blob: 0681aa417a374f406d5c641d50c7f313599090b0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# sec-ril
type secril-daemon, domain;
type secril-daemon_exec, exec_type, file_type;
# Start /system/bin/sec-ril from init
init_daemon_domain(secril-daemon)
allow secril-daemon secril-daemon_exec:file { open execute_no_trans getattr };
allow secril-daemon self:udp_socket { create ioctl };
unix_socket_connect(secril-daemon, property, init)
unix_socket_connect(secril-daemon, rild, rild)
allow secril-daemon { efs_file }:file rw_file_perms;
allow secril-daemon system_data_file:dir create_dir_perms;
# allow secril-daemon system_data_file:file unlink;
allow secril-daemon radio_data_file:file { create_file_perms };
allow secril-daemon self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override };
allow secril-daemon system_file:file x_file_perms;
allow secril-daemon sysfs:file rw_file_perms;
allow secril-daemon shell_exec:file rx_file_perms;
allow secril-daemon app_data_file:file rw_file_perms;
allow secril-daemon app_data_file:dir search;
allow secril-daemon zygote_exec:file rx_file_perms;
allow secril-daemon ashmem_device:chr_file x_file_perms;
allow secril-daemon secril-daemon:process { execmem };
allow secril-daemon unlabeled:dir { search };
allow secril-daemon radio_prop:property_service { set };
allow secril-daemon sysfs_wake_lock:file { read write open };
allow secril-daemon unlabeled:file { read open getattr setattr };
#allow secril-daemon system_file:file { entrypoint };
allow secril-daemon radio_data_file:dir { search write add_name read open remove_name };
allow secril-daemon efs_file:dir { search };
allow secril-daemon rild_exec:file { entrypoint read };
allow secril-daemon qmuxd_socket:dir { write add_name remove_name search };
allow secril-daemon qmuxd_socket:sock_file { create setattr unlink };
|
