MTK_LICENSE

@@ -1,35 +0,0 @@
-Copyright Statement:
-
-This software/firmware and related documentation ("MediaTek Software") are
-protected under relevant copyright laws. The information contained herein
-is confidential and proprietary to MediaTek Inc. and/or its licensors.
-Without the prior written permission of MediaTek inc. and/or its licensors,
-any reproduction, modification, use or disclosure of MediaTek Software,
-and information contained herein, in whole or in part, shall be strictly prohibited.
-
-MediaTek Inc. (C) 2018. All rights reserved.
-
-BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
-THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
-RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER ON
-AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
-NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
-SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
-SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES TO LOOK ONLY TO SUCH
-THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. RECEIVER EXPRESSLY ACKNOWLEDGES
-THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES
-CONTAINED IN MEDIATEK SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK
-SOFTWARE RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR
-STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND
-CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
-AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
-OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY RECEIVER TO
-MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
-
-The following software/firmware and/or related documentation ("MediaTek Software")
-have been modified by MediaTek Inc. All revisions are subject to any receiver's
-applicable license agreements with MediaTek Inc.
-
-

README.md

@@ -10,10 +10,3 @@ If you want to use these policies, add a
 to your device's BoardConfig. It is highly recommended that in case you have
 your own `BOARD_SEPOLICY_DIRS` declaration, the inclusion happens _before_
 those lines
-
-## Repository Details
-This repository uses [device/mediatek/wembley-sepolicy](https://android.googlesource.com/device/mediatek/wembley-sepolicy/) as base till `4769fb0d973bf079934054c6c5423ca06d67010a`.
-After that Google's device-specific changes starts.
-
-Till `4769fb0d973bf079934054c6c5423ca06d67010a`, this repository is similar to
-the **basic** sepolicy repository provided by MediaTek to the OEMs.

non_plat/MtkCodecService.te

@@ -1,9 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/MtkCodecService Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type MtkCodecService_exec , exec_type, file_type, vendor_file_type;
-type MtkCodecService ,domain;
-

non_plat/adbd.te

@@ -1,13 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-#permissive adbd;
-
-# Data : WK17.46
-# Operator: Migration
-# Purpose: Allow adbd to read KE DB
-allow adbd aee_dumpsys_data_file:file r_file_perms;
-allow adbd aee_exp_data_file:dir r_dir_perms;
-allow adbd aee_exp_data_file:file r_file_perms;
-allow adbd gpu_device:dir search;

non_plat/aee_aed.te

@@ -1,70 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/aee_aed Executable File
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK14.32
-# Operation : AEE UT
-# Purpose : for AEE module
-allow aee_aed aed_device:chr_file rw_file_perms;
-allow aee_aed expdb_device:chr_file rw_file_perms;
-allow aee_aed expdb_block_device:blk_file rw_file_perms;
-allow aee_aed etb_device:chr_file rw_file_perms;
-
-# open/dev/mtd/mtd12 failed(expdb)
-allow aee_aed mtd_device:dir create_dir_perms;
-allow aee_aed mtd_device:chr_file rw_file_perms;
-
-# NE flow: /dev/RT_Monitor
-allow aee_aed RT_Monitor_device:chr_file r_file_perms;
-
-#data/aee_exp
-allow aee_aed aee_exp_data_file:dir create_dir_perms;
-allow aee_aed aee_exp_data_file:file create_file_perms;
-
-#data/dumpsys
-allow aee_aed aee_dumpsys_data_file:dir create_dir_perms;
-allow aee_aed aee_dumpsys_data_file:file create_file_perms;
-
-#/data/core
-allow aee_aed aee_core_data_file:dir create_dir_perms;
-allow aee_aed aee_core_data_file:file create_file_perms;
-
-# /data/data_tmpfs_log
-allow aee_aed data_tmpfs_log_file:dir create_dir_perms;
-allow aee_aed data_tmpfs_log_file:file create_file_perms;
-
-# Purpose: aee_aed set property
-set_prop(aee_aed, persist_mtk_aee_prop);
-set_prop(aee_aed, persist_aee_prop);
-set_prop(aee_aed, debug_mtk_aee_prop);
-
-# /proc/lk_env
-allow aee_aed proc_lk_env:file rw_file_perms;
-
-# Purpose: Allow aee_aed to read /proc/pid/exe
-#allow aee_aed exec_type:file r_file_perms;
-
-# Purpose: Allow aee_aed to read /proc/cpu/alignment
-allow aee_aed proc_cpu_alignment:file { write open };
-
-# Purpose: Allow aee_aed to access /sys/devices/virtual/timed_output/vibrator/enable
-allow aee_aed sysfs_vibrator_setting:dir search;
-allow aee_aed sysfs_vibrator_setting:file w_file_perms;
-allow aee_aed sysfs_vibrator:dir search;
-allow aee_aed sysfs_leds:dir search;
-
-# Purpose: Allow aee_aed to read /proc/kpageflags
-allow aee_aed proc_kpageflags:file r_file_perms;
-
-# temp solution
-get_prop(aee_aed, vendor_default_prop)
-
-hal_client_domain(aee_aed, mtk_hal_log)
-
-# Purpose: create /data/aee_exp at runtime
-allow aee_aed file_contexts_file:file r_file_perms;
-allow aee_aed system_data_file:dir { relabelfrom setattr };
-allow aee_aed aee_exp_data_file:dir relabelto;

non_plat/aee_aedv.te

@@ -1,440 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/aee_aedv Executable File
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-type aee_aedv, domain;
-
-type aee_aedv_exec, exec_type, file_type, vendor_file_type;
-typeattribute aee_aedv mlstrustedsubject;
-
-init_daemon_domain(aee_aedv)
-
-
-# Date : WK14.32
-# Operation : AEE UT
-# Purpose : for AEE module
-allow aee_aedv aed_device:chr_file rw_file_perms;
-allow aee_aedv expdb_device:chr_file rw_file_perms;
-allow aee_aedv expdb_block_device:blk_file rw_file_perms;
-allow aee_aedv bootdevice_block_device:blk_file rw_file_perms;
-allow aee_aedv etb_device:chr_file rw_file_perms;
-
-# AED start: /dev/block/expdb
-allow aee_aedv block_device:dir search;
-
-# NE flow: /dev/RT_Monitor
-allow aee_aedv RT_Monitor_device:chr_file r_file_perms;
-
-#data/aee_exp
-allow aee_aedv aee_exp_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_exp_vendor_file:file create_file_perms;
-
-#data/dumpsys
-allow aee_aedv aee_dumpsys_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_dumpsys_vendor_file:file create_file_perms;
-
-#/data/core
-allow aee_aedv aee_core_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_core_vendor_file:file create_file_perms;
-
-# /data/data_tmpfs_log
-allow aee_aedv vendor_tmpfs_log_file:dir create_dir_perms;
-allow aee_aedv vendor_tmpfs_log_file:file create_file_perms;
-
-allow aee_aedv domain:process { sigkill getattr getsched};
-allow aee_aedv domain:lnk_file getattr;
-
-#core-pattern
-allow aee_aedv usermodehelper:file r_file_perms;
-
-# Date: W15.34
-# Operation: Migration
-# Purpose: For pagemap & pageflags information in NE DB
-userdebug_or_eng(`allow aee_aedv self:capability sys_admin;')
-
-# Purpose: aee_aedv set property
-set_prop(aee_aedv, persist_mtk_aeev_prop);
-set_prop(aee_aedv, persist_aeev_prop);
-set_prop(aee_aedv, debug_mtk_aeev_prop);
-
-# Purpose: mnt/user/*
-allow aee_aedv mnt_user_file:dir search;
-allow aee_aedv mnt_user_file:lnk_file read;
-
-allow aee_aedv storage_file:dir search;
-allow aee_aedv storage_file:lnk_file read;
-
-userdebug_or_eng(`
-  allow aee_aedv su:dir {search read open };
-  allow aee_aedv su:file { read getattr open };
-')
-
-# /proc/pid/
-allow aee_aedv self:capability { fowner chown fsetid sys_nice sys_resource net_admin sys_module};
-
-# PROCESS_FILE_STATE
-allow aee_aedv dumpstate:unix_stream_socket { read write ioctl };
-allow aee_aedv dumpstate:dir search;
-allow aee_aedv dumpstate:file r_file_perms;
-
-allow aee_aedv proc:file rw_file_perms;
-allow aee_aedv logdr_socket:sock_file write;
-allow aee_aedv logd:unix_stream_socket connectto;
-
-# vibrator
-allow aee_aedv sysfs_vibrator:file w_file_perms;
-
-# /proc/lk_env
-allow aee_aedv proc_lk_env:file rw_file_perms;
-
-# Data : 2017/03/22
-# Operation : add NE flow rule for Android O
-# Purpose : make aee_aedv can get specific process NE info
-allow aee_aedv domain:dir r_dir_perms;
-allow aee_aedv domain:{ file lnk_file } r_file_perms;
-#allow aee_aedv {
-#  domain
-#  -logd
-#  -keystore
-#  -init
-#}:process ptrace;
-#allow aee_aedv zygote_exec:file r_file_perms;
-#allow aee_aedv init_exec:file r_file_perms;
-
-# Data : 2017/04/06
-# Operation : add selinux rule for crash_dump notify aee_aedv
-# Purpose : make aee_aedv can get notify from crash_dump
-allow aee_aedv crash_dump:dir search;
-allow aee_aedv crash_dump:file r_file_perms;
-
-# Date : 20170512
-# Operation : fix aee_archive can't execute issue
-# Purpose : type=1400 audit(0.0:97916): avc: denied { execute_no_trans } for
-#           path="/system/vendor/bin/aee_archive" dev="mmcblk0p26" ino=2355
-#           scontext=u:r:aee_aedv:s0 tcontext=u:object_r:vendor_file:s0
-#           tclass=file permissive=0
-allow aee_aedv vendor_file:file execute_no_trans;
-
-# Purpose: debugfs files
-# allow aee_aedv debugfs:lnk_file read;
-allow aee_aedv debugfs_binder:dir { read open };
-allow aee_aedv debugfs_binder:file { read open };
-allow aee_aedv debugfs_blockio:file { read open };
-allow aee_aedv debugfs_fb:dir search;
-allow aee_aedv debugfs_fb:file { read open };
-allow aee_aedv debugfs_fuseio:dir search;
-allow aee_aedv debugfs_fuseio:file { read open };
-allow aee_aedv debugfs_ged:dir search;
-allow aee_aedv debugfs_ged:file { read open };
-allow aee_aedv debugfs_rcu:dir search;
-allow aee_aedv debugfs_shrinker_debug:file { read open };
-allow aee_aedv debugfs_wakeup_sources:file { read open };
-allow aee_aedv debugfs_dmlog_debug:file { read open };
-allow aee_aedv debugfs_page_owner_slim_debug:file { read open };
-allow aee_aedv debugfs_ion_mm_heap:dir search;
-allow aee_aedv debugfs_ion_mm_heap:file r_file_perms;
-allow aee_aedv debugfs_ion_mm_heap:lnk_file read;
-allow aee_aedv debugfs_cpuhvfs:dir search;
-allow aee_aedv debugfs_cpuhvfs:file { read open };
-allow aee_aedv debugfs_emi_mbw_buf:file { read open };
-allow aee_aedv debugfs_vpu_device_dbg:file { read open };
-
-# Purpose:
-# 01-01 00:02:46.390  3315  3315 W aee_dumpstatev: type=1400 audit(0.0:4728):
-# avc: denied { read } for name="interrupts" dev="proc" ino=4026533608 scontext=
-# u:r:aee_aedv:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0
-allow aee_aedv proc_interrupts:file read;
-
-# Purpose:
-# 01-01 17:59:14.440  7664  7664 I aee_dumpstate: type=1400 audit(0.0:63497):
-# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev=
-# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
-# tracing_shell_writable:s0 tclass=file permissive=1
-allow aee_aedv debugfs_tracing:file rw_file_perms;
-
-# Purpose:
-# 01-01 00:05:16.730  3566  3566 W dmesg   : type=1400 audit(0.0:5173): avc:
-# denied { read } for name="kmsg" dev="tmpfs" ino=12292 scontext=u:r:aee_aedv:
-# s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
-allow aee_aedv kmsg_device:chr_file read;
-
-# Purpose:
-# 01-01 00:05:17.720  3567  3567 W ps      : type=1400 audit(0.0:5192): avc:
-# denied { getattr } for path="/proc/3421" dev="proc" ino=78975 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv platform_app:dir r_dir_perms;
-allow aee_aedv platform_app:file r_file_perms;
-
-# Purpose:
-# 01-01 00:05:17.750  3567  3567 W ps      : type=1400 audit(0.0:5193): avc:
-# denied { getattr } for path="/proc/3461" dev="proc" ino=11013 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv untrusted_app_25:dir getattr;
-
-# Purpose:
-# 01-01 00:05:17.650  3567  3567 W ps      : type=1400 audit(0.0:5179): avc:
-# denied { getattr } for path="/proc/2712" dev="proc" ino=65757 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv untrusted_app:dir getattr;
-
-# Purpose:
-# 01-01 00:05:17.650  3567  3567 W ps      : type=1400 audit(0.0:5180): avc:
-# denied { getattr } for path="/proc/2747" dev="proc" ino=66659 scontext=u:r:
-# aee_aedv:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=dir permissive=0
-allow aee_aedv priv_app:dir getattr;
-
-# Purpose:
-# 01-01 00:05:16.270  3554  3554 W aee_dumpstatev: type=1400 audit(0.0:5153):
-# avc: denied { open } for path="/proc/interrupts" dev="proc" ino=4026533608
-# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file
-# permissive=0
-allow aee_aedv proc_interrupts:file r_file_perms;
-
-# Purpose:
-# 01-01 00:05:16.620  3554  3554 W aee_dumpstatev: type=1400 audit(0.0:5171):
-# avc: denied { read } for name="route" dev="proc" ino=4026533633 scontext=u:r:
-# aee_aedv:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0
-allow aee_aedv proc_net:file read;
-
-# Purpose:
-# 01-01 00:05:16.610  3554  3554 W aee_dumpstatev: type=1400 audit(0.0:5168):
-# avc: denied { read } for name="zoneinfo" dev="proc" ino=4026533664 scontext=
-# u:r:aee_aedv:s0 tcontext=u:object_r:proc_zoneinfo:s0 tclass=file permissive=0
-allow aee_aedv proc_zoneinfo:file read;
-
-# Purpose:
-# 01-01 00:05:17.840  3554  3554 W aee_dumpstatev: type=1400 audit(0.0:5200):
-# avc: denied { search } for name="leds" dev="sysfs" ino=6217 scontext=u:r:
-# aee_aedv:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=0
-allow aee_aedv sysfs_leds:dir search;
-allow aee_aedv sysfs_leds:file r_file_perms;
-
-# Purpose:
-# 01-01 00:03:45.790  3651  3651 I aee_dumpstatev: type=1400 audit(0.0:5592): avc: denied
-# { search } for name="ccci" dev="sysfs" ino=6026 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:
-# sysfs_ccci:s0 tclass=dir permissive=1
-# 01-01 00:03:45.790  3651  3651 I aee_dumpstatev: type=1400 audit(0.0:5593): avc: denied { read }
-# for name="md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:sysfs_ccci:s0
-# tclass=file permissive=1
-# 01-01 00:03:45.790  3651  3651 I aee_dumpstatev: type=1400 audit(0.0:5594): avc: denied { open }
-# for path="/sys/kernel/ccci/md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u:
-# object_r:sysfs_ccci:s0 tclass=file permissive=1
-allow aee_aedv sysfs_ccci:dir search;
-allow aee_aedv sysfs_ccci:file r_file_perms;
-
-# Purpose:
-# 01-01 00:03:44.330  3658  3658 I aee_dumpstatev: type=1400 audit(0.0:5411): avc: denied
-# { execute_no_trans } for path="/vendor/bin/toybox_vendor" dev="mmcblk0p26" ino=250 scontext=u:r:
-# aee_aedv:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1
-allow aee_aedv vendor_toolbox_exec:file rx_file_perms;
-
-# Purpose:
-# 01-01 00:12:06.320000  4145  4145 W dmesg   : type=1400 audit(0.0:826): avc: denied { open } for
-# path="/dev/kmsg" dev="tmpfs" ino=10875 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:kmsg_device:
-# s0 tclass=chr_file permissive=0
-# 01-01 00:42:33.070000  4171  4171 W dmesg   : type=1400 audit(0.0:1343): avc: denied
-# { syslog_read } for scontext=u:r:aee_aedv:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
-allow aee_aedv kmsg_device:chr_file r_file_perms;
-allow aee_aedv kernel:system syslog_read;
-
-# Purpose:
-# 01-01 00:12:37.890000  4162  4162 W aee_dumpstatev: type=1400 audit(0.0:914): avc: denied
-# { read } for name="meminfo" dev="proc" ino=4026533612 scontext=u:r:aee_aedv:s0 tcontext=u:
-# object_r:proc_meminfo:s0 tclass=file permissive=0
-allow aee_aedv proc_meminfo:file r_file_perms;
-
-# Purpose:
-# 01-01 00:08:39.900000  3833  3833 W aee_dumpstatev: type=1400 audit(0.0:371): avc: denied
-# { open } for path="/proc/3833/net/route" dev="proc" ino=4026533632 scontext=u:r:aee_aedv:s0
-# tcontext=u:object_r:proc_net:s0 tclass=file permissive=0
-allow aee_aedv proc_net:file r_file_perms;
-
-# Purpose:
-# 01-01 00:08:39.880000  3833  3833 W aee_dumpstatev: type=1400 audit(0.0:370): avc: denied
-# { open } for path="/proc/zoneinfo" dev="proc" ino=4026533663 scontext=u:r:aee_aedv:s0 tcontext=
-# u:object_r:proc_zoneinfo:s0 tclass=file permissive=0
-allow aee_aedv proc_zoneinfo:file r_file_perms;
-
-# Purpose:
-# 01-01 00:33:27.750000   338   338 W aee_aedv: type=1400 audit(0.0:98): avc: denied { read }
-# for name="fstab.mt6755" dev="rootfs" ino=1082 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:
-# rootfs:s0 tclass=file permissive=0
-allow aee_aedv rootfs:file r_file_perms;
-
-# Purpose:
-# 01-01 00:33:28.340000   338   338 W aee_aedv: type=1400 audit(0.0:104): avc: denied { search }
-# for name="dynamic_debug" dev="debugfs" ino=8182 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:
-# debugfs_dynamic_debug:s0 tclass=dir permissive=0
-allow aee_aedv debugfs_dynamic_debug:dir search;
-allow aee_aedv debugfs_dynamic_debug:file r_file_perms;
-
-# Purpose:
-# [ 241.001976] <1>.(1)[209:logd.auditd]type=1400 audit(1262304586.172:515): avc: denied { read }
-# for pid=1978 comm="aee_aedv64" name="atag,devinfo" dev="sysfs" ino=2349 scontext=u:r:aee_aedv:s0
-# tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
-allow aee_aedv sysfs:file r_file_perms;
-allow aee_aedv sysfs_mrdump_lbaooo:file w_file_perms;
-
-# Purpose: Allow aee_aedv to use HwBinder IPC.
-hwbinder_use(aee_aedv)
-get_prop(aee_aedv, hwservicemanager_prop)
-
-# Purpose: Allow aee_aedv access to vendor/bin/mtkcam-debug, which in turn invokes ICameraProvider
-# - avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=2956
-#   scontext=u:r:aee_aedv:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager
-# - Transaction error in ICameraProvider::debug: Status(EX_TRANSACTION_FAILED)
-hal_client_domain(aee_aedv, hal_camera)
-allow aee_aedv hal_camera_hwservice:hwservice_manager { find };
-binder_call(aee_aedv, mtk_hal_camera)
-
-# Purpose: allow aee to read /sys/fs/selinux/enforce to get selinux status
-allow aee_aedv selinuxfs:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/pid/exe
-#allow aee_aedv exec_type:file r_file_perms;
-
-# Purpose: mrdump db flow and pre-allocation
-# mrdump db flow
-allow aee_aedv sysfs_dt_firmware_android:dir search;
-allow aee_aedv sysfs_dt_firmware_android:file r_file_perms;
-allow aee_aedv kernel:system module_request;
-allow aee_aedv metadata_file:dir search;
-# pre-allocation
-allow aee_aedv self:capability linux_immutable;
-allow aee_aedv userdata_block_device:blk_file { read write open };
-allow aee_aedv para_block_device:blk_file rw_file_perms;
-allow aee_aedv mrdump_device:blk_file rw_file_perms;
-allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl {
-  FS_IOC_GETFLAGS
-  FS_IOC_SETFLAGS
-  F2FS_IOC_GET_PIN_FILE
-  F2FS_IOC_SET_PIN_FILE
-  FS_IOC_FIEMAP
-};
-
-# Purpose: allow vendor aee read lowmemorykiller logs
-# file path: /sys/module/lowmemorykiller/parameters/
-allow aee_aedv sysfs_lowmemorykiller:dir search;
-allow aee_aedv sysfs_lowmemorykiller:file r_file_perms;
-
-# Purpose: Allow aee read /sys/class/misc/scp/scp_dump
-allow aee_aedv sysfs_scp:dir r_dir_perms;
-allow aee_aedv sysfs_scp:file r_file_perms;
-
-# Purpose: Allow aee read /sys/class/misc/adsp/adsp_dump
-allow aee_aedv sysfs_adsp:dir r_dir_perms;
-allow aee_aedv sysfs_adsp:file r_file_perms;
-
-# Purpose: allow aee_aedv self to fsetid/sys_nice/chown/fowner/kill
-allow aee_aedv self:capability { fsetid sys_nice chown fowner kill };
-
-# Purpose: allow aee_aedv to read /proc/buddyinfo
-allow aee_aedv proc_buddyinfo:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/cmdline
-allow aee_aedv proc_cmdline:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/slabinfo
-allow aee_aedv proc_slabinfo:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/stat
-allow aee_aedv proc_stat:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/version
-allow aee_aedv proc_version:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/vmallocinfo
-allow aee_aedv proc_vmallocinfo:file r_file_perms;
-
-# Purpose: allow aee_aedv to read /proc/vmstat
-allow aee_aedv proc_vmstat:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/cpu/alignment
-allow aee_aedv proc_cpu_alignment:file w_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/gpulog
-allow aee_aedv proc_gpulog:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/chip/hw_ver
-allow aee_aedv proc_chip:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/sched_debug
-allow aee_aedv proc_sched_debug:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/atf_log
-allow aee_aedv proc_atf_log:dir search;
-
-# Purpose: Allow aee_aedv to read /proc/last_kmsg
-allow aee_aedv proc_last_kmsg:file r_file_perms;
-
-# Purpose: Allow aee_aedv to access /sys/devices/virtual/timed_output/vibrator/enable
-allow aee_aedv sysfs_vibrator_setting:dir search;
-allow aee_aedv sysfs_vibrator_setting:file w_file_perms;
-allow aee_aedv sysfs_vibrator:dir search;
-
-# Purpose: Allow aee_aedv to read /sys/kernel/debug/rcu/rcu_callback_log
-allow aee_aedv debugfs_rcu:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/ufs_debug
-allow aee_aedv proc_ufs_debug:file rw_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/msdc_debug
-allow aee_aedv proc_msdc_debug:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/pidmap
-allow aee_aedv proc_pidmap:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /sys/power/vcorefs/vcore_debug
-allow aee_aedv sysfs_vcore_debug:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /sys/devices/virtual/BOOT/BOOT/boot/boot_mode
-allow aee_aedv sysfs_boot_mode:file r_file_perms;
-
-#Purpose: Allow aee_aedv to read/write /sys/kernel/debug/tracing/buffer_total_size_kb
-userdebug_or_eng(`
-allow aee_aedv debugfs_tracing_debug:file { rw_file_perms };
-')
-
-#Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace
-allow aee_aedv proc_slabtrace:file r_file_perms;
-
-#Purpose: Allow aee_aedv to read /proc/mtk_cmdq_debug/status
-allow aee_aedv proc_cmdq_debug:file r_file_perms;
-
-# temp solution
-get_prop(aee_aedv, vendor_default_prop)
-
-#data/dipdebug
-allow aee_aedv aee_dipdebug_vendor_file:dir r_dir_perms;
-allow aee_aedv aee_dipdebug_vendor_file:file r_file_perms;
-allow aee_aedv proc_isp_p2:dir r_dir_perms;
-allow aee_aedv proc_isp_p2:file r_file_perms;
-
-allow aee_aedv connsyslog_data_vendor_file:file r_file_perms;
-allow aee_aedv connsyslog_data_vendor_file:dir r_dir_perms;
-
-# Purpose: Allow aee_aedv to read the /proc/*/exe of vendor process
-allow aee_aedv vendor_file_type:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /sys/kernel/debug/smi_mon
-allow aee_aedv debugfs_smi_mon:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/isp_p2/isp_p2_kedump
-allow aee_aedv proc_isp_p2_kedump:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /sys/kernel/debug/vpu/vpu_memory
-allow aee_aedv debugfs_vpu_memory:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/cpuhvfs/dbg_repo
-allow aee_aedv proc_dbg_repo:file r_file_perms;
-
-# Purpose: Allow aee_aedv to read /proc/pl_lk
-allow aee_aedv proc_pl_lk:file r_file_perms;
-
-allow aee_aedv proc_aed_reboot_reason:file r_file_perms;
-
-# Purpose: Allow aee_aedv to write /proc/sys/vm/drop_caches
-allow aee_aedv proc_drop_caches:file rw_file_perms;

