1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
type diag, domain;
type diag_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
domain_auto_trans(shell, diag_exec, diag)
#domain_auto_trans(adbd, diag_exec, diag)
file_type_auto_trans(diag, system_data_file, diag_data_file);
allow diag {
diag_device
devpts
console_device
# allow access to qseecom for drmdiagapp
tee_device
}:chr_file rw_file_perms;
allow diag {
shell
su
}:fd use;
allow diag {
cgroup
fuse
persist_drm_file
}:dir create_dir_perms;
allow diag port:tcp_socket name_connect;
allow diag self:capability { setuid net_raw sys_admin setgid dac_override };
allow diag self:capability2 syslog;
allow diag self:tcp_socket { create connect setopt};
wakelock_use(diag)
allow diag kernel:system syslog_mod;
# allow drmdiagapp access to drm related paths
allow diag persist_file:dir r_dir_perms;
r_dir_file(diag, persist_data_file)
# Write to drm related pieces of persist partition
allow diag persist_drm_file:file create_file_perms;
# For DiagExample daemon
init_daemon_domain(diag)
net_domain(diag)
allow diag fuse:dir r_dir_perms;
allow diag fuse:file r_file_perms;
r_dir_file(diag, storage_file)
r_dir_file(diag, mnt_user_file)
allow diag media_rw_data_file:file r_file_perms;
r_dir_file(diag, sdcardfs)
')
|
