common/rmt_storage.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

# rmt_storage - rmt_storage daemon
type rmt_storage, domain, domain_deprecated;
type rmt_storage_exec, exec_type, file_type;
init_daemon_domain(rmt_storage)

allow rmt_storage {
    modem_efs_partition_device
    root_block_device
    ssd_device
}:blk_file rw_file_perms;
allow rmt_storage block_device:dir r_dir_perms;
allow rmt_storage cgroup:dir create_dir_perms;
allow rmt_storage { smem_log_device uio_device }:chr_file rw_file_perms;

# sys_admin is needed for ioprio_set
allow rmt_storage self:capability {
    setuid
    setgid
    sys_admin
    net_bind_service
    setpcap
};

#For set the ctl properties
unix_socket_connect(rmt_storage, property, init)
allow rmt_storage ctl_default_prop:property_service set;

#For Wakelocks
wakelock_use(rmt_storage)

allow rmt_storage self:socket create_socket_perms;
allow rmt_storage uio_device:chr_file rw_file_perms;

#For access to the kmsg device
allow rmt_storage kmsg_device:chr_file w_file_perms;

#debugfs access
userdebug_or_eng(`
typeattribute rmt_storage qti_debugfs_domain;
allow rmt_storage debugfs:dir r_dir_perms;
allow rmt_storage debugfs:file rw_file_perms;
')