blob: 677c01c0c4369268da8c1f1604e2b4c157e7b797 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# ==============================================
# MTK Policy Rule
# ==============================================
# Grant read access to mtk core property type which represents all
# mtk properties except those with ctl_xxx prefix.
# Align Google change: f01453ad453b29dd723838984ea03978167491e5
get_prop(domain, mtk_core_property_type)
# Allow all processes to search /sys/kernel/debug/binder/ since it's has been
# labeled with specific debugfs label and many violations to dir search debugfs_binder
# are observed. Grant domain to suppress the violations as originally "debugfs:dir search"
# is also allowed to domain as well in Google default domain.te
allow domain debugfs_binder:dir search;
# Allow all processes to read /sys/bus/platform/drivers/dev_info/dev_info
# as it is a public interface for all processes to read some OTP data.
allow domain sysfs_devinfo:file r_file_perms;
# Date:20170519
# Purpose: Full treble bootup issue, coredomain need to access libudf.so where
# located on /vendor.
# TODO:: In O MR1 may need to change design
allow coredomain vendor_file:dir r_dir_perms;
allow coredomain vendor_file:file { read open getattr execute };
allow coredomain vendor_file:lnk_file { getattr read };
# Date:20170630
# Purpose: allow trusted process to connect aee daemon
allow {
coredomain
-untrusted_app_all
-untrusted_v2_app
} aee_aed:unix_stream_socket connectto;
allow { domain -coredomain -hal_configstore_server } aee_aedv:unix_stream_socket connectto;
|
