android_device_mediatek_sep.../non_plat/fuelgauged.te

# ==============================================
# Policy File of /system/bin/fuelgauged Executable File 

# ==============================================
# Type Declaration
# ==============================================
type fuelgauged ,domain;
type fuelgauged_exec , exec_type, file_type, vendor_file_type;
type fuelgauged_file, file_type, data_file_type;

# ==============================================
# Android Policy Rule
# ==============================================

# ==============================================
# NSA Policy Rule
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================

init_daemon_domain(fuelgauged)

# Data : WK14.43
# Operation : Migration
# Purpose : Fuel Gauge daemon for access driver node
allow fuelgauged input_device:dir rw_dir_perms;
allow fuelgauged input_device:file r_file_perms;

# Data : WK14.43
# Operation : Migration
# Purpose : For meta tool calibration
allow fuelgauged mtk-adc-cali_device:chr_file rw_file_perms;

# Data : WK14.43
# Operation : Migration
# Purpose : For fg.log can be printed with kernel log
allow fuelgauged kmsg_device:chr_file w_file_perms;

# Data : WK14.43
# Operation : Migration
# Purpose : For fg daemon can comminucate with kernel
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.t
#allow fuelgauged fuelgauged:netlink_kobject_uevent_socket create_socket_perms;
#allow fuelgauged fuelgauged:netlink_socket create_socket_perms;
allow fuelgauged self:netlink_socket create;
allow fuelgauged self:netlink_socket create_socket_perms_no_ioctl;
allow fuelgauged self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };

# Data : WK16.21
# Operation : New Feature
# Purpose : For fg daemon can access /data/FG folder
#file_type_auto_trans(fuelgauged, system_data_file, fuelgauged_file);
#allow fuelgauged fuelgauged_file:file rw_file_perms;
#typeattribute fuelgauged data_between_core_and_vendor_violators;
#allow fuelgauged system_data_file:dir rw_dir_perms;

# Data : WK16.21
# Operation : New Feature
# Purpose : For fg daemon can do nvram r/w to save car_tune_value
#allow fuelgauged nvdata_file:dir rw_dir_perms;
#allow fuelgauged nvdata_file:file {rw_file_perms create_file_perms};
#allow fuelgauged nvram_data_file:lnk_file rw_file_perms;
#allow fuelgauged nvdata_file:lnk_file rw_file_perms;

# Data : WK16.39
#allow fuelgauged self:capability { chown fsetid dac_override };

# Data : W16.43
# Operation : New Feature
# Purpose : Change from /data to /cache
#allow fuelgauged cache_file:file {rw_file_perms create_file_perms};
#allow fuelgauged cache_file:dir {rw_dir_perms create_dir_perms};
#allow fuelgauged sysfs:file {rw_file_perms create_file_perms};

# Date: W17.22
# Operation : New Feature
# Purpose : Add for A/B system
allow fuelgauged kernel:system module_request;

# Date: W18.03
# Operation : change fuelgagued access from cache to nvcfg
# Purpose : add fuelgauged to nvcfg read write permit
allow fuelgauged nvcfg_file:dir { search write open read add_name create getattr};
allow fuelgauged nvcfg_file:file { read write getattr open create };

# Date: W18.17
# Operation : add label for /sys/devices/platform/battery(/.*)
# Purpose : add fuelgauged could access
allow fuelgauged battery_node:file { read open };
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`# ==============================================`
			`# Policy File of /system/bin/fuelgauged Executable File`

			`# ==============================================`
			`# Type Declaration`
			`# ==============================================`
			`type fuelgauged ,domain;`
			`type fuelgauged_exec , exec_type, file_type, vendor_file_type;`
			`type fuelgauged_file, file_type, data_file_type;`

			`# ==============================================`
			`# Android Policy Rule`
			`# ==============================================`

			`# ==============================================`
			`# NSA Policy Rule`
			`# ==============================================`

			`# ==============================================`
			`# MTK Policy Rule`
			`# ==============================================`

			`init_daemon_domain(fuelgauged)`

			`# Data : WK14.43`
			`# Operation : Migration`
			`# Purpose : Fuel Gauge daemon for access driver node`
			`allow fuelgauged input_device:dir rw_dir_perms;`
			`allow fuelgauged input_device:file r_file_perms;`

			`# Data : WK14.43`
			`# Operation : Migration`
			`# Purpose : For meta tool calibration`
			`allow fuelgauged mtk-adc-cali_device:chr_file rw_file_perms;`

			`# Data : WK14.43`
			`# Operation : Migration`
			`# Purpose : For fg.log can be printed with kernel log`
			`allow fuelgauged kmsg_device:chr_file w_file_perms;`

