android_device_mediatek_sep.../non_plat/adbd.te

# ==============================================
# MTK Policy Rule
# ============

#permissive adbd;

# Date : WK14.27
# Operation : KK.AOSP SQC
# Purpose : MTK snapshot-related mechanism
allow adbd graphics_device:chr_file r_file_perms;

# Date : WK14.27
# Operation : KK.AOSP SQC
# Purpose : A process wants to access a specific path. For example : shell:ls -l /data/data/
#allow adbd platform_app_data_file:dir ra_dir_perms;
#allow adbd platform_app_data_file:file create_file_perms;
#allow adbd radio_data_file:file r_file_perms;

# Date : WK14.27
# Operation : KK.AOSP SQC
# Purpose : shell:logcat -v threadtime
allow adbd self:capability2 syslog;

allow adbd block_device:dir r_dir_perms;
allow adbd kernel:process setsched;
#allow adbd self:capability { net_raw ipc_lock dac_override };
allow adbd system_data_file:dir w_dir_perms;
file_type_auto_trans(adbd, system_data_file, adbd_data_file)
allow adbd adbd_data_file:file create_file_perms;

# Date : WK14.46
# Operation : Migration
# Purpose : for MTK Emulator HW GPU
allow adbd qemu_pipe_device:chr_file rw_file_perms;

# user load adb pull /data/aee_exp db
typeattribute adbd data_between_core_and_vendor_violators;
allow adbd aee_exp_data_file:dir r_dir_perms;
allow adbd aee_exp_data_file:file r_file_perms;

# call screencap by DDMS
allow adbd surfaceflinger:dir search;
allow adbd surfaceflinger:file r_file_perms;

# Date : WK14.48
# Operation : L0 SQC
# Purpose : push/pull files to specific folders
allow adbd sf_rtt_file:dir getattr;

# Date : WK15.35
# Operation : Migration
# Purpose: Allow adbd to read binder from surfaceflinger
allow adbd surfaceflinger:fifo_file rw_file_perms;

# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow adbd proc_ged:file {open read write ioctl getattr};

# Data : WK16.42
# Operator: Whitney bring up
# Purpose: call surfaceflinger due to powervr
allow adbd surfaceflinger:fifo_file rw_file_perms;

# Data : WK16.45
# Operator: Whitney SQC
# Purpose: gpu_device uses adbd to screencap
allow adbd gpu_device:dir search;

# Data : WK17.46
# Operator: Migration
# Purpose: Allow adbd to read KE DB
allow adbd aee_dumpsys_data_file:file r_file_perms;
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`# ==============================================`
			`# MTK Policy Rule`
			`# ============`

			`#permissive adbd;`

			`# Date : WK14.27`
			`# Operation : KK.AOSP SQC`
			`# Purpose : MTK snapshot-related mechanism`
			`allow adbd graphics_device:chr_file r_file_perms;`

			`# Date : WK14.27`
			`# Operation : KK.AOSP SQC`
			`# Purpose : A process wants to access a specific path. For example : shell:ls -l /data/data/`
			`#allow adbd platform_app_data_file:dir ra_dir_perms;`
			`#allow adbd platform_app_data_file:file create_file_perms;`
			`#allow adbd radio_data_file:file r_file_perms;`

			`# Date : WK14.27`
			`# Operation : KK.AOSP SQC`
			`# Purpose : shell:logcat -v threadtime`
			`allow adbd self:capability2 syslog;`

			`allow adbd block_device:dir r_dir_perms;`
			`allow adbd kernel:process setsched;`
[ALPS03825066] Resolve vendor violates [Detail] Google add new neverallows rules on android P, some rule violate the rules [Solution] Remove the rules which violate google new rules MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:29:34 +08:00			`#allow adbd self:capability { net_raw ipc_lock dac_override };`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`allow adbd system_data_file:dir w_dir_perms;`
			`file_type_auto_trans(adbd, system_data_file, adbd_data_file)`
			`allow adbd adbd_data_file:file create_file_perms;`

			`# Date : WK14.46`
			`# Operation : Migration`
			`# Purpose : for MTK Emulator HW GPU`
			`allow adbd qemu_pipe_device:chr_file rw_file_perms;`

			`# user load adb pull /data/aee_exp db`
[ALPS03825066] P migration selinux build failed fix 1. Mark polices which accessing proc/sysfs file system 2. Add violator attribute to modules violate vendor/system rule. MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8 Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:29:36 +08:00			`typeattribute adbd data_between_core_and_vendor_violators;`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`allow adbd aee_exp_data_file:dir r_dir_perms;`
			`allow adbd aee_exp_data_file:file r_file_perms;`

			`# call screencap by DDMS`
			`allow adbd surfaceflinger:dir search;`
			`allow adbd surfaceflinger:file r_file_perms;`

			`# Date : WK14.48`
			`# Operation : L0 SQC`
			`# Purpose : push/pull files to specific folders`
			`allow adbd sf_rtt_file:dir getattr;`

			`# Date : WK15.35`
			`# Operation : Migration`
			`# Purpose: Allow adbd to read binder from surfaceflinger`
			`allow adbd surfaceflinger:fifo_file rw_file_perms;`

			`# Date : WK16.33`
			`# Purpose: Allow to access ged for gralloc_extra functions`
			`allow adbd proc_ged:file {open read write ioctl getattr};`

			`# Data : WK16.42`
			`# Operator: Whitney bring up`
			`# Purpose: call surfaceflinger due to powervr`
			`allow adbd surfaceflinger:fifo_file rw_file_perms;`

			`# Data : WK16.45`
			`# Operator: Whitney SQC`
			`# Purpose: gpu_device uses adbd to screencap`
			`allow adbd gpu_device:dir search;`

			`# Data : WK17.46`
			`# Operator: Migration`
			`# Purpose: Allow adbd to read KE DB`
			`allow adbd aee_dumpsys_data_file:file r_file_perms;`