[WIP]start this selinux mess
* taken from https://github.com/lineage-geminipda/android_device_planet_geminipda Change-Id: I80708a4650646ecd870b60217cafc0212aa2022e (cherry picked from commit ce9dd0181db0cdeabb9edaf3781d74fb6645bb98)
This commit is contained in:
Stricted
@@ -0,0 +1 @@
|
||||
attribute mtk_property_type;
|
||||
@@ -0,0 +1,15 @@
|
||||
# nvram
|
||||
allow audioserver nvdata_file:dir rw_dir_perms;
|
||||
allow audioserver nvdata_file:file create_file_perms;
|
||||
allow audioserver nvdata_file:lnk_file r_file_perms;
|
||||
allow audioserver ccci_device:chr_file rw_file_perms;
|
||||
|
||||
# fm radio
|
||||
allow audioserver fm_device:chr_file rw_file_perms;
|
||||
|
||||
# Audio
|
||||
allow audioserver sysfs:file { open read write };
|
||||
allow audioserver sysfs_devinfo:file { open read write };
|
||||
allow audioserver sysfs_ccci:file r_file_perms;
|
||||
allow audioserver sysfs_ccci:dir search;
|
||||
allow audioserver audiohal_prop:property_service set;
|
||||
@@ -0,0 +1,9 @@
|
||||
# Allow access to the hardware node
|
||||
allow bluetooth stpbt_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow nvram access
|
||||
allow bluetooth nvdata_file:dir search;
|
||||
allow bluetooth nvdata_file:file rw_file_perms;
|
||||
allow bluetooth nvdata_file:lnk_file r_file_perms;
|
||||
|
||||
allow bluetooth block_device:dir search;
|
||||
@@ -0,0 +1,18 @@
|
||||
type ccci_fsd_exec, exec_type, file_type;
|
||||
type ccci_fsd, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(ccci_fsd)
|
||||
|
||||
allow ccci_fsd ccci_device:chr_file rw_file_perms;
|
||||
allow ccci_fsd ccci_cfg_file:dir create_dir_perms;
|
||||
allow ccci_fsd ccci_cfg_file:file create_file_perms;
|
||||
allow ccci_fsd nvdata_file:dir create_dir_perms;
|
||||
allow ccci_fsd nvdata_file:file create_file_perms;
|
||||
allow ccci_fsd nvdata_file:lnk_file r_file_perms;
|
||||
allow ccci_fsd protect_f_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_f_data_file:file create_file_perms;
|
||||
allow ccci_fsd protect_s_data_file:dir create_dir_perms;
|
||||
allow ccci_fsd protect_s_data_file:file create_file_perms;
|
||||
allow ccci_fsd sysfs_ccci:file rw_file_perms;
|
||||
allow ccci_fsd sysfs_ccci:dir search;
|
||||
allow ccci_fsd sysfs_wake_lock:file rw_file_perms;
|
||||
@@ -0,0 +1,29 @@
|
||||
type ccci_mdinit_exec, exec_type, file_type;
|
||||
type ccci_mdinit, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(ccci_mdinit)
|
||||
|
||||
allow ccci_mdinit ccci_device:chr_file rw_file_perms;
|
||||
allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
|
||||
allow ccci_mdinit ccci_cfg_file:file create_file_perms;
|
||||
allow ccci_mdinit nvdata_file:dir rw_dir_perms;
|
||||
allow ccci_mdinit nvdata_file:file create_file_perms;
|
||||
allow ccci_mdinit nvdata_file:lnk_file r_file_perms;
|
||||
allow ccci_mdinit sysfs_ccci:dir search;
|
||||
allow ccci_mdinit sysfs_ccci:file rw_file_perms;
|
||||
allow ccci_mdinit sysfs_wake_lock:file rw_file_perms;
|
||||
allow ccci_mdinit sysfs_devinfo:file r_file_perms;
|
||||
|
||||
allow ccci_mdinit nvram_device:blk_file rw_file_perms;
|
||||
allow ccci_mdinit mtk_md_prop:property_service set;
|
||||
|
||||
allow ccci_mdinit ctl_ccci_fsd_prop:property_service set;
|
||||
allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set;
|
||||
allow ccci_mdinit ctl_rildaemon_prop:property_service set;
|
||||
allow ccci_mdinit radio_prop:property_service set;
|
||||
allow ccci_mdinit ril_mux_report_case_prop:property_service set;
|
||||
|
||||
allow ccci_mdinit mdlog_data_file:file r_file_perms;
|
||||
allow ccci_mdinit mdlog_data_file:dir r_dir_perms;
|
||||
|
||||
unix_socket_connect(ccci_mdinit, property, init)
|
||||
@@ -0,0 +1,9 @@
|
||||
type conn_launcher_exec, exec_type, file_type;
|
||||
type conn_launcher, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(conn_launcher)
|
||||
|
||||
allow conn_launcher stpwmt_device:chr_file rw_file_perms;
|
||||
allow conn_launcher wmt_prop:property_service set;
|
||||
|
||||
unix_socket_connect(conn_launcher, property, init)
|
||||
@@ -0,0 +1,49 @@
|
||||
# Radio devices
|
||||
type ccci_device, dev_type;
|
||||
type stpbt_device, dev_type;
|
||||
type stpgps_device, dev_type;
|
||||
type stpwmt_device, dev_type;
|
||||
type hwmsensor_device, dev_type;
|
||||
type wmtWifi_device, dev_type;
|
||||
type wmtdetect_device, dev_type;
|
||||
type gsm0710muxd_device, dev_type;
|
||||
type mdlog_device, dev_type;
|
||||
type pmic_adc_device, dev_type;
|
||||
|
||||
# Sensors
|
||||
type als_ps_device, dev_type;
|
||||
type mtk-adc-cali_device, dev_type;
|
||||
type gsensor_device, dev_type;
|
||||
type msensor_device, dev_type;
|
||||
type gyroscope_device, dev_type;
|
||||
|
||||
# Media
|
||||
type accdet_device, dev_type;
|
||||
type devmap_device, dev_type;
|
||||
type fm_device, dev_type;
|
||||
type Vcodec_device, dev_type;
|
||||
type M4U_device_device, dev_type;
|
||||
type mtk_smi_device, dev_type;
|
||||
|
||||
# SPM
|
||||
type spm_device, dev_type;
|
||||
|
||||
# NFC
|
||||
type mt6605_device, dev_type;
|
||||
|
||||
# Fingerprint
|
||||
type esfp0_device, dev_type;
|
||||
type madev0_device, dev_type;
|
||||
|
||||
# IR
|
||||
type irtx_device, dev_type;
|
||||
|
||||
# Block devices
|
||||
type proinfo_device, dev_type;
|
||||
type nvram_device, dev_type;
|
||||
type nvdata_device, dev_type;
|
||||
type protect1_device, dev_type;
|
||||
type protect2_device, dev_type;
|
||||
type logo_block_device, dev_type;
|
||||
type para_block_device, dev_type;
|
||||
type mmc_device, dev_type;
|
||||
@@ -0,0 +1 @@
|
||||
get_prop(domain, mtk_property_type)
|
||||
@@ -0,0 +1 @@
|
||||
allow drmserver sysfs_devinfo:file { open read write };
|
||||
@@ -0,0 +1,9 @@
|
||||
