmic_ftm_device:s0 -/dev/shf u:object_r:shf_device:s0 -/protect_f(/.*)? u:object_r:protect_f_data_file:s0 -/protect_s(/.*)? u:object_r:protect_s_data_file:s0 -/protect_s/properties(/.*)? u:object_r:persist_property_file:s0 -/persist(/.*)? u:object_r:persist_data_file:s0 -/dev/ttyACM0 u:object_r:ttyACM_device:s0 -/dev/hrm u:object_r:hrm_device:s0 +/dev/xt_qtaguid(/.*)? u:object_r:xt_qtaguid_device:s0 +/dev/pmic_ftm(/.*)? u:object_r:pmic_ftm_device:s0 +/dev/shf u:object_r:shf_device:s0 +/protect_f(/.*)? u:object_r:protect_f_data_file:s0 +/protect_s(/.*)? u:object_r:protect_s_data_file:s0 +/protect_s/properties(/.*)? u:object_r:persist_property_file:s0 +/persist(/.*)? u:object_r:persist_data_file:s0 +/dev/ttyACM0 u:object_r:ttyACM_device:s0 +/dev/hrm u:object_r:hrm_device:s0 ############################# # sysfs files # -/sys/bus/platform/drivers/msensor/daemon2 u:object_r:msensord_daemon2:s0 -/sys/bus/platform/drivers/msensor/daemon u:object_r:msensord_daemon:s0 +/sys/bus/platform/drivers/msensor/daemon2 u:object_r:msensord_daemon2:s0 +/sys/bus/platform/drivers/msensor/daemon u:object_r:msensord_daemon:s0 /sys/devices/platform/gsensor/driver(/.*)? u:object_r:sysfs_gsensor_file:s0 /sys/devices/platform/msensor/driver(/.*)? u:object_r:sysfs_msensor_file:s0 -/sys/bus/platform/drivers/mtk-kpd(/.*)? u:object_r:sysfs_keypad_file:s0 -/sys/power/vcorefs/pwr_ctrl -- u:object_r:sysfs_vcorefs_pwrctrl:s0 -/sys/kernel/ccci/boot u:object_r:sysfs_ccci:s0 +/sys/bus/platform/drivers/mtk-kpd(/.*)? u:object_r:sysfs_keypad_file:s0 +/sys/power/vcorefs/pwr_ctrl -- u:object_r:sysfs_vcorefs_pwrctrl:s0 +/sys/kernel/ccci/boot u:object_r:sysfs_ccci:s0 -############################# -# System files -# -/system/bin/6620_launcher u:object_r:mtk_6620_launcher_exec:s0 -/system/bin/akmd09911 u:object_r:akmd09911_exec:s0 -/system/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0 -/system/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0 -/system/bin/em_svr u:object_r:em_svr_exec:s0 -/system/bin/factory u:object_r:factory_exec:s0 -/system/bin/fuelgauged u:object_r:fuelgauged_exec:s0 -/system/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0 -/system/bin/meizupshelper u:object_r:meizupshelper_exec:s0 -/system/bin/meta_tst u:object_r:meta_tst_exec:s0 - -/system/bin/msensord u:object_r:msensord_exec:s0 -/system/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0 -/system/bin/mtkrild u:object_r:mtkrild_exec:s0 -/system/bin/muxreport u:object_r:muxreport_exec:s0 -/system/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0 -/system/bin/pq u:object_r:pq_exec:s0 -/system/bin/terservice u:object_r:terservice_exec:s0 -/system/bin/thermal_manager u:object_r:thermal_manager_exec:s0 -/system/bin/wifi2agps u:object_r:wifi2agps_exec:s0 -/system/bin/wmt_loader u:object_r:wmt_loader_exec:s0 -/system/etc/sensor(/.*)? u:object_r:system_sensor_data_file:s0 -/system/xbin/mnld u:object_r:mnld_exec:s0 -/system/bin/md_ctrl u:object_r:md_ctrl_exec:s0 +## System files ## -# Wallpaper file for smartbook -/data/system/users/[0-9]+/smartbook_wallpaper u:object_r:wallpaper_file:s0 +/system/bin/6620_launcher u:object_r:mtk_6620_launcher_exec:s0 +/system/bin/wmt_loader u:object_r:wmt_loader_exec:s0 -# Live Display -/sys/devices/platform/mtk_disp_mgr.0/rgb u:object_r:livedisplay_sysfs:s0 +/system/bin/akmd09911 u:object_r:akmd09911_exec:s0 +/system/bin/msensord u:object_r:msensord_exec:s0 +/system/etc/sensor(/.