1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
#integrated process
type mmi, domain, domain_deprecated;
type mmi_exec, exec_type, file_type;
#started by init
init_daemon_domain(mmi)
#self capability
allow mmi self:socket create_socket_perms;
allow mmi self:{ netlink_socket netlink_generic_socket } create_socket_perms;
allow mmi self:udp_socket create_socket_perms;
allow mmi self:capability { sys_nice dac_override setuid setgid fowner chown fsetid kill net_admin sys_module net_raw};
allow mmi self:capability2 wake_alarm;
#For various devices
allow mmi sysfs:file w_file_perms;
allow mmi graphics_device:dir r_dir_perms;
allow mmi graphics_device:chr_file rw_file_perms;
allow mmi input_device:chr_file r_file_perms;
allow mmi input_device:dir r_dir_perms;
allow mmi nfc_device:chr_file rw_file_perms;
allow mmi shell_exec:file rx_file_perms;
wakelock_use(mmi)
#FTM_AP folder permissions
file_type_auto_trans(mmi, cache_file, mmi_data_file);
allow mmi mmi_data_file:dir rw_dir_perms;
allow mmi mmi_data_file:file create_file_perms;
#socket
unix_socket_connect(mmi, property, init)
allow mmi socket_device:dir w_dir_perms;
#allow mmi set system prop,sensor need write persist
allow mmi powerctl_prop:property_service set;
allow mmi persist_file:dir r_dir_perms;
allow mmi sensors_persist_file:dir create_dir_perms;
allow mmi sensors_persist_file:file create_file_perms;
#wifi case
allow mmi system_file:file x_file_perms;
allow mmi wpa_exec:file rx_file_perms;
allow mmi wcnss_service_exec:file rx_file_perms;
allow mmi kernel:key search;
allow mmi kernel:system module_request;
allow mmi toolbox_exec:file rx_file_perms;
allow mmi system_file:system module_load;
#audio case
allow mmi audio_device:dir r_dir_perms;
allow mmi audio_device:chr_file rw_file_perms;
#FM case
allow mmi fm_radio_device:chr_file r_file_perms;
allow mmi fm_data_file:file r_file_perms;
allow mmi fm_prop:property_service set;
allow mmi ctl_default_prop:property_service set;
#bluetooth case
allow mmi bluetooth_data_file:dir rw_dir_perms;
allow mmi bluetooth_data_file:file create_file_perms;
allow mmi bluetooth_prop:property_service set;
allow mmi smd_device:chr_file rw_file_perms;
allow mmi persist_bluetooth_file:file r_file_perms;
allow mmi wcnss_filter:unix_stream_socket connectto;
#GPS case
allow mmi location_data_file:fifo_file create_file_perms;
allow mmi location_data_file:dir create_dir_perms;
allow mmi location_data_file:file create_file_perms;
allow mmi mmi_socket:sock_file create_file_perms;
type_transition mmi socket_device:sock_file mmi_socket;
allow mmi location_exec:file rx_file_perms;
allow mmi smem_log_device:chr_file rw_file_perms;
allow mmi ssr_device:chr_file r_file_perms;
#SD card case
allow mmi sd_device:blk_file rw_file_perms;
allow mmi block_device:blk_file getattr;
allow mmi block_device:dir r_dir_perms;
#camera
allow mmi video_device:chr_file rw_file_perms;
allow mmi camera_data_file:sock_file write;
allow mmi camera_data_file:dir r_dir_perms;
allow mmi mm-qcamerad:unix_dgram_socket sendto;
#nfc case
allow mmi nfc_data_file:dir rw_dir_perms;
allow mmi nfc_data_file:file create_file_perms;
#simcard
qmux_socket(mmi);
#allow mmi access chgdiabled prop
allow mmi chgdiabled_prop:property_service set;
#Allow mmi operate on surfaceflinger
allow mmi surfaceflinger:fd use;
allow mmi surfaceflinger_service:service_manager find;
#Allow mmi to use IPC
binder_use(mmi)
binder_call(mmi,surfaceflinger)
#sensor cases
unix_socket_connect(mmi, sensors, sensors);
allow mmi sensors_device:chr_file r_file_perms;
#logcat
domain_auto_trans(mmi, logcat_exec, logd);
#access kmsg device for logging
allow mmi kmsg_device:chr_file rw_file_perms;
#mmi test
unix_socket_connect(mmi, cnd, cnd);
unix_socket_connect(mmi, dpmwrapper, dpmd);
unix_socket_connect(mmi, netmgrd, netmgrd);
net_domain(mmi);
#allow mmi access boot mode switch
allow mmi boot_mode_prop:property_service set;
#diag
userdebug_or_eng(`
diag_use(mmi)
')
|
