2020-01-18 09:29:32 +08:00
|
|
|
# ==============================================
|
|
|
|
|
# Policy File of /vendor/bin/rild Executable File
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# Type Declaration
|
|
|
|
|
# ==============================================
|
|
|
|
|
|
|
|
|
|
# ==============================================
|
|
|
|
|
# MTK Policy Rule
|
|
|
|
|
# ==============================================
|
|
|
|
|
# Access to wake locks
|
|
|
|
|
wakelock_use(rild)
|
|
|
|
|
# Trigger module auto-load.
|
|
|
|
|
allow rild kernel:system module_request;
|
|
|
|
|
|
|
|
|
|
# Capabilities assigned for rild
|
|
|
|
|
allow rild self:capability { setuid net_admin net_raw };
|
2020-01-18 09:29:34 +08:00
|
|
|
#allow rild self:capability dac_override;
|
2020-01-18 09:29:32 +08:00
|
|
|
|
|
|
|
|
# Control cgroups
|
|
|
|
|
allow rild cgroup:dir create_dir_perms;
|
|
|
|
|
|
|
|
|
|
# Property service
|
|
|
|
|
# allow set RIL related properties (radio./net./system./etc)
|
2020-01-18 09:35:54 +08:00
|
|
|
#set_prop(rild, radio_prop)
|
|
|
|
|
#set_prop(rild, net_radio_prop)
|
|
|
|
|
#set_prop(rild, system_radio_prop)
|
2020-01-18 09:29:32 +08:00
|
|
|
set_prop(rild, persist_ril_prop)
|
|
|
|
|
auditallow rild net_radio_prop:property_service set;
|
|
|
|
|
auditallow rild system_radio_prop:property_service set;
|
|
|
|
|
set_prop(rild, ril_active_md_prop)
|
|
|
|
|
# allow set muxreport control properties
|
|
|
|
|
set_prop(rild, ril_cdma_report_prop)
|
|
|
|
|
set_prop(rild, ril_mux_report_case_prop)
|
|
|
|
|
set_prop(rild, ctl_muxreport-daemon_prop)
|
|
|
|
|
|
|
|
|
|
# Access to wake locks
|
|
|
|
|
wakelock_use(rild)
|
|
|
|
|
|
|
|
|
|
# Allow access permission to efs files
|
|
|
|
|
allow rild efs_file:dir create_dir_perms;
|
|
|
|
|
allow rild efs_file:file create_file_perms;
|
|
|
|
|
allow rild bluetooth_efs_file:file r_file_perms;
|
|
|
|
|
allow rild bluetooth_efs_file:dir r_dir_perms;
|
|
|
|
|
|
|
|
|
|
# Allow access permission to dir/files
|
|
|
|
|
# (radio data/system data/proc/etc)
|
2020-01-18 09:30:03 +08:00
|
|
|
# Violate Android P rule
|
|
|
|
|
#allow rild radio_data_file:dir rw_dir_perms;
|
|
|
|
|
#allow rild radio_data_file:file create_file_perms;
|
2020-01-18 09:29:32 +08:00
|
|
|
allow rild sdcard_type:dir r_dir_perms;
|
2020-01-18 09:30:03 +08:00
|
|
|
# Violate Android P rule
|
|
|
|
|
#allow rild system_data_file:dir r_dir_perms;
|
|
|
|
|
#allow rild system_data_file:file r_file_perms;
|
2020-01-18 09:29:32 +08:00
|
|
|
allow rild system_file:file x_file_perms;
|
|
|
|
|
allow rild proc:file rw_file_perms;
|
|
|
|
|
allow rild proc_net:file w_file_perms;
|
|
|
|
|
|
|
|
|
|
# Allow rild to create and use netlink sockets.
|
|
|
|
|
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
|
|
|
|
|
#allow rild self:netlink_socket create_socket_perms;
|
|
|
|
|
#allow rild self:netlink_kobject_uevent_socket create_socket_perms;
|
|
|
|
|
# Set and get routes directly via netlink.
|
|
|
|
|
allow rild self:netlink_route_socket nlmsg_write;