non_plat/aee_core_forwarder.te

@@ -1,18 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/aee_core_forwarder Executable File
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-allow aee_core_forwarder aee_exp_data_file:dir { write add_name search };
-allow aee_core_forwarder aee_exp_data_file:file { write create open getattr };
-get_prop(aee_core_forwarder, hwservicemanager_prop)
-
-# Date: 2019/06/14
-# Operation : Migration
-# Purpose : interface=android.system.suspend::ISystemSuspend for aee_core_forwarder
-wakelock_use(aee_core_forwarder)
-allow aee_core_forwarder aee_aed:unix_stream_socket connectto;
-allow aee_core_forwarder aee_core_data_file:dir r_dir_perms;
-hwbinder_use(aee_core_forwarder)

non_plat/aee_hidl.te

@@ -1,17 +0,0 @@
-# ==============================================
-# Type Declaration
-# ==============================================
-type aee_hal,domain;
-type aee_hal_exec, exec_type, file_type, vendor_file_type;
-typeattribute aee_hal mlstrustedsubject;
-# Purpose : for create hidl server
-hal_server_domain(aee_hal, mtk_hal_log)
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(aee_hal)
-
-set_prop(aee_hal, persist_mtk_aeev_prop);
-set_prop(aee_hal, persist_aeev_prop);
-set_prop(aee_hal, debug_mtk_aeev_prop);
-

non_plat/app.te

@@ -1,50 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow appdomain proc_ged:file rw_file_perms;
-allowxperm appdomain proc_ged:file ioctl { proc_ged_ioctls };
-
-# Date : W16.42
-# Operation : Integration
-# Purpose : DRM / DRI GPU driver required
-allow appdomain gpu_device:dir search;
-
-# Date : W17.30
-# Purpose : Allow MDP user access cmdq driver
-allow appdomain mtk_cmdq_device:chr_file {open read ioctl};
-
-# Date : W17.41
-# Operation: SQC
-# Purpose : Allow HWUI to access perfmgr
-allow appdomain proc_perfmgr:dir search;
-allow appdomain proc_perfmgr:file { getattr open read ioctl};
-allowxperm appdomain proc_perfmgr:file ioctl {
-  PERFMGR_FPSGO_QUEUE
-  PERFMGR_FPSGO_DEQUEUE
-  PERFMGR_FPSGO_QUEUE_CONNECT
-  PERFMGR_FPSGO_BQID
-};
-
-# Date : W19.4
-# Purpose : Allow MDP user access mdp driver
-allow appdomain mdp_device:chr_file rw_file_perms;
-allow appdomain mtk_mdp_device:chr_file rw_file_perms;
-allow appdomain sw_sync_device:chr_file rw_file_perms;
-
-# Date : W19.23
-# Operation : Migration
-# Purpose : For platform app com.android.gallery3d
-allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;
-
-# Date : W19.23
-# Operation : Migration
-# Purpose : For app com.tencent.qqpimsecure
-allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;
-
-# Date: 2019/06/17
-# Operation : Migration
-# Purpose : appdomain need get mtk_amslog_prop
-get_prop(appdomain, mtk_amslog_prop)

non_plat/appdomain.te

@@ -1,8 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-# Data : WK16.42
-# Operator: Whitney bring up
-# Purpose: call surfaceflinger due to powervr
-allow appdomain surfaceflinger:fifo_file rw_file_perms;

non_plat/atci_service.te

@@ -1,142 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/atci_service Executable File
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-type atci_service, domain;
-type atci_service_exec, exec_type, file_type, vendor_file_type;
-
-init_daemon_domain(atci_service)
-
-allow atci_service block_device:dir search;
-allow atci_service misc2_block_device:blk_file { open read write };
-allow atci_service misc2_device:chr_file { open read write };
-allow atci_service camera_isp_device:chr_file { read write ioctl open };
-allow atci_service graphics_device:chr_file { read write ioctl open };
-allow atci_service graphics_device:dir search;
-allow atci_service kd_camera_hw_device:chr_file { read write ioctl open };
-allow atci_service self:capability { sys_nice ipc_lock };
-allow atci_service nvram_device:chr_file { read write open ioctl };
-allow atci_service camera_isp_device:chr_file { read write ioctl open };
-allow atci_service camera_sysram_device:chr_file { read ioctl open };
-allow atci_service camera_tsf_device:chr_file rw_file_perms;
-allow atci_service camera_rsc_device:chr_file rw_file_perms;
-allow atci_service camera_gepf_device:chr_file rw_file_perms;
-allow atci_service camera_fdvt_device:chr_file rw_file_perms;
-allow atci_service camera_wpe_device:chr_file rw_file_perms;
-allow atci_service camera_owe_device:chr_file rw_file_perms;
-allow atci_service kd_camera_flashlight_device:chr_file { read write ioctl open };
-allow atci_service ccu_device:chr_file { read write ioctl open };
-allow atci_service vpu_device:chr_file { read write ioctl open };
-allow atci_service MTK_SMI_device:chr_file { open read write ioctl };
-#allow atci_service system_server:binder call;
-#allow atci_service system_data_file:dir { write remove_name add_name };
-allow atci_service DW9714AF_device:chr_file { read write ioctl open };
-allow atci_service devmap_device:chr_file { open read write ioctl };
-allow atci_service sdcard_type:dir { search write read open add_name remove_name create getattr setattr };
-allow atci_service sdcard_type:file { setattr read create write getattr unlink open append };
-allow atci_service mediaserver:binder call;
-#allow atci_service sysfs:file write;
-#allow atci_service system_server:unix_stream_socket { read write };
-allow atci_service self:capability sys_boot;
-
-# Date : 2015/09/17
-# Operation : M-Migration
-# Purpose : to operation CCT tool
-allow atci_service nvram_device:blk_file { open read write };
-allow atci_service input_device:dir { open read search };
-allow atci_service input_device:file { open read write ioctl };
-allow atci_service input_device:chr_file { open read write ioctl };
-allow atci_service MAINAF_device:chr_file { open read write ioctl };
-allow atci_service MAIN2AF_device:chr_file { open read write ioctl };
-allow atci_service SUBAF_device:chr_file { open read write ioctl };
-allow atci_service tmpfs:lnk_file read;
-allow atci_service self:capability2 block_suspend;
-
-# Date : 2015/10/13
-# Operation : M-Migration
-# Purpose : to operation CCT tool
-#allow atci_service mediaserver_service:service_manager find;
-allow atci_service mnt_user_file:dir search;
-allow atci_service mnt_user_file:lnk_file read;
-#allow atci_service mtk_perf_service:service_manager find;
-#allow atci_service sensorservice_service:service_manager find;
-allow atci_service storage_file:lnk_file read;
-#allow atci_service media_rw_data_file:dir { write search create add_name };
-#allow atci_service media_rw_data_file:file { read write create open };
-
-#============= atci_service ==============
-allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open};
-
-set_prop(atci_service, mtk_em_prop)
-
-# Date : 2016/03/02
-# Operation : M-Migration
-# Purpose : to support ATCI touch tool
-allow atci_service vendor_shell_exec:file { read execute open execute_no_trans };
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow atci_service proc_ged:file rw_file_perms;
-
-# Date : WK16.35
-# Operation : Migration
-# Purpose : Update camera flashlight driver device file
-allow atci_service flashlight_device:chr_file { read write ioctl open };
-
-# Date : WK17.01
-# Operation : Migration
-# Purpose : Update AT_Command NFC function
-allow atci_service factory_data_file:sock_file write;
-
-# Date : WK17.23
-# Stage: O Migration, SQC
-# Purpose: Allow to use HAL PQ
-hal_client_domain(atci_service, hal_pq)
-
-# Date : WK17.28
-# Purpose : Allow to execute battery command
-allow atci_service MT_pmic_adc_cali_device:chr_file rw_file_perms;
-
-# Date : WK17.43
-# Purpose : CCT
-allow atci_service CAM_CAL_DRV_device:chr_file rw_file_perms;
-allow atci_service CAM_CAL_DRV1_device:chr_file rw_file_perms;
-allow atci_service CAM_CAL_DRV2_device:chr_file rw_file_perms;
-allow atci_service fwk_sensor_hwservice:hwservice_manager find;
-allow atci_service hidl_allocator_hwservice:hwservice_manager find;
-allow atci_service hidl_memory_hwservice:hwservice_manager find;
-allow atci_service ion_device:chr_file { read ioctl open };
-allow atci_service mtk_cmdq_device:chr_file { read ioctl open };
-allow atci_service mtk_mdp_device:chr_file rw_file_perms;
-allow atci_service sw_sync_device:chr_file rw_file_perms;
-allow atci_service mtk_hal_power:binder call;
-allow atci_service mtk_hal_power_hwservice:hwservice_manager find;
-allow atci_service sysfs_batteryinfo:dir search;
-allow atci_service sysfs_batteryinfo:file { read getattr open };
-#allow atci_service system_data_file:lnk_file read;
-allow atci_service system_file:dir { read open };
-allow atci_service camera_pipemgr_device:chr_file { read ioctl open };
-allow atci_service mtkcam_prop:file { read getattr open };
-allow atci_service mtk_hal_camera:binder call;
-allow atci_service debugfs_ion:dir search;
-allow atci_service sysfs_tpd_setting:file { read write open getattr };
-allow atci_service sysfs_vibrator_setting:file { read write open getattr };
-allow atci_service sysfs_leds_setting:file { read write open getattr };
-allow atci_service proc:file getattr;
-allow atci_service vendor_toolbox_exec:file { read getattr open execute execute_no_trans };
-
-# Date : WK18.21
-# Purpose: Allow to use HIDL
-hwbinder_use(atci_service)
-hal_client_domain(atci_service, hal_atci)
-
-# Date : WK18.26
-# Purpose: Allow gps socket sendto
-allow atci_service mnld:unix_dgram_socket sendto;
-
-# Date : WK18.35
-# Purpose : allow CCT to allocate memory
-hal_client_domain(atci_service, hal_allocator);

non_plat/atcid.te

@@ -1,79 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/atcid Executable File
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-type atcid, domain;
-type atcid_exec, exec_type, file_type, vendor_file_type;
-
-init_daemon_domain(atcid)
-set_prop(atcid,persist_service_atci_prop)
-allow atcid block_device:dir search;
-allow atcid gsmrild_socket:sock_file write;
-
-# Date : WK17.21
-# Purpose: Allow to use HIDL
-hwbinder_use(atcid)
-hal_client_domain(atcid, hal_telephony)
-
-allow atcid ttyGS_device:chr_file { read write ioctl open };
-allow atcid wmtWifi_device:chr_file { write open };
-allow atcid misc2_block_device:blk_file { read write open };
-allow atci_service gpu_device:chr_file { read write open ioctl getattr };
-allow atcid self:capability sys_time;
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow atcid proc_ged:file rw_file_perms;
-
-# Date : WK17.23
-# Stage: O Migration, SQC
-# Purpose: Allow to use HAL PQ
-hal_client_domain(atcid, hal_pq)
-
-# Date : WK17.34
-# Purpose: Allow to access meta_tst
-allow atcid meta_tst:unix_stream_socket connectto;
-
-# Date : WK18.15
-# Purpose: Allow to access power_supply in sysfs
-allow atcid sysfs_batteryinfo:file { read open };
-
-# Date : WK18.16
-# Operation: P migration
-# Purpose: Allow atcid to get tel_switch_prop
-get_prop(atcid, tel_switch_prop)
-
-# Date : WK18.21
-# Purpose: Allow to use HIDL
-hwbinder_use(atcid);
-vndbinder_use(atcid);
-hal_server_domain(atcid, hal_atci)
-add_hwservice(hal_atci_server,hal_atci_hwservice)
-
-# Date : WK18.21
-# Purpose: For special command for customer
-set_prop(atcid, mtk_atci_prop);
-set_prop(atcid, powerctl_prop);
-allow atcid mnt_vendor_file:dir search;
-allow atcid nvdata_file:dir { open read write search add_name };
-allow atcid nvdata_file:file { open read write create getattr setattr };
-allow atcid nvram_device:blk_file { open read write };
-allow atcid proc_meminfo:file { open read };
-allow atcid sysfs_batteryinfo:dir search;
-allow atcid sysfs_mmcblk:dir search;
-allow atcid sysfs_mmcblk:file { read open };
-
-# Date : WK18.35
-# Purpose: Add socket for TelephonyWare ATCI
-unix_socket_connect(atcid, rild_atci, rild);
-unix_socket_connect(atcid, rilproxy_atci, rild);
-unix_socket_connect(atcid, atci_service, atci_service);
-
-# Date : WK19.42
-# Purpose: Add policy to access ATCI sockets
-unix_socket_connect(atcid, atci-audio, audiocmdservice_atci);
-unix_socket_connect(atcid, meta_atci, meta_tst);
-allow atcid adb_atci_socket:sock_file write;

non_plat/attributes

@@ -1,93 +0,0 @@
-# ==============================================
-# MTK Attribute declarations
-# ==============================================
-
-# Attribute that represents all mtk property types (except those with ctl_xxx prefix)
-attribute mtk_core_property_type;
-
-# Date: 2017/06/12
-# LBS HIDL
-#attribute mtk_hal_lbs;
-#attribute mtk_hal_lbs_client;
-#attribute mtk_hal_lbs_server;
-
-# Date: 2017/06/27
-# IMSA HIDL
-attribute hal_imsa;
-attribute hal_imsa_client;
-attribute hal_imsa_server;
-
-# attribute that represents all MTK IMS types. It should be used by AP side module only.
-attribute mtkimsapdomain;
-#
-# # attribute that represents all MTK IMS types. It should be used by MD side module only.
-attribute mtkimsmddomain;
-
-# Date: 2017/07/19
-# PQ HIDL
-attribute hal_pq;
-attribute hal_pq_client;
-attribute hal_pq_server;
-
-# Date: 2017/07/28
-# KEY ATTESTATION HIDL
-attribute mtk_hal_keyattestation;
-attribute mtk_hal_keyattestation_client;
-attribute mtk_hal_keyattestation_server;
-# Date: 2017/07/13
-# NVRAM AGENT HIDL
-attribute hal_nvramagent;
-attribute hal_nvramagent_client;
-attribute hal_nvramagent_server;
-
-# Date: 2018/05/25
-# FM HIDL
-attribute mtk_hal_fm;
-attribute mtk_hal_fm_client;
-attribute mtk_hal_fm_server;
-
-# Date: 2018/03/23
-# log hidl
-attribute mtk_hal_log;
-attribute mtk_hal_log_client;
-attribute mtk_hal_log_server;
-
-# Date: 2018/06/26
-# em hidl
-attribute mtk_hal_em;
-attribute mtk_hal_em_client;
-attribute mtk_hal_em_server;
-
-# Date: 2018/07/02
-# MDP HIDL
-attribute hal_mms;
-attribute hal_mms_client;
-attribute hal_mms_server;
-
-attribute hal_mtkcodecservice_server;
-attribute hal_mtkcodecservice;
-
-attribute hal_atci;
-attribute hal_atci_client;
-attribute hal_atci_server;
-
-# Date: 2019/06/12
-# modem db filter hidl
-attribute mtk_hal_md_dbfilter_server;
-
-# Date: 2019/07/16
-# HDMI HIDL
-attribute hal_hdmi;
-attribute hal_hdmi_client;
-attribute hal_hdmi_server;
-
-# Date: 2019/09/06
-# BGService HIDL
-attribute mtk_hal_bgs;
-attribute mtk_hal_bgs_client;
-attribute mtk_hal_bgs_server;
-
-# DFPS HIDL
-attribute hal_dfps;
-attribute hal_dfps_client;
-attribute hal_dfps_server;

non_plat/audiocmdservice_atci.te

@@ -1,34 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/audiocmdservice_atci Executable File
-type audiocmdservice_atci ,domain;
-type audiocmdservice_atci_exec, exec_type, file_type, vendor_file_type;
-
-init_daemon_domain(audiocmdservice_atci)
-
-unix_socket_connect(atcid, atci-audio, audiocmdservice_atci);
-allow audiocmdservice_atci self:unix_stream_socket { create_socket_perms read write };
-
-# Access to storages for audio tuning tool to read/write tuning result
-allow audiocmdservice_atci { block_device device }:dir { write search };
-allow audiocmdservice_atci mnt_user_file:dir rw_dir_perms;
-allow audiocmdservice_atci { mnt_user_file storage_file }:lnk_file rw_file_perms;
-allow audiocmdservice_atci bootdevice_block_device:blk_file { read write };
-
-
-# can route /dev/binder traffic to /dev/vndbinder
-vndbinder_use(audiocmdservice_atci)
-binder_call(audiocmdservice_atci,mtk_hal_audio);
-
-#Android O porting
-hwbinder_use(audiocmdservice_atci)
-get_prop(audiocmdservice_atci, hwservicemanager_prop);
-#allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find;
-
-hal_client_domain(audiocmdservice_atci, hal_audio)
-
-#To access the file at /dev/kmsg
-allow audiocmdservice_atci kmsg_device:chr_file w_file_perms;
-
-userdebug_or_eng(`
-  allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin};
-')

non_plat/audioserver.te

@@ -1,57 +0,0 @@
-# ==============================================
-# MTK Policy Rule for vendor
-# ==============================================
-
-# Date: WK14.44
-# Operation : Migration
-# Purpose : EVDO
-allow audioserver rpc_socket:sock_file write;
-allow audioserver ttySDIO_device:chr_file rw_file_perms;
-
-# Data: WK14.44
-# Operation : Migration
-# Purpose : for low SD card latency issue
-allow audioserver sysfs_lowmemorykiller:file { read open };
-
-# Data: WK14.45
-# Operation : Migration
-# Purpose : for change thermal policy when needed
-allow audioserver proc_mtkcooler:dir search;
-allow audioserver proc_mtktz:dir search;
-allow audioserver proc_thermal:dir search;
-
-# Date : WK15.03
-# Operation : Migration
-# Purpose : offloadservice
-allow audioserver offloadservice_device:chr_file rw_file_perms;
-
-# Date : WK16.17
-# Operation : Migration
-# Purpose: read/open sysfs node
-allow audioserver sysfs_ccci:file r_file_perms;
-
-# Date : WK16.18
-# Operation : Migration
-# Purpose: research root dir "/"
-allow audioserver tmpfs:dir search;
-
-# Date : WK16.18
-# Operation : Migration
-# Purpose: access sysfs node
-allow audioserver sysfs_ccci:dir search;
-
-# Purpose: Dump debug info
-allow audioserver debugfs_binder:dir search;
-allow audioserver fuse:file write;
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow audioserver proc_ged:file rw_file_perms;
-
-# Date : WK16.48
-# Purpose: Allow to trigger AEE dump
-allow audioserver aee_aed:unix_stream_socket connectto;
-
-# Date: 2019/06/14
-# Operation : Migration
-get_prop(audioserver, vendor_default_prop)

non_plat/biosensord_nvram.te

@@ -1,33 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/biosensord_nvram Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type biosensord_nvram ,domain;
-type biosensord_nvram_exec , exec_type, file_type, vendor_file_type;
-type biosensord_nvram_file, file_type, data_file_type;
-
-# ==============================================
-# Android Policy Rule
-# ==============================================
-
-# ==============================================
-# NSA Policy Rule
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-init_daemon_domain(biosensord_nvram)
-
-# Data : WK16.21
-# Operation : New Feature
-# Purpose : For biosensor daemon can do nvram r/w to save calibration data
-allow biosensord_nvram nvdata_file:dir rw_dir_perms;
-allow biosensord_nvram nvdata_file:file {rw_file_perms create_file_perms};
-allow biosensord_nvram nvram_data_file:lnk_file rw_file_perms;
-allow biosensord_nvram biometric_device:chr_file { open ioctl read write };
-allow biosensord_nvram self:capability { chown fsetid };
-allow biosensord_nvram system_data_file:lnk_file read;

non_plat/bip.te

@@ -1,25 +0,0 @@
-type bip, domain, mtkimsmddomain;
-type bip_exec, exec_type, file_type, vendor_file_type;
-
-init_daemon_domain(bip)
-
-allow bip self:netlink_route_socket read;
-allow bip self:tcp_socket { create_socket_perms listen accept };
-allow bip self:udp_socket create_socket_perms;
-allow bip self:rawip_socket { read write create getattr bind setopt };
-
-allow bip socket_device:dir { write add_name remove_name };
-allow bip socket_device:sock_file { write create unlink };
-
-allow bip { node port netd }:udp_socket node_bind;
-allow bip { fwmarkd_socket property_socket }:sock_file write;
-allow bip init:unix_stream_socket connectto;
-
-allow bip port:tcp_socket { name_connect };
-allow bip rootfs:lnk_file getattr;
-allow bip ccci_device:chr_file rw_file_perms;
-allow bip node:rawip_socket node_bind;
-
-set_prop(bip, ril_mux_report_case_prop)
-set_prop(bip, ctl_muxreport-daemon_prop)
-get_prop(bip, net_dns_prop)

non_plat/bluetooth.te

@@ -1,25 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date:W17.07
-# Operation : bt hal developing
-# Purpose : bt hal interface permission
-binder_call(bluetooth, mtk_hal_bluetooth)
-
-allow bluetooth storage_stub_file:dir getattr;
-
-# Date: 2018/01/17
-#allow bluetooth to set property
-set_prop(bluetooth, vendor_bluetooth_prop)
-set_prop(bluetooth, debug_prop)
-
-# Date: 2018/02/02
-# Major permission allow are in /system/sepoplicy/private/bluetooth.te
-# Add dir create perms for bluetooth on /data/misc/bluetooth/logs
-allow bluetooth bluetooth_logs_data_file:dir { create_dir_perms relabelto };
-allow bluetooth bluetooth_logs_data_file:fifo_file { create_file_perms };
-
-# Date: 2019/06/14
-# Operation : Migration
-get_prop(bluetooth, mtk_amslog_prop)

non_plat/boot_logo_updater.te

@@ -1,22 +0,0 @@
-# ==============================================
-# Policy File of /system/binboot_logo_updater Executable File
-# ==============================================
-# Type Declaration
-# ==============================================
-
-# Date : WK14.43
-# Operation : Migration
-# Purpose : To access file directories and files like logo.bin
-allow boot_logo_updater logo_block_device:blk_file r_file_perms;
-# To access block files at  /dev/block/mmcblk0 ir /dev/block/sdc
-allow boot_logo_updater bootdevice_block_device:blk_file r_file_perms;
-
-#To access file at  /dev/logo
-allow boot_logo_updater logo_device:chr_file r_file_perms;
-# To access file at   /proc/lk_env
-allow boot_logo_updater proc_lk_env:file rw_file_perms;
-
-# Date : WK16.25
-# Operation : Global_Device/Uniservice Feature
-# Purpose : for it to read-write SysEnv data
-allow boot_logo_updater para_block_device:blk_file rw_file_perms;

non_plat/bootanim.te

@@ -1,39 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-# Date : WK14.37
-# Operation : Migration
-# Purpose : for opetator
-allow bootanim bootani_prop:property_service set;
-
-# Date : WK14.46
-# Operation : Migration
-# Purpose : For MTK Emulator HW GPU
-allow bootanim qemu_pipe_device:chr_file rw_file_perms;
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow bootanim proc_ged:file rw_file_perms;
-
-# Date : WK17.43
-# Operation : Migration
-# Purpose : For MTK perfmgr
-allow bootanim proc_perfmgr:dir r_dir_perms;
-allow bootanim proc_perfmgr:file r_file_perms;
-
-# Date : WK19.11
-# Operation : Migration
-# Purpose : Allow to access ged for ioctl related functions
-allowxperm bootanim proc_ged:file ioctl { proc_ged_ioctls };
-allowxperm bootanim proc_perfmgr:file ioctl {
-  PERFMGR_FPSGO_QUEUE
-  PERFMGR_FPSGO_DEQUEUE
-  PERFMGR_FPSGO_QUEUE_CONNECT
-  PERFMGR_FPSGO_BQID
-};
-
-# Date : WK19.48
-# Operation : Migration
-# Purpose : Allow to access gpu device search
-allow bootanim gpu_device:dir search;

