1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
# ==============================================
# Policy File of /vendor/bin/rild Executable File
# ==============================================
# Type Declaration
# ==============================================
# ==============================================
# MTK Policy Rule
# ==============================================
# Access to wake locks
wakelock_use(rild)
# Trigger module auto-load.
allow rild kernel:system module_request;
# Capabilities assigned for rild
allow rild self:capability { setuid net_admin net_raw };
# Control cgroups
allow rild cgroup:dir create_dir_perms;
# Property service
# allow set RIL related properties (radio./net./system./etc)
auditallow rild net_radio_prop:property_service set;
auditallow rild system_radio_prop:property_service set;
set_prop(rild, ril_active_md_prop)
# allow set muxreport control properties
set_prop(rild, ril_cdma_report_prop)
set_prop(rild, ril_mux_report_case_prop)
set_prop(rild, ctl_muxreport-daemon_prop)
# Access to wake locks
wakelock_use(rild)
# Allow access permission to efs files
allow rild efs_file:dir create_dir_perms;
allow rild efs_file:file create_file_perms;
allow rild bluetooth_efs_file:file r_file_perms;
allow rild bluetooth_efs_file:dir r_dir_perms;
# Allow access permission to dir/files
# (radio data/system data/proc/etc)
# Violate Android P rule
allow rild sdcardfs:dir r_dir_perms;
#allow rild system_file:file x_file_perms;
allow rild proc_net:file w_file_perms;
# Allow rild to create and use netlink sockets.
# Set and get routes directly via netlink.
allow rild self:netlink_route_socket nlmsg_write;
# Allow read/write to devices/files
allow rild radio_device:chr_file rw_file_perms;
allow rild radio_device:blk_file r_file_perms;
allow rild mtd_device:dir search;
# Allow read/write to tty devices
allow rild tty_device:chr_file rw_file_perms;
allow rild eemcs_device:chr_file { rw_file_perms };
#allow rild Vcodec_device:chr_file { rw_file_perms };
allow rild devmap_device:chr_file { r_file_perms };
allow rild devpts:chr_file { rw_file_perms };
allow rild ccci_device:chr_file { rw_file_perms };
allow rild misc_device:chr_file { rw_file_perms };
allow rild proc_lk_env:file rw_file_perms;
allow rild sysfs_vcorefs_pwrctrl:file { w_file_perms };
#allow rild bootdevice_block_device:blk_file { rw_file_perms };
allow rild para_block_device:blk_file { rw_file_perms };
# Allow dir search, fd uses
allow rild block_device:dir search;
allow rild platform_app:fd use;
allow rild radio:fd use;
# For MAL MFI
allow rild mal_mfi_socket:sock_file { w_file_perms };
# For ccci sysfs node
allow rild sysfs_ccci:dir search;
allow rild sysfs_ccci:file r_file_perms;
#Date : W17.18
#Purpose: Treble SEpolicy denied clean up
add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice)
allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find;
#Date : W17.21
#Purpose: Grant permission to access binder dev node
vndbinder_use(rild)
#Dat: 2017/03/27
#Purpose: allow set telephony Sensitive property
set_prop(rild, mtk_telephony_sensitive_prop)
# For AGPSD
allow rild mtk_agpsd:unix_stream_socket connectto;
#Date 2017/10/12
#Purpose: allow set MTU size
#allow rild toolbox_exec:file getattr;
allow rild mtk_net_ipv6_prop:property_service set;
#Date: 2017/12/6
#Purpose: allow set the RS times for /proc/sys/net/ipv6/conf/ccmniX/router_solicitations
allow rild vendor_shell_exec:file {execute_no_trans};
allow rild vendor_toolbox_exec:file {execute_no_trans};
# Date : WK18.16
# Operation: P migration
# Purpose: Allow rild to get tel_switch_prop
get_prop(rild, tel_switch_prop)
#Date: W1817
#Purpose: allow rild access property of vendor_radio_prop
set_prop(rild, vendor_radio_prop)
#Date : W18.21
#Purpose: allow rild access to vendor.ril.ipo system property
set_prop(rild, vendor_ril_ipo_prop)
# Date : WK18.26
# Operation: P migration
# Purpose: Allow carrier express HIDL to set vendor property
set_prop(rild, mtk_cxp_vendor_prop)
allow rild mnt_vendor_file:dir search;
allow rild mnt_vendor_file:file create_file_perms;
allow rild nvdata_file:dir create_dir_perms;
allow rild nvdata_file:file create_file_perms;
#Date : W18.29
#Purpose: allow rild access binder to mtk_hal_secure_element
allow rild mtk_hal_secure_element:binder call;
# Date : WK18.31
# Operation: P migration
# Purpose: Allow supplementary service HIDL to set vendor property
set_prop(rild, mtk_ss_vendor_prop)
# Date : 2018/2/27
# Purpose : for NVRAM recovery mechanism
set_prop(rild,powerctl_prop);
# Date: 2019/06/14
# Operation : Migration
allow rild proc_cmdline:file r_file_perms;
# Date: 2019/07/18
# Operation: AP wifi path
# Purpose: Allow packet can be filtered by RILD process
allow rild self:netlink_netfilter_socket { create_socket_perms_no_ioctl };
# Date : 2019/08/29
# Purpose: Allow rild to access proc/aed/reboot-reason
allow rild proc_aed_reboot_reason:file rw_file_perms;
# Date: 2019/11/15
# Operation: RILD init flow
# Purpose: To handle illegal rild started
set_prop(rild, gsm0710muxd_prop)
|
