diff options
Diffstat (limited to 'r_non_plat/domain.te')
-rw-r--r-- | r_non_plat/domain.te | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/r_non_plat/domain.te b/r_non_plat/domain.te deleted file mode 100644 index f1877f7..0000000 --- a/r_non_plat/domain.te +++ /dev/null @@ -1,30 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Grant read access to mtk core property type which represents all -# mtk properties except those with ctl_xxx prefix. -# Align Google change: f01453ad453b29dd723838984ea03978167491e5 -get_prop(domain, mtk_core_property_type) - -# Allow all processes to search /sys/kernel/debug/binder/ since it's has been -# labeled with specific debugfs label and many violations to dir search debugfs_binder -# are observed. Grant domain to suppress the violations as originally "debugfs:dir search" -# is also allowed to domain as well in Google default domain.te -allow domain debugfs_binder:dir search; - -# Allow all processes to read /sys/bus/platform/drivers/dev_info/dev_info -# as it is a public interface for all processes to read some OTP data. -allow { - domain - -isolated_app -} sysfs_devinfo:file r_file_perms; - -# Date:20170630 -# Purpose: allow trusted process to connect aee daemon -#allow { -# coredomain -# -untrusted_app_all -#} aee_aed:unix_stream_socket connectto; -allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto; - |