non_plat/cameraserver.te

@@ -1,348 +0,0 @@
-# ==============================================================================
-# Policy File of /system/bin/cameraserver Executable File
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# -----------------------------------
-# Android O
-# Purpose: Allow cameraserver to perform binder IPC to servers and callbacks.
-# -----------------------------------
-
-# call camerahalserver
-binder_call(cameraserver, mtk_hal_camera)
-
-# call the graphics allocator hal
-binder_call(cameraserver, hal_graphics_allocator)
-
-# -----------------------------------
-# Android O
-# Purpose: Debugging
-# -----------------------------------
-# Purpose: adb shell dumpsys media.camera --unreachable
-allow cameraserver self:process { ptrace };
-
-# -----------------------------------
-# Purpose: property access
-# -----------------------------------
-allow cameraserver mtkcam_prop:file { open read getattr };
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : nvram access (dumchar case for nand and legacy chip)
-# allow cameraserver nvram_device:chr_file rw_file_perms;
-### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
-# #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind };
-# allow cameraserver self:capability { net_admin };
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : VP/VR
-# allow cameraserver devmap_device:chr_file { ioctl };
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : Smartcard Service
-### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
-# #allow cameraserver self:netlink_kobject_uevent_socket read;
-# allow cameraserver system_data_file:file open;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : media server and bt process communication for A2DP data.and other control flow
-# allow cameraserver bluetooth:unix_dgram_socket sendto;
-# allow cameraserver bt_a2dp_stream_socket:sock_file write;
-# allow cameraserver bt_int_adp_socket:sock_file write;
-
-# Date : WK14.37
-# Operation : Migration
-# Purpose : camera ioctl
-# allow cameraserver camera_sysram_device:chr_file r_file_perms;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : VDEC/VENC device node
-# allow cameraserver Vcodec_device:chr_file rw_file_perms;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose :  access nvram, otp, ccci cdoec devices.
-# allow cameraserver MtkCodecService:binder call;
-# allow cameraserver ccci_device:chr_file rw_file_perms;
-# allow cameraserver eemcs_device:chr_file rw_file_perms;
-# allow cameraserver devmap_device:chr_file r_file_perms;
-# allow cameraserver ebc_device:chr_file rw_file_perms;
-# allow cameraserver nvram_device:blk_file rw_file_perms;
-# allow cameraserver bootdevice_block_device:blk_file rw_file_perms;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : for SW codec VP/VR
-# allow cameraserver mtk_sched_device:chr_file rw_file_perms;
-
-# Date : WK14.38
-# Operation : Migration
-# Purpose : NVRam access
-# allow cameraserver block_device:dir { write search };
-
-# Date : WK14.38
-# Operation : Migration
-# Purpose : FM driver access
-# allow cameraserver fm_device:chr_file rw_file_perms;
-
-# Data : WK14.38
-# Operation : Migration
-# Purpose : for VP/VR
-# allow cameraserver block_device:dir search;
-# allow cameraserver FM50AF_device:chr_file rw_file_perms;
-# allow cameraserver AD5820AF_device:chr_file rw_file_perms;
-# allow cameraserver DW9714AF_device:chr_file rw_file_perms;
-# allow cameraserver DW9814AF_device:chr_file rw_file_perms;
-# allow cameraserver AK7345AF_device:chr_file rw_file_perms;
-# allow cameraserver DW9714A_device:chr_file rw_file_perms;
-# allow cameraserver LC898122AF_device:chr_file rw_file_perms;
-# allow cameraserver LC898212AF_device:chr_file rw_file_perms;
-# allow cameraserver BU6429AF_device:chr_file rw_file_perms;
-# allow cameraserver DW9718AF_device:chr_file rw_file_perms;
-# allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms;
-# allow cameraserver MAINAF_device:chr_file rw_file_perms;
-# allow cameraserver MAIN2AF_device:chr_file rw_file_perms;
-# allow cameraserver SUBAF_device:chr_file rw_file_perms;
-
-# Data : WK14.38
-# Operation : Migration
-# Purpose : for boot animation.
-# allow cameraserver bootanim:binder { transfer call };
-
-# allow cameraserver mtkbootanimation:binder { transfer call };
-# Data : WK14.38
-# Operation : Migration
-# Purpose : dump for debug
-# allow cameraserver sdcard_type:file append;
-
-# Date : WK14.39
-# Operation : Migration
-# Purpose : FDVT Driver
-# allow cameraserver camera_fdvt_device:chr_file rw_file_perms;
-
-# Date : WK14.39
-# Operation : Migration
-# Purpose : APE PLAYBACK
-# binder_call(cameraserver, MtkCodecService)
-
-# Data : WK14.39
-# Operation : Migration
-# Purpose : HW encrypt SW codec
-# allow cameraserver sec_device:chr_file r_file_perms;
-
-# Date : WK14.40
-# Operation : Migration
-# Purpose : HDMI driver access
-allow cameraserver graphics_device:chr_file rw_file_perms;
-
-# Date : WK14.40
-# Operation : Migration
-# Purpose : Smartpa
-# allow cameraserver smartpa_device:chr_file rw_file_perms;
-
-# Date : WK14.40
-# Operation : Migration
-# Purpose : mtk_jpeg
-# allow cameraserver mtk_jpeg_device:chr_file r_file_perms;
-
-# Date : WK14.41
-# Operation : Migration
-# Purpose : WFD HID Driver
-# allow cameraserver uhid_device:chr_file rw_file_perms;
-
-# Date : WK14.41
-# Operation : Migration
-# Purpose : Camera EEPROM Calibration
-# allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms;
-# allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms;
-# allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms;
-
-# Date : WK14.43
-# Operation : Migration
-# Purpose : VOW
-# allow cameraserver vow_device:chr_file rw_file_perms;
-
-# Date: WK14.44
-# Operation : Migration
-# Purpose : EVDO
-# allow cameraserver rpc_socket:sock_file write;
-# allow cameraserver ttySDIO_device:chr_file rw_file_perms;
-
-# Data: WK14.44
-# Operation : Migration
-# Purpose : VP
-# allow cameraserver surfaceflinger:file getattr;
-
-# Data: WK14.44
-# Operation : Migration
-# Purpose : for low SD card latency issue
-# allow cameraserver sysfs_lowmemorykiller:file { read open };
-
-# Data: WK14.45
-# Operation : Migration
-# Purpose : for change thermal policy when needed
-# allow cameraserver proc_mtkcooler:dir search;
-# allow cameraserver proc_mtktz:dir search;
-# allow cameraserver proc_thermal:dir search;
-
-# Date : WK14.46
-# Operation : Migration
-# Purpose : for MTK Emulator HW GPU
-# allow cameraserver qemu_pipe_device:chr_file rw_file_perms;
-
-# Date : WK14.46
-# Operation : Migration
-# Purpose : for camera init
-# allow cameraserver system_server:unix_stream_socket { read write };
-
-# Data : WK14.46
-# Operation : Migration
-# Purpose : for SMS app
-# allow cameraserver radio_data_file:dir search;
-# allow cameraserver radio_data_file:file open;
-
-# Data : WK14.47
-# Operation : Launch camcorder from MMS
-# Purpose : Camcorder
-# allow cameraserver radio_data_file:file open;
-
-# Data : WK14.47
-# Operation : CTS
-# Purpose : cts search strange app
-# allow cameraserver untrusted_app:dir search;
-
-# Date : WK15.03
-# Operation : Migration
-# Purpose : offloadservice
-# allow cameraserver offloadservice_device:chr_file rw_file_perms;
-
-# Date : WK15.32
-# Operation : Pre-sanity
-# Purpose : 3A algorithm need to access sensor service
-# allow cameraserver sensorservice_service:service_manager find;
-
-# Date : WK15.34
-# Operation : Migration
-# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
-# allow cameraserver system_data_file:dir write;
-# allow cameraserver storage_file:lnk_file {read write};
-# allow cameraserver mnt_user_file:dir {write read search};
-# allow cameraserver mnt_user_file:lnk_file {read write};
-
-# Date : WK15.35
-# Operation : Migration
-# Purpose: Allow cameraserver to read binder from surfaceflinger
-# allow cameraserver surfaceflinger:fifo_file {read write};
-
-# Date : WK15.46
-# Operation : Migration
-# Purpose : DPE Driver
-# allow cameraserver camera_dpe_device:chr_file rw_file_perms;
-
-# Date : WK15.46
-# Operation : Migration
-# Purpose : TSF Driver
-# allow cameraserver camera_tsf_device:chr_file rw_file_perms;
-
-# Date : WK16.20
-# Operation : Migration
-# Purpose: research root dir "/"
-allow cameraserver tmpfs:dir search;
-
-# Date : WK16.21
-# Operation : Migration
-# Purpose : EGL file access
-allow cameraserver system_file:dir { read open };
-allow cameraserver gpu_device:chr_file rw_file_perms;
-allow cameraserver gpu_device:dir search;
-
-# Date : WK16.30
-# Operation : Migration
-# Purpose :  Use file_type_auto_trans to specify label to avoid violated(never allow)
-# allow cameraserver property_socket:sock_file write;
-# allow cameraserver proc:file getattr;
-# allow cameraserver shell_exec:file { execute read getattr open};
-# allow cameraserver init:unix_stream_socket connectto;
-
-# Date : WK16.32
-# Operation : Migration
-# Purpose : RSC Driver
-# allow cameraserver camera_rsc_device:chr_file rw_file_perms;
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow cameraserver proc_ged:file rw_file_perms;
-allowxperm cameraserver proc_ged:file ioctl { proc_ged_ioctls };
-
-# Date : WK16.33
-# Operation : Migration
-# Purpose : GEPF Driver
-# allow cameraserver camera_gepf_device:chr_file rw_file_perms;
-
-# Date : WK16.35
-# Operation : Migration
-# Purpose : Update camera flashlight driver device file
-# allow cameraserver flashlight_device:chr_file rw_file_perms;
-
-# Data : WK16.42
-# Operator: Whitney bring up
-# Purpose: call surfaceflinger due to powervr
-# allow cameraserver surfaceflinger:fifo_file rw_file_perms;
-
-# Date : WK16.43
-# Operation : Migration
-# Purpose : WPE Driver
-# allow cameraserver camera_wpe_device:chr_file rw_file_perms;
-
-# Date : WK16.49
-# Operation : label aee_aed sockets
-# Purpose : Engineering mode need access for aee commmand
-# userdebug_or_eng(`
-# allow cameraserver aee_aed:unix_stream_socket connectto;
-# ')
-
-# Purpose: Allow to access debugfs_ion dir.
-allow cameraserver system_data_file:lnk_file read;
-
-# Date : WK17.19
-# Operation : Migration
-# Purpose : OWE Driver
-# allow cameraserver camera_owe_device:chr_file rw_file_perms;
-
-# Date : WK17.25
-# Operation : Migration
-allow cameraserver debugfs_ion:dir search;
-
-# Date : WK17.30
-# Operation : O Migration
-# Purpose: Allow to access cmdq driver
-# allow cameraserver mtk_cmdq_device:chr_file { read ioctl open };
-
-# Date : WK17.44
-# Operation : Migration
-# Purpose : DIP Driver
-# allow cameraserver camera_dip_device:chr_file rw_file_perms;
-
-# Date : WK17.44
-# Operation : Migration
-# Purpose : MFB Driver
-# allow cameraserver camera_mfb_device:chr_file rw_file_perms;
-
-# Date : WK17.49
-# Operation : MT6771 SQC
-# Purpose: Allow permgr access
-allow cameraserver proc_perfmgr:dir {read search};
-allow cameraserver proc_perfmgr:file r_file_perms;
-allowxperm cameraserver proc_perfmgr:file ioctl {
-  PERFMGR_FPSGO_QUEUE
-  PERFMGR_FPSGO_DEQUEUE
-  PERFMGR_FPSGO_QUEUE_CONNECT
-  PERFMGR_FPSGO_BQID
-};
-

non_plat/ccci_fsd.te

@@ -1,69 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/ccci_fsd Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type ccci_fsd_exec, exec_type, file_type, vendor_file_type;
-type ccci_fsd, domain;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(ccci_fsd)
-
-wakelock_use(ccci_fsd)
-
-#============= ccci_fsd MD NVRAM==============
-allow ccci_fsd nvram_data_file:dir create_dir_perms;
-allow ccci_fsd nvram_data_file:file create_file_perms;
-allow ccci_fsd nvram_data_file:lnk_file read;
-allow ccci_fsd nvdata_file:lnk_file read;
-allow ccci_fsd nvdata_file:dir create_dir_perms;
-allow ccci_fsd nvdata_file:file create_file_perms;
-allow ccci_fsd nvram_device:chr_file rw_file_perms;
-allow ccci_fsd system_data_file:lnk_file read;
-allow ccci_fsd vendor_configs_file:file r_file_perms;
-allow ccci_fsd vendor_configs_file:dir r_dir_perms;
-
-#============= ccci_fsd device/path/data access==============
-allow ccci_fsd ccci_device:chr_file rw_file_perms;
-allow ccci_fsd ccci_cfg_file:dir create_dir_perms;
-allow ccci_fsd ccci_cfg_file:file create_file_perms;
-#============= ccci_fsd MD Data==============
-allow ccci_fsd protect_f_data_file:dir create_dir_perms;
-allow ccci_fsd protect_f_data_file:file create_file_perms;
-
-allow ccci_fsd protect_s_data_file:dir create_dir_perms;
-allow ccci_fsd protect_s_data_file:file create_file_perms;
-#============= ccci_fsd MD3 related==============
-allow ccci_fsd c2k_file:dir create_dir_perms;
-allow ccci_fsd c2k_file:file create_file_perms;
-allow ccci_fsd otp_part_block_device:blk_file rw_file_perms;
-allow ccci_fsd otp_device:chr_file rw_file_perms;
-allow ccci_fsd sysfs:file r_file_perms;
-allow ccci_fsd sysfs_boot_type:file { read open };
-#============= ccci_fsd MD block data==============
-##restore>NVM_GetDeviceInfo>open  /dev/block/platform/bootdevice/by-name/nvram
-allow ccci_fsd block_device:dir search;
-allow ccci_fsd nvram_device:blk_file rw_file_perms;
-allow ccci_fsd nvdata_device:blk_file rw_file_perms;
-#============= ccci_fsd cryption related ==============
-allow ccci_fsd rawfs:dir create_dir_perms;
-allow ccci_fsd rawfs:file create_file_perms;
-#============= ccci_fsd sysfs related ==============
-allow ccci_fsd sysfs_ccci:dir search;
-allow ccci_fsd sysfs_ccci:file r_file_perms;
-
-#============= ccci_fsd ==============
-allow ccci_fsd mnt_vendor_file:dir search;
-
-# Purpose: for fstab parser
-allow ccci_fsd kmsg_device:chr_file w_file_perms;
-allow ccci_fsd proc_lk_env:file rw_file_perms;
-
-#============= ccci_fsd MD Low Power Monitor Related ==============
-allow ccci_fsd ccci_data_md1_file:dir create_dir_perms;
-allow ccci_fsd ccci_data_md1_file:file create_file_perms;
-allow ccci_fsd sysfs_mmcblk:dir search;
-allow ccci_fsd sysfs_mmcblk:file { read getattr open };

non_plat/ccci_mdinit.te

@@ -1,114 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/ccci_mdinit Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type ccci_mdinit_exec , exec_type, file_type, vendor_file_type;
-type ccci_mdinit ,domain;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(ccci_mdinit)
-wakelock_use(ccci_mdinit)
-#=============allow ccci_mdinit to start gsm0710muxd==============
-set_prop(ccci_mdinit, ctl_gsm0710muxd_prop)
-#=============allow ccci_mdinit to start emcsmdlogger==============
-set_prop(ccci_mdinit, ctl_mdlogger_prop)
-#=============allow ccci_mdinit to start c2krild==============
-set_prop(ccci_mdinit, ctl_viarild_prop)
-#=============allow ccci_mdinit to start/stop rild, mdlogger==============
-set_prop(ccci_mdinit, ctl_mdlogger_prop)
-set_prop(ccci_mdinit, ctl_emdlogger1_prop)
-set_prop(ccci_mdinit, ctl_emdlogger2_prop)
-set_prop(ccci_mdinit, ctl_emdlogger3_prop)
-set_prop(ccci_mdinit, ctl_dualmdlogger_prop)
-set_prop(ccci_mdinit, ctl_gsm0710muxd_prop)
-set_prop(ccci_mdinit, ctl_gsm0710muxd-s_prop)
-set_prop(ccci_mdinit, ctl_gsm0710muxd-d_prop)
-set_prop(ccci_mdinit, ctl_rildaemon_prop)
-set_prop(ccci_mdinit, ctl_ril-daemon-mtk_prop)
-set_prop(ccci_mdinit, ctl_fusion_ril_mtk_prop)
-set_prop(ccci_mdinit, ctl_ril-daemon-s_prop)
-set_prop(ccci_mdinit, ctl_ril-daemon-d_prop)
-set_prop(ccci_mdinit, ctl_ril-proxy_prop)
-set_prop(ccci_mdinit, ril_active_md_prop)
-set_prop(ccci_mdinit, mtk_md_prop)
-#set_prop(ccci_mdinit, radio_prop)
-set_prop(ccci_mdinit, net_cdma_mdmstat)
-set_prop(ccci_mdinit, ctl_start_prop)
-#=============allow ccci_mdinit to get tel_switch_prop==============
-get_prop(ccci_mdinit, tel_switch_prop)
-
-#=============allow ccci_mdinit to start/stop fsd==============
-set_prop(ccci_mdinit, ctl_ccci_fsd_prop)
-set_prop(ccci_mdinit, ctl_ccci2_fsd_prop)
-set_prop(ccci_mdinit, ctl_ccci3_fsd_prop)
-
-get_prop(ccci_mdinit, vendor_default_prop)
-get_prop(ccci_mdinit, init_svc_emdlogger1_prop)
-get_prop(ccci_mdinit, init_svc_aee_aedv_prop)
-
-allow ccci_mdinit ccci_device:chr_file rw_file_perms;
-allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms;
-
-#=============allow ccci_mdinit to access MD NVRAM==============
-allow ccci_mdinit nvram_data_file:dir rw_dir_perms;
-allow ccci_mdinit nvram_data_file:file create_file_perms;
-allow ccci_mdinit nvram_data_file:lnk_file read;
-allow ccci_mdinit nvdata_file:lnk_file read;
-allow ccci_mdinit nvdata_file:dir rw_dir_perms;
-allow ccci_mdinit nvdata_file:file create_file_perms;
-allow ccci_mdinit nvram_device:chr_file rw_file_perms;
-allow ccci_mdinit system_data_file:lnk_file read;
-
-#=============allow ccci_mdinit to access ccci config==============
-allow ccci_mdinit protect_f_data_file:dir rw_dir_perms;
-allow ccci_mdinit protect_f_data_file:file create_file_perms;
-#=============allow ccci_mdinit to property==============
-allow ccci_mdinit protect_s_data_file:dir rw_dir_perms;
-allow ccci_mdinit protect_s_data_file:file create_file_perms;
-allow ccci_mdinit nvram_device:blk_file rw_file_perms;
-allow ccci_mdinit nvdata_device:blk_file rw_file_perms;
-
-set_prop(ccci_mdinit, ril_mux_report_case_prop)
-
-allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
-allow ccci_mdinit ccci_cfg_file:file create_file_perms;
-#===============security relate ==========================
-allow ccci_mdinit preloader_device:chr_file rw_file_perms;
-allow ccci_mdinit misc_sd_device:chr_file r_file_perms;
-allow ccci_mdinit sec_ro_device:chr_file r_file_perms;
-
-allow ccci_mdinit custom_file:dir r_dir_perms;
-allow ccci_mdinit custom_file:file r_file_perms;
-
-# Purpose : for nand partition access
-allow ccci_mdinit mtd_device:dir search;
-allow ccci_mdinit mtd_device:chr_file rw_file_perms;
-allow ccci_mdinit devmap_device:chr_file r_file_perms;
-# Purpose : for device bring up, not to block early migration/sanity
-allow ccci_mdinit proc_lk_env:file rw_file_perms;
-allow ccci_mdinit para_block_device:blk_file rw_file_perms;
-#============= ccci_mdinit sysfs related ==============
-allow ccci_mdinit sysfs_ccci:dir search;
-allow ccci_mdinit sysfs_ccci:file rw_file_perms;
-allow ccci_mdinit sysfs_ssw:dir search;
-allow ccci_mdinit sysfs_ssw:file r_file_perms;
-allow ccci_mdinit sysfs:file r_file_perms;
-allow ccci_mdinit sysfs_boot_mode:file { read open };
-
-# Purpose : Allow ccci_mdinit to open and read/write /proc/bootprof
-allow ccci_mdinit proc_bootprof:file rw_file_perms;
-
-# Date : WK18.21
-# Operation: P migration
-# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
-allow ccci_mdinit mnt_vendor_file:dir search;
-
-# Purpose : Allow ccci_mdinit call sysenv_get and sysenv_set
-allow ccci_mdinit block_device:dir search;
-allow ccci_mdinit metadata_file:dir search;
-allow ccci_mdinit proc_cmdline:file r_file_perms;
-allow ccci_mdinit sysfs_dt_firmware_android:dir search;

non_plat/cmddumper.te

@@ -1,31 +0,0 @@
-#cmddumper access external modem ttySDIO2
-allow cmddumper ttySDIO_device:chr_file { read write ioctl open };
-
-# for modem logging sdcard access
-allow cmddumper sdcard_type:dir create_dir_perms;
-allow cmddumper sdcard_type:file create_file_perms;
-
-# cmddumper  access on /data/mdlog
-allow cmddumper mdlog_data_file:fifo_file create_file_perms;
-allow cmddumper mdlog_data_file:file create_file_perms;
-allow cmddumper mdlog_data_file:dir { create_dir_perms relabelto };
-
-#allow emdlogger to set property
-allow cmddumper debug_mdlogger_prop:property_service set;
-allow cmddumper debug_prop:property_service set;
-
-# purpose: allow cmddumper to access storage in N version
-allow cmddumper media_rw_data_file:file  { create_file_perms };
-allow cmddumper media_rw_data_file:dir { create_dir_perms };
-
-# purpose: access plat_file_contexts
-allow cmddumper file_contexts_file:file { read getattr open };
-
-# purpose: access /sys/devices/virtual/BOOT/BOOT/boot/boot_mode
-allow cmddumper sysfs_boot_mode:file { read open };
-
-# Android P migration
-set_prop(cmddumper, persist_mtklog_prop)
-set_prop(cmddumper, vendor_mdl_prop)
-allow cmddumper tmpfs:lnk_file read;
-allow cmddumper vmodem_device:chr_file { read write ioctl open };

non_plat/connsyslogger.te

@@ -1,83 +0,0 @@
-
-# Policy File of /system/bin/connsyslogger Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-# Purpose : for create hidl server
-#hal_server_domain(connsyslogger, mtk_hal_log)
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-#for logging sdcard access
-allow connsyslogger fuse:dir { create_dir_perms };
-allow connsyslogger fuse:file { create_file_perms };
-
-#consys logger access on /data/consyslog
-allow connsyslogger consyslog_data_file:dir { create_dir_perms relabelto };
-allow connsyslogger consyslog_data_file:fifo_file { create_file_perms };
-allow connsyslogger consyslog_data_file:file { create_file_perms };
-allow connsyslogger system_data_file:dir { create_dir_perms relabelfrom};
-
-#consys logger socket access
-#allow connsyslogger property_socket:sock_file write;
-#allow connsyslogger init:unix_stream_socket connectto;
-
-allow connsyslogger tmpfs:lnk_file { create_file_perms };
-
-# purpose: avc: denied { read } for name="plat_file_contexts"
-allow connsyslogger file_contexts_file:file { read getattr open map};
-
-#logger SD logging in factory mode
-allow connsyslogger vfat:dir create_dir_perms;
-allow connsyslogger vfat:file create_file_perms;
-
-#logger permission in storage in android M version
-allow connsyslogger mnt_user_file:dir search;
-allow connsyslogger mnt_user_file:lnk_file read;
-allow connsyslogger storage_file:lnk_file read;
-
-#permission for use SELinux API
-allow connsyslogger rootfs:file r_file_perms;
-
-#permission for storage access storage
-allow connsyslogger storage_file:dir { create_dir_perms };
-allow connsyslogger storage_file:file { create_file_perms };
-
-#permission for read boot mode
-allow connsyslogger sysfs_boot_mode:file { read open };
-
-allow connsyslogger fw_log_wifi_device:chr_file {read write open ioctl};
-allow connsyslogger fw_log_bt_device:chr_file {read write open ioctl};
-allow connsyslogger fw_log_gps_device:chr_file {read write open ioctl};
-allow connsyslogger fw_log_wmt_device:chr_file {read write open ioctl};
-
-allow connsyslogger sdcardfs:dir { create_dir_perms };
-allow connsyslogger sdcardfs:file { create_file_perms };
-allow connsyslogger rootfs:lnk_file getattr;
-
-allow connsyslogger media_rw_data_file:file  { create_file_perms };
-allow connsyslogger media_rw_data_file:dir { create_dir_perms };
-
-set_prop(connsyslogger, vendor_connsysfw_prop)
-
-allow connsyslogger vendor_configs_file:file map;
-#permission to get driver ready status
-get_prop(connsyslogger, wmt_prop)
-
-#Date:2019/03/25
-# purpose: allow connsyslogger to access persist.meta.connecttype
-get_prop(connsyslogger, meta_connecttype_prop);
-
-#Date:2019/03/25
-# purpose: allow emdlogger to create socket
-allow connsyslogger port:tcp_socket { name_connect name_bind };
-allow connsyslogger connsyslogger:tcp_socket { create_stream_socket_perms };
-allow connsyslogger node:tcp_socket node_bind;
-
-#Date:2019/03/25
-# usb device ttyGSx for modem logger usb logging
-allow connsyslogger ttyGS_device:chr_file { rw_file_perms};
-
-