*)? u:object_r:system_sensor_data_file:s0 + +/system/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0 +/system/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0 +/system/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0 +/system/bin/md_ctrl u:object_r:md_ctrl_exec:s0 +/system/bin/mtkrild u:object_r:mtkrild_exec:s0 +/system/bin/muxreport u:object_r:muxreport_exec:s0 +/system/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0 +/system/bin/terservice u:object_r:terservice_exec:s0 + +/system/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0 +/system/xbin/mnld u:object_r:mnld_exec:s0 +/system/bin/wifi2agps u:object_r:wifi2agps_exec:s0 + +/system/bin/em_svr u:object_r:em_svr_exec:s0 +/system/bin/pq u:object_r:pq_exec:s0 +/system/bin/factory u:object_r:factory_exec:s0 +/system/bin/meizupshelper u:object_r:meizupshelper_exec:s0 +/system/bin/meta_tst u:object_r:meta_tst_exec:s0 +/system/bin/thermal_manager u:object_r:thermal_manager_exec:s0 -# Offline Charging -/system/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0 +# Camera m2note +/dev/BU64245(/.*)? u:object_r:BU64245_device:s0 -# zram -/dev/block/zram0(/.*)? u:object_r:zram0_device:s0 +# Charger +/system/bin/fuelgauged u:object_r:fuelgauged_exec:s0 +/system/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0 # Gestures -/sys/devices/platform/mx-gs/gesture_control u:object_r:gesture_sysfs:s0 +/sys/devices/platform/mx-gs/gesture_control u:object_r:gesture_sysfs:s0 -# m2note -/dev/BU64245(/.*)? u:object_r:BU64245_device:s0 +# Gps +/sys/devices/virtual/gpsdrv(/.*)? u:object_r:sysfs_gps_file:s0 + +# Live Display +/sys/devices/platform/mtk_disp_mgr.0/rgb u:object_r:livedisplay_sysfs:s0 # Meizupshelper -/sys/devices/virtual/meizu/ps/ps_calibration u:object_r:meizu_ps_calibration_trigger:s0 +/sys/devices/virtual/meizu/ps/ps_calibration u:object_r:meizu_ps_calibration_trigger:s0 + +# Thunderquake vibrator +/sys/kernel/thunderquake_engine/level u:object_r:sysfs_vibrator:s0 + +# Wallpaper file for smartbook +/data/system/users/[0-9]+/smartbook_wallpaper u:object_r:wallpaper_file:s0 + +# Zram +/dev/block/zram0(/.*)? u:object_r:zram0_device:s0 diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te index a26ffcb..cb4c0b2 100644 --- a/sepolicy/hostapd.te +++ b/sepolicy/hostapd.te @@ -2,5 +2,8 @@ allow hostapd system_wpa_socket:sock_file write; dontaudit hostapd kernel:system module_request; +# Mtk +allow hostapd unlabeled:file read; + # Nougat allow hostapd wifi_data_file:sock_file write; diff --git a/sepolicy/init.te b/sepolicy/init.te index 62d8657..eb95354 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -12,12 +12,11 @@ allow init platformblk_device:blk_file setattr; # Gestures allow init gesture_sysfs:file setattr; -# LD_SHIM_LIBS -allow init surfaceflinger:process noatsecure; - # Mtk fix allow init tmpfs:lnk_file create; allow init wmtWifi_device:chr_file write; + +# Zram allow init zram0_device:blk_file write; # Nougat diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te index 00efa6c..c6ddcc5 100644 --- a/sepolicy/kernel.te +++ b/sepolicy/kernel.te @@ -1,13 +1,13 @@ # kernel +allow kernel fuse:dir search; -allow kernel fuse:dir search; +allow kernel block_device:blk_file { read write }; +allow kernel loop_device:blk_file { read }; -allow kernel block_device:blk_file { read write }; -allow kernel loop_device:blk_file { read }; - -allow kernel platformblk_device:blk_file { open read write }; +allow kernel platformblk_device:blk_file { open read write }; +allow kernel wifi_data_file:dir search; # Mtk fix -allow kernel nvdata_file:dir search; -allow kernel nvdata_file:file { open read }; -allow kernel self:capability dac_override; +allow kernel nvdata_file:dir search; +allow kernel nvdata_file:file { open read }; +allow kernel self:capability dac_override; diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te index 54433fd..ca40012 100644 --- a/sepolicy/mediacodec.te +++ b/sepolicy/mediacodec.te @@ -1,3 +1,6 @@ allow mediacodec proc:file { getattr ioctl open read }; allow mediacodec proc_meminfo:file { getattr open read }; -allow mediacodec sysfs:file { open read }; +allow mediacodec sysfs:file { open read write }; + +allow mediacodec Vcodec_device:chr_file { ioctl open read write }; +allow mediacodec mtk_smi_device:chr_file { ioctl open read }; diff --git a/sepolicy/mediadrmserver.te b/sepolicy/mediadrmserver.te new file mode 100644 index 0000000..4b84024 --- /dev/null +++ b/sepolicy/mediadrmserver.te @@ -0,0 +1,2 @@ +# Mtk sn +allow mediadrmserver serial_number_prop:file { getattr open read }; diff --git a/sepolicy/meta_tst.te b/sepolicy/meta_tst.te index d53f959..e231cc8 100644 --- a/sepolicy/meta_tst.te +++ b/sepolicy/meta_tst.te @@ -90,5 +90,9 @@ allow meta_tst pro_info_device:chr_file { open read write ioctl }; allow meta_tst ttySDIO_device:chr_file { read write ioctl open }; +# Gps +allow meta_tst sysfs_gps_file:dir search; +allow meta_tst sysfs_gps_file:file rw_file_perms; + # m2note allow mediaserver BU64245_device:chr_file { read write ioctl open }; diff --git a/sepolicy/mnld.te b/sepolicy/mnld.te index 1887bd6..8879fbe 100644 --- a/sepolicy/mnld.te +++ b/sepolicy/mnld.te @@ -8,46 +8,72 @@ init_daemon_domain(mnld) net_domain(mnld) allow mnld agpsd_data_file:dir create_dir_perms; allow mnld agpsd_data_file:sock_file create_file_perms; + allow mnld mtk_agpsd:unix_dgram_socket sendto; + allow mnld sysfs:file rw_file_perms; allow mnld sysfs_wake_lock:file rw_file_perms; + allow mnld nvram_data_file:dir create_dir_perms; allow mnld nvram_data_file:file create_file_perms; allow mnld nvram_data_file:lnk_file read; + +allow mnld nvram_device:chr_file{read write}; +allow mnld nvram_device:chr_file { ioctl open }; + allow mnld nvdata_file:dir create_dir_perms; allow mnld nvdata_file:file create_file_perms; + +allow mnld sysfs_gps_file:dir search; +allow mnld sysfs_gps_file:file rw_file_perms; + allow mnld mnld_data_file:dir rw_dir_perms; allow mnld mnld_data_file:sock_file create_file_perms; allow mnld mnld_device:chr_file rw_file_perms; +allow mnld mnld_prop:property_service set; + allow mnld gps_device:chr_file rw_file_perms; allow mnld init:unix_stream_socket connectto; allow mnld property_socket:sock_file rw_file_perms; + allow mnld system_data_file:dir rw_dir_perms; allow mnld system_data_file:dir create_dir_perms; -allow mnld system_server:unix_dgram_socket sendto; allow mnld system_data_file:sock_file create_file_perms; -allow mnld platformblk_device:blk_file rw_file_perms; +allow mnld system_server:unix_dgram_socket sendto; + allow mnld block_device:dir search; allow mnld platformblk_device:dir search; -allow mnld nvram_device:chr_file{read write}; -allow mnld mnld_prop:property_service set; -allow mnld nvram_device:chr_file open; +allow mnld platformblk_device:blk_file rw_file_perms; + allow mnld