type em_svr_exec, exec_type, file_type;
|
||||
type em_svr, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(em_svr)
|
||||
|
||||
allow em_svr gsensor_device:chr_file { read ioctl open };
|
||||
allow em_svr gyroscope_device:chr_file { read ioctl open };
|
||||
allow em_svr nvdata_file:dir { write read open add_name search };
|
||||
allow em_svr nvdata_file:file { write getattr setattr read create open };
|
||||
@@ -0,0 +1,14 @@
|
||||
type etsd_exec, exec_type, file_type;
|
||||
type etsd, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(etsd)
|
||||
binder_use(etsd)
|
||||
|
||||
allow etsd etsd_service:service_manager { add find };
|
||||
|
||||
allow etsd esfp0_device:chr_file rw_file_perms;
|
||||
|
||||
use_keystore(etsd)
|
||||
allow etsd keystore:keystore_key { add_auth };
|
||||
|
||||
allow etsd self:capability { dac_override dac_read_search };
|
||||
@@ -0,0 +1,67 @@
|
||||
type factory_exec, exec_type, file_type;
|
||||
type factory, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(factory)
|
||||
net_domain(factory)
|
||||
|
||||
allow factory serial_device:chr_file rw_file_perms;
|
||||
|
||||
# Hardware nodes
|
||||
allow factory accdet_device:chr_file r_file_perms;
|
||||
allow factory ashmem_device:chr_file execute;
|
||||
allow factory audio_device:dir r_dir_perms;
|
||||
allow factory audio_device:chr_file rw_file_perms;
|
||||
allow factory camera_device:chr_file rw_file_perms;
|
||||
allow factory ccci_device:chr_file rw_file_perms;
|
||||
allow factory devmap_device:chr_file r_file_perms;
|
||||
allow factory fm_device:chr_file rwx_file_perms;
|
||||
allow factory gsm0710muxd_device:chr_file rw_file_perms;
|
||||
allow factory graphics_device:dir search;
|
||||
allow factory graphics_device:chr_file rw_file_perms;
|
||||
allow factory input_device:dir r_dir_perms;
|
||||
allow factory input_device:chr_file r_file_perms;
|
||||
allow factory pmic_adc_device:chr_file rw_file_perms;
|
||||
allow factory rtc_device:chr_file rw_file_perms;
|
||||
allow factory stpbt_device:chr_file rw_file_perms;
|
||||
allow factory wmtWifi_device:chr_file rw_file_perms;
|
||||
|
||||
# NVRAM
|
||||
allow factory nvdata_file:dir create_dir_perms;
|
||||
allow factory nvdata_file:file create_file_perms;
|
||||
allow factory nvdata_device:blk_file rw_file_perms;
|
||||
allow factory nvram_device:blk_file rw_file_perms;
|
||||
allow factory proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
# Storage
|
||||
allow factory mnt_user_file:dir search;
|
||||
allow factory mmc_device:blk_file rw_file_perms;
|
||||
allow factory storage_file:dir r_dir_perms;
|
||||
allow factory storage_file:lnk_file r_file_perms;
|
||||
allow factory storage_file:file r_file_perms;
|
||||
|
||||
# Configuration
|
||||
allow factory sysfs:file write;
|
||||
allow factory sysfs_gps_file:dir r_dir_perms;
|
||||
allow factory sysfs_gps_file:file rw_file_perms;
|
||||
|
||||
# Sensors
|
||||
allow factory als_ps_device:chr_file r_file_perms;
|
||||
allow factory gsensor_device:chr_file rw_file_perms;
|
||||
allow factory msensor_device:chr_file rw_file_perms;
|
||||
|
||||
# GPS
|
||||
allow factory agpsd_data_file:dir r_dir_perms;
|
||||
allow factory agpsd_data_file:sock_file write;
|
||||
allow factory stpgps_device:chr_file rw_file_perms;
|
||||
allow factory gps_device:chr_file rw_file_perms;
|
||||
allow factory mnld_data_file:dir rw_dir_perms;
|
||||
allow factory mnld_data_file:file rw_file_perms;
|
||||
allow factory mnld_exec:file rx_file_perms;
|
||||
allow factory mnld_prop:property_service set;
|
||||
|
||||
# Other capabilities
|
||||
allow factory self:capability { dac_override net_admin net_raw sys_nice sys_time };
|
||||
allow factory self:process execmem;
|
||||
allow factory audiohal_prop:property_service set;
|
||||
|
||||
unix_socket_connect(factory, property, init);
|
||||
@@ -0,0 +1,38 @@
|
||||
type protect_s_data_file, file_type, data_file_type;
|
||||
type protect_f_data_file, file_type, data_file_type;
|
||||
|
||||
type nvdata_file, file_type, data_file_type;
|
||||
|
||||
type agpsd_data_file, file_type, data_file_type;
|
||||
type mnld_data_file, file_type, data_file_type;
|
||||
type ccci_cfg_file, file_type, data_file_type;
|
||||
type logmisc_data_file, file_type, data_file_type;
|
||||
type mdlog_data_file, file_type, data_file_type;
|
||||
type thermal_manager_data_file, file_type, data_file_type;
|
||||
|
||||
type sysfs_gps_file, fs_type, sysfs_type;
|
||||
type sysfs_ccci, fs_type, sysfs_type;
|
||||
type sysfs_devinfo, fs_type, sysfs_type;
|
||||
type sysfs_membw, fs_type, sysfs_type;
|
||||
type sysfs_boot_mode, fs_type, sysfs_type;
|
||||
type sysfs_ddr_type, fs_type, sysfs_type;
|
||||
|
||||
type msensord_daemon_sysfs, fs_type, sysfs_type;
|
||||
|
||||
type display_color_sysfs, fs_type, sysfs_type;
|
||||
type gyro_orientation_sysfs, fs_type, sysfs_type;
|
||||
type fast_charge_sysfs, fs_type, sysfs_type;
|
||||
type smartwake_sysfs, fs_type, sysfs_type;
|
||||
type perf_control_sysfs, fs_type, sysfs_type;
|
||||
|
||||
type proc_mtkcooler, fs_type;
|
||||
type proc_mtktz, fs_type;
|
||||
type proc_thermal, fs_type;
|
||||
type proc_wmt, fs_type;
|
||||
|
||||
type agpsd_socket, file_type;
|
||||
type mnld_socket, file_type;
|
||||
type mal_mfi_socket, file_type;
|
||||
|
||||
type nfc_socket, file_type;
|
||||
|
||||
@@ -0,0 +1,160 @@
|
||||
# Services
|
||||
/(system|system\/vendor|vendor)/bin/6620_launcher u:object_r:conn_launcher_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/md_ctrl u:object_r:md_ctrl_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/fuelgauged u:object_r:fuelgauged_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
|
||||
