NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Android_Device_Mediatek_Sep.../bsp/plat_private/aal.te
TheMalachite 961041ba3e mtk-sepolicy: Initial SEPolicy rules
2022-08-14 15:07:12 +02:00

47 lines
1.5 KiB
Plaintext
Raw Blame History

# ==============================================
# Policy File of /system/bin/aal Executable File
# ==============================================
# Common SEPolicy Rule
# ==============================================
typeattribute aal coredomain;
type aal_exec, system_file_type, exec_type, file_type;
init_daemon_domain(aal)
# Date : 2014/09/09 (or WK14.37)
# Operation : Migration
# Purpose : allow Binder IPC
binder_use(aal)
binder_call(aal, binderservicedomain)
binder_service(aal)
# Date : WK14.41
# Operation : Migration
# Purpose : All enforing mode
allow aal graphics_device:chr_file r_file_perms;
allow aal graphics_device:dir search;
allow aal aal_service:service_manager add;
# Date : WK15.37
# Operation : Migration
# Purpose : Allow permission check
allow aal permission_service:service_manager { find };
# Date : WK17.26
# Operation : Migration
# Purpose : Allow permission to get AmbientLux from SensorManager
# denied { find } for service=sensorservice pid=441 uid=1000 scontext=u:r:aal:s0
# tcontext=u:object_r:sensorservice_service:s0 tclass=service_manager
allow aal sensorservice_service:service_manager { find };
# denied { read write } for path="socket:[25560]" dev="sockfs" ino=25560 scontext=u:r:aal:s0
# tcontext=u:r:system_server:s0 tclass=unix_stream_socket permissive=0
allow aal system_server:unix_stream_socket { read write };
# Date : WK18.28
# Operation : P0 Migration
# Purpose : Allow permission to set property
set_prop(aal, system_mtk_aal_prop)
Reference in New Issue View Git Blame Copy Permalink