summaryrefslogtreecommitdiffstats
path: root/r_non_plat/factory.te
diff options
context:
space:
mode:
Diffstat (limited to 'r_non_plat/factory.te')
-rw-r--r--r_non_plat/factory.te389
1 files changed, 0 insertions, 389 deletions
diff --git a/r_non_plat/factory.te b/r_non_plat/factory.te
deleted file mode 100644
index 5695bf1..0000000
--- a/r_non_plat/factory.te
+++ /dev/null
@@ -1,389 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-type factory, domain;
-type factory_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(factory)
-
-#============= factory ==============
-allow factory MTK_SMI_device:chr_file r_file_perms;
-allow factory ashmem_device:chr_file execute;
-allow factory ebc_device:chr_file rw_file_perms;
-allow factory stpbt_device:chr_file rw_file_perms;
-
-# Date: WK14.47
-# Operation : Migration
-# Purpose : CCCI
-allow factory eemcs_device:chr_file rw_file_perms;
-allow factory ccci_device:chr_file rw_file_perms;
-allow factory gsm0710muxd_device:chr_file rw_file_perms;
-
-#Purpose: file system requirement
-allow factory debugfs_usb:file rw_file_perms;
-allow factory debugfs_usb:dir search;
-allow factory devpts:chr_file rw_file_perms;
-allow factory vfat:dir w_dir_perms;
-allow factory labeledfs:filesystem unmount;
-allow factory rootfs:dir mounton;
-allow factory vfat:dir { read open search mounton };
-allow factory vfat:filesystem { mount unmount };
-
-# Purpose : SDIO
-allow factory ttySDIO_device:chr_file rw_file_perms;
-
-#Purpose: USB
-allow factory ttyMT_device:chr_file rw_file_perms;
-allow factory ttyS_device:chr_file rw_file_perms;
-allow factory ttyGS_device:chr_file rw_file_perms;
-
-# Purpose: OTG
-allow factory usb_device:chr_file rw_file_perms;
-allow factory usb_device:dir r_dir_perms;
-
-# Date: WK15.01
-# Purpose : OTG Mount
-allow factory sdcard_type:dir mounton;
-# Date: WK15.07
-# Purpose : use c2k flight mode;
-allow factory vmodem_device:chr_file rw_file_perms;
-
-# Date: WK15.13
-# Purpose: for nand project
-allow factory mtd_device:dir search;
-allow factory mtd_device:chr_file rw_file_perms;
-allow factory self:capability sys_resource;
-allow factory pro_info_device:chr_file rw_file_perms;
-
-# Data: WK15.28
-# Purpose: for mt-ramdump reset
-allow factory proc_mrdump_rst:file w_file_perms;
-
-#Date: WK15.31
-#Purpose: define factory_data_file instead of system_data_file
-# because system_data_file is sensitive partition from M
-wakelock_use(factory);
-allow factory storage_file:dir { write create add_name search mounton };
-
-# Date: WK15.44
-# Purpose: factory idle current status
-allow factory vendor_factory_idle_state_prop:property_service set;
-
-# Date: WK15.46
-# Purpose: gps factory mode
-allow factory agpsd_data_file:dir search;
-allow factory gps_data_file:dir { write add_name search remove_name unlink};
-allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
-allow factory gps_data_file:lnk_file read;
-allow factory storage_file:lnk_file r_file_perms;
-
-#Date: WK15.48
-#Purpose: capture for factory mode
-allow factory devmap_device:chr_file r_file_perms;
-allow factory sdcard_type:dir create_dir_perms;
-allow factory sdcard_type:file create_file_perms;
-allow factory mnt_user_file:dir search;
-allow factory mnt_user_file:lnk_file read;
-allow factory storage_file:lnk_file read;
-
-#Date: WK16.05
-#Purpose: For access NVRAM
-allow factory factory:capability chown;
-allow factory nvram_data_file:dir create_dir_perms;
-allow factory nvram_data_file:file create_file_perms;
-allow factory nvram_data_file:lnk_file r_file_perms;
-allow factory nvdata_file:lnk_file r_file_perms;
-allow factory nvram_device:chr_file rw_file_perms;
-allow factory nvram_device:blk_file rw_file_perms;
-allow factory nvdata_device:blk_file rw_file_perms;
-
