32 lines
953 B
Plaintext
32 lines
953 B
Plaintext
|
# ==============================================
|
||
|
|
# Common SEPolicy Rule
|
||
|
|
# ==============================================
|
||
|
|
|
||
|
|
# Date : WK16.33
|
||
|
|
# Purpose: Allow to access ged for gralloc_extra functions
|
||
|
|
allow zygote proc_ged:file rw_file_perms;
|
||
|
|
|
||
|
|
# Date : WK17.02
|
||
|
|
# Purpose: Allow to access gpu for memtrack functions
|
||
|
|
allow zygote gpu_device:dir search;
|
||
|
|
allow zygote gpu_device:chr_file rw_file_perms;
|
||
|
|
|
||
|
|
allow zygote proc_bootprof:file rw_file_perms;
|
||
|
|
allow zygote proc_uptime:file rw_file_perms;
|
||
|
|
|
||
|
|
# Date : WK21.29
|
||
|
|
# Purpose: Allow Zygote to unmount labeledfs
|
||
|
|
allow zygote labeledfs:filesystem { unmount };
|
||
|
|
|
||
|
|
# Date : WK21.41
|
||
|
|
# Purpose: Allow Zygote to access cgroup for statsd functions
|
||
|
|
allow zygote cgroup:file setattr;
|
||
|
|
|
||
|
|
# Date : WK21.47
|
||
|
|
# Purpose: dontaudit Zygote set its the nice value
|
||
|
|
dontaudit zygote self:capability sys_nice;
|
||
|
|
|
||
|
|
# Date : WK22.04
|
||
|
|
# Purpose: dontaudit Zygote write system_file when restarting Android
|
||
|
|
dontaudit zygote system_file:dir write;
|