init:udp_socket { read write }; allow mnld mdlog_device:chr_file { read write }; allow mnld self:capability { fsetid dac_override }; allow mnld stpbt_device:chr_file { read write }; allow mnld ttyGS_device:chr_file { read write }; + allow mnld fuse:dir search; allow mnld fuse:dir write; allow mnld fuse:dir add_name; allow mnld fuse:file create; allow mnld fuse:file rw_file_perms; allow mnld fuse:file create_file_perms; -allow mnld nvram_device:chr_file ioctl; allow mnld fuse:dir { read remove_name create open }; + allow mnld tmpfs:lnk_file { read create open }; +allow mnld tmpfs:dir search; + allow mnld platform_app:unix_stream_socket connectto; # Nougat allow mnld wmt_prop:file r_file_perms; allow mnld rootfs:lnk_file { getattr }; + +# Mtk +allow mnld media_rw_data_file:dir { open read search }; +allow mnld mnt_user_file:dir search; +allow mnld mnt_user_file:lnk_file read; +allow mnld storage_file:dir search; +allow mnld storage_file:lnk_file read; + +# SdcardFS +allow mnld sdcardfs:dir search; diff --git a/sepolicy/mtk_agpsd.te b/sepolicy/mtk_agpsd.te index d19fa27..e1007f0 100644 --- a/sepolicy/mtk_agpsd.te +++ b/sepolicy/mtk_agpsd.te @@ -20,3 +20,11 @@ allow mtk_agpsd storage_file:lnk_file create_file_perms; allow mtk_agpsd mnt_user_file:dir create_dir_perms; allow mtk_agpsd mnt_user_file:lnk_file create_file_perms; allow mtk_agpsd rootfs:lnk_file { getattr }; + +# Mtk +allow mtk_agpsd media_rw_data_file:dir { open read search }; +allow mtk_agpsd storage_file:dir search; +allow mtk_agpsd tmpfs:dir search; + +# SdcardFS +allow mtk_agpsd sdcardfs:dir search; diff --git a/sepolicy/mtkrild.te b/sepolicy/mtkrild.te index 03124c2..44d872f 100644 --- a/sepolicy/mtkrild.te +++ b/sepolicy/mtkrild.te @@ -73,6 +73,7 @@ allow mtkrild radio:fd use; allow mtkrild init:unix_stream_socket connectto; allow mtkrild property_socket:sock_file write; +# Mtk sn allow mtkrild serial_number_prop:property_service set; # Nougat diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index 956b459..66b1c87 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -1,2 +1,6 @@ # Mtk fix +allow priv_app device:dir { open read }; allow priv_app unlabeled:file getattr; + +# Mtk sn +allow priv_app serial_number_prop:file read; diff --git a/sepolicy/property.te b/sepolicy/property.te index c0b7dde..e1e1d1c 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -10,14 +10,6 @@ type ctl_gsm0710muxd_prop, property_type; type ctl_gsm0710muxd-s_prop, property_type; type ctl_gsm0710muxd-d_prop, property_type; type ctl_gsm0710muxdmd2_prop, property_type; -#=============allow ccci_mdinit to ctl. mdlogger============== -type ctl_mdlogger_prop, property_type; -type ctl_emdlogger1_prop, property_type; -type ctl_emdlogger2_prop, property_type; -type ctl_dualmdlogger_prop, property_type; -#=============allow eemcs_mdinit to start mdlogger========== -type ctl_eemcs_fmdl_prop, property_type; -#type ctl_emdlogger5_prop, property_type; #=============allow mtkrild to set persist.ril property============== type persist_ril_prop, property_type; @@ -36,17 +28,6 @@ type media_wfd_prop, property_type; #=============allow netd to set mtk_wifi.