non_plat/device.te

@@ -1,290 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-type devmap_device, dev_type;
-type ttyMT_device, dev_type;
-type ttyS_device, dev_type;
-type ttySDIO_device, dev_type;
-type vmodem_device, dev_type;
-type stpwmt_device, dev_type;
-type wmtdetect_device, dev_type;
-type wmtWifi_device, dev_type;
-type stpbt_device, dev_type;
-type fw_log_bt_device, dev_type;
-type stpant_device, dev_type;
-type fm_device, dev_type;
-type stpgps_device, dev_type;
-type gpsdl_device, dev_type;
-type fw_log_gps_device, dev_type;
-type fw_log_wmt_device, dev_type;
-type fw_log_wifi_device, dev_type;
-type pmem_multimedia_device, dev_type;
-type mt6516_isp_device, dev_type;
-type mt6516_IDP_device, dev_type;
-type mt9p012_device, dev_type;
-type mt6516_jpeg_device, dev_type;
-type FM50AF_device, dev_type;
-type DW9714AF_device, dev_type;
-type DW9814AF_device, dev_type;
-type AK7345AF_device, dev_type;
-type DW9714A_device, dev_type;
-type LC898122AF_device, dev_type;
-type LC898212AF_device, dev_type;
-type BU6429AF_device, dev_type;
-type AD5820AF_device, dev_type;
-type DW9718AF_device, dev_type;
-type BU64745GWZAF_device, dev_type;
-type MAINAF_device, dev_type;
-type MAIN2AF_device, dev_type;
-type SUBAF_device, dev_type;
-type M4U_device_device, dev_type;
-type Vcodec_device, dev_type;
-type MJC_device, dev_type;
-type smartpa_device, dev_type;
-type smartpa1_device, dev_type;
-type uio0_device, dev_type;
-type xt_qtaguid_device, dev_type;
-type rfkill_device, dev_type;
-type sw_sync_device, dev_type, mlstrustedobject;
-type sec_device, dev_type;
-type hid_keyboard_device, dev_type;
-type btn_device, dev_type;
-type uinput_device, dev_type;
-type TV_out_device, dev_type;
-type gz_device, dev_type;
-type camera_sysram_device, dev_type;
-type camera_isp_device, dev_type;
-type camera_dip_device, dev_type;
-type camera_dpe_device, dev_type;
-type camera_tsf_device, dev_type;
-type camera_fdvt_device, dev_type;
-type camera_rsc_device, dev_type;
-type camera_gepf_device, dev_type;
-type camera_wpe_device, dev_type;
-type camera_owe_device, dev_type;
-type camera_mfb_device, dev_type;
-type camera_pipemgr_device, dev_type;
-type ccu_device, dev_type;
-type vpu_device, dev_type, mlstrustedobject;
-type mdla_device, dev_type, mlstrustedobject;
-type mtk_jpeg_device, dev_type;
-type kd_camera_hw_device, dev_type;
-type seninf_device, dev_type;
-type kd_camera_flashlight_device, dev_type;
-type flashlight_device, dev_type;
-type kd_camera_hw_bus2_device, dev_type;
-type MATV_device, dev_type;
-type mt_otg_test_device, dev_type;
-type mt_mdp_device, dev_type;
-type mtkg2d_device, dev_type;
-type misc_sd_device, dev_type;
-type mtk_sched_device, dev_type;
-type ampc0_device, dev_type;
-type mmp_device, dev_type;
-type ttyGS_device, dev_type;
-type CAM_CAL_DRV_device, dev_type;
-type CAM_CAL_DRV1_device, dev_type;
-type CAM_CAL_DRV2_device, dev_type;
-type MTK_SMI_device, dev_type;
-type mtk_cmdq_device, dev_type;
-type mtk_mdp_device, dev_type;
-type mtk_rrc_device, dev_type;
-type ebc_device, dev_type;
-type vow_device, dev_type;
-type MT6516_H264_DEC_device, dev_type;
-type MT6516_Int_SRAM_device, dev_type;
-type MT6516_MM_QUEUE_device, dev_type;
-type MT6516_MP4_DEC_device, dev_type;
-type MT6516_MP4_ENC_device, dev_type;
-type sensor_device, dev_type;
-type aed_device, dev_type;
-type ccci_device, dev_type;
-type ccci_monitor_device, dev_type;
-type gsm0710muxd_device, dev_type;
-type eemcs_device, dev_type;
-type emd_device, dev_type;
-type mt6605_device, dev_type;
-type st21nfc_device, dev_type;
-type st54spi_device, dev_type;
-type exm0_device, dev_type;
-type mmcblk_device, dev_type;
-type BOOT_device, dev_type;
-type MT_pmic_device, dev_type;
-type aal_als_device, dev_type;
-type accdet_device, dev_type;
-type android_device, dev_type;
-type bmtpool_device, dev_type;
-type bootimg_device, dev_type;
-type btif_device, dev_type;
-type cache_device, dev_type;
-type cpu_dma_latency_device, dev_type;
-type dummy_cam_cal_device, dev_type;
-type ebr_device, dev_type;
-type expdb_device, dev_type;
-type fat_device, dev_type;
-type logo_device, dev_type;
-type loop-control_device, dev_type;
-type mbr_device, dev_type;
-type met_device, dev_type;
-type misc_device, dev_type;
-type misc2_device, dev_type;
-type mtfreqhopping_device, dev_type;
-type mtgpio_device, dev_type;
-type mtk_kpd_device, dev_type;
-type network_device, dev_type;
-type nvram_device, dev_type;
-type pmt_device, dev_type;
-type preloader_device, dev_type;
-type pro_info_device, dev_type;
-type protect_f_device, dev_type;
-type protect_s_device, dev_type;
-type psaux_device, dev_type;
-type ptyp_device, dev_type;
-type recovery_device, dev_type;
-type sec_ro_device, dev_type;
-type seccfg_device, dev_type;
-type tee_part_device, dev_type;
-type snapshot_device, dev_type;
-type tgt_device, dev_type;
-type touch_device, dev_type;
-type tpd_em_log_device, dev_type;
-type ttyp_device, dev_type;
-type uboot_device, dev_type;
-type uibc_device, dev_type;
-type usrdata_device, dev_type;
-type zram0_device, dev_type;
-type hwzram0_device, dev_type;
-type RT_Monitor_device, dev_type;
-type kick_powerkey_device, dev_type;
-type agps_device, dev_type;
-type mnld_device, dev_type;
-type geo_device, dev_type;
-type mdlog_device, dev_type;
-type md32_device, dev_type;
-type scp_device, dev_type;
-type adsp_device, dev_type;
-type audio_scp_device, dev_type;
-type sspm_device, dev_type;
-type etb_device, dev_type;
-type MT_pmic_adc_cali_device, dev_type;
-type mtk-adc-cali_device, dev_type;
-type MT_pmic_cali_device,dev_type;
-type otp_device, dev_type;
-type otp_part_block_device, dev_type;
-type qemu_pipe_device, dev_type;
-type icusb_device, dev_type;
-type nlop_device, dev_type;
-type irtx_device, dev_type;
-type pmic_ftm_device, dev_type;
-type charger_ftm_device, dev_type;
-type shf_device, dev_type;
-type keyblock_device, dev_type;
-type offloadservice_device, dev_type;
-type ttyACM_device, dev_type;
-type hrm_device, dev_type;
-type lens_device, dev_type;
-type nvdata_device, dev_type;
-type nvcfg_device, dev_type;
-type expdb_block_device, dev_type;
-type misc2_block_device, dev_type;
-type logo_block_device, dev_type;
-type para_block_device, dev_type;
-type tee_block_device, dev_type;
-type seccfg_block_device, dev_type;
-type secro_block_device, dev_type;
-type preloader_block_device, dev_type;
-type lk_block_device, dev_type;
-type protect1_block_device, dev_type;
-type protect2_block_device, dev_type;
-type keystore_block_device, dev_type;
-type oemkeystore_block_device, dev_type;
-type sec1_block_device, dev_type;
-type md1img_block_device, dev_type;
-type md1dsp_block_device, dev_type;
-type md1arm7_block_device, dev_type;
-type md3img_block_device, dev_type;
-type mmcblk1_block_device, dev_type;
-type mmcblk1p1_block_device, dev_type;
-type bootdevice_block_device, dev_type;
-type odm_block_device, dev_type;
-type oem_block_device, dev_type;
-type vendor_block_device, dev_type;
-type dtbo_block_device, dev_type;
-type loader_ext_block_device, dev_type;
-type spm_device, dev_type;
-type persist_block_device, dev_type;
-type md_block_device, dev_type;
-type spmfw_block_device, dev_type;
-type mcupmfw_block_device, dev_type;
-type scp_block_device, dev_type;
-type sspm_block_device, dev_type;
-type dsp_block_device, dev_type;
-type ppl_block_device, dev_type;
-type nvcfg_block_device, dev_type;
-type ancservice_device, dev_type;
-type mbim_device, dev_type;
-type audio_ipi_device, dev_type;
-type cam_vpu_block_device,dev_type;
-type boot_para_block_device,dev_type;
-type mtk_dfrc_device, dev_type;
-type vbmeta_block_device, dev_type;
-type alarm_device, dev_type;
-type mdp_device, dev_type;
-type mrdump_device, dev_type;
-type kb_block_device,dev_type;
-type dkb_block_device,dev_type;
-
-##########################
-# Sensor common Devices Start
-#
-type hwmsensor_device, dev_type;
-type msensor_device, dev_type;
-type gsensor_device, dev_type;
-type als_ps_device, dev_type;
-type gyroscope_device, dev_type;
-type barometer_device,dev_type;
-type humidity_device,dev_type;
-type biometric_device,dev_type;
-type sensorlist_device,dev_type;
-##########################
-# Sensor Devices Start
-#
-type m_batch_misc_device, dev_type;
-##########################
-# Sensor bio Devices Start
-#
-type m_als_misc_device, dev_type;
-type m_ps_misc_device, dev_type;
-type m_baro_misc_device, dev_type;
-type m_hmdy_misc_device, dev_type;
-type m_acc_misc_device, dev_type;
-type m_mag_misc_device, dev_type;
-type m_gyro_misc_device, dev_type;
-type m_act_misc_device, dev_type;
-type m_pedo_misc_device, dev_type;
-type m_situ_misc_device, dev_type;
-type m_step_c_misc_device, dev_type;
-type m_fusion_misc_device, dev_type;
-type m_bio_misc_device, dev_type;
-
-# Date : 2016/07/11
-# Operation : Migration
-# Purpose : Add permission for gpu access
-type dri_device, dev_type, mlstrustedobject;
-
-# TEE
-type teei_fp_device, dev_type;
-type teei_rpmb_device, dev_type;
-type teei_config_device, dev_type;
-type teei_vfs_device, dev_type;
-
-type teei_client_device, dev_type;
-typeattribute teei_client_device mlstrustedobject;
-
-# Keymaster
-type ut_keymaster_device, dev_type;
-
-# VPU
-type vpud_device, dev_type;
-type vcu_device, dev_type;

non_plat/domain.te

@@ -1,33 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Grant read access to mtk core property type which represents all
-# mtk properties except those with ctl_xxx prefix.
-# Align Google change: f01453ad453b29dd723838984ea03978167491e5
-get_prop(domain, mtk_core_property_type)
-
-# Allow all processes to search /sys/kernel/debug/binder/ since it's has been
-# labeled with specific debugfs label and many violations to dir search debugfs_binder
-# are observed. Grant domain to suppress the violations as originally "debugfs:dir search"
-# is also allowed to domain as well in Google default domain.te
-allow domain debugfs_binder:dir search;
-
-# Allow all processes to read /sys/bus/platform/drivers/dev_info/dev_info
-# as it is a public interface for all processes to read some OTP data.
-allow {
-  domain
-  -isolated_app
-} sysfs_devinfo:file r_file_perms;
-
-# Date:20170630
-# Purpose: allow trusted process to connect aee daemon
-#allow {
-#  coredomain
-#  -untrusted_app_all
-#} aee_aed:unix_stream_socket connectto;
-allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto;
-allow { domain -coredomain -hal_configstore_server -vendor_init } aee_exp_vendor_file:file w_file_perms;
-allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:fd use;
-
-allow domain debugfs_ion:dir search;

non_plat/drmserver.te

@@ -1,7 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow drmserver proc_ged:file rw_file_perms;

non_plat/dumpstate.te

@@ -1,186 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Purpose: aee_dumpstate set surfaceflinger property
-set_prop(dumpstate, debug_bq_dump_prop);
-
-# Purpose: access dev/aed0
-allow dumpstate aed_device:chr_file { read getattr };
-
-# Purpose: data/dumpsys/*
-allow dumpstate aee_dumpsys_data_file:dir { w_dir_perms };
-allow dumpstate aee_dumpsys_data_file:file { create_file_perms };
-
-# Purpose: data/aee_exp/*
-allow dumpstate aee_exp_data_file:dir { w_dir_perms };
-allow dumpstate aee_exp_data_file:file { create_file_perms };
-
-# Purpose: debugfs files
-allow dumpstate debugfs:lnk_file read;
-allow dumpstate debugfs_binder:dir { read open };
-allow dumpstate debugfs_binder:file { read open };
-allow dumpstate debugfs_blockio:file { read open };
-allow dumpstate debugfs_fb:dir search;
-allow dumpstate debugfs_fb:file { read open };
-allow dumpstate debugfs_fuseio:dir search;
-allow dumpstate debugfs_fuseio:file { read open };
-allow dumpstate debugfs_ged:dir search;
-allow dumpstate debugfs_ged:file { read open };
-allow dumpstate debugfs_rcu:dir search;
-allow dumpstate debugfs_shrinker_debug:file { read open };
-allow dumpstate debugfs_wakeup_sources:file { read open };
-allow dumpstate debugfs_dmlog_debug:file { read open };
-allow dumpstate debugfs_page_owner_slim_debug:file { read open };
-allow dumpstate debugfs_ion_mm_heap:dir search;
-allow dumpstate debugfs_ion_mm_heap:file { read open };
-allow dumpstate debugfs_ion_mm_heap:lnk_file read;
-allow dumpstate debugfs_cpuhvfs:dir search;
-allow dumpstate debugfs_cpuhvfs:file { read open };
-allow dumpstate debugfs_vpu_device_dbg:file { read open };
-
-# Purpose: /sys/kernel/ccci/md_chn
-allow dumpstate sysfs_ccci:dir search;
-allow dumpstate sysfs_ccci:file { read open };
-
-# Purpose: leds status
-allow dumpstate sysfs_leds:lnk_file read;
-
-# Purpose: /sys/module/lowmemorykiller/parameters/adj
-allow dumpstate sysfs_lowmemorykiller:file { read open };
-allow dumpstate sysfs_lowmemorykiller:dir search;
-
-# Purpose: /dev/block/mmcblk0p10
-allow dumpstate expdb_block_device:blk_file { read write ioctl open };
-
-#/data/anr/SF_RTT
-allow dumpstate sf_rtt_file:dir { search getattr };
-
-# Data : 2017/03/22
-# Operation : add fd use selinux rule
-# Purpose : type=1400 audit(0.0:81356): avc: denied { use } for path="/system/bin/linker"
-#           dev="mmcblk0p26" ino=250 scontext=u:r:dumpstate:s0
-#           tcontext=u:r:aee_aed:s0 tclass=fd permissive=0
-allow dumpstate aee_aed:fd use;
-allow dumpstate aee_aed:unix_stream_socket { read write ioctl };
-
-# private define
-# allow dumpstate config_gz:file read;
-
-allow dumpstate sysfs_leds:dir r_dir_perms;
-
-# Purpose: 01-01 08:30:57.260  3070  3070 W aee_dumpstate: type=1400 audit(0.0:13196): avc: denied
-# { read } for name="SF_dump" dev="dm-0" ino=352257 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
-# sf_bqdump_data_file:s0 tclass=dir permissive=0
-allow dumpstate sf_bqdump_data_file:dir r_dir_perms;
-allow dumpstate sf_bqdump_data_file:file r_file_perms;
-
-# Purpose:
-# 01-01 17:59:14.440  7664  7664 I aee_dumpstate: type=1400 audit(0.0:63497):
-# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev=
-# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
-# tracing_shell_writable:s0 tclass=file permissive=1
-allow dumpstate debugfs_tracing:file rw_file_perms;
-
-# Data : WK17.03
-# Purpose: Allow to access gpu
-allow dumpstate gpu_device:dir search;
-
-# Purpose: Allow aee_dumpstate to invoke "lshal debug <interface>", where <interface> is "ICameraProvider".
-allow dumpstate mtk_hal_camera:binder { call };
-
-# Purpose: Allow aee_dumpstate to read /proc/slabinfo
-allow dumpstate proc_slabinfo:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/zraminfo
-allow dumpstate proc_zraminfo:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/gpulog
-allow dumpstate proc_gpulog:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/sched_debug
-allow dumpstate proc_sched_debug:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to read /proc/chip/hw_ver
-allow dumpstate proc_chip:file r_file_perms;
-
-# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
-allow dumpstate sysfs_vibrator_setting:file write;
-
-# Purpose: Allow dumpstate to read /sys/kernel/debug/rcu/rcu_callback_log
-allow dumpstate debugfs_rcu:file r_file_perms;
-
-# Purpose: Allow dumpstate to read /proc/ufs_debug
-allow dumpstate proc_ufs_debug:file rw_file_perms;
-
-# Purpose: Allow dumpstate to read /proc/msdc_debug
-allow dumpstate proc_msdc_debug:file r_file_perms;
-
-# Purpose: Allow dumpstate to r/w /proc/pidmap
-allow dumpstate proc_pidmap:file rw_file_perms;
-
-# Purpose: Allow dumpstate to read /sys/power/vcorefs/vcore_debug
-allow dumpstate sysfs_vcore_debug:file r_file_perms;
-
-# Purpose: Allow dumpstate to read /data/anr/SF_RTT/rtt_dump.txt
-allow dumpstate sf_rtt_file:file r_file_perms;
-
-#Purpose: Allow dumpstate to read/write /sys/mtk_memcfg/slabtrace
-allow dumpstate proc_slabtrace:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/mtk_cmdq_debug/status
-allow dumpstate proc_cmdq_debug:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/cpuhvfs/dbg_repo
-allow dumpstate proc_dbg_repo:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/isp_p2/isp_p2_dump
-allow dumpstate proc_isp_p2_dump:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/isp_p2/isp_p2_kedump
-allow dumpstate proc_isp_p2_kedump:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/mali/memory_usage
-allow dumpstate proc_memory_usage:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /proc/mtk_es_reg_dump
-allow dumpstate proc_mtk_es_reg_dump:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /sys/power/mtkpasr/execstate
-allow dumpstate sysfs_execstate:file r_file_perms;
-
-allow dumpstate proc_isp_p2:dir r_dir_perms;
-allow dumpstate proc_isp_p2:file r_file_perms;
-
-# Date : W19.26
-# Operation : Migration
-# Purpose : fix google dumpstate avc error in xTS
-allow dumpstate debugfs:dir r_dir_perms;
-allow dumpstate debugfs_mmc:dir search;
-allow dumpstate mnt_media_rw_file:dir getattr;
-
-# Date: 19/07/15
-# Purpose: fix google dumpstate avc error in xTs
-allow dumpstate sysfs_devices_block:file r_file_perms;
-allow dumpstate proc_last_kmsg:file r_file_perms;
-
-# Date: 19/07/15
-# Purpose: Allow dumpstate to read /sys/kernel/debug/kmemleak
-allow dumpstate debugfs_kmemleak:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /sys/class/misc/adsp/adsp_last_log
-allow dumpstate sysfs_adsp:file r_file_perms;
-
-#Purpose: Allow dumpstate to read /sys/kernel/debug/smi_mon
-allow dumpstate debugfs_smi_mon:file r_file_perms;
-
-# MTEE Trusty
-allow dumpstate mtee_trusty_file:file rw_file_perms;
-
-# 09-05 15:58:31.552000  9693  9693 W df      : type=1400 audit(0.0:990):
-# avc: denied { search } for name="expand" dev="tmpfs" ino=10779 scontext=u:r:dumpstate:s0
-# tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0
-allow dumpstate mnt_expand_file:dir { search getattr };
-
-#Purpose: Allow dumpstate to read /dev/usb-ffs
-allow dumpstate functionfs:file { getattr };

non_plat/e2fs.te

@@ -1,34 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK17.32
-# Operation : Migration
-# Purpose : create ext4 images for protect1/protect2/persist/nvdata/nvcfg block devices.
-allow e2fs protect1_block_device:blk_file rw_file_perms;
-allow e2fs protect2_block_device:blk_file rw_file_perms;
-allow e2fs persist_block_device:blk_file rw_file_perms;
-allow e2fs nvdata_device:blk_file rw_file_perms;
-allow e2fs nvcfg_block_device:blk_file rw_file_perms;
-
-allow e2fs devpts:chr_file {read write};
-
-# Date : WK18.23
-# Operation: P migration
-# Purpose : Allow mke2fs to format userdata and cache partition
-allow e2fs cache_block_device:blk_file rw_file_perms;
-allow e2fs userdata_block_device:blk_file rw_file_perms;
-
-# Date : WK19.23
-# Operation: Q migration
-# Purpose : Allow format /metadata for UDC
-allow e2fs metadata_block_device:blk_file rw_file_perms;
-
-# Date : WK19.34
-# Operation: Q migration
-# Purpose : Allow mke2fs to use ioctl/ioctlcmd
-allowxperm e2fs protect1_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD };
-allowxperm e2fs protect2_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD };
-allowxperm e2fs nvdata_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD };
-allowxperm e2fs nvcfg_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD };
-allowxperm e2fs persist_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD };

non_plat/em_hidl.te

@@ -1,132 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/em_hidi Executable File
-# ==============================================
-type em_hidl, domain;
-type em_hidl_exec, exec_type, file_type, vendor_file_type;
-
-# Date :  2018/06/28
-init_daemon_domain(em_hidl)
-
-# Date :  2018/06/28
-# Purpose: EM_HILD
-hal_server_domain(em_hidl, mtk_hal_em)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set ims operator
-set_prop(em_hidl, mtk_operator_id_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set mtk_simswitch_emmode_prop
-set_prop(em_hidl, mtk_simswitch_emmode_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set mtk_dsbp_support_prop
-set_prop(em_hidl, mtk_dsbp_support_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set mtk_imstestmode_prop
-set_prop(em_hidl, mtk_imstestmode_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set mtk_smsformat_prop
-set_prop(em_hidl, mtk_smsformat_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set mtk_gprs_prefer_prop
-set_prop(em_hidl, mtk_gprs_prefer_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set mtk_testsim_cardtype_prop
-set_prop(em_hidl, mtk_testsim_cardtype_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should set mtk_ct_ir_engmode_prop
-set_prop(em_hidl, mtk_ct_ir_engmode_prop)
-
-# Date :  2018/06/28
-# Operation : EM DEBUG
-# Purpose: EM should mtk_disable_c2k_cap_prop
-set_prop(em_hidl, mtk_disable_c2k_cap_prop)
-
-# Date :  2018/06/29
-# Operation : EM DEBUG
-# Purpose: EM should mtk_debug_md_reset_prop
-set_prop(em_hidl, mtk_debug_md_reset_prop)
-
-
-# Date :  2018/06/29
-# Operation : EM DEBUG
-# Purpose: EM should video log mtk_omx_log_prop
-set_prop(em_hidl, mtk_omx_log_prop)
-
-# Date :  2018/06/29
-# Operation : EM DEBUG
-# Purpose: EM should video log mtk_vdec_log_prop
-set_prop(em_hidl, mtk_vdec_log_prop)
-
-# Date :  2018/06/29
-# Operation : EM DEBUG
-# Purpose: EM should video log mtk_vdectlc_log_prop
-set_prop(em_hidl, mtk_vdectlc_log_prop)
-
-# Date :  2018/06/29
-# Operation : EM DEBUG
-# Purpose: EM should video log mtk_venc_h264_showlog_prop
-set_prop(em_hidl, mtk_venc_h264_showlog_prop)
-
-# Date :  2018/06/29
-# Operation : EM DEBUG
-# Purpose: EM should video log mtk_modem_warning_prop
-set_prop(em_hidl, mtk_modem_warning_prop)
-
-# Date :  2018/07/06
-# Operation : EM DEBUG
-# Purpose: EM allow usb vendor_em_usb_prop
-set_prop(em_hidl, vendor_em_usb_prop)
-
-# Date :  2018/07/06
-# Operation : EM DEBUG
-# Purpose: for setting usb otg enable property
-set_prop(em_hidl, vendor_usb_otg_switch)
-
-# Data : 2018/07/06
-# Purpose : EM MCF read nvdata dir and file
-allow em_hidl nvcfg_file:dir ra_dir_perms;
-allow em_hidl nvcfg_file:file r_file_perms;
-
-# Data : 2018/07/06
-# Purpose : EM MCF search vendor dir
-allow em_hidl mnt_vendor_file:dir search;
-allow em_hidl vendor_default_prop:file read;
-
-# Data : 2018/08/10
-# Purpose : EM BT usage
-allow em_hidl stpbt_device:chr_file { read write open };
-allow em_hidl sysfs_boot_mode:file { read open };
-allow em_hidl ttyGS_device:chr_file { read write ioctl open };
-allow em_hidl vendor_usb_prop:file { read getattr open };
-set_prop(em_hidl, vendor_usb_prop)
-allow em_hidl nvdata_file:file r_file_perms;
-allow em_hidl nvdata_file:dir search;
-
-# Date :  2018/08/28
-# Operation : EM DEBUG
-# Purpose: for em set hidl configure
-set_prop(em_hidl, mtk_em_hidl_prop)
-
-# Date :  2019/08/22
-# Operation : EM AAL
-# Purpose: for em set aal property
-set_prop(em_hidl, mtk_pq_prop)
-# Date :  2019/09/10
-# Operation : EM wcn coredump
-# Purpose: for em set wcn coredump property
-set_prop(em_hidl, coredump_prop)