-#Date: WK16.12
-#Purpose: For sensor test
-allow factory als_ps_device:chr_file r_file_perms;
-allow factory barometer_device:chr_file r_file_perms;
-allow factory gsensor_device:chr_file r_file_perms;
-allow factory gyroscope_device:chr_file r_file_perms;
-allow factory msensor_device:chr_file r_file_perms;
-allow factory biometric_device:chr_file r_file_perms;
-
-#Purpose: For camera Test
-allow factory kd_camera_flashlight_device:chr_file rw_file_perms;
-allow factory kd_camera_hw_device:chr_file rw_file_perms;
-allow factory seninf_device:chr_file rw_file_perms;
-allow factory CAM_CAL_DRV_device:chr_file rw_file_perms;
-
-#Purpose: For reboot the target
-allow factory powerctl_prop:property_service set;
-
-#Purpose: For memory card test
-allow factory misc_sd_device:chr_file r_file_perms;
-allow factory mmcblk1_block_device:blk_file rw_file_perms;
-allow factory bootdevice_block_device:blk_file rw_file_perms;
-allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
-allow factory block_device:dir w_dir_perms;
-allowxperm factory mmcblk1_block_device:blk_file ioctl BLKGETSIZE;
-allowxperm factory bootdevice_block_device:blk_file ioctl BLKGETSIZE;
-
-#Purpose: For EMMC test
-allow factory nvdata_file:dir create_dir_perms;
-allow factory nvdata_file:file create_file_perms;
-
-#Purpose: For HRM test
-allow factory hrm_device:chr_file r_file_perms;
-
-#Purpose: For IrTx LED test
-allow factory irtx_device:chr_file rw_file_perms;
-
-#Purpose: For battery test, ext_buck test and ext_vbat_boost test
-allow factory pmic_ftm_device:chr_file rw_file_perms;
-allow factory MT_pmic_adc_cali_device:chr_file rw_file_perms;
-allow factory MT_pmic_cali_device:chr_file r_file_perms;
-allow factory charger_ftm_device:chr_file r_file_perms;
-
-#Purpose: For HDMI test
-allow factory graphics_device:dir w_dir_perms;
-allow factory graphics_device:chr_file rw_file_perms;
-
-#Purpose: For WIFI test
-allow factory wmtWifi_device:chr_file rw_file_perms;
-
-#Purpose: For rtc test
-allow factory rtc_device:chr_file rw_file_perms;
-
-#Purpose: For nfc test
-allow factory mt6605_device:chr_file rwx_file_perms;
-
-#Purpose: For gps test
-allow factory mnld_device:chr_file rw_file_perms;
-allow factory mnld_exec:file rx_file_perms;
-
-#Purpose: For keypad test
-allow factory mtk_kpd_device:chr_file r_file_perms;
-
-#Purpose: For Humidity test
-allow factory humidity_device:chr_file r_file_perms;
-
-#Purpose: For camera test
-allow factory camera_isp_device:chr_file rw_file_perms;
-allow factory camera_dip_device:chr_file rw_file_perms;
-allow factory camera_pipemgr_device:chr_file r_file_perms;
-allow factory camera_sysram_device:chr_file r_file_perms;
-allow factory ccu_device:chr_file rw_file_perms;
-allow factory vpu_device:chr_file rw_file_perms;
-allow factory MAINAF_device:chr_file rw_file_perms;
-allow factory MAIN2AF_device:chr_file rw_file_perms;
-allow factory SUBAF_device:chr_file rw_file_perms;
-allow factory FM50AF_device:chr_file rw_file_perms;
-allow factory AD5820AF_device:chr_file rw_file_perms;
-allow factory DW9714AF_device:chr_file rw_file_perms;
-allow factory DW9714A_device:chr_file rw_file_perms;
-allow factory LC898122AF_device:chr_file rw_file_perms;
-allow factory LC898212AF_device:chr_file rw_file_perms;
-allow factory BU6429AF_device:chr_file rw_file_perms;
-allow factory DW9718AF_device:chr_file rw_file_perms;
-allow factory BU64745GWZAF_device:chr_file rw_file_perms;
-allow factory cct_data_file:dir create_dir_perms;
-allow factory cct_data_file:file create_file_perms;
-allow factory camera_tsf_device:chr_file rw_file_perms;
-allow factory camera_rsc_device:chr_file rw_file_perms;
-allow factory camera_gepf_device:chr_file rw_file_perms;
-allow factory camera_fdvt_device:chr_file rw_file_perms;
