common/port-bridge.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

type port-bridge, domain;
type port-bridge_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(port-bridge)

userdebug_or_eng(`
  domain_auto_trans(shell, port-bridge_exec, netmgrd)
  #domain_auto_trans(adbd, port-bridge_exec, netmgrd)
  diag_use(port-bridge)
')

# Allow operations on different types of sockets
allow port-bridge port-bridge:netlink_kobject_uevent_socket { create bind read };

# Allow process capabilities
allow port-bridge port-bridge:capability dac_override;

allow port-bridge {
    # Allow operations on mhi transport
    mhi_device
    # Allow operations on gadget serial device
    gadget_serial_device
    # Allow operations on ATCoP g-link transport
    at_device
}:chr_file rw_file_perms;

# Allow write permissions for log file
allow port-bridge port_bridge_data_file:file create_file_perms;
allow port-bridge port_bridge_data_file:dir w_dir_perms;

#access ipa sysfs node
allow port-bridge sysfs:file r_file_perms;
allow port-bridge sysfs_data:file r_file_perms;