/(system|system\/vendor|vendor)/xbin/mnld u:object_r:mnld_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/muxreport u:object_r:muxreport_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/msensord u:object_r:msensord_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/qmc6983d u:object_r:qmc6983d_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/mxg2320d u:object_r:mxg2320d_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/memsicd3416x u:object_r:memsicd3416x_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/pq u:object_r:pq_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/terservice u:object_r:terservice_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/thermal u:object_r:thermal_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/thermald u:object_r:thermald_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/thermal_manager u:object_r:thermal_manager_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/thermalloadalgod u:object_r:thermalloadalgo_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/mtkrild u:object_r:ril-daemon-mtk_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/mtkmal u:object_r:mtkmal_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/wifi2agps u:object_r:wifi2agps_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/wmt_launcher u:object_r:conn_launcher_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/em_svr u:object_r:em_svr_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/etsd u:object_r:etsd_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/ged_srv u:object_r:ged_srv_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0
|
||||
|
||||
|
||||
# Meta mode
|
||||
/(system|system\/vendor|vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0
|
||||
|
||||
# Files from firmware/nv partitions
|
||||
/protect_f(/.*)? u:object_r:protect_f_data_file:s0
|
||||
/protect_s(/.*)? u:object_r:protect_s_data_file:s0
|
||||
/nvdata(/.*)? u:object_r:nvdata_file:s0
|
||||
/data/nvram(/.*)? u:object_r:nvdata_file:s0
|
||||
|
||||
# Hardware nodes
|
||||
/dev/accdet u:object_r:accdet_device:s0
|
||||
/dev/devmap u:object_r:devmap_device:s0
|
||||
/dev/ttyC2 u:object_r:gps_device:s0
|
||||
/dev/ttyGS0 u:object_r:serial_device:s0
|
||||
/dev/gps(/.*)? u:object_r:gps_device:s0
|
||||
/dev/mali[0-9]* u:object_r:gpu_device:s0
|
||||
/dev/mali.* u:object_r:gpu_device:s0
|
||||
/dev/mtk_disp.* u:object_r:graphics_device:s0
|
||||
/dev/sw_sync u:object_r:graphics_device:s0
|
||||
/dev/stpbt(/.*)? u:object_r:stpbt_device:s0
|
||||
/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0
|
||||
/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0
|
||||
/dev/camera-isp u:object_r:camera_device:s0
|
||||
/dev/camera-fdvt u:object_r:camera_device:s0
|
||||
/dev/kd_camera_hw u:object_r:camera_device:s0
|
||||
/dev/kd_camera_flashlight u:object_r:camera_device:s0
|
||||
/dev/MAINAF u:object_r:camera_device:s0
|
||||
/dev/mtk_jpeg(/.*) u:object_r:camera_device:s0
|
||||
/dev/DW9714AF(/.*)? u:object_r:camera_device:s0
|
||||
/dev/FM50AF(/.*)? u:object_r:camera_device:s0
|
||||
/dev/CAM_CAL_DRV(/.*)? u:object_r:camera_device:s0
|
||||
/dev/MTK_SMI u:object_r:mtk_smi_device:s0
|
||||
/dev/MT_pmic_adc_cali u:object_r:pmic_adc_device:s0
|
||||
/dev/als_ps(/.*)? u:object_r:als_ps_device:s0
|
||||
/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0
|
||||
/dev/ccci.* u:object_r:ccci_device:s0
|
||||
/dev/gsensor(/.*)? u:object_r:gsensor_device:s0
|
||||
/dev/msensor(/.*)? u:object_r:msensor_device:s0
|
||||
/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0
|
||||
/dev/stpgps(/.*)? u:object_r:stpgps_device:s0
|
||||
/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0
|
||||
/dev/wmtdetect u:object_r:wmtdetect_device:s0
|
||||
/dev/ttyC0 u:object_r:gsm0710muxd_device:s0
|
||||
/dev/ttyC1 u:object_r:mdlog_device:s0
|
||||
/dev/radio(/.*)? u:object_r:radio_device:s0
|
||||
/dev/fm u:object_r:fm_device:s0
|
||||
/dev/Vcodec u:object_r:Vcodec_device:s0
|
||||
/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0
|
||||
/dev/spm u:object_r:spm_device:s0
|
||||
/dev/mt6605 u:object_r:mt6605_device:s0
|
||||
/dev/esfp0 u:object_r:esfp0_device:s0
|
||||
/dev/madev0 u:object_r:madev0_device:s0
|
||||
/dev/irtx u:object_r:irtx_device:s0
|
||||
|
||||
# Sockets
|
||||
/dev/socket/rild[2-4] u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-atci u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-ims u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-modem u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-ut u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-mtk-ut-2 u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-oem u:object_r:rild_socket:s0
|
||||
/dev/socket/mal-mfi u:object_r:mal_mfi_socket:s0
|
||||
/dev/socket/agpsd u:object_r:agpsd_socket:s0
|
||||
/dev/socket/agpsd[2-3] u:object_r:agpsd_socket:s0
|
||||
/dev/socket/mnld u:object_r:mnld_socket:s0
|
||||
|
||||
# Block devices
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/boot u:object_r:boot_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/proinfo u:object_r:proinfo_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/proinfo u:object_r:proinfo_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/nvram u:object_r:nvram_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/nvram u:object_r:nvram_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/nvdata u:object_r:nvdata_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/logo u:object_r:logo_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/by-name/logo u:object_r:logo_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect1 u:object_r:protect1_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect2 u:object_r:protect2_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/cache u:object_r:cache_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/recovery u:object_r:recovery_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/frp u:object_r:frp_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/para u:object_r:para_block_device:s0