-allow factory camera_wpe_device:chr_file rw_file_perms;
-allow factory camera_owe_device:chr_file rw_file_perms;
-allow factory camera_mfb_device:chr_file rw_file_perms;
-allow factory mtk_hal_power_hwservice:hwservice_manager find;
-allow factory mtk_hal_power:binder call;
-get_prop(factory,mediatek_prop);
-#Purpose: For FM test and headset test
-allow factory accdet_device:chr_file r_file_perms;
-allow factory fm_device:chr_file rw_file_perms;
-
-#Purpose: For audio test
-allow factory audio_device:chr_file rw_file_perms;
-allow factory audio_device:dir w_dir_perms;
-allow factory audiohal_prop:property_service set;
-allow factory audio_ipi_device:chr_file { read write ioctl open };
-allow factory audio_scp_device:chr_file r_file_perms;
-
-#Purpose: For key and touch event
-allow factory input_device:chr_file r_file_perms;
-allow factory input_device:dir rw_dir_perms;
-
-# Date: WK16.17
-# Purpose: N Migration For ccci sysfs node
-# Allow read to sys/kernel/ccci/* files
-allow factory sysfs_ccci:dir search;
-allow factory sysfs_ccci:file r_file_perms;
-
-# Date: WK16.18
-# Purpose: N Migration For boot_mode
-# Allow to read boot mode
-# avc: denied { read } for name="boot_mode" dev="sysfs" ino=117
-# scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0
-# tclass=file permissive=0
-allow factory sysfs_boot_mode:file { read open };
-allow factory sysfs_boot_type:file { read open };
-
-#TODO:: MTK need to remove later
-not_full_treble(`
- allow factory mnld:unix_dgram_socket sendto;
-')
-
-# Date: WK16.31
-#Purpose: For gps test
-allow factory mnld_prop:property_service set;
-
-# Date: WK16.33
-#Purpose: for unmount sdcardfs and stop services which are using data partition
-allow factory sdcard_type:filesystem unmount;
-allow factory ctl_default_prop:property_service set;
-
-# Date : WK16.35
-# Operation : Migration
-# Purpose : Update camera flashlight driver device file
-allow factory flashlight_device:chr_file rw_file_perms;
-
-
-# Date: WK15.25
-#Purpose: for unmount sdcardfs and stop services which are using data partition
-allow factory ctl_emdlogger1_prop:property_service set;
-# Date: WK17.07
-# Purpose: Clear bootdevice (eMMC/UFS) may need to unmount tmpfs
-allow factory tmpfs:filesystem unmount;
-allow factory sysfs:dir { read open };
-allow factory sysfs_leds:dir search;
-allow factory sysfs_leds:lnk_file read;
-allow factory sysfs_leds:file rw_file_perms;
-allow factory sysfs_leds:dir r_dir_perms;
-allow factory sysfs_power:file rw_file_perms;
-allow factory sysfs_power:dir r_dir_perms;
-allow factory self:capability2 {block_suspend};
-allow factory sysfs_vibrator:file {open read write};
-allow factory ion_device:chr_file { read open ioctl };
-allow factory debugfs_ion:dir search;
-# Date: WK17.27
-# Purpose: STMicro NFC solution integration
-allow factory st21nfc_device:chr_file { open read getattr write ioctl };
-set_prop(factory,hwservicemanager_prop);
-hwbinder_use(factory);
-hal_client_domain(factory, hal_nfc);
-
-# Date : WK17.32
-# Operation : O Migration
-# Purpose: Allow to access cmdq driver
-allow factory mtk_cmdq_device:chr_file { read ioctl open };
-allow factory mtk_mdp_device:chr_file rw_file_perms;
-allow factory sw_sync_device:chr_file rw_file_perms;
-
-# Date: WK1733
-# Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode
-set_prop(factory,ctl_ccci_fsd_prop);
-
-# Date : WK17.38
-# Operation : O Migration
-# Purpose: Allow to access sysfs
-allow factory sysfs_therm:dir search;
-allow factory sysfs_therm:file {open read write};
-
-#Date: W18.22
-# Purpose: P Migration for factory get com port type and uart port info
-# detail avc log: [ 11.751803] <1>.(1)[227:logd.auditd]type=1400 audit(1262304016.560:10):