			`# Data : WK14.43`
			`# Operation : Migration`
			`# Purpose : For fg daemon can comminucate with kernel`
			`### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.t`
			`#allow fuelgauged fuelgauged:netlink_kobject_uevent_socket create_socket_perms;`
			`#allow fuelgauged fuelgauged:netlink_socket create_socket_perms;`
			`allow fuelgauged self:netlink_socket create;`
			`allow fuelgauged self:netlink_socket create_socket_perms_no_ioctl;`
			`allow fuelgauged self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };`

			`# Data : WK16.21`
			`# Operation : New Feature`
			`# Purpose : For fg daemon can access /data/FG folder`
[ALPS03890927] battery: fix sepolicy violation [Detail] 1. fix data between core and vendor violator 2. remove fuelgauged_static.te 3. remove fg daemon access nvram sepolicy 4. add label for battery MTK-Commit-Id: 1443b78b112739594e0633526c6966e4871bd125 Change-Id: I931a18bfb8ac963e71311ceace8a28b4a495e881 Signed-off-by: Timo Liao <timo.liao@mediatek.com> CR-Id: ALPS03890927 Feature: Fuel Gauge 2020-01-18 09:39:17 +08:00			`#file_type_auto_trans(fuelgauged, system_data_file, fuelgauged_file);`
			`#allow fuelgauged fuelgauged_file:file rw_file_perms;`
			`#typeattribute fuelgauged data_between_core_and_vendor_violators;`
			`#allow fuelgauged system_data_file:dir rw_dir_perms;`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00
			`# Data : WK16.21`
			`# Operation : New Feature`
			`# Purpose : For fg daemon can do nvram r/w to save car_tune_value`
[ALPS03890927] battery: fix sepolicy violation [Detail] 1. fix data between core and vendor violator 2. remove fuelgauged_static.te 3. remove fg daemon access nvram sepolicy 4. add label for battery MTK-Commit-Id: 1443b78b112739594e0633526c6966e4871bd125 Change-Id: I931a18bfb8ac963e71311ceace8a28b4a495e881 Signed-off-by: Timo Liao <timo.liao@mediatek.com> CR-Id: ALPS03890927 Feature: Fuel Gauge 2020-01-18 09:39:17 +08:00			`#allow fuelgauged nvdata_file:dir rw_dir_perms;`
			`#allow fuelgauged nvdata_file:file {rw_file_perms create_file_perms};`
			`#allow fuelgauged nvram_data_file:lnk_file rw_file_perms;`
			`#allow fuelgauged nvdata_file:lnk_file rw_file_perms;`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00
			`# Data : WK16.39`
[ALPS03825066] Resolve vendor violates [Detail] Google add new neverallows rules on android P, some rule violate the rules [Solution] Remove the rules which violate google new rules MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:29:34 +08:00			`#allow fuelgauged self:capability { chown fsetid dac_override };`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00
			`# Data : W16.43`
			`# Operation : New Feature`
			`# Purpose : Change from /data to /cache`
[ALPS03890927] battery: fix sepolicy violation [Detail] 1. fix data between core and vendor violator 2. remove fuelgauged_static.te 3. remove fg daemon access nvram sepolicy 4. add label for battery MTK-Commit-Id: 1443b78b112739594e0633526c6966e4871bd125 Change-Id: I931a18bfb8ac963e71311ceace8a28b4a495e881 Signed-off-by: Timo Liao <timo.liao@mediatek.com> CR-Id: ALPS03890927 Feature: Fuel Gauge 2020-01-18 09:39:17 +08:00			`#allow fuelgauged cache_file:file {rw_file_perms create_file_perms};`
			`#allow fuelgauged cache_file:dir {rw_dir_perms create_dir_perms};`
			`#allow fuelgauged sysfs:file {rw_file_perms create_file_perms};`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00
			`# Date: W17.22`
			`# Operation : New Feature`
			`# Purpose : Add for A/B system`
			`allow fuelgauged kernel:system module_request;`

			`# Date: W18.03`
			`# Operation : change fuelgagued access from cache to nvcfg`
			`# Purpose : add fuelgauged to nvcfg read write permit`
			`allow fuelgauged nvcfg_file:dir { search write open read add_name create getattr};`
			`allow fuelgauged nvcfg_file:file { read write getattr open create };`
[ALPS03890927] battery: fix sepolicy violation [Detail] 1. fix data between core and vendor violator 2. remove fuelgauged_static.te 3. remove fg daemon access nvram sepolicy 4. add label for battery MTK-Commit-Id: 1443b78b112739594e0633526c6966e4871bd125 Change-Id: I931a18bfb8ac963e71311ceace8a28b4a495e881 Signed-off-by: Timo Liao <timo.liao@mediatek.com> CR-Id: ALPS03890927 Feature: Fuel Gauge 2020-01-18 09:39:17 +08:00
			`# Date: W18.17`
			`# Operation : add label for /sys/devices/platform/battery(/.*)`
			`# Purpose : add fuelgauged could access`
			`allow fuelgauged battery_node:file { read open };`