Android_Device_Mediatek_Sep.../bsp/non_plat/mtkimsmddomain.te

# ==============================================
# Common SEPolicy Rule
# ==============================================

# IMCB
allow mtkimsmddomain ccci_device:chr_file { read write open };
allow mtkimsmddomain fwmarkd_socket:sock_file write;
allow mtkimsmddomain sysfs_ccci:dir search;
allow mtkimsmddomain sysfs_ccci:file r_file_perms;
allow mtkimsmddomain self:capability2 wake_alarm;
set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)
allow mtkimsmddomain self:capability { setuid setgid chown net_raw } ;

# Date : 2017/02/17
# Purpose : ptty
allow mtkimsmddomain devpts:chr_file { rw_file_perms setattr };

# UA
allow mtkimsmddomain volte_vt_socket:sock_file write;

# IMSM
allow mtkimsmddomain rild_imsm_socket:sock_file write;
allow mtkimsmddomain mtkrild:unix_stream_socket connectto;
allow mtkimsmddomain rild_mal_socket:sock_file write;
allow mtkimsmddomain rild_mal_at_socket:sock_file write;
allow mtkimsmddomain rild_mal_md2_socket:sock_file write;
allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;
unix_socket_send(mtkimsmddomain, wpa, wpa)
allow mtkimsmddomain wpa:unix_dgram_socket sendto;

# ePDG
allow mtkimsmddomain dnsproxyd_socket:sock_file write;
allow mtkimsmddomain ccci_device:chr_file { read write ioctl open };
allow mtkimsmddomain devpts:chr_file { read write open };

# MAL
allow mtkimsmddomain tmpfs:lnk_file read;

# VzW APN table
allow mtkimsmddomain mal_data_file:dir create_dir_perms;
allow mtkimsmddomain mal_data_file:file create_file_perms;

# ATCP
allow mtkimsmddomain devpts:chr_file { open read write ioctl };
allow mtkimsmddomain devpts:chr_file { getattr setattr };

# Netlink
allow mtkimsmddomain self:netlink_route_socket { bind create write nlmsg_read };

# RILD connection
allow mtkimsmddomain mtkrild:unix_stream_socket connectto;
allow mtkimsmddomain rild_mal_socket:sock_file write;
allow mtkimsmddomain rild_mal_at_socket:sock_file write;
allow mtkimsmddomain rild_mal_md2_socket:sock_file write;
allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;

# for RAN access wpa
unix_socket_send(mtkimsmddomain, wpa, wpa)
allow mtkimsmddomain wpa:unix_dgram_socket sendto;

# RILPROXY
allow mtkimsmddomain rild:unix_stream_socket connectto;

set_prop(mtkimsmddomain, vendor_mtk_operator_id_prop)

# Set permission for MAL
vndbinder_use(mtkimsmddomain)

# ViLTE
allow mtkimsmddomain vtservice_hidl:unix_stream_socket connectto;

# MD-AP
set_prop(mtkimsmddomain, vendor_mtk_radio_prop)
set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)
set_prop(mtkimsmddomain, vendor_mtk_md_version_prop)
set_prop(mtkimsmddomain, vendor_mtk_network_prop)
mtk-sepolicy: Initial SEPolicy rules 2022-08-14 15:07:12 +02:00			`# ==============================================`
			`# Common SEPolicy Rule`
			`# ==============================================`

			`# IMCB`
			`allow mtkimsmddomain ccci_device:chr_file { read write open };`
			`allow mtkimsmddomain fwmarkd_socket:sock_file write;`
			`allow mtkimsmddomain sysfs_ccci:dir search;`
			`allow mtkimsmddomain sysfs_ccci:file r_file_perms;`
			`allow mtkimsmddomain self:capability2 wake_alarm;`
			`set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)`
			`allow mtkimsmddomain self:capability { setuid setgid chown net_raw } ;`

			`# Date : 2017/02/17`
			`# Purpose : ptty`
			`allow mtkimsmddomain devpts:chr_file { rw_file_perms setattr };`

			`# UA`
			`allow mtkimsmddomain volte_vt_socket:sock_file write;`

			`# IMSM`
			`allow mtkimsmddomain rild_imsm_socket:sock_file write;`
			`allow mtkimsmddomain mtkrild:unix_stream_socket connectto;`
			`allow mtkimsmddomain rild_mal_socket:sock_file write;`
			`allow mtkimsmddomain rild_mal_at_socket:sock_file write;`
			`allow mtkimsmddomain rild_mal_md2_socket:sock_file write;`
			`allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;`
			`unix_socket_send(mtkimsmddomain, wpa, wpa)`
			`allow mtkimsmddomain wpa:unix_dgram_socket sendto;`

			`# ePDG`
			`allow mtkimsmddomain dnsproxyd_socket:sock_file write;`
			`allow mtkimsmddomain ccci_device:chr_file { read write ioctl open };`
			`allow mtkimsmddomain devpts:chr_file { read write open };`

			`# MAL`
			`allow mtkimsmddomain tmpfs:lnk_file read;`

			`# VzW APN table`
			`allow mtkimsmddomain mal_data_file:dir create_dir_perms;`
			`allow mtkimsmddomain mal_data_file:file create_file_perms;`

			`# ATCP`
			`allow mtkimsmddomain devpts:chr_file { open read write ioctl };`
			`allow mtkimsmddomain devpts:chr_file { getattr setattr };`

			`# Netlink`
			`allow mtkimsmddomain self:netlink_route_socket { bind create write nlmsg_read };`

			`# RILD connection`
			`allow mtkimsmddomain mtkrild:unix_stream_socket connectto;`
			`allow mtkimsmddomain rild_mal_socket:sock_file write;`
			`allow mtkimsmddomain rild_mal_at_socket:sock_file write;`
			`allow mtkimsmddomain rild_mal_md2_socket:sock_file write;`
			`allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;`

			`# for RAN access wpa`
			`unix_socket_send(mtkimsmddomain, wpa, wpa)`
			`allow mtkimsmddomain wpa:unix_dgram_socket sendto;`

			`# RILPROXY`
			`allow mtkimsmddomain rild:unix_stream_socket connectto;`

			`set_prop(mtkimsmddomain, vendor_mtk_operator_id_prop)`

			`# Set permission for MAL`
			`vndbinder_use(mtkimsmddomain)`

			`# ViLTE`
			`allow mtkimsmddomain vtservice_hidl:unix_stream_socket connectto;`

			`# MD-AP`
			`set_prop(mtkimsmddomain, vendor_mtk_radio_prop)`
			`set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)`
			`set_prop(mtkimsmddomain, vendor_mtk_md_version_prop)`
			`set_prop(mtkimsmddomain, vendor_mtk_network_prop)`