2020-01-18 09:29:32 +08:00
|
|
|
# ==============================================
|
|
|
|
|
# Policy File of /system/bin/em_svr Executable File
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# Type Declaration
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
type em_svr_exec , exec_type, file_type;
|
|
|
|
|
typeattribute em_svr coredomain;
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# Android Policy Rule
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# NSA Policy Rule
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# MTK Policy Rule
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
init_daemon_domain(em_svr)
|
|
|
|
|
|
|
|
|
|
# Date: W14.38 2014/09/17
|
|
|
|
|
# Operation : Migration
|
|
|
|
|
# Purpose : for em_svr
|
2020-01-18 09:29:36 +08:00
|
|
|
#allow em_svr proc:file write;
|
|
|
|
|
#allow em_svr sysfs:file write;
|
2020-01-18 09:29:32 +08:00
|
|
|
allow em_svr shell_exec:file { read execute open getattr execute_no_trans };
|
|
|
|
|
allow em_svr system_file:file execute_no_trans;
|
|
|
|
|
allow em_svr block_device:dir search;
|
|
|
|
|
allow em_svr graphics_device:chr_file { read write open ioctl};
|
|
|
|
|
allow em_svr graphics_device:dir search;
|
|
|
|
|
allow em_svr radio_data_file:dir { search write add_name create };
|
|
|
|
|
allow em_svr radio_data_file:file { create write open read };
|
2020-01-18 09:29:36 +08:00
|
|
|
#allow em_svr sysfs_devices_system_cpu:file write;
|
2020-01-18 09:29:34 +08:00
|
|
|
#allow em_svr self:capability { dac_override sys_nice fowner chown fsetid };
|
2020-01-18 09:29:32 +08:00
|
|
|
allow em_svr self:process execmem;
|
|
|
|
|
allow em_svr system_data_file:dir { write remove_name add_name relabelfrom create open };
|
|
|
|
|
allow em_svr kernel:system module_request;
|
|
|
|
|
allow em_svr sdcard_type:dir create_dir_perms;
|
|
|
|
|
allow em_svr sdcard_type:file create_file_perms;
|
|
|
|
|
|
|
|
|
|
# Date: 2015/08/09
|
|
|
|
|
# Operation : M Migration
|
|
|
|
|
# Purpose : set policy for surfaceflinger_service
|
|
|
|
|
allow em_svr surfaceflinger_service:service_manager find;
|
|
|
|
|
|
|
|
|
|
# Date: 2015/08/21
|
|
|
|
|
# Operation : M Migration
|
|
|
|
|
# Purpose : set policy for sysfs:dir
|
|
|
|
|
allow em_svr sysfs:dir write;
|
|
|
|
|
|
|
|
|
|
# for use binder
|
|
|
|
|
binder_use(em_svr)
|
|
|
|
|
binder_call(em_svr, surfaceflinger)
|
|
|
|
|
|
|
|
|
|
# Date: 2017/07/19
|
|
|
|
|
# Operation : O Migration
|
|
|
|
|
# Purpose : add policy for desense/Power/Memory access system file
|
|
|
|
|
allow em_svr toolbox_exec:file { getattr execute read open execute_no_trans };
|
|
|
|
|
allow em_svr vendor_toolbox_exec:file { getattr };
|
2020-01-18 09:29:36 +08:00
|
|
|
#allow em_svr proc:file { open read };
|
|
|
|
|
#allow em_svr sysfs:file { read };
|
2020-01-18 09:29:32 +08:00
|
|
|
|
|
|
|
|
# Date: 2017/07/19
|
|
|
|
|
# Operation : O Migration
|
|
|
|
|
# Purpose : add policy for PSensorThreshold/PSensorData read nvram file
|
|
|
|
|
allow em_svr system_data_file:lnk_file { read };
|
|
|
|
|
|
|
|
|
|
# Date: 2015/09/16
|
|
|
|
|
# Operation : M Migration
|
|
|
|
|
# Purpose : add policy for system data file access
|
|
|
|
|
allow em_svr system_data_file:file open;
|
|
|
|
|
|
|
|
|
|
# Date: 2017/07/13
|
|
|
|
|
# Operation: O Migration
|
|
|
|
|
# Purpose: add policy for backlight file access
|
|
|
|
|
allow em_svr sysfs_leds:dir search;
|
|
|
|
|
allow em_svr sysfs_leds:lnk_file read;
|
2020-01-18 09:29:36 +08:00
|
|
|
#allow em_svr sysfs:file open;
|
2020-01-18 09:29:32 +08:00
|
|
|
|
|
|
|
|
# Date: WK1742
|
|
|
|
|
# Purpose: add em_svr to access md log filter in sdcard
|
|
|
|
|
allow em_svr media_rw_data_file:dir { read write search open add_name };
|
|
|
|
|
allow em_svr media_rw_data_file:file { write create open };
|
