51 lines
1.6 KiB
Plaintext
51 lines
1.6 KiB
Plaintext
# ==============================================
|
|
# Policy File of /system/bin/wfca Executable File
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
type wfca, domain, mtkimsmddomain;
|
|
type wfca_exec, exec_type, file_type, vendor_file_type;
|
|
|
|
# ==============================================
|
|
# Common SEPolicy Rule
|
|
# ==============================================
|
|
# permissive wfca;
|
|
init_daemon_domain(wfca)
|
|
net_domain(wfca)
|
|
|
|
# Date : WK14.42
|
|
# Operation : Migration
|
|
# Purpose : for WFCA send RTP/RTCP
|
|
allow wfca self:capability { net_raw setuid setgid net_admin};
|
|
allow wfca self:udp_socket { create write bind read setopt ioctl getattr shutdown };
|
|
allow wfca node:udp_socket node_bind;
|
|
allow wfca port:udp_socket name_bind;
|
|
allow wfca fwmarkd_socket:sock_file write;
|
|
|
|
# Date : 2015/03/27
|
|
# Operation : Migration
|
|
# Purpose : for access ccci device
|
|
allow wfca ccci_device:chr_file { read write open ioctl };
|
|
|
|
# Purpose : for WakeUpLock
|
|
allow wfca sysfs_wake_lock:file { read write open };
|
|
|
|
# Purpose : for raw socket
|
|
allow wfca self:rawip_socket { create write bind setopt read getattr};
|
|
allow wfca node:rawip_socket {node_bind};
|
|
|
|
# Date : 2015/06/25
|
|
# Purpose : for UA socket pass
|
|
allow wfca volte_ua:fd use;
|
|
allow wfca volte_ua:udp_socket {read write setopt getattr getopt shutdown};
|
|
|
|
# Purpose : For Ping ICMP feature
|
|
allow wfca self:packet_socket { read create setopt };
|
|
|
|
# Purpose : add Vinson permission
|
|
dontaudit wfca self:capability dac_override;
|
|
allow wfca self:capability2 block_suspend;
|
|
|
|
allow wfca wfca_socket:sock_file write;
|