android_device_mediatek_sep.../plat_private/storagemanagerd.te

# ==============================================
# Policy File of storagemanagerd Executable File

# ==============================================
# Type Declaration
# ==============================================
type storagemanagerd, domain;
type storagemanagerd_exec, exec_type, file_type;
typeattribute storagemanagerd coredomain;

# ==============================================
# MTK Policy Rule
# ==============================================

init_daemon_domain(storagemanagerd)

#unix_socket_connect(storagemanagerd, vold, vold)

# storagemanagerd sends information back to dumpstate when "adb bugreport" is used
allow storagemanagerd dumpstate:fd use;
allow storagemanagerd dumpstate:unix_stream_socket { read write getattr };

# storagemanagerd information is written to shell owned bugreport files
allow storagemanagerd shell_data_file:file { write getattr };

# Why?
allow storagemanagerd dumpstate:unix_dgram_socket { read write };

# storagemanagerd can be invoked with logwrapper, so let it write to pty
allow storagemanagerd devpts:chr_file rw_file_perms;
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`# ==============================================`
			`# Policy File of storagemanagerd Executable File`

			`# ==============================================`
			`# Type Declaration`
			`# ==============================================`
			`type storagemanagerd, domain;`
			`type storagemanagerd_exec, exec_type, file_type;`
			`typeattribute storagemanagerd coredomain;`

			`# ==============================================`
			`# MTK Policy Rule`
			`# ==============================================`

			`init_daemon_domain(storagemanagerd)`

[ALPS03825066] Resolve vendor violates [Detail] Google add new neverallows rules on android P, some rule violate the rules [Solution] Remove the rules which violate google new rules MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:29:34 +08:00			`#unix_socket_connect(storagemanagerd, vold, vold)`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00
			`# storagemanagerd sends information back to dumpstate when "adb bugreport" is used`
			`allow storagemanagerd dumpstate:fd use;`
			`allow storagemanagerd dumpstate:unix_stream_socket { read write getattr };`

			`# storagemanagerd information is written to shell owned bugreport files`
			`allow storagemanagerd shell_data_file:file { write getattr };`

			`# Why?`
			`allow storagemanagerd dumpstate:unix_dgram_socket { read write };`

			`# storagemanagerd can be invoked with logwrapper, so let it write to pty`
			`allow storagemanagerd devpts:chr_file rw_file_perms;`