2020-01-18 09:29:32 +08:00
|
|
|
# ==============================================
|
|
|
|
|
# Policy File of /vendor/bin/sysenv_daemon Executable File
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# Type Declaration
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
type sysenv_daemon_exec , exec_type, file_type, vendor_file_type;
|
|
|
|
|
type sysenv_daemon ,domain;
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# Android Policy Rule
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# NSA Policy Rule
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# MTK Policy Rule
|
|
|
|
|
# ==============================================
|
|
|
|
|
init_daemon_domain(sysenv_daemon)
|
|
|
|
|
|
|
|
|
|
# Date : WK16.24
|
|
|
|
|
# Operation : Create
|
|
|
|
|
# Purpose : move sysenv to userspace.
|
|
|
|
|
allow sysenv_daemon block_device:dir search;
|
|
|
|
|
allow sysenv_daemon para_block_device:blk_file rw_file_perms;
|
|
|
|
|
allow sysenv_daemon proc_lk_env:file rw_file_perms;
|
|
|
|
|
allow sysenv_daemon self:netlink_socket { read bind create };
|
|
|
|
|
|
|
|
|
|
# Date : WK17.29
|
|
|
|
|
# Operation : Migration
|
|
|
|
|
# Purpose : for device bring up, not to block early SQC
|
|
|
|
|
allow sysenv_daemon sysfs:file { open read };
|
|
|
|
|
|
|
|
|
|
# Date : WK17.43
|
|
|
|
|
# Operation : Migration
|
|
|
|
|
# Purpose : to access mtd device
|
|
|
|
|
allow sysenv_daemon mtd_device:blk_file { open read write };
|
|
|
|
|
|
2020-01-18 10:02:13 +08:00
|
|
|
# Date: WK18.02
|
|
|
|
|
# Operation: Create
|
|
|
|
|
# Purpose : get device path by read fstab in read/write lk_env
|
|
|
|
|
allow sysenv_daemon sysfs:dir { read open };
|
|
|
|
|
allow sysenv_daemon sysfs:file getattr;
|
|
|
|
|
|