-#avc: denied { read } for pid=203 comm="factory" name="meta_com_type_info" dev=
-#"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
-allow factory sysfs_comport_type:file rw_file_perms;
-allow factory sysfs_uart_info:file rw_file_perms;
-
-
-# from private
-allow factory property_socket:sock_file write;
-allow factory init:unix_stream_socket connectto;
-allow factory kernel:system module_request;
-allow factory node:tcp_socket node_bind;
-allow factory userdata_block_device:blk_file rw_file_perms;
-allow factory port:tcp_socket { name_bind name_connect };
-allow factory self:capability { sys_module ipc_lock sys_nice net_raw fsetid net_admin sys_time sys_boot sys_admin };
-allow factory sdcard_type:dir r_dir_perms;
-allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
-allow factory proc_net:file { read getattr open };
-allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
-allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
-
-allow factory self:process execmem;
-allow factory self:tcp_socket create_stream_socket_perms;
-allow factory self:udp_socket create_socket_perms;
-
-allow factory sysfs_wake_lock:file rw_file_perms;
-#allow factory system_file:file x_file_perms;
-
-# For Light HIDL permission
-hal_client_domain(factory, hal_light);
-allow factory hal_light_hwservice:hwservice_manager find;
-allow factory mtk_hal_light:binder call;
-allow factory merged_hal_service:binder call;
-# For vibrator test permission
-allow factory sysfs_vibrator:file rw_file_perms;
-allow factory sysfs_vibrator:dir search;
-
-# For Audio device permission
-allow factory proc_asound:dir { read search open };
-allow factory proc_asound:file { read open getattr write };
-allow factory audiohal_prop:property_service set;
-
-# For Accdet data permission
-allow factory sysfs_headset:file { read open };
-
-# For touch auto test
-allow factory sysfs_tpd_setting:dir search;
-allow factory sysfs_tpd_setting:file { read getattr open };
-
-# Date : WK18.23
-# Operation: P migration
-# Purpose : Allow factory to unmount partition, stop service, and then erase partition
-allow factory vendor_shell_exec:file { read execute open execute_no_trans };
-allow factory vendor_toolbox_exec:file { execute_no_trans };
-allow factory labeledfs:filesystem { unmount };
-allow factory proc_cmdline:file { read open getattr };
-allow factory factory:capability { sys_boot sys_admin};
-allow factory sysfs_dt_firmware_android:file { read open getattr };
-allow factory sysfs_dt_firmware_android:dir { read open search };
-# Purpose : Allow factory to communicate with driver thru socket
-allow factory factory:capability { sys_module net_admin net_raw };
-
-# For power_supply and switch permission
-r_dir_file(factory, sysfs_batteryinfo)
-r_dir_file(factory, sysfs_switch)
-
-# Date : WK18.31
-# Operation: P migration
-# Purpose : Refine policy
-allow factory sysfs_mmcblk:dir { search };
-allow factory sysfs_mmcblk:file { read getattr open };
-
-# Date : WK18.37
-# Operation: P migration
-# Purpose : ADSP SmartPA calibration
-allow factory vendor_file:file execute_no_trans;
-allow factory mtk_audiohal_data_file:dir create_dir_perms;
-allow factory mtk_audiohal_data_file:file { write create unlink r_file_perms };
-
-#Date : WK18.37
-# Operation: P migration
-# Purpose : Allow factory to open /proc/version
-allow factory proc_version:file {read open getattr};
-
-# Purpose : adsp
-allow factory adsp_device:chr_file rw_file_perms;
-
-# Purpose : NFC
-allow factory vendor_nfc_socket:dir { write add_name remove_name search };
-allow factory vendor_nfc_socket:sock_file { create write unlink setattr };
-
-# Allow to get AOSP property persist.radio.multisim.config
-get_prop(factory, exported3_radio_prop)
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-06 10:12:21 +0000