diff options
Diffstat (limited to 'r_non_plat/system_server.te')
-rw-r--r-- | r_non_plat/system_server.te | 211 |
1 files changed, 0 insertions, 211 deletions
diff --git a/r_non_plat/system_server.te b/r_non_plat/system_server.te deleted file mode 100644 index d79c56f..0000000 --- a/r_non_plat/system_server.te +++ /dev/null @@ -1,211 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== -# Access devices. -allow system_server touch_device:chr_file rw_file_perms; -allow system_server stpant_device:chr_file rw_file_perms; -allow system_server devmap_device:chr_file r_file_perms; -allow system_server irtx_device:chr_file rw_file_perms; -allow system_server qemu_pipe_device:chr_file rw_file_perms; -allow system_server wmtWifi_device:chr_file w_file_perms; - -# Add for bootprof -allow system_server proc_bootprof:file rw_file_perms; - -# /data/core access. -allow system_server aee_core_data_file:dir r_dir_perms; - -# Perform Binder IPC. -allow system_server zygote:binder impersonate; - -# Property service. -allow system_server ctl_bootanim_prop:property_service set; - -# For dumpsys. -allow system_server aee_dumpsys_data_file:file w_file_perms; -allow system_server aee_exp_data_file:file w_file_perms; - -# Dump native process backtrace. -#allow system_server exec_type:file r_file_perms; - -# Querying zygote socket. -allow system_server zygote:unix_stream_socket { getopt getattr }; - -# Communicate over a socket created by mnld process. - -# Allow system_server to read /sys/kernel/debug/wakeup_sources -allow system_server debugfs_wakeup_sources:file r_file_perms; - -# Allow system_server to read/write /sys/power/dcm_state -allow system_server sysfs_dcm:file rw_file_perms; - -# Date : WK16.36 -# Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW -allow system_server log_tag_prop:property_service set; - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow system_server surfaceflinger:fifo_file rw_file_perms; - -# Date : W16.42 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required -allow system_server gpu_device:dir search; -allow system_server debugfs_gpu_img:dir search; - -# Date : W16.43 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required -allow system_server sw_sync_device:chr_file { read write getattr open ioctl }; - -# Date : WK16.44 -# Purpose: Allow to access UART1 ttyMT1 -allow system_server ttyMT_device:chr_file rw_file_perms; - -# Date : WK17.52 -# Purpose: Allow to access UART1 ttyS -allow system_server ttyS_device:chr_file rw_file_perms; - -# Date:W16.46 -# Operation : thermal hal Feature developing -# Purpose : thermal hal interface permission -allow system_server proc_mtktz:dir search; -allow system_server proc_mtktz:file r_file_perms; - -# Date:W17.02 -# Operation : audio hal developing -# Purpose : audio hal interface permission -allow system_server mtk_hal_audio:process { getsched setsched }; - -# Date:W17.07 -# Operation : bt hal -# Purpose : bt hal interface permission -binder_call(system_server, mtk_hal_bluetooth) - -# Date:W17.08 -# Operation : sensors hal developing -# Purpose : sensors hal interface permission -binder_call(system_server, mtk_hal_sensors) - -# Operation : light hal developing -# Purpose : light hal interface permission -binder_call(system_server, mtk_hal_light) - -# Date:W17.21 -# Operation : gnss hal -# Purpose : gnss hal interface permission -hal_client_domain(system_server, hal_gnss) - -# Date : W18.01 -# Add for turn on SElinux in enforcing mode -allow system_server vendor_framework_file:dir r_file_perms; - -# Fix bootup violation -allow system_server