*========================= type mtk_wifi_prop, property_type; -#=============allow mdlogger============== -type debug_mdlogger_prop, property_type; - -#=============allow AEE============== -type persist_mtk_aee_prop, property_type; -type persist_aee_prop, property_type; -type debug_mtk_aee_prop, property_type; - -#=============allow aee_dumpstate============== -type debug_bq_dump_prop, property_type; - #=============allow ccci_mdinit to stop rild============== type ctl_ril-daemon-mtk_prop, property_type; type ctl_ril-daemon-s_prop, property_type; @@ -111,8 +92,6 @@ type persist_md_prop, property_type; #=============allow sensor============== type ctl_msensord_prop, property_type; type ctl_akmd09911_prop, property_type; -type ctl_emcsmdlogger_prop, property_type; -type ctl_eemcs_fsd_prop, property_type; #=============allow statusd============== type net_cdma_mdmstat, property_type; type cdma_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index 88451f3..97b1eb1 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -6,15 +6,6 @@ ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd-s_prop:s0 ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd-d_prop:s0 ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0 -#=============allow ccci_mdinit to ctl. mdlogger============== -ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0 -ctl.emdlogger1 u:object_r:ctl_emdlogger1_prop:s0 -ctl.emdlogger2 u:object_r:ctl_emdlogger2_prop:s0 -ctl.dualmdlogger u:object_r:ctl_dualmdlogger_prop:s0 -#=============allow eemcs_mdinit to start mdlogger========== -ctl.eemcs_fmdl u:object_r:ctl_eemcs_fmdl_prop:s0 -#ctl.emdlogger5 u:object_r:ctl_emdlogger5_prop:s0 - #=============allow mtkrild to set persist.ril property============== persist.ril u:object_r:persist_ril_prop:s0 #=============allow terservice to set terservice property============== @@ -34,22 +25,6 @@ media.wfd. u:object_r:media_wfd_prop:s0 #=============allow netd to set mtk_wifi.*======================== mtk_wifi. u:object_r:mtk_wifi_prop:s0 -#=============allow mdlogger============== -debug.mdlogger u:object_r:debug_mdlogger_prop:s0 - -#=============allow AEE============== -# persist.mtk.aee.mode && persist.mtk.aee.dal -persist.mtk.aee u:object_r:persist_mtk_aee_prop:s0 - -# persist.aee.core.dump && persist.aee.core.direct -persist.aee u:object_r:persist_aee_prop:s0 - -# debug.mtk.aee.db -debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0 - -#=============allow AEE_Dumpstate============== -debug.bq.dump u:object_r:debug_bq_dump_prop:s0 - #=============allow mux============== ril.mux. u:object_r:gsm0710muxd_prop:s0 @@ -113,8 +88,6 @@ persist.md u:object_r:persist_md_prop:s0 #=============allow sensor daemon============== ctl.msensord u:object_r:ctl_msensord_prop:s0 ctl.akmd09911 u:object_r:ctl_akmd09911_prop:s0 -ctl.emdlogger5 u:object_r:ctl_emcsmdlogger_prop:s0 -ctl.eemcs_fsd u:object_r:ctl_eemcs_fsd_prop:s0 #=============allow statusd============== net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0 diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts index 442a658..199c0c3 100644 --- a/sepolicy/service_contexts +++ b/sepolicy/service_contexts @@ -3,7 +3,6 @@ NvRAMAgent u:object_r:nvram_agent_service:s0 phoneEx u:object_r:radio_service:s0 DmAgent u:object_r:dm_agent_binder_service:s0 -hotknot_service u:object_r:system_app_service:s0 vie_command u:object_r:system_app_service:s0 terservice u:object_r:terservice_service:s0 memory_dumper u:object_r:mediaserver_service:s0 diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 92f3655..257beac 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -24,39 +24,6 @@ allow system_app proc_mtktz:dir search; allow system_app