|
||||
/dev/block/mmcblk1 u:object_r:mmc_device:s0
|
||||
/dev/block/zram0 u:object_r:swap_block_device:s0
|
||||
|
||||
# Sysfs nodes
|
||||
/sys/devices/virtual/gpsdrv(/.*)? u:object_r:sysfs_gps_file:s0
|
||||
/sys/kernel/ccci(/.*)? u:object_r:sysfs_ccci:s0
|
||||
/sys/bus/platform/drivers/dev_info/dev_info u:object_r:sysfs_devinfo:s0
|
||||
/sys/bus/platform/drivers/mem_bw_ctrl/concurrency_scenario u:object_r:sysfs_membw:s0
|
||||
/sys/bus/platform/drivers/ddr_type/ddr_type u:object_r:sysfs_ddr_type:s0
|
||||
/sys/devices/virtual/BOOT/BOOT/boot/boot_mode u:object_r:sysfs_boot_mode:s0
|
||||
/sys/devices/platform/mtk_disp_mgr.0/rgb u:object_r:livedisplay_sysfs:s0
|
||||
/sys/bus/platform/drivers/msensor/daemon u:object_r:msensord_daemon_sysfs:s0
|
||||
/sys/bus/platform/drivers/gyroscope/gyro_orientation u:object_r:gyro_orientation_sysfs:s0
|
||||
/sys/kernel/charge_levels/quick_charge_enable u:object_r:fast_charge_sysfs:s0
|
||||
/sys/kernel/charge_levels/charge_level_ac u:object_r:fast_charge_sysfs:s0
|
||||
/sys/kernel/charge_levels/charge_level_usb u:object_r:fast_charge_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor u:object_r:perf_control_sysfs:s0
|
||||
/sys/block/mmcblk0/queue/scheduler u:object_r:perf_control_sysfs:s0
|
||||
/sys/devices/.*/queue/scheduler u:object_r:perf_control_sysfs:s0
|
||||
|
||||
# Config/Runtime files
|
||||
/data/agps_supl(/.*)? u:object_r:agpsd_data_file:s0
|
||||
/data/app/cache.dat u:object_r:mnld_data_file:s0
|
||||
/data/gps_mnl(/.*)? u:object_r:mnld_data_file:s0
|
||||
/data/misc/gps(/.*)? u:object_r:mnld_data_file:s0
|
||||
/data/misc/GPS_CHIP.cfg u:object_r:mnld_data_file:s0
|
||||
/data/misc/gps.conf u:object_r:mnld_data_file:s0
|
||||
/data/misc/mnl_nlp.dat u:object_r:mnld_data_file:s0
|
||||
/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
|
||||
/data/log_temp(/.*)? u:object_r:logmisc_data_file:s0
|
||||
/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
|
||||
/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
|
||||
/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0
|
||||
/data/.tp(/.*)? u:object_r:thermal_manager_data_file:s0
|
||||
/data/nfc_socket(/.*)? u:object_r:nfc_socket:s0
|
||||
|
||||
# Sysfs nodes
|
||||
/sys/devices/soc/soc:touch@/smartwake_active u:object_r:smartwake_sysfs:s0
|
||||
/sys/devices/soc/soc:touch@/wakeup_gesture u:object_r:smartwake_sysfs:s0
|
||||
@@ -0,0 +1,3 @@
|
||||
allow fsck protect1_device:blk_file rw_file_perms;
|
||||
allow fsck protect2_device:blk_file rw_file_perms;
|
||||
allow fsck nvdata_device:blk_file rw_file_perms;
|
||||
@@ -0,0 +1,2 @@
|
||||
# External storage
|
||||
allow fsck_untrusted self:capability sys_admin;
|
||||
@@ -0,0 +1,7 @@
|
||||
type fuelgauged_exec, exec_type, file_type;
|
||||
type fuelgauged, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(fuelgauged)
|
||||
|
||||
allow fuelgauged self:netlink_socket create_socket_perms;
|
||||
allow fuelgauged kmsg_device:chr_file w_file_perms;
|
||||
@@ -0,0 +1,14 @@
|
||||
type ged_srv, domain, domain_deprecated;
|
||||
type ged_srv_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(ged_srv)
|
||||
|
||||
binder_use(ged_srv)
|
||||
binder_service(ged_srv)
|
||||
binder_call(ged_srv, system_server)
|
||||
|
||||
allow ged_srv servicemanager:binder call;
|
||||
allow ged_srv surfaceflinger:binder call;
|
||||
allow ged_srv surfaceflinger_service:service_manager find;
|
||||
allow ged_srv self:netlink_kobject_uevent_socket { bind create setopt read};
|
||||
allow ged_srv sysfs_boot_mode:file r_file_perms;
|
||||
@@ -0,0 +1,4 @@
|
||||
genfscon proc /driver/thermal u:object_r:proc_thermal:s0
|
||||
genfscon proc /driver/wmt u:object_r:proc_wmt:s0
|
||||
genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0
|
||||
genfscon proc /mtktz u:object_r:proc_mtktz:s0
|
||||
@@ -0,0 +1,18 @@
|
||||
type gsm0710muxd_exec, exec_type, file_type;
|
||||
type gsm0710muxd, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(gsm0710muxd)
|
||||
|
||||
allow gsm0710muxd gsm0710muxd_device:chr_file rw_file_perms;
|
||||
allow gsm0710muxd radio_device:dir w_dir_perms;
|
||||
allow gsm0710muxd radio_device:lnk_file create_file_perms;
|
||||
allow gsm0710muxd devpts:chr_file setattr;
|
||||
allow gsm0710muxd self:capability { setuid fowner chown };
|
||||
allow gsm0710muxd sysfs_ccci:dir search;
|
||||
allow gsm0710muxd sysfs_ccci:file r_file_perms;
|
||||
|
||||
allow gsm0710muxd ctl_rildaemon_prop:property_service set;
|
||||
allow gsm0710muxd radio_prop:property_service set;
|
||||
allow gsm0710muxd ril_mux_report_case_prop:property_service set;
|
||||
|
||||
unix_socket_connect(gsm0710muxd, property, init)
|
||||
@@ -0,0 +1 @@
|
||||
allow healthd device:dir r_dir_perms;
|
||||
@@ -0,0 +1,9 @@
|
||||
allow init ccci_device:chr_file { write ioctl };
|
||||
allow init devpts:chr_file ioctl;
|
||||
|
||||
# Allow init to format formattable partitions…partitions
|
||||
allow init nvdata_device:blk_file write;
|
||||
allow init protect1_device:blk_file write;
|
||||
allow init protect2_device:blk_file write;
|
||||
|
||||
allow init socket_device:sock_file { create setattr unlink };
|
||||
@@ -0,0 +1,6 @@
|
||||
allow kernel nvdata_file:dir search;
|
||||
allow kernel nvdata_file:file r_file_perms;
|
||||
allow kernel self:capability dac_override;
|
||||
allow kernel wifi_data_file:dir search;
|
||||
allow kernel wifi_data_file:file r_file_perms;
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
type kpoc_charger, domain, domain_deprecated;
|
||||