non_plat/em_svr.te

@@ -1,77 +0,0 @@
-# Date: WK1812
-# Purpose: add for sensor calibration
-allow em_svr als_ps_device:chr_file { read open ioctl };
-allow em_svr gsensor_device:chr_file { read open ioctl };
-
-# Date: WK1812
-# Purpose: add for MD log filter
-allow em_svr md_block_device:blk_file { read open };
-
-# Date: WK1812
-# Purpose: add for SIB capture
-allow em_svr para_block_device:blk_file { read open write};
-allow em_svr proc_lk_env:file { read write ioctl open };
-
-# Date: WK1812
-# Purpose: add for MSDC get/set
-allow em_svr misc_sd_device:chr_file { read open ioctl };
-
-# Date: WK1812
-# Purpose: add for battery log
-allow em_svr proc_battery_cmd:dir { search };
-allow em_svr proc_battery_cmd:file { create write open };
-
-# Date: WK1812
-# Purpose: add for light/proximity sensor
-allow em_svr nvram_device:blk_file { open read write };
-
-# Date: WK1812
-# Purpose: add for Gyroscope sensor
-allow em_svr gyroscope_device:chr_file { read ioctl open };
-
-# Date : 2018/06/15
-# Purpose : Allow EM access touchscreen settings
-allow em_svr sysfs_tpd_debug:dir { search };
-allow em_svr sysfs_tpd_setting:dir { search };
-allow em_svr sysfs_tpd_debug:file { rw_file_perms };
-allow em_svr sysfs_tpd_setting:file { rw_file_perms };
-
-# Date : 2018/06/15
-# Purpose : EM FreqHopping setting
-allow em_svr proc_freqhop:file { open read write };
-
-# Date : 2018/06/15
-# Purpose : EM flash reading
-allow em_svr proc_flash:file { open read };
-allow em_svr proc_partition:file { open read };
-
-# Date : 2018/06/15
-# Purpose : EM Power PMU reading/setting
-allow em_svr sysfs_pmu:dir { search };
-allow em_svr sysfs_pmu:file { rw_file_perms };
-allow em_svr sysfs_pmu:lnk_file { read };
-
-# Date : 2018/06/15
-# Purpose : EM Power debug_log setting
-allow em_svr sysfs_spm:dir { search };
-allow em_svr sysfs_spm:file { open read write };
-
-# Date: 2019/04/09
-# Purpose: battery temprature setting
-allow em_svr sysfs_battery_temp:file w_file_perms;
-allow em_svr sysfs_battery_consumption:file r_file_perms;
-allow em_svr sysfs_power_on_vol:file r_file_perms;
-allow em_svr sysfs_power_off_vol:file r_file_perms;
-allow em_svr sysfs_fg_disable:file w_file_perms;
-allow em_svr sysfs_dis_nafg:file w_file_perms;
-
-
-
-# Date : 2018/10/12
-# Purpose : EM Power PMU register reading/setting
-allow em_svr debugfs_regmap:dir { search };
-allow em_svr debugfs_regmap:file { rw_file_perms };
-
-# Date:2019/04/15
-# Purpose: EM Power
-allow em_svr toolbox_exec:file { map };

non_plat/emdlogger.te

@@ -1,127 +0,0 @@
-#allow emdlogger to set property
-#allow emdlogger debug_prop:property_service set;
-#allow emdlogger persist_mtklog_prop:property_service set;
-#allow emdlogger system_radio_prop:property_service set;
-
-# ccci device for internal modem
-allow emdlogger ccci_device:chr_file { rw_file_perms };
-
-# eemcs device for external modem
-allow emdlogger eemcs_device:chr_file { rw_file_perms };
-
-# C2K project SDIO device for external modem ttySDIO2 control port, ttySDIO8 log port
-allow emdlogger ttySDIO_device:chr_file { rw_file_perms };
-
-# C2K project modem device for external modem vmodem start/stop/ioctl modem
-allow emdlogger vmodem_device:chr_file { rw_file_perms };
-
-# usb device ttyGSx for modem logger usb logging
-allow emdlogger ttyGS_device:chr_file { rw_file_perms};
-
-# for modem logging sdcard access
-allow emdlogger sdcard_type:dir { create_dir_perms };
-allow emdlogger sdcard_type:file { create_file_perms };
-
-# modem logger access on /data/mdlog
-allow emdlogger mdlog_data_file:dir { create_dir_perms relabelto };
-allow emdlogger mdlog_data_file:fifo_file { create_file_perms };
-allow emdlogger mdlog_data_file:file { create_file_perms };
-#allow emdlogger system_data_file:dir { create_dir_perms relabelfrom};
-
-# modem logger control port access /dev/ttyC1
-allow emdlogger mdlog_device:chr_file { rw_file_perms};
-
-#modem logger SD logging in factory mode
-allow emdlogger vfat:dir create_dir_perms;
-allow emdlogger vfat:file create_file_perms;
-
-#modem logger permission in storage in android M version
-allow emdlogger mnt_user_file:dir search;
-allow emdlogger mnt_user_file:lnk_file read;
-allow emdlogger storage_file:lnk_file read;
-
-#permission for storage link access in vzw Project
-allow emdlogger mnt_media_rw_file:dir search;
-
-
-#permission for use SELinux API
-#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs"
-allow emdlogger rootfs:file r_file_perms;
-
-#permission for storage access storage
-allow emdlogger storage_file:dir { create_dir_perms };
-allow emdlogger tmpfs:lnk_file read;
-allow emdlogger storage_file:file { create_file_perms };
-
-#permission for read boot mode
-#avc: denied { open }  path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs"
-allow emdlogger sysfs_boot_mode:file { read open };
-
-# Allow read to sys/kernel/ccci/* files
-allow emdlogger sysfs_ccci:dir search;
-allow emdlogger sysfs_ccci:file r_file_perms;
-
-allow emdlogger sysfs_mdinfo:file r_file_perms;
-allow emdlogger sysfs_mdinfo:dir search;
-
-# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
-# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
-allow emdlogger system_file:dir read;
-
-
-# purpose: allow emdlogger to access storage in N version
-allow emdlogger media_rw_data_file:file  { create_file_perms };
-allow emdlogger media_rw_data_file:dir { create_dir_perms };
-
-#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:emdlogger:s0
-#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0
-#security issue control
-allow emdlogger aee_aed:unix_stream_socket connectto;
-
-# For dynamic CCB buffer feature
-#avc: denied { read write } for name="lk_env" dev="proc" ino=4026532192
-#scontext=u:r:emdlogger:s0 tcontext=u:object_r:proc_lk_env:s0 tclass=file permissive=0
-#avc: denied { read } for name="mmcblk0p3" dev="tmpfs" ino=8493 scontext=u:r:emdlogger:s0
-# tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0
-allow emdlogger para_block_device:blk_file { read open write };
-allow emdlogger proc_lk_env:file { read write ioctl open };
-
-## purpose: avc: denied { read } for name="plat_file_contexts"
-#allow emdlogger file_contexts_file:file { read getattr open map};
-
-allow emdlogger block_device:dir search;
-allow emdlogger md_block_device:blk_file { read open };
-allow emdlogger self:capability { chown };
-
-
-# purpose: allow emdlogger to access persist.meta.connecttype
-get_prop(emdlogger, meta_connecttype_prop);
-
-# purpose: allow emdlogger to create socket
-allow emdlogger port:tcp_socket { name_connect name_bind };
-allow emdlogger emdlogger:tcp_socket { create connect setopt bind };
-allow emdlogger emdlogger:tcp_socket { bind setopt listen accept read write };
-allow emdlogger node:tcp_socket node_bind;
-
-# Android P migration
-set_prop(emdlogger, persist_mtklog_prop)
-set_prop(emdlogger, vendor_mdl_prop)
-set_prop(emdlogger, vendor_mdl_start_prop)
-set_prop(emdlogger, debug_mdlogger_prop)
-get_prop(emdlogger, vendor_usb_prop)
-set_prop(emdlogger, persist_mdlog_prop)
-set_prop(emdlogger, vendor_mdl_pulllog_prop)
-set_prop(emdlogger, exported_system_radio_prop)
-set_prop(emdlogger, debug_prop)
-set_prop(emdlogger, system_radio_prop)
-
-allow emdlogger vendor_configs_file:file map;
-allow emdlogger vendor_default_prop:file map;
-
-# Date : WK19.12
-# Operation: add permission to catch logs
-# Purpose : get kernel and radio logs when modem exception
-allow emdlogger kernel:system syslog_read;
-allow emdlogger logcat_exec:file {rx_file_perms};
-allow emdlogger logdr_socket:sock_file write;
-

non_plat/epdg_wod.te

@@ -1,26 +0,0 @@
-type epdg_wod, domain, netdomain, mtkimsmddomain;
-type epdg_wod_exec, exec_type, file_type, vendor_file_type;
-
-init_daemon_domain(epdg_wod)
-
-domain_auto_trans(epdg_wod, stroke_exec, ipsec)
-
-allow epdg_wod self:tun_socket { create relabelfrom relabelto };
-allow epdg_wod self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
-allow epdg_wod self:netlink_xfrm_socket { read write create getattr bind setopt nlmsg_write };
-allow epdg_wod self:udp_socket { ioctl create };
-allow epdg_wod self:rawip_socket { create getopt setopt };
-allow epdg_wod self:capability { kill net_admin net_raw };
-
-allow epdg_wod { tun_device ccci_device }:chr_file rw_file_perms;
-allow epdg_wod { property_socket netd_socket }:sock_file write;
-allow epdg_wod init:unix_stream_socket connectto;
-
-allow epdg_wod kernel:process signal;
-allow epdg_wod system_server:process { signull signal };
-
-allow epdg_wod device:dir { write add_name };
-allow epdg_wod device:lnk_file create;
-
-set_prop(epdg_wod, mtk_wod_prop)
-set_prop(epdg_wod, persist_wod_prop)

non_plat/factory.te

@@ -1,410 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-#file_type_auto_trans(factory, system_data_file, factory_data_file)
-type factory, domain;
-type factory_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(factory)
-
-#============= factory ==============
-allow factory MTK_SMI_device:chr_file r_file_perms;
-allow factory ashmem_device:chr_file execute;
-allow factory ebc_device:chr_file rw_file_perms;
-allow factory stpbt_device:chr_file rw_file_perms;
-
-# Date: WK14.47
-# Operation : Migration
-# Purpose : CCCI
-allow factory eemcs_device:chr_file rw_file_perms;
-allow factory ccci_device:chr_file rw_file_perms;
-allow factory gsm0710muxd_device:chr_file rw_file_perms;
-
-#Purpose: file system requirement
-allow factory debugfs_usb:file rw_file_perms;
-allow factory debugfs_usb:dir search;
-allow factory devpts:chr_file rw_file_perms;
-allow factory vfat:dir w_dir_perms;
-allow factory labeledfs:filesystem unmount;
-allow factory rootfs:dir mounton;
-allow factory vfat:dir { read open search mounton };
-allow factory vfat:filesystem { mount unmount };
-
-# Purpose : SDIO
-allow factory ttySDIO_device:chr_file rw_file_perms;
-
-#Purpose: USB
-allow factory ttyMT_device:chr_file rw_file_perms;
-allow factory ttyS_device:chr_file rw_file_perms;
-allow factory ttyGS_device:chr_file rw_file_perms;
-
-# Purpose: OTG
-allow factory usb_device:chr_file rw_file_perms;
-allow factory usb_device:dir r_dir_perms;
-
-# Date: WK15.01
-# Purpose : OTG Mount
-allow factory sdcard_type:dir mounton;
-# Date: WK15.07
-# Purpose : use c2k flight mode;
-allow factory vmodem_device:chr_file rw_file_perms;
-
-# Date: WK15.13
-# Purpose: for nand project
-allow factory mtd_device:dir search;
-allow factory mtd_device:chr_file rw_file_perms;
-allow factory self:capability sys_resource;
-allow factory pro_info_device:chr_file rw_file_perms;
-
-# Data: WK15.28
-# Purpose: for mt-ramdump reset
-allow factory proc_mrdump_rst:file w_file_perms;
-
-#Date: WK15.31
-#Purpose: define factory_data_file instead of system_data_file
-# because system_data_file is sensitive partition from M
-wakelock_use(factory);
-allow factory storage_file:dir { write create add_name search mounton };
-
-# Date: WK15.44
-# Purpose: factory idle current status
-allow factory vendor_factory_idle_state_prop:property_service set;
-
-# Date: WK15.46
-# Purpose: gps factory mode
-allow factory agpsd_data_file:dir search;
-allow factory gps_data_file:dir { write add_name search remove_name unlink};
-allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
-allow factory gps_data_file:lnk_file read;
-allow factory storage_file:lnk_file r_file_perms;
-
-#Date: WK15.48
-#Purpose: capture for factory mode
-allow factory devmap_device:chr_file r_file_perms;
-allow factory sdcard_type:dir create_dir_perms;
-allow factory sdcard_type:file create_file_perms;
-allow factory mnt_user_file:dir search;
-allow factory mnt_user_file:lnk_file read;
-allow factory storage_file:lnk_file read;
-
-#Date: WK16.05
-#Purpose: For access NVRAM
-allow factory factory:capability chown;
-allow factory nvram_data_file:dir create_dir_perms;
-allow factory nvram_data_file:file create_file_perms;
-allow factory nvram_data_file:lnk_file r_file_perms;
-allow factory nvdata_file:lnk_file r_file_perms;
-allow factory nvram_device:chr_file rw_file_perms;
-allow factory nvram_device:blk_file rw_file_perms;
-allow factory nvdata_device:blk_file rw_file_perms;
-
-#Date: WK16.12
-#Purpose: For sensor test
-allow factory als_ps_device:chr_file r_file_perms;
-allow factory barometer_device:chr_file r_file_perms;
-allow factory gsensor_device:chr_file r_file_perms;
-allow factory gyroscope_device:chr_file r_file_perms;
-allow factory msensor_device:chr_file r_file_perms;
-allow factory biometric_device:chr_file r_file_perms;
-
-#Purpose: For camera Test
-allow factory kd_camera_flashlight_device:chr_file rw_file_perms;
-allow factory kd_camera_hw_device:chr_file rw_file_perms;
-allow factory seninf_device:chr_file rw_file_perms;
-allow factory CAM_CAL_DRV_device:chr_file rw_file_perms;
-
-#Purpose: For reboot the target
-allow factory powerctl_prop:property_service set;
-
-#Purpose: For memory card test
-allow factory misc_sd_device:chr_file r_file_perms;
-allow factory mmcblk1_block_device:blk_file rw_file_perms;
-allow factory bootdevice_block_device:blk_file rw_file_perms;
-allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
-allow factory block_device:dir w_dir_perms;
-allowxperm factory mmcblk1_block_device:blk_file ioctl BLKGETSIZE;
-allowxperm factory bootdevice_block_device:blk_file ioctl BLKGETSIZE;
-
-#Purpose: For EMMC test
-allow factory nvdata_file:dir create_dir_perms;
-allow factory nvdata_file:file create_file_perms;
-
-#Purpose: For HRM test
-allow factory hrm_device:chr_file r_file_perms;
-
-#Purpose: For IrTx LED test
-allow factory irtx_device:chr_file rw_file_perms;
-
-#Purpose: For battery test, ext_buck test and ext_vbat_boost test
-allow factory pmic_ftm_device:chr_file rw_file_perms;
-allow factory MT_pmic_adc_cali_device:chr_file rw_file_perms;
-allow factory MT_pmic_cali_device:chr_file r_file_perms;
-allow factory charger_ftm_device:chr_file r_file_perms;
-
-#Purpose: For HDMI test
-allow factory graphics_device:dir w_dir_perms;
-allow factory graphics_device:chr_file rw_file_perms;
-
-#Purpose: For WIFI test
-allow factory wmtWifi_device:chr_file rw_file_perms;
-
-#Purpose: For rtc test
-allow factory rtc_device:chr_file rw_file_perms;
-
-#Purpose: For nfc test
-allow factory mt6605_device:chr_file rwx_file_perms;
-
-#Purpose: For gps test
-allow factory mnld_device:chr_file rw_file_perms;
-allow factory mnld_exec:file rx_file_perms;
-
-#Purpose: For keypad test
-allow factory mtk_kpd_device:chr_file r_file_perms;
-
-#Purpose: For Humidity test
-allow factory humidity_device:chr_file r_file_perms;
-
-#Purpose: For camera test
-allow factory camera_isp_device:chr_file rw_file_perms;
-allow factory camera_dip_device:chr_file rw_file_perms;
-allow factory camera_pipemgr_device:chr_file r_file_perms;
-allow factory camera_sysram_device:chr_file r_file_perms;
-allow factory ccu_device:chr_file rw_file_perms;
-allow factory vpu_device:chr_file rw_file_perms;
-allow factory MAINAF_device:chr_file rw_file_perms;
-allow factory MAIN2AF_device:chr_file rw_file_perms;
-allow factory SUBAF_device:chr_file rw_file_perms;
-allow factory FM50AF_device:chr_file rw_file_perms;
-allow factory AD5820AF_device:chr_file rw_file_perms;
-allow factory DW9714AF_device:chr_file rw_file_perms;
-allow factory DW9714A_device:chr_file rw_file_perms;
-allow factory LC898122AF_device:chr_file rw_file_perms;
-allow factory LC898212AF_device:chr_file rw_file_perms;
-allow factory BU6429AF_device:chr_file rw_file_perms;
-allow factory DW9718AF_device:chr_file rw_file_perms;
-allow factory BU64745GWZAF_device:chr_file rw_file_perms;
-allow factory cct_data_file:dir create_dir_perms;
-allow factory cct_data_file:file create_file_perms;
-allow factory camera_tsf_device:chr_file rw_file_perms;
-allow factory camera_rsc_device:chr_file rw_file_perms;
-allow factory camera_gepf_device:chr_file rw_file_perms;
-allow factory camera_fdvt_device:chr_file rw_file_perms;
-allow factory camera_wpe_device:chr_file rw_file_perms;
-allow factory camera_owe_device:chr_file rw_file_perms;
-allow factory camera_mfb_device:chr_file rw_file_perms;
-allow factory mtk_hal_power_hwservice:hwservice_manager find;
-allow factory vendor_data_file:file getattr;
-allow factory mtk_hal_power:binder call;
-get_prop(factory,mediatek_prop);
-#Purpose: For FM test and headset test
-allow factory accdet_device:chr_file r_file_perms;
-allow factory fm_device:chr_file rw_file_perms;
-
-#Purpose: For audio test
-allow factory audio_device:chr_file rw_file_perms;
-allow factory audio_device:dir w_dir_perms;
-allow factory audiohal_prop:property_service set;
-allow factory audio_ipi_device:chr_file { read write ioctl open };
-allow factory audio_scp_device:chr_file r_file_perms;
-
-#Purpose: For key and touch event
-allow factory input_device:chr_file r_file_perms;
-allow factory input_device:dir rw_dir_perms;
-
-# Date: WK16.17
-# Purpose:  N Migration For ccci sysfs node
-# Allow read to sys/kernel/ccci/* files
-allow factory sysfs_ccci:dir search;
-allow factory sysfs_ccci:file r_file_perms;
-
-# Date: WK16.18
-# Purpose: N Migration For boot_mode
-# Allow to read boot mode
-# avc: denied { read } for name="boot_mode" dev="sysfs" ino=117
-# scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0
-# tclass=file permissive=0
-allow factory sysfs_boot_mode:file { read open };
-allow factory sysfs_boot_type:file { read open };
-
-#TODO:: MTK need to remove later
-not_full_treble(`
-	allow factory mnld:unix_dgram_socket sendto;
-')
-
-# Date: WK16.31
-#Purpose: For gps test
-allow factory mnld_prop:property_service set;
-
-# Date: WK16.33
-#Purpose: for unmount sdcardfs and stop services which are using data partition
-allow factory sdcard_type:filesystem unmount;
-allow factory ctl_default_prop:property_service set;
-
-# Date : WK16.35
-# Operation : Migration
-# Purpose : Update camera flashlight driver device file
-allow factory flashlight_device:chr_file rw_file_perms;
-
-
-# Date: WK15.25
-#Purpose: for unmount sdcardfs and stop services which are using data partition
-allow factory ctl_emdlogger1_prop:property_service set;
-# Date: WK17.07
-# Purpose: Clear bootdevice (eMMC/UFS) may need to unmount tmpfs
-allow factory tmpfs:filesystem unmount;
-allow factory sysfs:dir { read open };
-allow factory sysfs_leds:dir search;
-allow factory sysfs_leds:lnk_file read;
-allow factory sysfs_leds:file rw_file_perms;
-allow factory sysfs_leds:dir r_dir_perms;
-allow factory sysfs_power:file rw_file_perms;
-allow factory sysfs_power:dir r_dir_perms;
-allow factory self:capability2 {block_suspend};
-allow factory sysfs_vibrator:file {open read write};
-allow factory ion_device:chr_file { read open ioctl };
-allow factory debugfs_ion:dir search;
-# Date: WK17.27
-# Purpose: STMicro NFC solution integration
-allow factory st21nfc_device:chr_file { open read getattr write ioctl };
-set_prop(factory,hwservicemanager_prop);
-hwbinder_use(factory);
-hal_client_domain(factory, hal_nfc);
-
-# Date : WK17.32
-# Operation : O Migration
-# Purpose: Allow to access cmdq driver
-allow factory mtk_cmdq_device:chr_file { read ioctl open };
-allow factory mtk_mdp_device:chr_file rw_file_perms;
-allow factory sw_sync_device:chr_file rw_file_perms;
-
-# Date: WK1733
-# Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode
-set_prop(factory,ctl_ccci_fsd_prop);
-
-# Date : WK17.38
-# Operation : O Migration
-# Purpose: Allow to access sysfs
-allow factory sysfs_therm:dir search;
-allow factory sysfs_therm:file {open read write};
-
-#Date: W18.22
-# Purpose:  P Migration for factory get com port type and uart port info
-# detail avc log: [   11.751803] <1>.(1)[227:logd.auditd]type=1400 audit(1262304016.560:10):
-#avc: denied { read } for pid=203 comm="factory" name="meta_com_type_info" dev=
-#"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
-allow factory sysfs_comport_type:file rw_file_perms;
-allow factory sysfs_uart_info:file rw_file_perms;
-
-
-# from private
-allow factory property_socket:sock_file write;
-allow factory init:unix_stream_socket connectto;
-allow factory kernel:system module_request;
-allow factory node:tcp_socket node_bind;
-allow factory userdata_block_device:blk_file rw_file_perms;
-allow factory port:tcp_socket { name_bind name_connect };
-allow factory self:capability { sys_module ipc_lock sys_nice net_raw fsetid net_admin sys_time sys_boot sys_admin };
-allow factory sdcard_type:dir r_dir_perms;
-allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
-allow factory proc_net:file { read getattr open };
-allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
-allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
-
-allow factory self:process execmem;
-allow factory self:tcp_socket create_stream_socket_perms;
-allow factory self:udp_socket create_socket_perms;
-
-allow factory sysfs_wake_lock:file rw_file_perms;
-#allow factory system_file:file x_file_perms;
-
-# For Light HIDL permission
-hal_client_domain(factory, hal_light);
-allow factory hal_light_hwservice:hwservice_manager find;
-allow factory mtk_hal_light:binder call;
-allow factory merged_hal_service:binder call;
-# For vibrator test permission
-allow factory sysfs_vibrator:file rw_file_perms;
-allow factory sysfs_vibrator:dir search;
-
-# For Audio device permission
-allow factory proc_asound:dir { read search open };
-allow factory proc_asound:file { read open getattr write };
-allow factory audiohal_prop:property_service set;
-
-# For Accdet data permission
-allow factory sysfs:file { read open };
-allow factory sysfs_headset:file { read open };
-
-# For touch auto test
-allow factory sysfs_tpd_setting:dir search;
-allow factory sysfs_tpd_setting:file { read getattr open };
-
-# Date : WK18.23
-# Operation: P migration
-# Purpose : Allow factory to unmount partition, stop service, and then erase partition
-allow factory vendor_shell_exec:file { read execute open execute_no_trans };
-allow factory vendor_toolbox_exec:file { execute_no_trans };
-allow factory labeledfs:filesystem { unmount };
-allow factory proc_cmdline:file { read open getattr };
-allow factory factory:capability { sys_boot sys_admin};
-allow factory sysfs_dt_firmware_android:file { read open getattr };
-allow factory sysfs_dt_firmware_android:dir { read open search };
-# Purpose : Allow factory to communicate with driver thru socket
-allow factory factory:capability { sys_module net_admin net_raw };
-
-# For power_supply and switch permission
-r_dir_file(factory, sysfs_batteryinfo)
-r_dir_file(factory, sysfs_switch)
-
-# Date : WK18.27
-# Operation: P migration
-# Purpose : Allow factory to save test report to /data/vendor
-allow factory vendor_data_file:dir { add_name read write};
-allow factory vendor_data_file:file { create read write open };
-
-# Date : WK18.31
-# Operation: P migration
-# Purpose : Refine policy
-allow factory sysfs_mmcblk:dir { search };
-allow factory sysfs_mmcblk:file { read getattr open };
-
-# Date : WK18.37
-# Operation: P migration
-# Purpose : ADSP SmartPA calibration
-allow factory vendor_file:file execute_no_trans;
-allow factory mtk_audiohal_data_file:dir create_dir_perms;
-allow factory mtk_audiohal_data_file:file { write create unlink r_file_perms };
-
-#Date : WK18.37
-# Operation: P migration
-# Purpose : Allow factory to open /proc/version
-allow factory proc_version:file {read open getattr};
-
-# Purpose : adsp
-allow factory adsp_device:chr_file rw_file_perms;
-
-# Purpose : NFC
-allow factory vendor_nfc_socket:dir { write add_name remove_name search };
-allow factory vendor_nfc_socket:sock_file { create write unlink setattr };
-
-# Allow to get AOSP property persist.radio.multisim.config
-get_prop(factory, exported3_radio_prop)
-
-# Date : WK19.38
-# Operation : Q Migration
-# Purpose: Allow clear eMMC
-set_prop(factory, ctl_mdlogger_prop);
-
-# Date : WK19.41
-# Operation : Q Migration
-# Purpose: allow system_server to access rt5509 param and calib node
-allow factory sysfs_rt_param:file rw_file_perms;
-allow factory sysfs_rt_calib:file rw_file_perms;
-allow factory sysfs_rt_param:dir r_dir_perms;
-allow factory sysfs_rt_calib:dir r_dir_perms;