proc_mtktz:file { read getattr open write }; allow system_app proc_slogger:file { read getattr open write }; -# Date: 2014/09/02 -# Operation: BaseUT -# Purpose: [HotKnot][HotKnot service will use hoknot device node] -# Package: com.mediatek.hotknot.service -allow system_app hotknot_device:chr_file { read write ioctl open }; - -# Date: 2014/09/02 -# Operation: BaseUT -# Purpose: [HotKnot][HotKnot service will use devmap_device device node] -# Package: com.mediatek.hotknot.service -allow system_app devmap_device:chr_file { read ioctl open }; - -# Date: 2014/09/02 -# Operation: BaseUT -# Purpose: [HotKnot][HotKnot service will use mtkfb device node] -# Package: com.mediatek.hotknot.service -allow system_app graphics_device:chr_file { read write ioctl open }; -allow system_app graphics_device:dir search; - -# Date: 2014/10/7 -# Operation: SQC -# Purpose: [sysoper][sysoper will create folder /cache/recovery] -# Package: com.mediatek.systemupdate.sysoper -allow system_app cache_file:dir { write create add_name }; -allow system_app cache_file:file { write create open }; - -# Date : 2014/10/08 -# Operation : BaseUT -# Purpose : [op01 agps setting][mtk_agpsd establishes the local socket as agpsd for all A-GPS -# application to do something with mtk_agpsd in system app] -# Package: com.mediatek.op01.plugin -unix_socket_connect(system_app, agpsd, mtk_agpsd); - # Date : 2014/10/28 # Operation: SQC # Purpose : ALPS01761930 @@ -92,5 +59,8 @@ dontaudit system_app untrusted_app_tmpfs:file write; # Package: android.ui dontaudit system_app radio_data_file:dir search; +# Mtk Agps +unix_socket_connect(system_app, agpsd, mtk_agpsd); + # Gestures allow system_app gesture_sysfs:file rw_file_perms; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 5c4adbf..e7e964a 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -1,10 +1,8 @@ # system_server -# Date : WK15.02 # Operation : 120Hz Feature SQC # Purpose : for 120Hz Smart Switch allow system_server mtk_rrc_device:chr_file { read write ioctl open }; -# Date : WK14.31 # Operation : Migration # Purpose : for bring up allow system_server hwmsensor_device:chr_file { read ioctl open }; @@ -12,31 +10,26 @@ allow system_server m_batch_misc_device:chr_file { read ioctl open }; allow system_server proc:file write; allow system_server touch_device:chr_file { read ioctl open }; -# Date : WK14.32 # Operation : Migration # Purpose : for wifi p2p functionality allow system_server dhcp_data_file:dir { read write remove_name search getattr }; allow system_server dhcp_data_file:file { read open unlink getattr }; -# Date : WK14.33 # Operation : Migration # Purpose : for wifi functionality allow system_server wpa_wlan0_socket:sock_file write; allow system_server hostapd:unix_dgram_socket sendto; allow hostapd system_server:unix_dgram_socket sendto; -# Date : WK14.34 # Operation : Migration # Purpose : for WFD functionality allow system_server media_wfd_prop:property_service set; -# Date : WK14.34 # Operation : Migration # Purpose : for idling on homescreen allow system_server dontpanic_data_file:dir search; allow system_server mnld:unix_dgram_socket sendto; -# Date : WK14.34 # Operation : Migration # Purpose : for debug allow system_server debuggerd:fd use; @@ -45,54 +38,44 @@ allow system_server mnld_data_file:sock_file rw_file_perms; allow system_server mnld_data_file:dir create_file_perms; allow system_server mnld_data_file:dir