type kpoc_charger_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(kpoc_charger)
|
||||
|
||||
allow kpoc_charger block_device:dir search;
|
||||
allow kpoc_charger graphics_device:dir search;
|
||||
allow kpoc_charger input_device:dir { open read search };
|
||||
allow kpoc_charger input_device:chr_file { open read write ioctl };
|
||||
allow kpoc_charger property_socket:sock_file write;
|
||||
allow kpoc_charger self:capability sys_nice;
|
||||
allow kpoc_charger self:capability net_admin;
|
||||
allow kpoc_charger self:capability dac_override;
|
||||
allow kpoc_charger self:netlink_kobject_uevent_socket { create bind read setopt };
|
||||
allow kpoc_charger sysfs:file write;
|
||||
allow kpoc_charger graphics_device:chr_file { read write ioctl open };
|
||||
allow kpoc_charger kmsg_device:chr_file { write open };
|
||||
allow kpoc_charger logo_block_device:blk_file { read open };
|
||||
allow kpoc_charger rtc_device:chr_file { open read write };
|
||||
allow kpoc_charger init:unix_stream_socket connectto;
|
||||
allow healthd self:capability dac_override;
|
||||
allow healthd app_data_file:file write;
|
||||
allow healthd device:dir {open read write};
|
||||
allow kpoc_charger self:capability sys_boot;
|
||||
allow kpoc_charger alarm_device:chr_file write;
|
||||
@@ -0,0 +1,11 @@
|
||||
type md_ctrl_exec, exec_type, file_type;
|
||||
type md_ctrl, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(md_ctrl)
|
||||
|
||||
allow md_ctrl ccci_device:chr_file rw_file_perms;
|
||||
allow md_ctrl devpts:chr_file rw_file_perms;
|
||||
allow md_ctrl muxreport_exec:file rx_file_perms;
|
||||
allow md_ctrl self:capability dac_override;
|
||||
|
||||
set_prop(md_ctrl,vold_encryption_type_prop);
|
||||
@@ -0,0 +1,9 @@
|
||||
# nvram
|
||||
allow mediaserver nvdata_file:dir rw_dir_perms;
|
||||
allow mediaserver nvdata_file:file create_file_perms;
|
||||
allow mediaserver ccci_device:chr_file rw_file_perms;
|
||||
|
||||
# PQ
|
||||
allow mediaserver pq_service:service_manager find;
|
||||
|
||||
allow mediaserver sysfs_devinfo:file r_file_perms;
|
||||
@@ -0,0 +1,7 @@
|
||||
type memsicd3416x_exec, exec_type, file_type;
|
||||
type memsicd3416x, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(memsicd3416x)
|
||||
|
||||
allow memsicd3416x msensor_device:chr_file rw_file_perms;
|
||||
allow memsicd3416x gsensor_device:chr_file rw_file_perms;
|
||||
@@ -0,0 +1,47 @@
|
||||
type meta_tst_exec, exec_type, file_type;
|
||||
type meta_tst, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(meta_tst)
|
||||
|
||||
allow meta_tst ccci_device:chr_file rw_file_perms;
|
||||
allow meta_tst serial_device:chr_file rw_file_perms;
|
||||
allow meta_tst mdlog_device:chr_file rw_file_perms;
|
||||
|
||||
allow meta_tst nvdata_file:dir create_dir_perms;
|
||||
allow meta_tst nvdata_file:file create_file_perms;
|
||||
|
||||
allow meta_tst nvdata_device:blk_file rw_file_perms;
|
||||
allow meta_tst nvram_device:blk_file rw_file_perms;
|
||||
allow meta_tst proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
allow meta_tst fm_device:chr_file { read write open ioctl };
|
||||
|
||||
allow meta_tst sysfs_gps_file:dir search;
|
||||
allow meta_tst sysfs_gps_file:file rw_file_perms;
|
||||
|
||||
allow meta_tst gps_device:chr_file { read write open };
|
||||
allow meta_tst agpsd_data_file:dir search;
|
||||
allow meta_tst agpsd_data_file:sock_file write;
|
||||
allow meta_tst gps_data_file:file create_file_perms;
|
||||
allow meta_tst gps_data_file:dir rw_dir_perms;
|
||||
|
||||
allow meta_tst mnld_exec:file { execute read open };
|
||||
allow meta_tst mnld_exec:file execute_no_trans;
|
||||
allow meta_tst stpgps_device:chr_file { open read write ioctl };
|
||||
allow meta_tst mnld_prop:property_service set;
|
||||
allow meta_tst mnld_data_file:file create_file_perms;
|
||||
allow meta_tst mnld_data_file:dir rw_dir_perms;
|
||||
|
||||
# For GPS
|
||||
allow meta_tst port:tcp_socket { name_connect name_bind };
|
||||
allow meta_tst self:tcp_socket { create connect setopt bind };
|
||||
allow meta_tst self:tcp_socket { bind setopt listen accept read write };
|
||||
allow meta_tst node:tcp_socket node_bind;
|
||||
|
||||
|
||||
allow meta_tst sysfs:file write;
|
||||
|
||||
allow meta_tst powerctl_prop:property_service set;
|
||||
unix_socket_connect(meta_tst, property, init)
|
||||
|
||||
allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner dac_override sys_admin };
|
||||
@@ -0,0 +1,4 @@
|
||||
# Allow formatting userdata or cache partitions
|
||||
allow mkfs block_device:dir search;
|
||||
allow mkfs userdata_block_device:blk_file rw_file_perms;
|
||||
allow mkfs cache_block_device:blk_file rw_file_perms;
|
||||
@@ -0,0 +1,46 @@
|
||||
type mnld_exec, exec_type, file_type;
|
||||
type mnld, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(mnld)
|
||||
net_domain(mnld)
|
||||
|
||||
allow mnld gps_device:chr_file rw_file_perms;
|
||||
allow mnld stpgps_device:chr_file rw_file_perms;
|
||||
|
||||
allow mnld gps_data_file:dir create_dir_perms;
|
||||
allow mnld gps_data_file:file create_file_perms;
|
||||
|
||||
allow mnld agpsd_data_file:dir create_dir_perms;
|
||||
allow mnld agpsd_data_file:sock_file create_file_perms;
|
||||
allow mnld mtk_agpsd:unix_dgram_socket sendto;
|
||||
|
||||
allow mnld mnld_data_file:dir rw_dir_perms;
|
||||
allow mnld mnld_data_file:sock_file create_file_perms;
|
||||
allow mnld mnld_data_file:file create_file_perms;
|
||||
|
||||
allow mnld nvdata_file:dir rw_dir_perms;
|
||||
allow mnld nvdata_file:file create_file_perms;
|
||||
allow mnld nvdata_file:lnk_file r_file_perms;
|
||||
allow mnld nvram_device:blk_file rw_file_perms;
|
||||
|
||||
allow mnld sysfs_gps_file:dir search;
|
||||
allow mnld sysfs_gps_file:file rw_file_perms;
|
||||
|
