# ============================================== # Policy File of /system/bin/mtkrild Executable File # ============================================== # Type Declaration # ============================================== type mtkrild_exec , exec_type, file_type, vendor_file_type; type mtkrild ,domain; # ============================================== # MTK Policy Rule # ============================================== init_daemon_domain(mtkrild) net_domain(mtkrild) # Trigger module auto-load. allow mtkrild kernel:system module_request; # Capabilities assigned for mtkrild allow mtkrild self:capability { setuid net_admin net_raw }; #allow mtkrild self:capability dac_override; # Control cgroups allow mtkrild cgroup:dir create_dir_perms; # Property service # allow set RIL related properties (radio./net./system./etc) #set_prop(mtkrild, radio_prop) #set_prop(mtkrild, net_radio_prop) #set_prop(mtkrild, system_radio_prop) auditallow mtkrild net_radio_prop:property_service set; auditallow mtkrild system_radio_prop:property_service set; set_prop(mtkrild, ril_active_md_prop) # allow set muxreport control properties set_prop(mtkrild, ril_cdma_report_prop) set_prop(mtkrild, ril_mux_report_case_prop) set_prop(mtkrild, ctl_muxreport-daemon_prop) #Dat: 2017/02/14 #Purpose: allow set telephony Sensitive property set_prop(mtkrild, mtk_telephony_sensitive_prop) # Access to wake locks wakelock_use(mtkrild) # Allow access permission to efs files allow mtkrild efs_file:dir create_dir_perms; allow mtkrild efs_file:file create_file_perms; allow mtkrild bluetooth_efs_file:file r_file_perms; allow mtkrild bluetooth_efs_file:dir r_dir_perms; # Allow access permission to dir/files # (radio data/system data/proc/etc) # Violate Android P rule #allow mtkrild radio_data_file:dir rw_dir_perms; #allow mtkrild radio_data_file:file create_file_perms; allow mtkrild sdcard_type:dir r_dir_perms; # Violate Android P rule #allow mtkrild system_data_file:dir r_dir_perms; #allow mtkrild system_data_file:file r_file_perms; allow mtkrild system_file:file x_file_perms; allow mtkrild proc:file rw_file_perms; allow mtkrild proc_net:file w_file_perms; # Allow mtkrild to create and use netlink sockets. ### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te #allow mtkrild self:netlink_socket create_socket_perms; #allow mtkrild self:netlink_kobject_uevent_socket create_socket_perms; # Set and get routes directly via netlink. allow mtkrild self:netlink_route_socket nlmsg_write; # Allow mtkrild to create sockets. ### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te #allow mtkrild self:socket create_socket_perms; # Allow read/write to devices/files allow mtkrild alarm_device:chr_file rw_file_perms; allow mtkrild radio_device:chr_file rw_file_perms; allow mtkrild radio_device:blk_file r_file_perms; allow mtkrild mtd_device:dir search; # Allow read/write to uart driver (for GPS) #allow mtkrild gps_device:chr_file rw_file_perms; # Allow read/write to tty devices allow mtkrild tty_device:chr_file rw_file_perms; allow mtkrild eemcs_device:chr_file { rw_file_perms }; allow mtkrild Vcodec_device:chr_file { rw_file_perms }; allow mtkrild devmap_device:chr_file { r_file_perms }; allow mtkrild devpts:chr_file { rw_file_perms }; allow mtkrild ccci_device:chr_file { rw_file_perms }; allow mtkrild misc_device:chr_file { rw_file_perms }; allow mtkrild proc_lk_env:file rw_file_perms; allow mtkrild sysfs_vcorefs_pwrctrl:file { w_file_perms }; allow mtkrild bootdevice_block_device:blk_file { rw_file_perms }; allow mtkrild para_block_device:blk_file { rw_file_perms }; # Allow dir search, fd uses allow mtkrild block_device:dir search; #allow mtkrild platformblk_device:dir search; allow mtkrild platform_app:fd use; allow mtkrild radio:fd use; # For emulator allow mtkrild qemu_pipe_device:chr_file rw_file_perms; allow mtkrild socket_device:sock_file { w_file_perms }; # For MAL MFI allow mtkrild mal_mfi_socket:sock_file { w_file_perms }; # For ccci sysfs node allow mtkrild sysfs_ccci:dir search; allow mtkrild sysfs_ccci:file r_file_perms; allow init socket_device:sock_file { create unlink setattr }; #For Kryptowire mtklog issue allow mtkrild aee_aedv:unix_stream_socket connectto; # Allow ioctl in order to control network interface allowxperm mtkrild self:udp_socket ioctl {SIOCDELRT SIOCSIFFLAGS SIOCSIFADDR SIOCKILLADDR SIOCDEVPRIVATE SIOCDEVPRIVATE_1}; # Allow to use vendor binder vndbinder_use(mtkrild) # Allow to trigger IPv6 RS allow mtkrild node:rawip_socket node_bind; # Allow to use sysenv allow mtkrild sysfs:file open; allow mtkrild sysfs:file read; #Date : W18.15 #Purpose: allow rild access to vendor.ril.ipo system property set_prop(mtkrild, vendor_ril_ipo_prop) # Date : WK18.16 # Operation: P migration # Purpose: Allow mtkrild to get tel_switch_prop get_prop(mtkrild, tel_switch_prop) #Date: W1817 #Purpose: allow rild access property of vendor_radio_prop set_prop(mtkrild, vendor_radio_prop)