diff options
Diffstat (limited to 'r_non_plat/vold.te')
-rw-r--r-- | r_non_plat/vold.te | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/r_non_plat/vold.te b/r_non_plat/vold.te deleted file mode 100644 index 8679bc7..0000000 --- a/r_non_plat/vold.te +++ /dev/null @@ -1,46 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# volume manager - -# Date : WK16.19 -# Operation : Migration -# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts -allow vold iso9660:filesystem unmount; - -# Date : WK16.19 -# Operation : Migration -# Purpose : vold will traverse /proc when remountUid(). -# It will trigger violation if mtk customize some label in /proc. -# However, we should ignore the violation if the processes never access the storage. -dontaudit vold proc_battery_cmd:dir { read open }; -dontaudit vold proc_mtkcooler:dir { read open }; -dontaudit vold proc_mtktz:dir { read open }; -dontaudit vold proc_thermal:dir { read open }; - -# Date : WK18.30 -# Operation : Migration -# Purpose : vold create mdlog folder in data for meta mode. -allow vold mdlog_data_file:dir { create_dir_perms }; - -allow vold mtd_device:blk_file rw_file_perms; - -# dontaudit for fstrim on 'vendor' folder -dontaudit vold nvdata_file:dir r_dir_perms; -dontaudit vold nvcfg_file:dir r_dir_perms; -dontaudit vold protect_f_data_file:dir r_dir_perms; -dontaudit vold protect_s_data_file:dir r_dir_perms; - -# execute mke2fs when format as internal -allow vold cache_block_device:blk_file getattr; -allowxperm vold dm_device:blk_file ioctl { - BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET -}; -allow vold nvcfg_block_device:blk_file getattr; -allow vold nvdata_device:blk_file getattr; -allow vold proc_swaps:file r_file_perms; -allow vold protect1_block_device:blk_file getattr; -allow vold protect2_block_device:blk_file getattr; -allow vold proc_swaps:file getattr; -allow vold swap_block_device:blk_file getattr; |