||||
allow mnld mnld_prop:property_service set;
|
||||
allow mnld property_socket:sock_file write;
|
||||
|
||||
allow mnld init:unix_stream_socket connectto;
|
||||
allow mnld system_server:unix_dgram_socket { sendto write };
|
||||
|
||||
allow mnld fuse:dir create_dir_perms;
|
||||
allow mnld fuse:file create_file_perms;
|
||||
|
||||
allow mnld storage_file:dir search;
|
||||
allow mnld storage_file:lnk_file read;
|
||||
|
||||
allow mnld mdlog_device:chr_file { read write };
|
||||
|
||||
allow mnld block_device:dir search;
|
||||
|
||||
file_type_auto_trans(mnld,system_data_file,mnld_data_file);
|
||||
file_type_auto_trans(mnld,apk_data_file,mnld_data_file);
|
||||
@@ -0,0 +1,12 @@
|
||||
type msensord_exec, exec_type, file_type;
|
||||
type msensord, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(msensord)
|
||||
|
||||
allow msensord msensord_daemon_sysfs:file r_file_perms;
|
||||
|
||||
allow msensord ctl_qmc6983d_prop:property_service set;
|
||||
allow msensord ctl_mxg2320d_prop:property_service set;
|
||||
allow msensord ctl_memsicd3416x_prop:property_service set;
|
||||
|
||||
unix_socket_connect(msensord, property, init)
|
||||
@@ -0,0 +1,21 @@
|
||||
type mtk_agpsd_exec, exec_type, file_type;
|
||||
type mtk_agpsd, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(mtk_agpsd)
|
||||
net_domain(mtk_agpsd)
|
||||
|
||||
allow mtk_agpsd agpsd_data_file:dir create_dir_perms;
|
||||
allow mtk_agpsd agpsd_data_file:sock_file create_file_perms;
|
||||
allow mtk_agpsd gps_device:chr_file rw_file_perms;
|
||||
allow mtk_agpsd self:udp_socket create;
|
||||
|
||||
allow mtk_agpsd storage_file:dir search;
|
||||
allow mtk_agpsd storage_file:lnk_file read;
|
||||
|
||||
allow mtk_agpsd mnt_user_file:dir create_dir_perms;
|
||||
allow mtk_agpsd mnt_user_file:lnk_file create_file_perms;
|
||||
|
||||
allow mtk_agpsd fuse:dir create_dir_perms;
|
||||
allow mtk_agpsd fuse:file create_file_perms;
|
||||
|
||||
unix_socket_send(mtk_agpsd, mnld, mnld);
|
||||
@@ -0,0 +1,10 @@
|
||||
type mtkmal_exec, exec_type, file_type;
|
||||
type mtkmal, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(mtkmal)
|
||||
|
||||
allow mtkmal init:unix_stream_socket connectto;
|
||||
allow mtkmal property_socket:sock_file write;
|
||||
allow mtkmal mal_mfi_socket:sock_file write;
|
||||
|
||||
allow mtkmal self:capability { setuid setgid };
|
||||
@@ -0,0 +1,13 @@
|
||||
type muxreport_exec, exec_type, file_type;
|
||||
type muxreport, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(muxreport)
|
||||
|
||||
allow muxreport ccci_device:chr_file { read write ioctl open };
|
||||
allow muxreport ril_mux_report_case_prop:property_service set;
|
||||
allow muxreport init:unix_stream_socket connectto;
|
||||
allow muxreport property_socket:sock_file write;
|
||||
allow muxreport devpts:chr_file { read write getattr ioctl };
|
||||
allow muxreport self:capability dac_override;
|
||||
allow muxreport sysfs_ccci:dir search;
|
||||
allow muxreport sysfs_ccci:file r_file_perms;
|
||||
@@ -0,0 +1,7 @@
|
||||
type mxg2320d_exec, exec_type, file_type;
|
||||
type mxg2320d, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(mxg2320d)
|
||||
|
||||
allow mxg2320d msensor_device:chr_file rw_file_perms;
|
||||
allow mxg2320d gsensor_device:chr_file rw_file_perms;
|
||||
@@ -0,0 +1,4 @@
|
||||
# Wifi
|
||||
allow netd wmtWifi_device:chr_file w_file_perms;
|
||||
|
||||
allow netd self:capability sys_module;
|
||||
@@ -0,0 +1,26 @@
|
||||
type nvram_daemon_exec, exec_type, file_type;
|
||||
type nvram_daemon, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(nvram_daemon)
|
||||
|
||||
allow nvram_daemon self:capability { fowner dac_override dac_read_search chown fsetid };
|
||||
allow nvram_daemon nvram_device:blk_file rw_file_perms;
|
||||
allow nvram_daemon nvdata_device:blk_file rw_file_perms;
|
||||
allow nvram_daemon nvdata_file:dir create_dir_perms;
|
||||
allow nvram_daemon nvdata_file:file create_file_perms;
|
||||
allow nvram_daemon nvdata_file:lnk_file r_file_perms;
|
||||
allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
|
||||
allow nvram_daemon als_ps_device:chr_file r_file_perms;
|
||||
allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
|
||||
allow nvram_daemon gsensor_device:chr_file r_file_perms;
|
||||
allow nvram_daemon msensor_device:chr_file r_file_perms;
|
||||
allow nvram_daemon gyroscope_device:chr_file r_file_perms;
|
||||
allow nvram_daemon toolbox_exec:file rx_file_perms;
|
||||
|
||||
allow nvram_daemon proinfo_device:blk_file rw_file_perms;
|
||||
allow nvram_daemon nvram_prop:property_service set;
|
||||
allow nvram_daemon wmt_prop:property_service set;
|
||||
|
||||
allow nvram_daemon block_device:dir search;
|
||||
|
||||
unix_socket_connect(nvram_daemon, property, init)
|
||||
@@ -0,0 +1,11 @@
|
||||
# Fingerprint
|
||||
allow platform_app esfp0_device:chr_file rw_file_perms;
|
||||
allow platform_app esfp0_device:chr_file rw_file_perms;
|
||||
allow platform_app etsd_service:service_manager find;
|
||||
allow platform_app etsd:binder { call transfer };
|
||||
|
||||
# Guiext
|
||||
allow platform_app guiext-server_service:service_manager find;
|
||||
|
||||
# PQ
|
||||
allow platform_app pq_service:service_manager find;
|
||||
@@ -0,0 +1,15 @@
|
||||
type pq_exec, exec_type, file_type;
|
||||
type pq, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(pq)
|
||||
|
||||
binder_use(pq)
|
||||
binder_call(pq, binderservicedomain)
|
||||
binder_service(pq)
|
||||
|
||||
allow pq pq_service:service_manager add;
|
||||
unix_socket_connect(pq, property, init)
|
||||
|
||||
allow pq pq_conf_prop:property_service set;
|
||||
|
||||
allow pq graphics_device:chr_file { open read ioctl };
|
||||
@@ -0,0 +1,5 @@
|
||||
# Guiext
|
||||