|
|
|
|
|
|
|
|
|
|
# Allow rild to create sockets.
|
|
|
|
|
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
|
|
|
|
|
#allow rild self:socket create_socket_perms;
|
|
|
|
|
|
|
|
|
|
# Allow read/write to devices/files
|
|
|
|
|
allow rild alarm_device:chr_file rw_file_perms;
|
|
|
|
|
allow rild radio_device:chr_file rw_file_perms;
|
|
|
|
|
allow rild radio_device:blk_file r_file_perms;
|
|
|
|
|
allow rild mtd_device:dir search;
|
|
|
|
|
# Allow read/write to uart driver (for GPS)
|
|
|
|
|
#allow rild gps_device:chr_file rw_file_perms;
|
|
|
|
|
# Allow read/write to tty devices
|
|
|
|
|
allow rild tty_device:chr_file rw_file_perms;
|
|
|
|
|
allow rild eemcs_device:chr_file { rw_file_perms };
|
|
|
|
|
|
|
|
|
|
allow rild Vcodec_device:chr_file { rw_file_perms };
|
|
|
|
|
allow rild devmap_device:chr_file { r_file_perms };
|
|
|
|
|
allow rild devpts:chr_file { rw_file_perms };
|
|
|
|
|
allow rild ccci_device:chr_file { rw_file_perms };
|
|
|
|
|
allow rild misc_device:chr_file { rw_file_perms };
|
|
|
|
|
allow rild proc_lk_env:file rw_file_perms;
|
|
|
|
|
allow rild sysfs_vcorefs_pwrctrl:file { w_file_perms };
|
|
|
|
|
allow rild bootdevice_block_device:blk_file { rw_file_perms };
|
|
|
|
|
allow rild para_block_device:blk_file { rw_file_perms };
|
|
|
|
|
|
|
|
|
|
# Allow dir search, fd uses
|
|
|
|
|
allow rild block_device:dir search;
|
|
|
|
|
#allow rild platformblk_device:dir search;
|
|
|
|
|
allow rild platform_app:fd use;
|
|
|
|
|
allow rild radio:fd use;
|
|
|
|
|
|
|
|
|
|
# For MAL MFI
|
|
|
|
|
allow rild mal_mfi_socket:sock_file { w_file_perms };
|
|
|
|
|
|
|
|
|
|
# For ccci sysfs node
|
|
|
|
|
allow rild sysfs_ccci:dir search;
|
|
|
|
|
allow rild sysfs_ccci:file r_file_perms;
|
|
|
|
|
|
|
|
|
|
#Date : W17.18
|
|
|
|
|
#Purpose: Treble SEpolicy denied clean up
|
|
|
|
|
add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice)
|
|
|
|
|
allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find;
|
|
|
|
|
|
|
|
|
|
#Date : W17.21
|
|
|
|
|
#Purpose: Grant permission to access binder dev node
|
|
|
|
|
vndbinder_use(rild)
|
|
|
|
|
|
|
|
|
|
#Dat: 2017/03/27
|
|
|
|
|
#Purpose: allow set telephony Sensitive property
|
|
|
|
|
set_prop(rild, mtk_telephony_sensitive_prop)
|
|
|
|
|
|
|
|
|
|
# For AGPSD
|
|
|
|
|
allow rild mtk_agpsd:unix_stream_socket connectto;
|
|
|
|
|
|
|
|
|
|
#Date 2017/10/12
|
|
|
|
|
#Purpose: allow set MTU size
|
|
|
|
|
allow rild toolbox_exec:file getattr;
|
2020-01-18 09:33:28 +08:00
|
|
|
#allow rild toolbox_exec:file {execute read open};
|
|
|
|
|
#allow rild toolbox_exec:file {execute_no_trans};
|
2020-01-18 09:29:32 +08:00
|
|
|
allow rild mtk_net_ipv6_prop:property_service set;
|
|
|
|
|
|
|
|
|
|
#Dat: 2017/10/17
|
|
|
|
|
# Allow to use sysenv & persist.radio.multisim.config
|
|
|
|
|
# for dynamic feature switch between ss & dsds
|
|
|
|
|
allow rild sysfs:file open;
|
|
|
|
|
allow rild sysfs:file read;
|
|
|
|
|
allow rild usp_prop:property_service set;
|
|
|
|
|
|
|
|
|
|
#Date: 2017/12/6
|
|
|
|
|
#Purpose: allow set the RS times for /proc/sys/net/ipv6/conf/ccmniX/router_solicitations
|
|
|
|
|
allow rild vendor_shell_exec:file {execute_no_trans};
|
|
|
|
|
allow rild vendor_toolbox_exec:file {execute_no_trans};
|
2020-01-18 09:34:04 +08:00
|
|
|
|
|
|
|
|
# Date : WK18.16
|
|
|
|
|
# Operation: P migration
|
|
|
|
|
# Purpose: Allow rild to get tel_switch_prop
|
|
|
|
|
get_prop(rild, tel_switch_prop)
|
