summaryrefslogtreecommitdiffstats
path: root/r_non_plat/system_server.te
diff options
context:
space:
mode:
Diffstat (limited to 'r_non_plat/system_server.te')
-rw-r--r--r_non_plat/system_server.te211
1 files changed, 0 insertions, 211 deletions
diff --git a/r_non_plat/system_server.te b/r_non_plat/system_server.te
deleted file mode 100644
index d79c56f..0000000
--- a/r_non_plat/system_server.te
+++ /dev/null
@@ -1,211 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-# Access devices.
-allow system_server touch_device:chr_file rw_file_perms;
-allow system_server stpant_device:chr_file rw_file_perms;
-allow system_server devmap_device:chr_file r_file_perms;
-allow system_server irtx_device:chr_file rw_file_perms;
-allow system_server qemu_pipe_device:chr_file rw_file_perms;
-allow system_server wmtWifi_device:chr_file w_file_perms;
-
-# Add for bootprof
-allow system_server proc_bootprof:file rw_file_perms;
-
-# /data/core access.
-allow system_server aee_core_data_file:dir r_dir_perms;
-
-# Perform Binder IPC.
-allow system_server zygote:binder impersonate;
-
-# Property service.
-allow system_server ctl_bootanim_prop:property_service set;
-
-# For dumpsys.
-allow system_server aee_dumpsys_data_file:file w_file_perms;
-allow system_server aee_exp_data_file:file w_file_perms;
-
-# Dump native process backtrace.
-#allow system_server exec_type:file r_file_perms;
-
-# Querying zygote socket.
-allow system_server zygote:unix_stream_socket { getopt getattr };
-
-# Communicate over a socket created by mnld process.
-
-# Allow system_server to read /sys/kernel/debug/wakeup_sources
-allow system_server debugfs_wakeup_sources:file r_file_perms;
-
-# Allow system_server to read/write /sys/power/dcm_state
-allow system_server sysfs_dcm:file rw_file_perms;
-
-# Date : WK16.36
-# Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW
-allow system_server log_tag_prop:property_service set;
-
-# Data : WK16.42
-# Operator: Whitney bring up
-# Purpose: call surfaceflinger due to powervr
-allow system_server surfaceflinger:fifo_file rw_file_perms;
-
-# Date : W16.42
-# Operation : Integration
-# Purpose : DRM / DRI GPU driver required
-allow system_server gpu_device:dir search;
-allow system_server debugfs_gpu_img:dir search;
-
-# Date : W16.43
-# Operation : Integration
-# Purpose : DRM / DRI GPU driver required
-allow system_server sw_sync_device:chr_file { read write getattr open ioctl };
-
-# Date : WK16.44
-# Purpose: Allow to access UART1 ttyMT1
-allow system_server ttyMT_device:chr_file rw_file_perms;
-
-# Date : WK17.52
-# Purpose: Allow to access UART1 ttyS
-allow system_server ttyS_device:chr_file rw_file_perms;
-
-# Date:W16.46
-# Operation : thermal hal Feature developing
-# Purpose : thermal hal interface permission
-allow system_server proc_mtktz:dir search;
-allow system_server proc_mtktz:file r_file_perms;
-
-# Date:W17.02
-# Operation : audio hal developing
-# Purpose : audio hal interface permission
-allow system_server mtk_hal_audio:process { getsched setsched };
-
-# Date:W17.07
-# Operation : bt hal
-# Purpose : bt hal interface permission
-binder_call(system_server, mtk_hal_bluetooth)
-
-# Date:W17.08
-# Operation : sensors hal developing
-# Purpose : sensors hal interface permission
-binder_call(system_server, mtk_hal_sensors)
-
-# Operation : light hal developing
-# Purpose : light hal interface permission
-binder_call(system_server, mtk_hal_light)
-
-# Date:W17.21
-# Operation : gnss hal
-# Purpose : gnss hal interface permission
-hal_client_domain(system_server, hal_gnss)
-
-# Date : W18.01
-# Add for turn on SElinux in enforcing mode
-allow system_server vendor_framework_file:dir r_file_perms;
-