vendor_framework_file:file getattr; -allow system_server wifi_prop:file { read getattr open }; - -# Date:W17.22 -# Operation : add aee_aed socket rule -# Purpose : type=1400 audit(0.0:134519): avc: denied { connectto } -# for comm=4572726F722064756D703A20737973 -# path=00636F6D2E6D746B2E6165652E6165645F3634 -# scontext=u:r:system_server:s0 tcontext=u:r:aee_aed:s0 -# tclass=unix_stream_socket permissive=0 -allow system_server aee_aed:unix_stream_socket connectto; - -#Dat: 2017/02/14 -#Purpose: allow get telephony Sensitive property -get_prop(system_server, mtk_telephony_sensitive_prop) - -# Date: W17.22 -# Operation : New Feature -# Purpose : Add for A/B system -allow system_server debugfs_wakeup_sources:file { read getattr open }; - -# Date:W17.26 -# Operation : imsa hal -# Purpose : imsa hal interface permission -binder_call(system_server, mtk_hal_imsa) - -# Date:W17.28 -# Operation : camera hal developing -# Purpose : camera hal binder_call permission -binder_call(system_server, mtk_hal_camera) - -# Date:W17.31 -# Operation : mpe sensor hidl developing -# Purpose : mpe sensor hidl permission -binder_call(system_server, mnld) - -# Date : WK17.32 -# Operation : Migration -# Purpose : for network log dumpsys setting/netd information -# audit(0.0:914): avc: denied { write } for path="pipe:[46088]" -# dev="pipefs" ino=46088 scontext=u:r:system_server:s0 -# tcontext=u:r:netdiag:s0 tclass=fifo_file permissive=1 -allow system_server netdiag:fifo_file write; - -# Date : WK17.32 -# Operation : Migration -# Purpose : for DHCP Client ip recover functionality -allow system_server dhcp_data_file:dir search; -allow system_server dhcp_data_file:dir rw_dir_perms; -allow system_server dhcp_data_file:file create_file_perms; - -# Date:W17.35 -# Operation : lbs hal -# Purpose : lbs hidl interface permission -hal_client_domain(system_server, mtk_hal_lbs) - -# Date : WK17.12 -# Operation : MT6799 SQC -# Purpose : Change thermal config -allow system_server mtk_thermal_config_prop:file { getattr open read }; - - -# Date : WK17.43 -# Operation : Migration -# Purpose : perfmgr permission -allow system_server mtk_hal_power_hwservice:hwservice_manager find; -allow system_server proc_perfmgr:dir {read search}; -allow system_server proc_perfmgr:file {open read ioctl}; -allowxperm system_server proc_perfmgr:file ioctl { - PERFMGR_FPSGO_QUEUE - PERFMGR_FPSGO_DEQUEUE - PERFMGR_FPSGO_QUEUE_CONNECT - PERFMGR_FPSGO_BQID -}; - -# Date : W18.22 -# Operation : MTK wifi hal migration -# Purpose : MTK wifi hal interface permission -binder_call(system_server, mtk_hal_wifi) - -# Date : WK18.33 -# Purpose : type=1400 audit(0.0:1592): avc: denied { read } -# for comm=4572726F722064756D703A20646174 name= -# "u:object_r:persist_mtk_aee_prop:s0" dev="tmpfs" -# ino=10312 scontext=u:r:system_server:s0 tcontext= -# u:object_r:persist_mtk_aee_prop:s0 tclass=file permissive=0 -get_prop(system_server, persist_mtk_aee_prop); - -# Date : W19.15 -# Operation : alarm device permission -# Purpose : support power-off alarm -allow system_server alarm_device:chr_file rw_file_perms; - -# Date : WK19.7 -# Operation: Q migration -# Purpose : Allow system_server to use ioctl/ioctlcmd -allow system_server proc_ged:file rw_file_perms; -allowxperm system_server proc_ged:file ioctl { proc_ged_ioctls }; - -# Date: 2019/06/14 -# Operation : Migration -get_prop(system_server, vendor_default_prop) - -# Date: 2019/06/14 -# Operation : when WFD turnning on, turn off hdmi -allow system_server mtk_hal_hdmi_hwservice:hwservice_manager find; -allow system_server mtk_hal_hdmi:binder call; |