Stricted
3f1d915dbb
Change-Id: I0ad15a06d19b4b69b205d9b28706e4fb59dce79b (cherry picked from commit 9562b311e7e481fe226fb536f97a14a72734d02b)
35 lines
1.5 KiB
Plaintext
35 lines
1.5 KiB
Plaintext
type nvram_daemon_exec, exec_type, file_type;
|
|
type nvram_daemon, domain, domain_deprecated;
|
|
|
|
init_daemon_domain(nvram_daemon)
|
|
|
|
allow nvram_daemon self:capability { fowner dac_override dac_read_search chown fsetid };
|
|
allow nvram_daemon nvram_device:blk_file rw_file_perms;
|
|
allow nvram_daemon nvdata_device:blk_file rw_file_perms;
|
|
allow nvram_daemon nvdata_file:dir create_dir_perms;
|
|
allow nvram_daemon nvdata_file:file create_file_perms;
|
|
allow nvram_daemon nvdata_file:lnk_file r_file_perms;
|
|
allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
|
|
allow nvram_daemon als_ps_device:chr_file r_file_perms;
|
|
allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
|
|
allow nvram_daemon gsensor_device:chr_file r_file_perms;
|
|
allow nvram_daemon msensor_device:chr_file r_file_perms;
|
|
allow nvram_daemon gyroscope_device:chr_file r_file_perms;
|
|
allow nvram_daemon toolbox_exec:file rx_file_perms;
|
|
|
|
allow nvram_daemon proinfo_device:blk_file rw_file_perms;
|
|
allow nvram_daemon nvram_prop:property_service set;
|
|
allow nvram_daemon wmt_prop:property_service set;
|
|
|
|
allow nvram_daemon block_device:dir search;
|
|
|
|
unix_socket_connect(nvram_daemon, property, init)
|
|
|
|
allow nvram_daemon sysfs_boot_mode:file { read open };
|
|
allow nvram_daemon sysfs:file { write };
|
|
allow nvram_daemon system_prop:property_service { set };
|
|
|
|
allow nvram_daemon nvram_device:chr_file { read write open };
|
|
allow nvram_daemon mmc_device:blk_file { read write open };
|
|
allow nvram_daemon proinfo_device:chr_file { read write open ioctl };
|