-# Fix bootup violation
-allow system_server vendor_framework_file:file getattr;
-allow system_server wifi_prop:file { read getattr open };
-
-# Date:W17.22
-# Operation : add aee_aed socket rule
-# Purpose : type=1400 audit(0.0:134519): avc: denied { connectto }
-# for comm=4572726F722064756D703A20737973
-# path=00636F6D2E6D746B2E6165652E6165645F3634
-# scontext=u:r:system_server:s0 tcontext=u:r:aee_aed:s0
-# tclass=unix_stream_socket permissive=0
-allow system_server aee_aed:unix_stream_socket connectto;
-
-#Dat: 2017/02/14
-#Purpose: allow get telephony Sensitive property
-get_prop(system_server, mtk_telephony_sensitive_prop)
-
-# Date: W17.22
-# Operation : New Feature
-# Purpose : Add for A/B system
-allow system_server debugfs_wakeup_sources:file { read getattr open };
-
-# Date:W17.26
-# Operation : imsa hal
-# Purpose : imsa hal interface permission
-binder_call(system_server, mtk_hal_imsa)
-
-# Date:W17.28
-# Operation : camera hal developing
-# Purpose : camera hal binder_call permission
-binder_call(system_server, mtk_hal_camera)
-
-# Date:W17.31
-# Operation : mpe sensor hidl developing
-# Purpose : mpe sensor hidl permission
-binder_call(system_server, mnld)
-
-# Date : WK17.32
-# Operation : Migration
-# Purpose : for network log dumpsys setting/netd information
-# audit(0.0:914): avc: denied { write } for path="pipe:[46088]"
-# dev="pipefs" ino=46088 scontext=u:r:system_server:s0
-# tcontext=u:r:netdiag:s0 tclass=fifo_file permissive=1
-allow system_server netdiag:fifo_file write;
-
-# Date : WK17.32
-# Operation : Migration
-# Purpose : for DHCP Client ip recover functionality
-allow system_server dhcp_data_file:dir search;
-allow system_server dhcp_data_file:dir rw_dir_perms;
-allow system_server dhcp_data_file:file create_file_perms;
-
-# Date:W17.35
-# Operation : lbs hal
-# Purpose : lbs hidl interface permission
-hal_client_domain(system_server, mtk_hal_lbs)
-
-# Date : WK17.12
-# Operation : MT6799 SQC
-# Purpose : Change thermal config
-allow system_server mtk_thermal_config_prop:file { getattr open read };
-
-
-# Date : WK17.43
-# Operation : Migration
-# Purpose : perfmgr permission
-allow system_server mtk_hal_power_hwservice:hwservice_manager find;
-allow system_server proc_perfmgr:dir {read search};
-allow system_server proc_perfmgr:file {open read ioctl};
-allowxperm system_server proc_perfmgr:file ioctl {
- PERFMGR_FPSGO_QUEUE
- PERFMGR_FPSGO_DEQUEUE
- PERFMGR_FPSGO_QUEUE_CONNECT
- PERFMGR_FPSGO_BQID
-};
-
-# Date : W18.22
-# Operation : MTK wifi hal migration
-# Purpose : MTK wifi hal interface permission
-binder_call(system_server, mtk_hal_wifi)
-
-# Date : WK18.33
-# Purpose : type=1400 audit(0.0:1592): avc: denied { read }
-# for comm=4572726F722064756D703A20646174 name=
-# "u:object_r:persist_mtk_aee_prop:s0" dev="tmpfs"
-# ino=10312 scontext=u:r:system_server:s0 tcontext=
-# u:object_r:persist_mtk_aee_prop:s0 tclass=file permissive=0
-get_prop(system_server, persist_mtk_aee_prop);
-
-# Date : W19.15
-# Operation : alarm device permission
-# Purpose : support power-off alarm
-allow system_server alarm_device:chr_file rw_file_perms;
-
-# Date : WK19.7
-# Operation: Q migration
-# Purpose : Allow system_server to use ioctl/ioctlcmd
-allow system_server proc_ged:file rw_file_perms;
-allowxperm system_server proc_ged:file ioctl { proc_ged_ioctls };
-
-# Date: 2019/06/14
-# Operation : Migration
-get_prop(system_server, vendor_default_prop)
-
-# Date: 2019/06/14
-# Operation : when WFD turnning on, turn off hdmi
-allow system_server mtk_hal_hdmi_hwservice:hwservice_manager find;
-allow system_server mtk_hal_hdmi:binder call;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 06:01:52 +0000