allow priv_app guiext-server_service:service_manager find;
|
||||
|
||||
# PQ
|
||||
allow priv_app pq_service:service_manager find;
|
||||
@@ -0,0 +1,18 @@
|
||||
type wmt_prop, property_type, mtk_property_type;
|
||||
type mtk_md_prop, property_type, mtk_property_type;
|
||||
type mnld_prop, property_type, mtk_property_type;
|
||||
type ctl_qmc6983d_prop, property_type;
|
||||
type ctl_mxg2320d_prop, property_type;
|
||||
type ctl_memsicd3416x_prop, property_type;
|
||||
type ctl_ccci_fsd_prop, property_type;
|
||||
type ctl_gsm0710muxd_prop, property_type;
|
||||
type ctl_gsm0710muxdmd2_prop, property_type;
|
||||
type ctl_muxreport-daemon_prop, property_type;
|
||||
type nvram_prop, property_type, mtk_property_type;
|
||||
type pq_conf_prop, property_type, mtk_property_type;
|
||||
type audiohal_prop, property_type, mtk_property_type;
|
||||
type ril_mux_report_case_prop, property_type, mtk_property_type;
|
||||
type ril_msim_power_prop, property_type, mtk_property_type;
|
||||
type ril_sim_inserted_status, property_type, mtk_property_type;
|
||||
type serial_number_prop, property_type, mtk_property_type;
|
||||
type vold_encryption_type_prop, property_type;
|
||||
@@ -0,0 +1,26 @@
|
||||
service.wcn u:object_r:wmt_prop:s0
|
||||
persist.mtk.wcn u:object_r:wmt_prop:s0
|
||||
wlan.mtk.wifi.5g u:object_r:wmt_prop:s0
|
||||
mtk.md u:object_r:mtk_md_prop:s0
|
||||
gps.clock.type u:object_r:mnld_prop:s0
|
||||
gps.gps.version u:object_r:mnld_prop:s0
|
||||
ctl.qmc6983d u:object_r:ctl_qmc6983d_prop:s0
|
||||
ctl.mxg2320d u:object_r:ctl_mxg2320d_prop:s0
|
||||
ctl.memsicd3416x u:object_r:ctl_memsicd3416x_prop:s0
|
||||
ctl.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0
|
||||
ctl.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0
|
||||
ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd_prop:s0
|
||||
ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd_prop:s0
|
||||
ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0
|
||||
ctl.muxreport-daemon u:object_r:ctl_muxreport-daemon_prop:s0
|
||||
service.nvram_init u:object_r:nvram_prop:s0
|
||||
persist.sys.pq u:object_r:pq_conf_prop:s0
|
||||
af. u:object_r:audiohal_prop:s0
|
||||
persist.af. u:object_r:audiohal_prop:s0
|
||||
ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0
|
||||
sys.msim.power.slot0 u:object_r:ril_msim_power_prop:s0
|
||||
sys.msim.power.slot1 u:object_r:ril_msim_power_prop:s0
|
||||
sys.sim_inserted_status_0 u:object_r:ril_sim_inserted_status:s0
|
||||
sys.sim_inserted_status_1 u:object_r:ril_sim_inserted_status:s0
|
||||
ro.serialno u:object_r:serial_number_prop:s0
|
||||
vold.encryption.type u:object_r:vold_encryption_type_prop:s0
|
||||
@@ -0,0 +1,7 @@
|
||||
type qmc6983d_exec, exec_type, file_type;
|
||||
type qmc6983d, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(qmc6983d)
|
||||
|
||||
allow qmc6983d msensor_device:chr_file rw_file_perms;
|
||||
allow qmc6983d gsensor_device:chr_file rw_file_perms;
|
||||
@@ -0,0 +1,4 @@
|
||||
unix_socket_connect(radio, rild, ril-daemon-mtk)
|
||||
|
||||
allow radio ril_mux_report_case_prop:property_service set;
|
||||
allow radio ril_msim_power_prop:property_service set;
|
||||
@@ -0,0 +1,33 @@
|
||||
type ril-daemon-mtk_exec, exec_type, file_type;
|
||||
type ril-daemon-mtk, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(ril-daemon-mtk)
|
||||
net_domain(ril-daemon-mtk)
|
||||
|
||||
allow ril-daemon-mtk ccci_device:chr_file rw_file_perms;
|
||||
allow ril-daemon-mtk devpts:chr_file rw_file_perms;
|
||||
allow ril-daemon-mtk self:capability setuid;
|
||||
allow ril-daemon-mtk sysfs_wake_lock:file rw_file_perms;
|
||||
allow ril-daemon-mtk sysfs_ccci:dir search;
|
||||
allow ril-daemon-mtk sysfs_ccci:file r_file_perms;
|
||||
allow ril-daemon-mtk block_device:dir search;
|
||||
allow ril-daemon-mtk para_block_device:blk_file rw_file_perms;
|
||||
|
||||
allow ril-daemon-mtk self:udp_socket create_socket_perms;
|
||||
allow ril-daemon-mtk self:capability { setuid net_admin net_raw };
|
||||
|
||||
allow ril-daemon-mtk mal_mfi_socket:sock_file { w_file_perms };
|
||||
allow ril-daemon-mtk mtkmal:unix_stream_socket connectto;
|
||||
|
||||
allow ril-daemon-mtk radio_device:dir search;
|
||||
allow ril-daemon-mtk radio_prop:property_service set;
|
||||
|
||||
allow ril-daemon-mtk ctl_muxreport-daemon_prop:property_service set;
|
||||
allow ril-daemon-mtk ril_mux_report_case_prop:property_service set;
|
||||
allow ril-daemon-mtk ril_sim_inserted_status:property_service set;
|
||||
allow ril-daemon-mtk serial_number_prop:property_service set;
|
||||
|
||||
unix_socket_connect(ril-daemon-mtk, property, init)
|
||||
|
||||
# Access to wake locks
|
||||
wakelock_use(ril-daemon-mtk)
|
||||
@@ -0,0 +1,5 @@
|
||||
type pq_service, service_manager_type;
|
||||
type guiext-server_service, service_manager_type;
|
||||
type nvram_agent_service, service_manager_type;
|
||||
type etsd_service, service_manager_type;
|
||||
#type edge_gesture_service, system_api_service, system_server_service, service_manager_type;
|
||||
@@ -0,0 +1,5 @@
|
||||
PQ u:object_r:pq_service:s0
|
||||
GuiExtService u:object_r:guiext-server_service:s0
|
||||
NvRAMAgent u:object_r:nvram_agent_service:s0
|
||||
egistec.ets.service.daemon u:object_r:etsd_service:s0
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
type spm_loader_exec, exec_type, file_type;
|
||||
type spm_loader, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(spm_loader)
|
||||
|
||||
allow spm_loader spm_device:chr_file r_file_perms;
|
||||
@@ -0,0 +1,9 @@
|
||||
allow surfaceflinger pq_service:service_manager find;
|
||||
|
||||
allow surfaceflinger guiext-server_service:service_manager { find add };
|
||||
|
||||
allow surfaceflinger debug_prop:property_service set;