rw_dir_perms; -# Date : WK14.37 # Operation : Migration # Purpose : for idling on homescreen allow system_server touch_device:chr_file write; -# Date : WK14.37 # Operation : Migration # Purpose : for relabeling files in /data/anr/ created at bootup allow system_server anr_data_file:file relabelto; -# Date : WK14.38 # Operation : Migration # Purpose : for debug allow system_server debuggerd:binder call; -# Date : WK14.39 # Operation : Migration # Purpose : for operate HDMI device allow system_server graphics_device:chr_file { read ioctl open }; -# Date: wk14.40 # Operation : SQC # Purpose : [ALPS01756200] wwop boot up fail allow system_server custom_file:dir { read search open getattr}; allow system_server custom_file:file { read open getattr}; -# Date: WK14.41 # Operation : Migration # Purpose : boost surfaceflinger to RT allow system_server surfaceflinger:process setsched; -# Date: WK14.41 # Operation : Migration # Purpose : [ALPS01760531] for bring up after auto-merge allow system_server zygote:binder impersonate; -# Date: WK14.41 # Operation : Migration # Purpose : for system_server operate /dev/RT_Monitor when enable hang detect allow system_server RT_Monitor_device:chr_file { read ioctl open }; -# Date: WK14.42 # Operation : Migration # Purpose : for system_server to start bootanim allow system_server ctl_bootanim_prop:property_service set; -# Date : WK14.42 # Operation : SQC # Purpose : ALPS01763317 # After connected to DHCPv6 enabled 6to4 IPv6 AP, @@ -102,58 +85,45 @@ allow system_server proc_net:file write; allow system_server wide_dhcpv6_data_file:dir search; allow system_server wide_dhcpv6_data_file:file { read getattr open }; -# Date: WK14.43 # Operation : Migration # Purpose : for bring up allow system_server anr_data_file:dir relabelfrom; allow system_server sf_rtt_file:dir relabelto; -# Date: WK14.44 # Operation : Migration # Purpose : for debug allow system_server sf_rtt_file:dir r_dir_perms; -# Date: WK14.44 # Operation : Migration # Purpose : for mtk gps epos library useage allow system_server devmap_device:chr_file r_file_perms; -allow system_server irtx_device:chr_file { read write ioctl open }; - -# Date: WK14.46 # Operation : Migration # Purpose : for sensorhubservice allow system_server shf_device:chr_file rw_file_perms; -# Date: W14.46 -# Operation : Migration -# Purpose : for GpsLocationProvider.java to check ESUPL status -allow system_server agpsd_data_file:dir search; - -# Date: WK14.46 # Operation : Migration # Purpose : for saveLocale to set SystemProperties allow system_server save_locale_prop:property_service set; -# Date: WK14.47 # Operation : MTBF # Purpose : for debug allow system_server sf_rtt_file:file r_file_perms; -# Date: WK14.47 # Operation : MTBF # Purpose : for native process backtrace dump allow system_server exec_type:file r_file_perms; -# Date: WK14.48 # Operation : SQC # Purpose : for querying zygote socket allow system_server zygote:unix_stream_socket { getopt getattr }; -# Date: WK15.05 # Purpose : for kill-switch should only grant to access frp partition, to be fix allow system_server platformblk_device:dir search; +# Agps +allow system_server agpsd_data_file:dir search; + # Persist allow system_server protect_s_data_file:dir r_dir_perms; @@ -165,3 +135,12 @@ allow system_server debugfs:file { read open }; allow system_server unlabeled:file unlink; allow system_server wmt_prop:file { read open getattr }; allow