NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/thermal_manager.te

53 lines
2.2 KiB
Plaintext
Raw Normal View History

import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
2020-01-18 09:29:32 +08:00
# ==============================================
# Policy File of /system/bin/thermal_manager Executable File
# ==============================================
# Type Declaration
# ==============================================
type thermal_manager_exec , exec_type, file_type, vendor_file_type;
type thermal_manager ,domain;
# ==============================================
# MTK Policy Rule
# ==============================================
init_daemon_domain(thermal_manager)
allow thermal_manager proc_mtkcooler:dir search;
allow thermal_manager proc_mtktz:dir search;
allow thermal_manager proc_thermal:dir search;
allow thermal_manager proc_mtkcooler:file rw_file_perms;
allow thermal_manager proc_mtktz:file rw_file_perms;
allow thermal_manager proc_thermal:file rw_file_perms;
[ALPS03825066] P migration selinux build failed fix 1. Mark polices which accessing proc/sysfs file system 2. Add violator attribute to modules violate vendor/system rule. MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8 Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:36 +08:00
typeattribute thermal_manager data_between_core_and_vendor_violators;
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
2020-01-18 09:29:32 +08:00
allow thermal_manager system_data_file:dir { write add_name };
[ALPS03825066] Resolve vendor violates [Detail] Google add new neverallows rules on android P, some rule violate the rules [Solution] Remove the rules which violate google new rules MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:34 +08:00
#allow thermal_manager self:capability { fowner chown fsetid dac_override };
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
2020-01-18 09:29:32 +08:00
# Date : WK15.30
# Operation : Migration
# Purpose : Use file_type_auto_trans to specify label to avoid violated(never allow)
#allow thermal_manager thermal_manager_data_file:file { create write read open setattr write lock};
allow thermal_manager thermal_manager_data_file:dir { rw_dir_perms setattr };
allow thermal_manager mediaserver:fd use;
allow thermal_manager mediaserver:fifo_file { read write };
#allow thermal_manager pq:fd use;
allow thermal_manager mediaserver:tcp_socket { read write };
# Date : WK16.30
# Operation : Migration
# Purpose : Use file_type_auto_trans to specify label to avoid violated(never allow)
allow thermal_manager camera_isp_device:chr_file { read write };
allow thermal_manager cameraserver:fd use;
allow thermal_manager kd_camera_hw_device:chr_file { read write };
allow thermal_manager MTK_SMI_device:chr_file read;
allow thermal_manager property_socket:sock_file write;
allow thermal_manager surfaceflinger:fd use;
allow thermal_manager init:unix_stream_socket connectto;
allow thermal_manager sysfs:file write;
# Date : WK17.12
# Operation : Migration
# Purpose : Allow thermal_manager to notify SPA.
allow thermal_manager mtk_thermal_config_prop:file { getattr open read };
allow thermal_manager mtk_thermal_config_prop:property_service set;
Reference in New Issue Copy Permalink