non_plat/fastbootd.te

@@ -1,28 +0,0 @@
-# fastbootd (used in recovery init.rc for /sbin/fastbootd)
-
-
-allow fastbootd {
-    bootdevice_block_device
-#    cache_block_device
-#    logo_block_device
-    para_block_device
-  }:blk_file { rw_file_perms };
-
-allow fastbootd {
-    sysfs_boot_type
-}:file { rw_file_perms };
-
-allow fastbootd self:process setfscreate;
-allow fastbootd self:capability sys_rawio;
-
-allowxperm fastbootd {
-    bootdevice_block_device
-#    cache_block_device
-#    logo_block_device
-#    para_block_device
-  }:blk_file ioctl {
-      BLKSECDISCARD
-      BLKDISCARD
-      MMC_IOCTLCMD
-  };
-

non_plat/file.te

@@ -1,454 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-type custom_file, file_type, data_file_type;
-type lost_found_data_file, file_type, data_file_type;
-type dontpanic_data_file, file_type, data_file_type;
-type resource_cache_data_file, file_type, data_file_type;
-type http_proxy_cfg_data_file, file_type, data_file_type;
-type acdapi_data_file, file_type, data_file_type;
-type ppp_data_file, file_type, data_file_type;
-type wpa_supplicant_data_file, file_type, data_file_type;
-type radvd_data_file, file_type, data_file_type;
-type volte_vt_socket, file_type;
-type dfo_socket, file_type;
-type gsmrild_socket, file_type;
-type rild2_socket, file_type;
-type rild3_socket, file_type;
-type rild4_socket, file_type;
-type rild_mal_socket, file_type;
-type rild_mal_at_socket, file_type;
-type rild_mal_md2_socket, file_type;
-type rild_mal_at_md2_socket, file_type;
-type rild_ims_socket, file_type;
-type rild_imsm_socket, file_type;
-type rild_oem_socket, file_type;
-type rild_mtk_ut_socket, file_type;
-type rild_mtk_ut_2_socket, file_type;
-type rild_mtk_modem_socket, file_type;
-type rild_md2_socket, file_type;
-type rild2_md2_socket, file_type;
-type rild_debug_md2_socket, file_type;
-type rild_oem_md2_socket, file_type;
-type rild_mtk_ut_md2_socket, file_type;
-type rild_mtk_ut_2_md2_socket, file_type;
-type rild_mtk_modem_md2_socket, file_type;
-type rild_vsim_socket, file_type;
-type rild_vsim_md2_socket, file_type;
-type mal_mfi_socket, file_type;
-type mal_data_file, file_type, data_file_type;
-type netdiag_socket, file_type;
-type wpa_wlan0_socket, file_type;
-type soc_vt_imcb_socket, file_type;
-type soc_vt_tcv_socket, file_type;
-type soc_vt_stk_socket, file_type;
-type soc_vt_svc_socket, file_type;
-type dbus_bluetooth_socket, file_type;
-type bt_int_adp_socket, file_type;
-type bt_a2dp_stream_socket, file_type;
-type bt_data_file, file_type, data_file_type;
-type proc_thermal, fs_type, proc_type;
-type proc_mtkcooler, fs_type, proc_type;
-type proc_mtktz, fs_type, proc_type;
-type proc_mtd, fs_type, proc_type;
-type proc_slogger, fs_type, proc_type;
-type proc_lk_env, fs_type, proc_type;
-type proc_ged, fs_type, proc_type;
-type proc_mtk_jpeg, fs_type, proc_type;
-type proc_perfmgr, fs_type, proc_type;
-type proc_wmtdbg, fs_type, proc_type;
-type proc_zraminfo, fs_type, proc_type;
-type proc_gpulog, fs_type, proc_type;
-type proc_sched_debug, fs_type, proc_type;
-type proc_chip, fs_type, proc_type;
-type proc_atf_log, fs_type, proc_type;
-type proc_gz_log, fs_type, proc_type;
-type proc_bootprof, fs_type, proc_type;
-type proc_pl_lk, fs_type, proc_type;
-type proc_msdc_debug, fs_type, proc_type;
-type proc_ufs_debug, fs_type, proc_type;
-type proc_pidmap, fs_type, proc_type;
-type proc_kpageflags, fs_type, proc_type;
-type proc_slabtrace, fs_type, proc_type;
-type proc_cmdq_debug, fs_type, proc_type;
-type proc_isp_p2, fs_type, proc_type;
-type proc_dbg_repo, fs_type, proc_type;
-type proc_isp_p2_dump, fs_type, proc_type;
-type proc_isp_p2_kedump, fs_type, proc_type;
-type proc_memory_usage, fs_type, proc_type;
-type proc_mtk_es_reg_dump, fs_type, proc_type;
-type sysfs_execstate, fs_type, sysfs_type;
-type sysfs_therm, fs_type, sysfs_type;
-type sysfs_fps, fs_type, sysfs_type;
-type sysfs_ccci, fs_type, sysfs_type;
-type sysfs_mdinfo, fs_type,sysfs_type;
-type sysfs_ssw, fs_type,sysfs_type;
-type sysfs_vcorefs_pwrctrl, fs_type, sysfs_type;
-type sysfs_md32, fs_type, sysfs_type;
-type sysfs_scp, fs_type, sysfs_type;
-type sysfs_adsp, fs_type, sysfs_type;
-type sysfs_rt_param, fs_type, sysfs_type;
-type sysfs_rt_calib, fs_type, sysfs_type;
-type sysfs_sspm, fs_type, sysfs_type;
-type sysfs_devinfo, fs_type, sysfs_type, mlstrustedobject;
-type sysfs_dcm, fs_type, sysfs_type;
-type sysfs_dcs, fs_type, sysfs_type;
-type sysfs_vcore_debug, fs_type, sysfs_type;
-type agpsd_socket, file_type;
-type agpsd_data_file, file_type, data_file_type;
-type mnld_socket, file_type;
-type mnld_data_file, file_type, data_file_type;
-type gps_data_file, file_type, data_file_type;
-type MPED_socket, file_type;
-type MPED_data_file, file_type, data_file_type;
-type sysctl_socket, file_type;
-type backuprestore_socket, file_type;
-type protect_f_data_file, file_type, data_file_type;
-type protect_s_data_file, file_type, data_file_type;
-type persist_data_file, file_type, data_file_type;
-type nvram_data_file, file_type, data_file_type;
-type nvdata_file, file_type, data_file_type;
-type nvcfg_file, file_type, data_file_type;
-type cct_data_file, file_type, data_file_type;
-type mediaserver_data_file, file_type, data_file_type;
-type mediacodec_data_file, file_type, data_file_type;
-type connsyslog_data_vendor_file, file_type, data_file_type;
-
-#mobilelog data/misc/mblog
-type logmisc_data_file, file_type, data_file_type, core_data_file_type;
-
-#mobilelog data/log_temp
-type logtemp_data_file, file_type, data_file_type, core_data_file_type;
-
-# NE core_forwarder
-type aee_core_data_file, file_type, data_file_type, core_data_file_type;
-type aee_core_vendor_file, file_type, data_file_type;
-
-# AEE exp
-type aee_exp_data_file, file_type, data_file_type, core_data_file_type;
-type aee_exp_vendor_file, file_type, data_file_type;
-type aee_dumpsys_data_file, file_type, data_file_type, core_data_file_type;
-type aee_dumpsys_vendor_file, file_type, data_file_type;
-
-# SF rtt dump
-type sf_rtt_file, file_type, data_file_type, core_data_file_type;
-
-#for 3Gdongle
-type rild-dongle_socket, file_type;
-
-type ccci_cfg_file, file_type, data_file_type;
-type ccci_data_md1_file, file_type, data_file_type;
-type c2k_file, file_type, data_file_type;
-#For sensor
-type sensor_data_file, file_type, data_file_type;
-type stp_dump_data_file, file_type, data_file_type;
-type sysfs_keypad_file, fs_type, sysfs_type;
-type rild_via_socket, file_type;
-type rpc_socket, file_type;
-type rild_ctclient_socket, file_type;
-#For icusb
-type proc_icusb, fs_type, proc_type;
-
-# for labeling /mnt/cd-rom as iso9660
-type iso9660, fs_type;
-
-# data_tmpfs_log
-type data_tmpfs_log_file, file_type, data_file_type, core_data_file_type;
-type vendor_tmpfs_log_file, file_type, data_file_type;
-
-# rawfs for /protect_f on NAND projects
-type rawfs, fs_type, mlstrustedobject;
-
-# fat on nand fat.img
-type fon_image_data_file, file_type, data_file_type;
-
-# ims ipsec config file
-type ims_ipsec_data_file, file_type, data_file_type;
-
-# thermal manager config file
-type thermal_manager_data_file, file_type, data_file_type;
-
-# adbd config file
-type adbd_data_file, file_type, data_file_type, core_data_file_type;
-
-#autokd data file
-type autokd_data_file, file_type, data_file_type;
-
-#fuse
-type fuseblk,sdcard_type,fs_type,mlstrustedobject;
-
-# for mt-ramdump reset
-type proc_mrdump_rst, fs_type, proc_type;
-
-# battery_cmd file
-type proc_battery_cmd, fs_type, proc_type;
-
-# binder debugfs file
-type debugfs_binder, fs_type, debugfs_type;
-
-# blockio debugfs file
-type debugfs_blockio, fs_type, debugfs_type;
-
-# fuseio debugfs file
-type debugfs_fuseio, fs_type, debugfs_type;
-
-# usb debugfs file
-type debugfs_usb, fs_type, debugfs_type;
-
-# display debugfs file
-type debugfs_fb, fs_type, debugfs_type;
-
-# cpuhvfs debugfs file
-type debugfs_cpuhvfs, fs_type, debugfs_type;
-
-#for engineermode Usb PHY Tuning
-type debugfs_usb20_phy, fs_type, debugfs_type;
-
-# dynamic_debug debugfs file
-type debugfs_dynamic_debug, fs_type, debugfs_type;
-
-# shrinker debugfs file
-type debugfs_shrinker_debug, fs_type, debugfs_type;
-
-# dmlog debugfs file
-type debugfs_dmlog_debug, fs_type, debugfs_type;
-
-# page_owner_slim debugfs file
-type debugfs_page_owner_slim_debug, fs_type, debugfs_type;
-
-# rcu debugfs file
-type debugfs_rcu, fs_type, debugfs_type;
-
-# gpu debugfs file
-type debugfs_ged, fs_type, debugfs_type;
-
-# fpsgo debugfs file
-type debugfs_fpsgo, fs_type, debugfs_type;
-
-# eara_thermal debugfs file
-type debugfs_eara_thermal, fs_type, debugfs_type;
-
-# vpu debugfs file
-type debugfs_vpu_power, fs_type, debugfs_type;
-type debugfs_vpu_memory, fs_type, debugfs_type;
-
-# mdla debugfs file
-type debugfs_mdla_power, fs_type, debugfs_type;
-
-# memtrack debugfs file
-type debugfs_gpu_mali_midgard, fs_type, debugfs_type;
-type debugfs_gpu_mali_utgard, fs_type, debugfs_type;
-type debugfs_gpu_img, fs_type, debugfs_type;
-type debugfs_ion, fs_type, debugfs_type;
-
-# /sys/kernel/debug/ion/ion_mm_heap
-type debugfs_ion_mm_heap, fs_type, debugfs_type;
-
-# /sys/kernel/debug/emi_mbw/dump_buf
-type debugfs_emi_mbw_buf, fs_type, debugfs_type;
-
-# /sys/kernel/debug/vpu/device_dbg
-type debugfs_vpu_device_dbg, fs_type, debugfs_type;
-
-# /sys/kernel/debug/kmemleak
-type debugfs_kmemleak, fs_type, debugfs_type;
-
-######################################
-# core domain file data
-
-# SF bqdump
-type sf_bqdump_data_file, file_type, data_file_type, core_data_file_type;
-type nfc_socket, file_type, data_file_type, core_data_file_type;
-type vendor_nfc_socket, file_type, data_file_type;
-# factory data file
-type factory_data_file, file_type, data_file_type, core_data_file_type;
-# Modem Log folder
-type mdlog_data_file, file_type, data_file_type, core_data_file_type;
-
-# MTK audio HAL folder
-type mtk_audiohal_data_file, file_type, data_file_type;
-
-# MTK Power HAL folder
-type mtk_powerhal_data_file, file_type, data_file_type;
-
-# Date : WK1743
-# Purpose : for meta_tst copy MD DB from MD image
-type mddb_data_file, file_type, data_file_type;
-
-# Date : WK1814
-# Purpose : for factory to get boot mode and type
-type sysfs_boot_mode, fs_type, sysfs_type;
-type sysfs_boot_type, fs_type, sysfs_type;
-
-# consys Log folder
-type consyslog_data_file, file_type, data_file_type, core_data_file_type;
-
-# Date : WK1817
-# Purpose : for meta to get com port type and uart port info
-type sysfs_comport_type, fs_type, sysfs_type;
-type sysfs_uart_info, fs_type, sysfs_type;
-type sysfs_usb_cmode, fs_type, sysfs_type;
-
-# Date : WK1820
-# Purpose : for charger to access vbus info and pump_express
-type sysfs_vbus, fs_type, sysfs_type;
-type sysfs_pump_express, fs_type, sysfs_type;
-
-# Widevine move data/mediadrm folder from system to vendor
-type mediadrm_vendor_data_file, file_type, data_file_type;
-
-# mtk usb hal
-type sysfs_dual_role_usb20, fs_type, sysfs_type;
-
-# lbs debug file
-#type lbs_dbg_data_file, file_type, data_file_type, core_data_file_type;
-
-# Touch parameters file
-type sysfs_tpd_setting, fs_type, sysfs_type;
-type sysfs_tpd_debug, fs_type, sysfs_type;
-
-# Date : 2018/06/11
-# Purpose : mtk EM FreqHopping setting
-type proc_freqhop, fs_type, proc_type;
-
-# Date : 2018/06/11
-# Purpose : mtk EM flash reading
-type proc_flash, fs_type, proc_type;
-type proc_partition, fs_type, proc_type;
-
-# Date : 2018/06/11
-# Purpose : mtk EM PMU reading/setting
-type sysfs_pmu, fs_type, sysfs_type;
-
-# Date : 2018/06/11
-# Purpose : mtk EM Power debug_log setting
-type sysfs_spm, fs_type, sysfs_type;
-
-# Date : 2018/06/11
-# Purpose : mtk EM Audio headset detect
-type sysfs_headset, fs_type, sysfs_type;
-
-# socket between atci_service and audio-daemon
-type atci-audio_socket, file_type;
-
-# socket between atcid and meta_tst
-type meta_atci_socket, file_type;
-
-# ATCI socket types
-type rild_atci_socket, file_type;
-type rilproxy_atci_socket, file_type;
-type atci_service_socket, file_type;
-type adb_atci_socket, file_type;
-
-# EM Power PMU register reading/setting
-type debugfs_regmap, fs_type, debugfs_type;
-
-# Date : 2018/11/01
-# Purpose : mtk EM c2k bypass read usb file
-type sys_usb_rawbulk, fs_type, sysfs_type;
-
-# Backlight brightness file
-type sysfs_leds_setting, fs_type, sysfs_type;
-
-# Vibrator vibrate file
-type sysfs_vibrator_setting, fs_type, sysfs_type;
-
-# Date : 2019/04/09
-# Purpose: mtk EM battery settings
-type sysfs_battery_temp, fs_type, sysfs_type;
-type sysfs_battery_consumption, fs_type, sysfs_type;
-type sysfs_power_on_vol, fs_type, sysfs_type;
-type sysfs_power_off_vol, fs_type, sysfs_type;
-type sysfs_fg_disable, fs_type, sysfs_type;
-type sysfs_dis_nafg, fs_type, sysfs_type;
-
-# drm key manager
-type provision_file, file_type, data_file_type;
-type key_install_data_file, file_type, data_file_type;
-
-# Date : WK18.16
-# Purpose: Android Migration
-type sysfs_mmcblk, fs_type, sysfs_type;
-type sysfs_mmcblk1, fs_type, sysfs_type;
-
-type aee_dipdebug_vendor_file, file_type, data_file_type;
-
-type netd_socket, file_type, coredomain_socket;
-
-# Date : WK19.27
-# Purpose: Android Migration for SVP
-type proc_m4u, fs_type, proc_type;
-
-# Date : 2019/08/15
-type debugfs_smi_mon, fs_type, debugfs_type;
-
-# Date : WK19.34
-# Purpose: Android Migration for video codec driver
-type vcodec_file, file_type, data_file_type;
-
-# Date : 2019/08/24
-type sysfs_sensor, fs_type, sysfs_type;
-
-#MTEE trusty
-type mtee_trusty_file, fs_type, sysfs_type;
-
-# Date : 2019/08/29
-# Purpose: Allow rild access proc/aed/reboot-reason
-type proc_aed_reboot_reason, fs_type, proc_type;
-
-# Date : 2019/09/05
-# Purpose: Allow powerhal to control kernel resources
-type proc_ppm, fs_type, proc_type;
-type proc_cpufreq, fs_type, proc_type;
-type proc_hps, fs_type, proc_type;
-type proc_cm_mgr, fs_type, proc_type;
-type proc_fliperfs, fs_type, proc_type;
-type sysfs_ged, fs_type, sysfs_type;
-type sysfs_fbt_cpu, fs_type, sysfs_type;
-type sysfs_fbt_fteh, fs_type, sysfs_type;
-
-# Date : 2019/09/17
-# Purpose: Allow powerhal to control cache audit
-type sysfs_ca_drv, fs_type, sysfs_type;
-type sysfs_pftch_qos, fs_type, sysfs_type;
-
-# Date : WK19.38
-# Purpose: Android Migration for video codec driver
-type sysfs_device_tree_model, fs_type, sysfs_type;
-
-# Date : 2019/10/11
-# Purpose : allow system_server to access /proc/wlan/status for Q Migration
-type proc_wlan_status, fs_type, proc_type;
-
-# Date : 2019/10/11
-# Purpose : allow system_server to access /sys/kernel/mm/ksm/pages_xxx
-type sysfs_pages_shared, fs_type, sysfs_type;
-type sysfs_pages_sharing, fs_type, sysfs_type;
-type sysfs_pages_unshared, fs_type, sysfs_type;
-type sysfs_pages_volatile, fs_type, sysfs_type;
-
-# Date : 2019/10/22
-# Purpose : allow aee_aedv write /sys/module/mrdump/parameters/lbaooo
-type sysfs_mrdump_lbaooo, fs_type, sysfs_type;
-
-# Date : 2019/10/25
-# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0
-# to access /proc/device-tree/chosen/atag,chipid or  /sysfs/firmware/devicetree/base/chosen/atag,chipid
-type sysfs_chipid, fs_type, sysfs_type;
-
-# Date : 2019/12/12
-# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/*
-type sysfs_concurrency_scenario, fs_type, sysfs_type;
-
-# Camera file types
-type camera_vendor_data_file, file_type, data_file_type;
-
-# TEE
-type vendor_teei_data_file, file_type, data_file_type;
-
-# IMS
-type volte_ua_socket, file_type;
-type volte_imcb_socket, file_type;
-type wfca_socket, file_type;
-type volte_imsvt1_socket, file_type;