system_server wifi_data_file:sock_file { unlink }; + +# Sensor +allow system_server akmd8963_access_file1:file { getattr open read setattr write }; + +# Mtk sn +allow system_server serial_number_prop:file read; + +# Thunderquake vibrator +allow system_server sysfs_vibrator:file rw_file_perms; diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te index 57e08ca..0c1585b 100644 --- a/sepolicy/ueventd.te +++ b/sepolicy/ueventd.te @@ -1,3 +1,3 @@ # ueventd - allow ueventd sysfs:file setattr; +allow ueventd sysfs_gps_file:file w_file_perms; diff --git a/sepolicy/uncrypt.te b/sepolicy/uncrypt.te index 355d23c..f6293aa 100644 --- a/sepolicy/uncrypt.te +++ b/sepolicy/uncrypt.te @@ -1,2 +1,2 @@ # Mtk fix -allow uncrypt kmsg_device:chr_file { open write }; +allow uncrypt kmsg_device:chr_file { open write }; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te index f7336cd..edab695 100644 --- a/sepolicy/untrusted_app.te +++ b/sepolicy/untrusted_app.te @@ -1,13 +1,13 @@ # untrusted_app -allow untrusted_app dalvikcache_data_file:lnk_file read; +allow untrusted_app dalvikcache_data_file:lnk_file read; # CTS issue -allow untrusted_app proc_lk_env:file getattr; -allow untrusted_app proc_sysrq:file getattr; -allow untrusted_app fuse:file execute; -allow untrusted_app protect_f_data_file:dir getattr; -allow untrusted_app protect_s_data_file:dir getattr; +allow untrusted_app proc_lk_env:file getattr; +allow untrusted_app proc_sysrq:file getattr; +allow untrusted_app fuse:file execute; +allow untrusted_app protect_f_data_file:dir getattr; +allow untrusted_app protect_s_data_file:dir getattr; # Mtk fix -allow untrusted_app unlabeled:file { getattr open read }; +allow untrusted_app unlabeled:file { getattr open read }; diff --git a/sepolicy/vold.te b/sepolicy/vold.te index 57ed7ae..f57351d 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -51,11 +51,10 @@ allow vold system_data_file:dir { relabelfrom relabelto setattr }; allow vold system_data_file:file { relabelto }; allow vold platform_app:process ptrace; +allow vold platform_app:fd use; allow vold misc_device:chr_file read; -allow vold platform_app:fd use; - allow vold block_device:file create; # zram diff --git a/sepolicy/wpa.te b/sepolicy/wpa.te new file mode 100644 index 0000000..a56e15f --- /dev/null +++ b/sepolicy/wpa.te @@ -0,0 +1,18 @@ +# ============================================== +# MTK Policy Rule +# ============ + +allow wpa rild_oem_socket:sock_file write; +allow wpa rild_oem_md2_socket:sock_file write; +allow wpa mtkrild:unix_stream_socket connectto; +# if low memory occured, and system try to free more memory, wpa_suppliant may meet a violation like: +# avc: denied { use } for pid=4063 comm="wpa_supplicant" +# path=2F6465762F6173686D656D2F4469736361726461626C654D656D6F72794173686D656D416C6C6F6361746F72202864656C6574656429 +# dev="tmpfs" ino=46425 scontext=u:r:wpa:s0 tcontext=u:r:platform_app:s0 tclass=fd permissive=0 +# this is a issue caused by low memory, so we should add this rule below +allow wpa platform_app:fd use; +allow wpa platform_app_tmpfs:file write; + +# Nougat +allow wpa wifi_data_file:sock_file { create setattr unlink }; + diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te index bb888b6..4c2a64b 100644 --- a/sepolicy/zygote.te +++ b/sepolicy/zygote.te @@ -1,2 +1,4 @@ +allow zygote serial_number_prop:file { getattr open read }; + # Mtk fix allow zygote self:capability sys_nice; |