|
||||
|
||||
allow surfaceflinger mtk_smi_device:chr_file { read write open ioctl };
|
||||
|
||||
allow surfaceflinger gpu_device:chr_file rw_file_perms;
|
||||
@@ -0,0 +1,8 @@
|
||||
allow system_app fm_device:chr_file rw_file_perms;
|
||||
|
||||
allow system_app gyro_orientation_sysfs:file rw_file_perms;
|
||||
allow system_app fast_charge_sysfs:file rw_file_perms;
|
||||
allow system_app smartwake_sysfs:file rw_file_perms;
|
||||
allow system_app perf_control_sysfs:file rw_file_perms;
|
||||
|
||||
allow system_app em_svr:unix_stream_socket connectto;
|
||||
@@ -0,0 +1,32 @@
|
||||
# GPS
|
||||
allow system_server mnld:unix_dgram_socket sendto;
|
||||
allow system_server mnld_data_file:dir w_dir_perms;
|
||||
allow system_server mnld_data_file:sock_file create_file_perms;
|
||||
allow system_server mnld_data_file:file create_file_perms;
|
||||
|
||||
# Persist
|
||||
allow system_server protect_s_data_file:dir r_dir_perms;
|
||||
|
||||
# Sensors
|
||||
allow system_server hwmsensor_device:chr_file r_file_perms;
|
||||
|
||||
# Wifi
|
||||
allow system_server wmtWifi_device:chr_file w_file_perms;
|
||||
|
||||
# RGB Display Color
|
||||
allow system_server display_color_sysfs:file rw_file_perms;
|
||||
|
||||
# Fast Charge
|
||||
allow system_server fast_charge_sysfs:file rw_file_perms;
|
||||
|
||||
# Smart Wake
|
||||
allow system_server smartwake_sysfs:file rw_file_perms;
|
||||
|
||||
# IR
|
||||
allow system_server irtx_device:chr_file rw_file_perms;
|
||||
|
||||
# External storage
|
||||
allow system_server storage_stub_file:dir { getattr };
|
||||
|
||||
# Guiext
|
||||
allow system_server guiext-server_service:service_manager find;
|
||||
@@ -0,0 +1,4 @@
|
||||
type terservice_exec, exec_type, file_type;
|
||||
type terservice, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(terservice)
|
||||
@@ -0,0 +1,10 @@
|
||||
type thermal_exec, exec_type, file_type;
|
||||
type thermal, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermal)
|
||||
|
||||
allow thermal proc_thermal:dir search;
|
||||
allow thermal proc_thermal:file rw_file_perms;
|
||||
allow thermal rild_socket:sock_file w_file_perms;
|
||||
|
||||
allow thermal ril-daemon-mtk:unix_stream_socket connectto;
|
||||
@@ -0,0 +1,14 @@
|
||||
type thermal_manager_exec, exec_type, file_type;
|
||||
type thermal_manager, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermal_manager)
|
||||
|
||||
allow thermal_manager self:capability { fowner fsetid chown fsetid dac_override };
|
||||
allow thermal_manager proc_thermal:dir search;
|
||||
allow thermal_manager proc_thermal:file rw_file_perms;
|
||||
allow thermal_manager proc_mtkcooler:dir search;
|
||||
allow thermal_manager proc_mtkcooler:file rw_file_perms;
|
||||
allow thermal_manager proc_mtktz:dir search;
|
||||
allow thermal_manager proc_mtktz:file rw_file_perms;
|
||||
allow thermal_manager thermal_manager_data_file:dir rw_dir_perms;
|
||||
allow thermal_manager thermal_manager_data_file:file create_file_perms;
|
||||
@@ -0,0 +1,7 @@
|
||||
type thermald_exec, exec_type, file_type;
|
||||
type thermald, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermald)
|
||||
|
||||
allow thermald proc_thermal:dir search;
|
||||
allow thermald proc_thermal:file rw_file_perms;
|
||||
@@ -0,0 +1,6 @@
|
||||
type thermalloadalgo_exec, exec_type, file_type;
|
||||
type thermalloadalgo, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(thermalloadalgo)
|
||||
|
||||
allow thermalloadalgo thermalloadalgo:netlink_socket { create bind write read };
|
||||
@@ -0,0 +1 @@
|
||||
allow ueventd sysfs_gps_file:file w_file_perms;
|
||||
@@ -0,0 +1,2 @@
|
||||
# PQ
|
||||
allow untrusted_app pq_service:service_manager find;
|
||||
@@ -0,0 +1,22 @@
|
||||
allow vold nvdata_device:blk_file rw_file_perms;
|
||||
allow vold cache_block_device:blk_file rw_file_perms;
|
||||
allow vold protect1_device:blk_file rw_file_perms;
|
||||
allow vold protect2_device:blk_file rw_file_perms;
|
||||
|
||||
allow vold nvdata_file:dir create_dir_perms;
|
||||
allow vold nvdata_file:file create_file_perms;
|
||||
allow vold protect_f_data_file:dir create_dir_perms;
|
||||
allow vold protect_f_data_file:file create_file_perms;
|
||||
allow vold protect_s_data_file:dir create_dir_perms;
|
||||
allow vold protect_s_data_file:file create_file_perms;
|
||||
|
||||
allow vold proc_mtkcooler:dir r_dir_perms;
|
||||
allow vold proc_mtktz:dir r_dir_perms;
|
||||
|
||||
# Allow vold to access fuse for fuse-based fs
|
||||
allow vold fuse:chr_file rw_file_perms;
|
||||
|
||||
# External storage
|
||||
allow vold storage_stub_file:dir { rw_file_perms search add_name };
|
||||
allow vold mnt_media_rw_stub_file:dir r_dir_perms;
|
||||
allow vold mkfs_exec:file { execute read open getattr execute_no_trans };
|
||||
@@ -0,0 +1,9 @@
|
||||
type wifi2agps_exec, exec_type, file_type;
|
||||
type wifi2agps, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(wifi2agps)
|
||||
|
||||
allow wifi2agps agpsd_data_file:sock_file write;
|
||||
allow wifi2agps agpsd_data_file:dir search;
|
||||
allow wifi2agps mtk_agpsd:unix_dgram_socket sendto;
|
||||
allow wifi2agps self:netlink_socket create_socket_perms;
|
||||
@@ -0,0 +1,11 @@
|
||||
type wmt_loader_exec, exec_type, file_type;
|
||||
type wmt_loader, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(wmt_loader)
|
||||
|
||||
allow wmt_loader wmtdetect_device:chr_file create_file_perms;
|
||||
allow wmt_loader self:capability { chown dac_override };
|
||||
allow wmt_loader proc_wmt:file setattr;
|
||||
allow wmt_loader wmt_prop:property_service set;
|
||||
|
||||
unix_socket_connect(wmt_loader, property, init)
|
||||
@@ -0,0 +1 @@
|
||||
allow zygote sysfs_devinfo:file r_file_perms;
|
||||
Reference in New Issue
Block a user