non_plat/file_contexts

@@ -1,743 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-############################
-# A/B system
-/enableswap.sh u:object_r:rootfs:s0
-/factory_init\..* u:object_r:rootfs:s0
-/meta_init\..* u:object_r:rootfs:s0
-/multi_init\..* u:object_r:rootfs:s0
-
-#############################
-# Custom files
-(/vendor)?/custom(/.*)?		u:object_r:custom_file:s0
-/dev/socket/netd    u:object_r:netd_socket:s0
-
-
-#############################
-# Data files
-#
-/data/vendor/.tp(/.*)?  u:object_r:thermal_manager_data_file:s0
-/data/vendor_de/meta(/.*)?    u:object_r:mddb_data_file:s0
-/data/aee_exp(/.*)?  u:object_r:aee_exp_data_file:s0
-/data/vendor/aee_exp(/.*)?  u:object_r:aee_exp_vendor_file:s0
-/data/vendor/agps_supl(/.*)?    u:object_r:agpsd_data_file:s0
-#/data/mnl_flp(/.*)?    u:object_r:mnld_data_file:s0
-#/data/mnl_gfc(/.*)?    u:object_r:mnld_data_file:s0
-/data/vendor/gps(/.*)?   u:object_r:gps_data_file:s0
-/data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0
-/data/vendor/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0
-/data/vendor/mdlpm(/.*)? u:object_r:ccci_data_md1_file:s0
-/data/vendor/flashless(/.*)? u:object_r:c2k_file:s0
-/data/core(/.*)? u:object_r:aee_core_data_file:s0
-/data/vendor/core(/.*)? u:object_r:aee_core_vendor_file:s0
-#/data/dontpanic(/.*)? u:object_r:dontpanic_data_file:s0
-/data/dumpsys(/.*)?    u:object_r:aee_dumpsys_data_file:s0
-/data/vendor/dumpsys(/.*)?    u:object_r:aee_dumpsys_vendor_file:s0
-/data/extmdl(/.*)? u:object_r:mdlog_data_file:s0
-#/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0
-/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0
-#/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0
-/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
-/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
-/data/mdl3(/.*)? u:object_r:mdlog_data_file:s0
-#/data/mediaserver(/.*)? u:object_r:mediaserver_data_file:s0
-#/data/mediacodec(/.*)? u:object_r:mediacodec_data_file:s0
-#/data/.tp(/.*)? u:object_r:thermal_manager_data_file:s0
-/data/nfc_socket(/.*)? u:object_r:nfc_socket:s0
-/data/vendor/nfc_socket(/.*)? u:object_r:vendor_nfc_socket:s0
-#/data/nvram(/.*)? u:object_r:nvram_data_file:s0
-#/data/cct(/.*)? u:object_r:cct_data_file:s0
-/data/vendor/md3(/.*)? u:object_r:c2k_file:s0
-#/data/mal(/.*)? u:object_r:mal_data_file:s0
-/data/SF_dump(./*)? u:object_r:sf_bqdump_data_file:s0
-/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
-/data/vendor/data_tmpfs_log(/.*)? u:object_r:vendor_tmpfs_log_file:s0
-#/data/tmp_mnt/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
-#/data/tmp_mnt/vendor/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
-#/data/setkey.conf        u:object_r:ims_ipsec_data_file:s0
-#/data/setkey_bak.conf    u:object_r:ims_ipsec_data_file:s0
-#/data/setkey_latest.conf u:object_r:ims_ipsec_data_file:s0
-/data/vendor/audiohal(/.*)? u:object_r:mtk_audiohal_data_file:s0
-/data/vendor/powerhal(/.*)? u:object_r:mtk_powerhal_data_file:s0
-#/data/vendor/nfc(/.*)? u:object_r:nfc_data_file:s0
-/data/connsyslog(/.*)?  u:object_r:consyslog_data_file:s0
-/data/vendor/stp_dump(/.*)? u:object_r:stp_dump_data_file:s0
-/data/vendor/mediadrm(/.*)?      u:object_r:mediadrm_vendor_data_file:s0
-/data/vendor/dipdebug(/.*)?    u:object_r:aee_dipdebug_vendor_file:s0
-/data/vendor/key_provisioning(/.*)?   u:object_r:key_install_data_file:s0
-/data/vendor/vcodec(/.*)? u:object_r:vcodec_file:s0
-
-# Misc data
-#/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0
-/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
-#/data/misc/ppp(/.*)? u:object_r:ppp_data_file:s0
-#/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0
-/data/vendor/sensor(/.*)?         u:object_r:sensor_data_file:s0
-#/data/misc/wpa_supplicant(/.*)? u:object_r:wpa_supplicant_data_file:s0
-
-# Wallpaper file for smartbook
-/data/system/users/[0-9]+/smartbook_wallpaper   u:object_r:wallpaper_file:s0
-
-/data/vendor/connsyslog(/.*)? u:object_r:connsyslog_data_vendor_file:s0
-
-# nvdata
-/mnt/vendor/nvdata(/.*)? u:object_r:nvdata_file:s0
-/mnt/vendor/nvcfg(/.*)? u:object_r:nvcfg_file:s0
-
-# protected data file
-/mnt/vendor/protect_f(/.*)?         u:object_r:protect_f_data_file:s0
-/mnt/vendor/protect_s(/.*)?         u:object_r:protect_s_data_file:s0
-/mnt/vendor/persist(/.*)?        u:object_r:persist_data_file:s0
-
-#fat on nand image
-/fat(/.*)?  u:object_r:fon_image_data_file:s0
-
-##########################
-# Devices
-#
-/dev/aal_als(/.*)? u:object_r:aal_als_device:s0
-/dev/accdet(/.*)? u:object_r:accdet_device:s0
-/dev/AD5820AF(/.*)? u:object_r:AD5820AF_device:s0
-/dev/aed[0-9]+ u:object_r:aed_device:s0
-/dev/ampc0(/.*)? u:object_r:ampc0_device:s0
-/dev/android(/.*)? u:object_r:android_device:s0
-/dev/block/zram0 u:object_r:swap_block_device:s0
-/dev/block/platform/bootdevice/by-name/otp u:object_r:otp_part_block_device:s0
-/dev/bmtpool(/.*)? u:object_r:bmtpool_device:s0
-/dev/bootimg(/.*)? u:object_r:bootimg_device:s0
-/dev/BOOT(/.*)? u:object_r:BOOT_device:s0
-/dev/btif(/.*)? u:object_r:btif_device:s0
-/dev/btn(/.*)? u:object_r:btn_device:s0
-/dev/BU6429AF(/.*)? u:object_r:BU6429AF_device:s0
-/dev/BU64745GWZAF(/.*)? u:object_r:BU64745GWZAF_device:s0
-/dev/MAINAF(/.*)? u:object_r:MAINAF_device:s0
-/dev/MAIN2AF(/.*)? u:object_r:MAIN2AF_device:s0
-/dev/SUBAF(/.*)? u:object_r:SUBAF_device:s0
-/dev/cache(/.*)? u:object_r:cache_device:s0
-/dev/CAM_CAL_DRV(/.*)? u:object_r:CAM_CAL_DRV_device:s0
-/dev/CAM_CAL_DRV1(/.*)? u:object_r:CAM_CAL_DRV1_device:s0
-/dev/CAM_CAL_DRV2(/.*)? u:object_r:CAM_CAL_DRV2_device:s0
-/dev/gz_kree(/.*)? u:object_r:gz_device:s0
-/dev/camera-fdvt(/.*)? u:object_r:camera_fdvt_device:s0
-/dev/camera-isp(/.*)? u:object_r:camera_isp_device:s0
-/dev/camera-dip(/.*)? u:object_r:camera_dip_device:s0
-/dev/camera-dpe(/.*)? u:object_r:camera_dpe_device:s0
-/dev/camera-tsf(/.*)? u:object_r:camera_tsf_device:s0
-/dev/camera-rsc(/.*)? u:object_r:camera_rsc_device:s0
-/dev/camera-gepf(/.*)? u:object_r:camera_gepf_device:s0
-/dev/camera-wpe(/.*)? u:object_r:camera_wpe_device:s0
-/dev/camera-owe(/.*)? u:object_r:camera_owe_device:s0
-/dev/camera-mfb(/.*)? u:object_r:camera_mfb_device:s0
-/dev/camera-pipemgr(/.*)? u:object_r:camera_pipemgr_device:s0
-/dev/camera-sysram(/.*)? u:object_r:camera_sysram_device:s0
-/dev/ccu(/.*)? u:object_r:ccu_device:s0
-/dev/vpu(/.*)? u:object_r:vpu_device:s0
-/dev/mdlactl(/.*)? u:object_r:mdla_device:s0
-/dev/ccci_monitor     u:object_r:ccci_monitor_device:s0
-/dev/ccci.* u:object_r:ccci_device:s0
-/dev/cpu_dma_latency(/.*)? u:object_r:cpu_dma_latency_device:s0
-/dev/devmap(/.*)? u:object_r:devmap_device:s0
-/dev/dri(/.*)? u:object_r:gpu_device:s0
-/dev/dummy_cam_cal(/.*)? u:object_r:dummy_cam_cal_device:s0
-/dev/DW9714AF(/.*)? u:object_r:DW9714AF_device:s0
-/dev/DW9814AF(/.*)? u:object_r:DW9814AF_device:s0
-/dev/AK7345AF(/.*)? u:object_r:AK7345AF_device:s0
-/dev/DW9714A(/.*)? u:object_r:DW9714A_device:s0
-/dev/DW9718AF(/.*)? u:object_r:DW9718AF_device:s0
-/dev/WV511AAF(/.*)? u:object_r:lens_device:s0
-/dev/ebc(/.*)? u:object_r:ebc_device:s0
-/dev/usip(/.*)? u:object_r:ebc_device:s0
-/dev/ebr[0-9]+ u:object_r:ebr_device:s0
-/dev/eemcs.* u:object_r:eemcs_device:s0
-/dev/emd.* u:object_r:emd_device:s0
-/dev/etb        u:object_r:etb_device:s0
-/dev/exm0(/.*)? u:object_r:exm0_device:s0
-/dev/expdb(/.*)? u:object_r:expdb_device:s0
-/dev/fat(/.*)? u:object_r:fat_device:s0
-/dev/FM50AF(/.*)? u:object_r:FM50AF_device:s0
-/dev/fm(/.*)? u:object_r:fm_device:s0
-/dev/fw_log_wmt u:object_r:fw_log_wmt_device:s0
-/dev/fw_log_wifi u:object_r:fw_log_wifi_device:s0
-#/dev/gps(/.*)? u:object_r:gps_device:s0
-/dev/geofence(/.*)? u:object_r:geo_device:s0
-/dev/fw_log_gps u:object_r:fw_log_gps_device:s0
-#/dev/mt3337_gpsonly u:object_r:gps_device:s0
-/dev/hdmitx(/.*)? u:object_r:graphics_device:s0
-/dev/hid-keyboard(/.*)? u:object_r:hid_keyboard_device:s0
-/dev/ion(/.*)? u:object_r:ion_device:s0
-/dev/kd_camera_flashlight(/.*)? u:object_r:kd_camera_flashlight_device:s0
-/dev/flashlight(/.*)? u:object_r:flashlight_device:s0
-/dev/kd_camera_hw_bus2(/.*)? u:object_r:kd_camera_hw_bus2_device:s0
-/dev/kd_camera_hw(/.*)? u:object_r:kd_camera_hw_device:s0
-/dev/seninf(/.*)? u:object_r:seninf_device:s0
-/dev/LC898122AF(/.*)? u:object_r:LC898122AF_device:s0
-/dev/LC898212AF(/.*)? u:object_r:LC898212AF_device:s0
-/dev/logo(/.*)? u:object_r:logo_device:s0
-/dev/loop-control(/.*)? u:object_r:loop-control_device:s0
-/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0
-/dev/mali.* u:object_r:gpu_device:s0
-/dev/MATV(/.*)? u:object_r:MATV_device:s0
-/dev/mbr(/.*)? u:object_r:mbr_device:s0
-/dev/md32(/.*)? u:object_r:md32_device:s0
-/dev/scp(/.*)? u:object_r:scp_device:s0
-/dev/scp_B(/.*)? u:object_r:scp_device:s0
-/dev/sspm(/.*)? u:object_r:sspm_device:s0
-/dev/misc-sd(/.*)? u:object_r:misc_sd_device:s0
-/dev/misc(/.*)? u:object_r:misc_device:s0
-/dev/misc2(/.*)? u:object_r:misc2_device:s0
-/dev/MJC(/.*)? u:object_r:MJC_device:s0
-/dev/mmp(/.*)? u:object_r:mmp_device:s0
-/dev/MT6516_H264_DEC(/.*)? u:object_r:MT6516_H264_DEC_device:s0
-/dev/mt6516-IDP(/.*)? u:object_r:mt6516_IDP_device:s0
-/dev/MT6516_Int_SRAM(/.*)? u:object_r:MT6516_Int_SRAM_device:s0
-/dev/mt6516-isp(/.*)? u:object_r:mt6516_isp_device:s0
-/dev/mt6516_jpeg(/.*)? u:object_r:mt6516_jpeg_device:s0
-/dev/MT6516_MM_QUEUE(/.*)? u:object_r:MT6516_MM_QUEUE_device:s0
-/dev/MT6516_MP4_DEC(/.*)? u:object_r:MT6516_MP4_DEC_device:s0
-/dev/MT6516_MP4_ENC(/.*)? u:object_r:MT6516_MP4_ENC_device:s0
-/dev/mt6605 u:object_r:mt6605_device:s0
-/dev/st21nfc u:object_r:st21nfc_device:s0
-/dev/st54spi u:object_r:st54spi_device:s0
-/dev/mt9p012(/.*)? u:object_r:mt9p012_device:s0
-/dev/mtfreqhopping(/.*)? u:object_r:mtfreqhopping_device:s0
-/dev/mtgpio(/.*)? u:object_r:mtgpio_device:s0
-/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0
-/dev/mtk_disp.* u:object_r:graphics_device:s0
-/dev/mtkfb_vsync(/.*)? u:object_r:graphics_device:s0
-/dev/mtkg2d(/.*)? u:object_r:mtkg2d_device:s0
-/dev/mtk_jpeg(/.*)? u:object_r:mtk_jpeg_device:s0
-/dev/mtk-kpd(/.*)? u:object_r:mtk_kpd_device:s0
-/dev/mtk_sched(/.*)? u:object_r:mtk_sched_device:s0
-/dev/MTK_SMI(/.*)? u:object_r:MTK_SMI_device:s0
-/dev/mtk_cmdq(/.*)? u:object_r:mtk_cmdq_device:s0
-/dev/mdp_device(/.*)? u:object_r:mdp_device:s0
-/dev/mdp_sync(/.*)? u:object_r:mtk_mdp_device:s0
-/dev/mtk_rrc(/.*)? u:object_r:mtk_rrc_device:s0
-/dev/mtk_dfrc(/.*)? u:object_r:mtk_dfrc_device:s0
-/dev/mt-mdp(/.*)? u:object_r:mt_mdp_device:s0
-/dev/mt_otg_test(/.*)? u:object_r:mt_otg_test_device:s0
-/dev/MT_pmic_adc_cali        u:object_r:MT_pmic_adc_cali_device:s0
-/dev/MT_pmic_adc_cali(/.*)? u:object_r:MT_pmic_cali_device:s0
-/dev/MT_pmic(/.*)? u:object_r:MT_pmic_device:s0
-/dev/network.* u:object_r:network_device:s0
-/dev/nvram(/.*)? u:object_r:nvram_device:s0
-/dev/nxpspk(/.*)? u:object_r:smartpa_device:s0
-/dev/otp        u:object_r:otp_device:s0
-/dev/pmem_multimedia(/.*)? u:object_r:pmem_multimedia_device:s0
-/dev/pmt(/.*)? u:object_r:pmt_device:s0
-/dev/preloader(/.*)? u:object_r:preloader_device:s0
-/dev/pro_info(/.*)? u:object_r:pro_info_device:s0
-/dev/protect_f(/.*)? u:object_r:protect_f_device:s0
-/dev/protect_s(/.*)? u:object_r:protect_s_device:s0
-/dev/psaux(/.*)? u:object_r:psaux_device:s0
-/dev/ptmx(/.*)? u:object_r:ptmx_device:s0
-/dev/ptyp.* u:object_r:ptyp_device:s0
-/dev/pvr_sync(/.*)? u:object_r:gpu_device:s0
-/dev/qemu_pipe(/.*)? u:object_r:qemu_pipe_device:s0
-/dev/recovery(/.*)? u:object_r:recovery_device:s0
-/dev/rfkill(/.*)? u:object_r:rfkill_device:s0
-/dev/rtc[0-9]+ u:object_r:rtc_device:s0
-/dev/RT_Monitor(/.*)? u:object_r:RT_Monitor_device:s0
-/dev/kick_powerkey(/.*)? u:object_r:kick_powerkey_device:s0
-/dev/seccfg(/.*)? u:object_r:seccfg_device:s0
-/dev/sec_ro(/.*)? u:object_r:sec_ro_device:s0
-/dev/sec(/.*)? u:object_r:sec_device:s0
-/dev/tee1 u:object_r:tee_part_device:s0
-/dev/tee2 u:object_r:tee_part_device:s0
-/dev/sensor(/.*)? u:object_r:sensor_device:s0
-/dev/smartpa_i2c(/.*)? u:object_r:smartpa1_device:s0
-/dev/snapshot(/.*)? u:object_r:snapshot_device:s0
-/dev/socket/adbd(/.*)? u:object_r:adbd_socket:s0
-/dev/socket/agpsd2(/.*)? u:object_r:agpsd_socket:s0
-/dev/socket/agpsd3(/.*)? u:object_r:agpsd_socket:s0
-/dev/socket/agpsd(/.*)? u:object_r:agpsd_socket:s0
-/dev/socket/atci-audio(/.*)? u:object_r:atci-audio_socket:s0
-/dev/socket/meta-atci(/.*)? u:object_r:meta_atci_socket:s0
-/dev/socket/backuprestore(/.*)? u:object_r:backuprestore_socket:s0
-/dev/socket/dfo(/.*)? u:object_r:dfo_socket:s0
-/dev/socket/dnsproxyd(/.*)? u:object_r:dnsproxyd_socket:s0
-/dev/socket/dumpstate(/.*)? u:object_r:dumpstate_socket:s0
-/dev/socket/mdnsd(/.*)? u:object_r:mdnsd_socket:s0
-/dev/socket/mdns(/.*)? u:object_r:mdns_socket:s0
-/dev/socket/mnld(/.*)? u:object_r:mnld_socket:s0
-/dev/socket/netdiag(/.*)? u:object_r:netdiag_socket:s0
-/dev/socket/netd(/.*)? u:object_r:netd_socket:s0
-/dev/socket/mrild(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/mrild2(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/mrild3(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/rild-atci u:object_r:gsmrild_socket:s0
-/dev/socket/rild-mbim(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/msap_uim_socket1(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/msap_uim_socket2(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/sap_uim_socket(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/msap_c2k_socket1(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/msap_c2k_socket2(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/msap_c2k_socket3(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/msap_c2k_socket4(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/sap_uim_socket1(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/sap_uim_socket2(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/sap_uim_socket3(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/sap_uim_socket4(/.*)? u:object_r:gsmrild_socket:s0
-/dev/socket/rild2-md2(/.*)? u:object_r:rild2_md2_socket:s0
-/dev/socket/rild2(/.*)? u:object_r:rild2_socket:s0
-/dev/socket/rild3(/.*)? u:object_r:rild3_socket:s0
-/dev/socket/rild4(/.*)? u:object_r:rild4_socket:s0
-/dev/socket/rild-mal(/.*)? u:object_r:rild_mal_socket:s0
-/dev/socket/rild-mal-at(/.*)? u:object_r:rild_mal_at_socket:s0
-/dev/socket/rild-mal-md2(/.*)? u:object_r:rild_mal_md2_socket:s0
-/dev/socket/rild-mal-at-md2(/.*)? u:object_r:rild_mal_at_md2_socket:s0
-/dev/socket/rild-ims(/.*)? u:object_r:rild_ims_socket:s0
-/dev/socket/volte_imsm_dongle(/.*)? u:object_r:rild_imsm_socket:s0
-/dev/socket/rild-vsim(/.*)? u:object_r:rild_vsim_socket:s0
-/dev/socket/rild-vsim2(/.*)? u:object_r:rild_vsim_socket:s0
-/dev/socket/rild-vsim3(/.*)? u:object_r:rild_vsim_socket:s0
-/dev/socket/rild-vsim-md2(/.*)? u:object_r:rild_vsim_md2_socket:s0
-/dev/socket/rild-ctclient u:object_r:rild_ctclient_socket:s0
-/dev/socket/rild-debug-md2(/.*)? u:object_r:rild_debug_md2_socket:s0
-/dev/socket/rild-debug(/.*)? u:object_r:rild_debug_socket:s0
-/dev/socket/rild-dongle(/.*)? u:object_r:rild-dongle_socket:s0
-/dev/socket/rild-md2(/.*)? u:object_r:rild_md2_socket:s0
-/dev/socket/rild-mtk-modem-md2(/.*)? u:object_r:rild_mtk_modem_md2_socket:s0
-/dev/socket/rild-mtk-modem(/.*)? u:object_r:rild_mtk_modem_socket:s0
-/dev/socket/rild-mtk-ut-2-md2(/.*)? u:object_r:rild_mtk_ut_2_md2_socket:s0
-/dev/socket/rild-mtk-ut-2(/.*)? u:object_r:rild_mtk_ut_2_socket:s0
-/dev/socket/rild-mtk-ut-md2(/.*)? u:object_r:rild_mtk_ut_md2_socket:s0
-/dev/socket/rild-mtk-ut(/.*)? u:object_r:rild_mtk_ut_socket:s0
-/dev/socket/rild-oem-md2(/.*)? u:object_r:rild_oem_md2_socket:s0
-/dev/socket/rild-oem(/.*)? u:object_r:rild_oem_socket:s0
-/dev/socket/rild(/.*)? u:object_r:rild_socket:s0
-/dev/socket/rild-via u:object_r:rild_via_socket:s0
-/dev/socket/rildc-debug u:object_r:rild_via_socket:s0
-/dev/socket/rild-atci-c2k u:object_r:rild_via_socket:s0
-/dev/socket/mal-mfi(/.*)? u:object_r:mal_mfi_socket:s0
-/dev/socket/mal-mfi-dongle(/.*)? u:object_r:mal_mfi_socket:s0
-/dev/socket/rpc u:object_r:rpc_socket:s0
-/dev/socket/soc_vt_stk(/.*)? u:object_r:soc_vt_stk_socket:s0
-/dev/socket/soc_vt_svc(/.*)? u:object_r:soc_vt_svc_socket:s0
-/dev/socket/soc_vt_tcv(/.*)? u:object_r:soc_vt_tcv_socket:s0
-/dev/socket/sysctl(/.*)? u:object_r:sysctl_socket:s0
-/dev/socket/volte_vt(/.*)? u:object_r:volte_vt_socket:s0
-/dev/socket/wpa_wlan0(/.*)? u:object_r:wpa_wlan0_socket:s0
-/dev/stpant(/.*)? u:object_r:stpant_device:s0
-/dev/stpbt(/.*)? u:object_r:stpbt_device:s0
-/dev/fw_log_bt u:object_r:fw_log_bt_device:s0
-/dev/stpgps        u:object_r:mnld_device:s0
-/dev/stpgps(/.*)? u:object_r:stpgps_device:s0
-/dev/gpsdl0        u:object_r:mnld_device:s0
-/dev/gpsdl0(/.*)? u:object_r:gpsdl_device:s0
-/dev/gpsdl1        u:object_r:mnld_device:s0
-/dev/gpsdl1(/.*)? u:object_r:gpsdl_device:s0
-/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0
-/dev/sw_sync(/.*)? u:object_r:sw_sync_device:s0
-/dev/tgt(/.*)? u:object_r:tgt_device:s0
-/dev/touch(/.*)? u:object_r:touch_device:s0
-/dev/tpd_em_log(/.*)? u:object_r:tpd_em_log_device:s0
-/dev/ttyC0         u:object_r:gsm0710muxd_device:s0
-/dev/ttyC1 u:object_r:mdlog_device:s0
-/dev/ttyC2         u:object_r:agps_device:s0
-/dev/ttyC3 u:object_r:icusb_device:s0
-/dev/ttyC6 u:object_r:nlop_device:s0
-/dev/ttyGS.* u:object_r:ttyGS_device:s0
-/dev/ttyMT.* u:object_r:ttyMT_device:s0
-/dev/ttyS.* u:object_r:ttyS_device:s0
-/dev/ttyp.* u:object_r:ttyp_device:s0
-/dev/ttySDIO.* u:object_r:ttySDIO_device:s0
-/dev/ttyUSB0         u:object_r:tty_device:s0
-/dev/ttyUSB1         u:object_r:tty_device:s0
-/dev/ttyUSB2         u:object_r:tty_device:s0
-/dev/ttyUSB3         u:object_r:tty_device:s0
-/dev/ttyUSB4         u:object_r:tty_device:s0
-/dev/TV-out(/.*)? u:object_r:TV_out_device:s0
-/dev/uboot(/.*)? u:object_r:uboot_device:s0
-/dev/uibc(/.*)? u:object_r:uibc_device:s0
-/dev/uinput(/.*)? u:object_r:uinput_device:s0
-/dev/uio0(/.*)? u:object_r:uio0_device:s0
-/dev/usrdata(/.*)? u:object_r:usrdata_device:s0
-/dev/Vcodec(/.*)? u:object_r:Vcodec_device:s0
-/dev/vmodem u:object_r:vmodem_device:s0
-/dev/vow(/.*)? u:object_r:vow_device:s0
-/dev/wmtdetect(/.*)? u:object_r:wmtdetect_device:s0
-/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0
-/dev/ancservice(/.*)? u:object_r:ancservice_device:s0
-/dev/offloadservice(/.*)? u:object_r:offloadservice_device:s0
-/dev/audio_ipi(/.*)? u:object_r:audio_ipi_device:s0
-/dev/adsp(/.*)? u:object_r:adsp_device:s0
-/dev/audio_scp(/.*)? u:object_r:audio_scp_device:s0
-/dev/irtx u:object_r:irtx_device:s0
-/dev/spm(/.*)? u:object_r:spm_device:s0
-/dev/xt_qtaguid(/.*)? u:object_r:xt_qtaguid_device:s0
-/dev/pmic_ftm(/.*)? u:object_r:pmic_ftm_device:s0
-/dev/charger_ftm(/.*)? u:object_r:charger_ftm_device:s0
-/dev/shf  u:object_r:shf_device:s0
-/dev/ttyACM0        u:object_r:ttyACM_device:s0
-/dev/hrm       u:object_r:hrm_device:s0
-/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
-/dev/nebula-ipc-dev0 u:object_r:tee_device:s0
-/dev/mbim u:object_r:mbim_device:s0
-/dev/alarm(/.*)? u:object_r:alarm_device:s0
-##########################
-# Sensor common Devices Start
-#
-/dev/als_ps(/.*)? u:object_r:als_ps_device:s0
-/dev/barometer(/.*)? u:object_r:barometer_device:s0
-/dev/humidity(/.*)? u:object_r:humidity_device:s0
-/dev/gsensor(/.*)? u:object_r:gsensor_device:s0
-/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0
-/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0
-/dev/msensor(/.*)? u:object_r:msensor_device:s0
-/dev/biometric(/.*)? u:object_r:biometric_device:s0
-/dev/sensorlist(/.*)? u:object_r:sensorlist_device:s0
-##########################
-# Sensor Devices Start
-#
-/dev/m_batch_misc(/.*)? u:object_r:m_batch_misc_device:s0
-##########################
-# Sensor bio Devices Start
-#
-/dev/m_als_misc(/.*)? u:object_r:m_als_misc_device:s0
-/dev/m_ps_misc(/.*)? u:object_r:m_ps_misc_device:s0
-/dev/m_baro_misc(/.*)? u:object_r:m_baro_misc_device:s0
-/dev/m_hmdy_misc(/.*)? u:object_r:m_hmdy_misc_device:s0
-/dev/m_acc_misc(/.*)? u:object_r:m_acc_misc_device:s0
-/dev/m_mag_misc(/.*)? u:object_r:m_mag_misc_device:s0
-/dev/m_gyro_misc(/.*)? u:object_r:m_gyro_misc_device:s0
-/dev/m_act_misc(/.*)? u:object_r:m_act_misc_device:s0
-/dev/m_pedo_misc(/.*)? u:object_r:m_pedo_misc_device:s0
-/dev/m_situ_misc(/.*)? u:object_r:m_situ_misc_device:s0
-/dev/m_step_c_misc(/.*)? u:object_r:m_step_c_misc_device:s0
-/dev/m_fusion_misc(/.*)? u:object_r:m_fusion_misc_device:s0
-/dev/m_bio_misc(/.*)? u:object_r:m_bio_misc_device:s0
-
-# block partition definitions
-/dev/block/mmcblk0boot0 u:object_r:preloader_block_device:s0
-/dev/block/mmcblk0boot1 u:object_r:preloader_block_device:s0
-/dev/block/sda u:object_r:preloader_block_device:s0
-/dev/block/sdb u:object_r:preloader_block_device:s0
-/dev/block/mmcblk0 u:object_r:bootdevice_block_device:s0
-/dev/block/sdc u:object_r:bootdevice_block_device:s0
-/dev/block/mmcblk1 u:object_r:mmcblk1_block_device:s0
-/dev/block/mmcblk1p1 u:object_r:mmcblk1p1_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/proinfo     u:object_r:nvram_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvram       u:object_r:nvram_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvdata      u:object_r:nvdata_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/frp         u:object_r:frp_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/expdb       u:object_r:expdb_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/misc2       u:object_r:misc2_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/logo        u:object_r:logo_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/para        u:object_r:para_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/misc        u:object_r:misc_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/seccfg      u:object_r:seccfg_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/secro       u:object_r:secro_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/system      u:object_r:system_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/userdata    u:object_r:userdata_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/cache       u:object_r:cache_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/recovery    u:object_r:recovery_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/protect1    u:object_r:protect1_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/protect2    u:object_r:protect2_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/keystore    u:object_r:keystore_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/oemkeystore u:object_r:oemkeystore_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/boot        u:object_r:boot_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/persist     u:object_r:persist_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/metadata    u:object_r:metadata_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvcfg       u:object_r:nvcfg_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/ppl         u:object_r:ppl_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/sec1        u:object_r:sec1_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/boot_para   u:object_r:boot_para_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/super       u:object_r:super_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/boot(_[ab])?     u:object_r:boot_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/system(_[ab])?   u:object_r:system_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/odm(_[ab])?      u:object_r:odm_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/oem(_[ab])?      u:object_r:oem_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/vendor(_[ab])?   u:object_r:vendor_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/lk(_[ab])?       u:object_r:lk_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/odmdtbo(_[ab])?  u:object_r:dtbo_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/dtbo(_[ab])?     u:object_r:dtbo_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/tee([12]|_[ab])  u:object_r:tee_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md1img(_[ab])?   u:object_r:md_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md1dsp(_[ab])?   u:object_r:dsp_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md1arm7(_[ab])?  u:object_r:md_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md3img(_[ab])?   u:object_r:md_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/scp(_[ab])?      u:object_r:scp_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/sspm(_[ab])?     u:object_r:sspm_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/spmfw(_[ab])?    u:object_r:spmfw_block_device:s0
-/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/vbmeta(_system|_vendor)?(_[ab])?    u:object_r:vbmeta_block_device:s0
-
-/dev/block/platform/bootdevice/by-name/proinfo   u:object_r:nvram_device:s0
-/dev/block/platform/bootdevice/by-name/nvram     u:object_r:nvram_device:s0
-/dev/block/platform/bootdevice/by-name/nvdata    u:object_r:nvdata_device:s0
-/dev/block/platform/bootdevice/by-name/frp       u:object_r:frp_block_device:s0
-/dev/block/platform/bootdevice/by-name/expdb     u:object_r:expdb_block_device:s0
-/dev/block/platform/bootdevice/by-name/misc2     u:object_r:misc2_block_device:s0
-/dev/block/platform/bootdevice/by-name/logo      u:object_r:logo_block_device:s0
-/dev/block/platform/bootdevice/by-name/para      u:object_r:para_block_device:s0
-/dev/block/platform/bootdevice/by-name/misc      u:object_r:misc_block_device:s0
-/dev/block/platform/bootdevice/by-name/seccfg    u:object_r:seccfg_block_device:s0
-/dev/block/platform/bootdevice/by-name/secro     u:object_r:secro_block_device:s0
-/dev/block/platform/bootdevice/by-name/userdata  u:object_r:userdata_block_device:s0
-/dev/block/platform/bootdevice/by-name/cache     u:object_r:cache_block_device:s0
-/dev/block/platform/bootdevice/by-name/recovery  u:object_r:recovery_block_device:s0
-/dev/block/platform/bootdevice/by-name/protect1  u:object_r:protect1_block_device:s0
-/dev/block/platform/bootdevice/by-name/protect2  u:object_r:protect2_block_device:s0
-/dev/block/platform/bootdevice/by-name/keystore  u:object_r:keystore_block_device:s0
-/dev/block/platform/bootdevice/by-name/persist   u:object_r:persist_block_device:s0
-/dev/block/platform/bootdevice/by-name/metadata  u:object_r:metadata_block_device:s0
-/dev/block/platform/bootdevice/by-name/nvcfg     u:object_r:nvcfg_block_device:s0
-/dev/block/platform/bootdevice/by-name/sec1      u:object_r:sec1_block_device:s0
-/dev/block/platform/bootdevice/by-name/boot_para u:object_r:boot_para_block_device:s0
-/dev/block/platform/bootdevice/by-name/super     u:object_r:super_block_device:s0
-/dev/block/platform/bootdevice/by-name/cam_vpu[1-3](_[ab])?  u:object_r:cam_vpu_block_device:s0
-/dev/block/platform/bootdevice/by-name/system(_[ab])?        u:object_r:system_block_device:s0
-/dev/block/platform/bootdevice/by-name/boot(_[ab])?          u:object_r:boot_block_device:s0
-/dev/block/platform/bootdevice/by-name/odm(_[ab])?           u:object_r:odm_block_device:s0
-/dev/block/platform/bootdevice/by-name/oem(_[ab])?           u:object_r:oem_block_device:s0
-/dev/block/platform/bootdevice/by-name/vendor(_[ab])?        u:object_r:vendor_block_device:s0
-/dev/block/platform/bootdevice/by-name/lk(_[ab])?            u:object_r:lk_block_device:s0
-/dev/block/platform/bootdevice/by-name/odmdtbo(_[ab])?       u:object_r:dtbo_block_device:s0
-/dev/block/platform/bootdevice/by-name/dtbo(_[ab])?          u:object_r:dtbo_block_device:s0
-/dev/block/platform/bootdevice/by-name/tee([12]|_[ab])       u:object_r:tee_block_device:s0
-/dev/block/platform/bootdevice/by-name/md1img(_[ab])?        u:object_r:md_block_device:s0
-/dev/block/platform/bootdevice/by-name/md1dsp(_[ab])?        u:object_r:dsp_block_device:s0
-/dev/block/platform/bootdevice/by-name/md1arm7(_[ab])?       u:object_r:md_block_device:s0
-/dev/block/platform/bootdevice/by-name/md3img(_[ab])?        u:object_r:md_block_device:s0
-/dev/block/platform/bootdevice/by-name/scp(_[ab])?           u:object_r:scp_block_device:s0
-/dev/block/platform/bootdevice/by-name/sspm(_[ab])?          u:object_r:sspm_block_device:s0
-/dev/block/platform/bootdevice/by-name/spmfw(_[ab])?         u:object_r:spmfw_block_device:s0
-/dev/block/platform/bootdevice/by-name/mcupmfw(_[ab])?       u:object_r:mcupmfw_block_device:s0
-/dev/block/platform/bootdevice/by-name/loader_ext(_[ab])?    u:object_r:loader_ext_block_device:s0
-/dev/block/platform/bootdevice/by-name/vbmeta(_system|_vendor)?(_[ab])?    u:object_r:vbmeta_block_device:s0
-
-# Key manager
-/dev/block/platform/soc/[0-9]+\.mmc/by-name/kb   u:object_r:kb_block_device:s0
-/dev/block/platform/soc/[0-9]+\.mmc/by-name/dkb  u:object_r:dkb_block_device:s0
-
-# W19.23 Q new feature - Userdata Checkpoint
-/dev/block/by-name/md_udc             u:object_r:metadata_block_device:s0
-
-#############################
-# System files
-#
-/(system\/vendor|vendor)/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
-/(system\/vendor|vendor)/bin/stp_dump3 u:object_r:stp_dump3_exec:s0
-/(system\/vendor|vendor)/bin/wmt_launcher u:object_r:mtk_wmt_launcher_exec:s0
-/(system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
-/(system\/vendor|vendor)/bin/fuelgauged u:object_r:fuelgauged_exec:s0
-/(system\/vendor|vendor)/bin/fuelgauged_nvram u:object_r:fuelgauged_nvram_exec:s0
-/(system\/vendor|vendor)/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
-/(system\/vendor|vendor)/bin/mmc_ffu u:object_r:mmc_ffu_exec:s0
-/(system\/vendor|vendor)/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
-/(system\/vendor|vendor)/bin/MtkCodecService u:object_r:MtkCodecService_exec:s0
-/(system\/vendor|vendor)/bin/mtkrild u:object_r:mtkrild_exec:s0
-/(system\/vendor|vendor)/bin/muxreport u:object_r:muxreport_exec:s0
-/(system\/vendor|vendor)/bin/nvram_agent_binder u:object_r:nvram_agent_binder_exec:s0
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.nvram@(.*)-service u:object_r:nvram_agent_binder_exec:s0
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.nvram@(.*)-service-lazy u:object_r:nvram_agent_binder_exec:s0
-/(system\/vendor|vendor)/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
-/(system\/vendor|vendor)/bin/slpd u:object_r:slpd_exec:s0
-/(system\/vendor|vendor)/bin/thermal_manager u:object_r:thermal_manager_exec:s0
-/(system\/vendor|vendor)/bin/thermalloadalgod u:object_r:thermalloadalgod_exec:s0
-/(system\/vendor|vendor)/bin/lbs_hidl_service u:object_r:lbs_hidl_service_exec:s0
-/(system\/vendor|vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0
-/(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
-
-/(system\/vendor|vendor)/bin/fm_hidl_service u:object_r:fm_hidl_service_exec:s0
-/(system\/vendor|vendor)/bin/wlan_assistant u:object_r:wlan_assistant_exec:s0
-/(system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0
-/(system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0
-/(system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
-/(system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0
-
-/(system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0
-#/system/bin/connsyslogger u:object_r:connsyslogger_exec:s0
-
-/(system\/vendor|vendor)/bin/biosensord_nvram u:object_r:biosensord_nvram_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-mediatek u:object_r:mtk_hal_bluetooth_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.gnss@2\.0-service-mediatek u:object_r:mtk_hal_gnss_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.audio@5\.0-service-mediatek u:object_r:mtk_hal_audio_exec:s0
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkpower@1\.0-service u:object_r:mtk_hal_power_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.sensors@1\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.sensors@2\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0
-/(system\/vendor|vendor)/bin/hw/rilproxy u:object_r:rild_exec:s0
-/(system\/vendor|vendor)/bin/hw/mtkfusionrild u:object_r:rild_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.light@2\.0-service-mediatek u:object_r:mtk_hal_light_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.light@2\.0-service-mediatek-lazy u:object_r:mtk_hal_light_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek u:object_r:hal_vibrator_default_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek-lazy u:object_r:hal_vibrator_default_exec:s0
-/(system\/vendor|vendor)/bin/hw/camerahalserver u:object_r:mtk_hal_camera_exec:s0
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.imsa@1\.0-service u:object_r:mtk_hal_imsa_exec:s0
-
-# Google Trusty system files
-/(vendor|system\/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0
-
-#PQ hal
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.pq@2\.2-service u:object_r:mtk_hal_pq_exec:s0
-#MMS hal
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.3-service u:object_r:mtk_hal_mms_exec:s0
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.3-service-lazy u:object_r:mtk_hal_mms_exec:s0
-# Keymaster Attestation Hal
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.keymaster_attestation@1\.1-service u:object_r:hal_keymaster_attestation_exec:s0
-#ST NFC 1.2 hidl service
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.nfc@1\.2-service-st u:object_r:hal_nfc_default_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service-st54spi u:object_r:st54spi_hal_secure_element_exec:s0
-# MTK Wifi Hal
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-mediatek           u:object_r:mtk_hal_wifi_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-lazy-mediatek      u:object_r:mtk_hal_wifi_exec:s0
-# MTK USB hal
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.usb@1\.1-service-mediatek u:object_r:mtk_hal_usb_exec:s0
-# MTK OMAPI for UICC
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service-mediatek u:object_r:mtk_hal_secure_element_exec:s0
-
-#gpu hal
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.gpu@1\.0-service u:object_r:mtk_hal_gpu_exec:s0
-
-#############################
-# System/bin files
-
-#hidl process merging
-/(system\/vendor|vendor)/bin/hw/merged_hal_service          u:object_r:merged_hal_service_exec:s0
-
-
-###############################################
-# same-process HAL files and their dependencies
-#
-/vendor/lib(64)?/hw/gralloc\.mt[0-9]+[a-z]*\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/vulkan\.mt[0-9]+\.so     u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/libIMGegl\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libglslcompiler\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libPVRScopeServices\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libsrv_um\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libmpvr\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libusc\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libtqvalidate\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libPVROCL\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libufwriter\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libmemtrack_GL\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libPVRTrace\.so   u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/libGLES_mali\.so   u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/libgralloc_extra\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgpu_aux\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgpud\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libged\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libdrm\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libion_mtk\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libion_ulit\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/mtk_cache\.so   u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2\.1\.so u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/libdpframework\.so                                  u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libpq_cust_base\.so                                 u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.mediatek\.hardware\.pq@[0-9]\.[0-9]\.so                 u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libpq_prot\.so                                      u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libhdrvideo\.so                                      u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libscltm\.so                                      u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/vendor\.mediatek\.hardware\.gpu@1\.0.so u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/libladder\.so   u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/libtflite_mtk.so u:object_r:same_process_hal_file:s0
-
-/vendor/bin/hw/vendor\.mediatek\.hardware\.log@1\.0-service u:object_r:aee_hal_exec:s0
-
-/vendor/bin/loghidlvendorservice u:object_r:loghidlvendorservice_exec:s0
-
-/vendor/bin/em_hidl u:object_r:em_hidl_exec:s0
-
-/vendor/bin/hw/modemdbfilter_service u:object_r:modemdbfilter_service_exec:s0
-
-# Date: 2018/07/06
-# Purpose for same-process HAL files and their dependencies: libGLES_mali.so need libm4u.so on mali GPU.
-/vendor/lib(64)?/libm4u\.so   u:object_r:same_process_hal_file:s0
-
-# Date: 2018/12/04
-# Purpose: Neuron runtime API and the dependencies
-/vendor/lib(64)?/libneuron_platform.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libion_mtk.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/mtk_cache.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libvpu.so u:object_r:same_process_hal_file:s0
-
-# Date: 2019/01/21
-# Purpose: OpenCL feature requirments
-/vendor/lib(64)?/libOpenCL\.so                                  u:object_r:same_process_hal_file:s0
-
-#MRDUMP
-/dev/block/platform/bootdevice/by-name/mrdump(/.*)? u:object_r:mrdump_device:s0
-
-# Date: 2019/07/16
-# hdmi hal
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.hdmi@1\.0-service u:object_r:mtk_hal_hdmi_exec:s0
-
-#Widevine drm hal(include lazy hal)
-/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.widevine           u:object_r:hal_drm_widevine_exec:s0
-/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service-lazy\.widevine      u:object_r:hal_drm_widevine_exec:s0
-#Cleaarkey hal(include lazy hal)
-/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey           u:object_r:hal_drm_clearkey_exec:s0
-/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service-lazy\.clearkey      u:object_r:hal_drm_clearkey_exec:s0
-
-
-# Date : 2019/10/28
-# Purpose : move these contexts from plat_private/file_contexts
-/(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0
-/(system\/vendor|vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0
-/vendor/bin/aeev  u:object_r:aee_aedv_exec:s0
-
-# Camera data files
-/data/vendor/camera(/.*)?              u:object_r:camera_vendor_data_file:s0
-
-# Thermal
-/(system\/vendor|vendor)/bin/thermal u:object_r:thermal_exec:s0
-
-# TEE
-/dev/teei_fp u:object_r:teei_fp_device:s0
-/dev/rpmb0 u:object_r:teei_rpmb_device:s0
-/dev/emmcrpmb0 u:object_r:teei_rpmb_device:s0
-/dev/tz_vfs u:object_r:teei_vfs_device:s0
-/dev/tee0 u:object_r:teei_client_device:s0
-/dev/teei_client u:object_r:teei_client_device:s0
-/dev/teei_config u:object_r:teei_config_device:s0
-
-/data/vendor/thh(/.*)? u:object_r:vendor_teei_data_file:s0
-
-/(vendor|system\/vendor)/bin/teei_daemon u:object_r:tee_exec:s0
-/(vendor|system\/vendor)/bin/teei_loader u:object_r:tee_exec:s0
-
-# Keymaster
-/dev/ut_keymaster u:object_r:ut_keymaster_device:s0
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.keyinstall@1\.0-service u:object_r:mtk_hal_keyinstall_exec:s0
-
-# Ipsec
-/(system\/vendor|vendor)/bin/ipsec		u:object_r:ipsec_exec:s0
-/(system\/vendor|vendor)/bin/ipsec_mon u:object_r:ipsec_mon_exec:s0
-
-# IMS
-/dev/socket/volte_ua(/.*)?             u:object_r:volte_ua_socket:s0
-/dev/socket/volte_imcb(/.*)?           u:object_r:volte_imcb_socket:s0
-/dev/socket/wfca(/.*)?         u:object_r:wfca_socket:s0
-/dev/socket/volte_imsvt1(/.*)?         u:object_r:volte_imsvt1_socket:s0
-/system/bin/vtservice u:object_r:vtservice_exec:s0
-/(system\/vendor|vendor)/bin/bip         u:object_r:bip_exec:s0
-/(system\/vendor|vendor)/bin/epdg_wod           u:object_r:epdg_wod_exec:s0
-/(system\/vendor|vendor)/bin/stroke		u:object_r:stroke_exec:s0
-/(system\/vendor|vendor)/bin/volte_imsm_93              u:object_r:volte_imsm_93_exec:s0
-/(system\/vendor|vendor)/bin/volte_md_status            u:object_r:volte_md_status_exec:s0
-/(system\/vendor|vendor)/bin/volte_ua           u:object_r:volte_ua_exec:s0
-/(system\/vendor|vendor)/bin/volte_imcb         u:object_r:volte_imcb_exec:s0
-/(system\/vendor|vendor)/bin/wfca                u:object_r:wfca_exec:s0
-/(system\/vendor|vendor)/bin/xcap                u:object_r:xcap_exec:s0
-/(system\/vendor|vendor)/bin/hw/vtservice_hidl u:object_r:vtservice_hidl_exec:s0
-
-# VPU
-/dev/vcu		         u:object_r:vcu_device:s0
-/vendor/bin/vpud               u:object_r:vpud_native_exec:s0
-
-# DFPS
-/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.dfps@1\.0-service u:object_r:mtk_hal_dfps_exec:s0
-
-# Neural Networks
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.1-service-gpunn u:object_r:mtk_hal_neuralnetworks_exec:s0
-/(system\/vendor|vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.1-service-neuron-ann u:object_r:mtk_hal_neuralnetworks_exec:s0

non_plat/fm_hidl_service.te

@@ -1,19 +0,0 @@
-# Set a new domain
-type fm_hidl_service, domain;
-
-# Set domain as server domain of mtk_hal_fm
-hal_server_domain(fm_hidl_service, mtk_hal_fm)
-
-# Set exec file type
-type fm_hidl_service_exec, exec_type, vendor_file_type, file_type;
-
-# Setup for domain transition
-init_daemon_domain(fm_hidl_service)
-
-#add_hwservice(hal_fm_server, mtk_hal_fm_service)
-
-vndbinder_use(fm_hidl_service)
-
-#r_dir_file(fm_hidl_service, system_file)
-
-allow fm_hidl_service fm_device:chr_file { rw_file_perms };

non_plat/fsck.te

@@ -1,18 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK15.29
-# Operation : Migration
-# Purpose : file system check for protect1/protect2/nvdata/persist/nvcfg block devices.
-allow fsck protect1_block_device:blk_file rw_file_perms;
-allow fsck protect2_block_device:blk_file rw_file_perms;
-allow fsck nvdata_device:blk_file rw_file_perms;
-allow fsck persist_block_device:blk_file rw_file_perms;
-allow fsck nvcfg_block_device:blk_file rw_file_perms;
-allow fsck odm_block_device:blk_file rw_file_perms;
-allow fsck oem_block_device:blk_file rw_file_perms;
-
-# Date : WK17.12
-# Purpose: Fix bootup fail
-allow fsck system_block_device:blk_file getattr;

non_plat/fuelgauged.te

@@ -1,71 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/fuelgauged Executable File 
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type fuelgauged ,domain;
-type fuelgauged_exec , exec_type, file_type, vendor_file_type;
-type fuelgauged_file, file_type, data_file_type;
-
-# ==============================================
-# Android Policy Rule
-# ==============================================
-
-# ==============================================
-# NSA Policy Rule
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-init_daemon_domain(fuelgauged)
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : Fuel Gauge daemon for access driver node
-allow fuelgauged input_device:dir rw_dir_perms;
-allow fuelgauged input_device:file r_file_perms;
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : For meta tool calibration
-allow fuelgauged mtk-adc-cali_device:chr_file rw_file_perms;
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : For fg.log can be printed with kernel log
-allow fuelgauged kmsg_device:chr_file w_file_perms;
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : For fg daemon can comminucate with kernel
-allow fuelgauged self:netlink_socket create;
-allow fuelgauged self:netlink_socket create_socket_perms_no_ioctl;
-allow fuelgauged self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
-
-# Data : WK16.39
-allow fuelgauged self:capability { chown fsetid };
-
-# Date: W17.22
-# Operation : New Feature
-# Purpose : Add for A/B system
-allow fuelgauged kernel:system module_request;
-
-# Date: W18.03
-# Operation : change fuelgagued access from cache to nvcfg
-# Purpose : add fuelgauged to nvcfg read write permit
-allow fuelgauged nvcfg_file:dir { search write open read add_name create getattr};
-allow fuelgauged nvcfg_file:file { read write getattr open create };
-
-# Date: W18.17
-# Operation : add label for /sys/devices/platform/battery(/.*)
-# Purpose : add fuelgauged could access
-r_dir_file(fuelgauged, sysfs_batteryinfo);
-
-# Date : WK18.21
-# Operation: P migration
-# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
-allow fuelgauged mnt_vendor_file:dir search;
-

non_plat/fuelgauged_nvram.te

@@ -1,67 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/fuelgauged_nvram Executable File 
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type fuelgauged_nvram ,domain;
-type fuelgauged_nvram_exec , exec_type, file_type, vendor_file_type;
-type fuelgauged_nvram_file, file_type, data_file_type;
-
-# ==============================================
-# Android Policy Rule
-# ==============================================
-
-# ==============================================
-# NSA Policy Rule
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-init_daemon_domain(fuelgauged_nvram)
-
-# Data : WK16.21
-# Operation : New Feature
-# Purpose : For fg daemon can do nvram r/w to save car_tune_value
-allow fuelgauged_nvram nvdata_file:dir rw_dir_perms;
-allow fuelgauged_nvram nvdata_file:file {rw_file_perms create_file_perms};
-allow fuelgauged_nvram nvram_data_file:lnk_file rw_file_perms;
-allow fuelgauged_nvram nvdata_file:lnk_file rw_file_perms;
-
-allow fuelgauged_nvram fuelgauged_file:dir rw_dir_perms;
-allow fuelgauged_nvram fuelgauged_file:file {rw_file_perms create_file_perms};
-
-# Data : W16.43
-# Operation : New Feature
-# Purpose : Change from /data to /cache
-allow fuelgauged_nvram self:capability { chown };
-allow fuelgauged_nvram kmsg_device:chr_file { write open };
-allow fuelgauged_nvram self:capability fsetid;
-
-# Data : W17.34
-# Operation : New Feature
-# Purpose : fgauge_nvram could use IOCTL
-allow fuelgauged_nvram MT_pmic_adc_cali_device:chr_file rw_file_perms;
-
-# Date: W18.03
-# Operation : change fuelgagued_nvram access from cache to nvcfg
-# Purpose : add fuelgauged to nvcfg read write permit
-# need add label 
-allow fuelgauged_nvram sysfs:file { read open };
-allow fuelgauged_nvram nvcfg_file:dir { search write open read add_name create getattr};
-allow fuelgauged_nvram nvcfg_file:file { read write getattr open create };
-
-# Date: W18.17
-# Operation : add label for /sys/devices/platform/battery(/.*)
-# Purpose : add fuelgauged could access
-r_dir_file(fuelgauged_nvram, sysfs_batteryinfo)
-
-
-# Date : WK18.21
-# Operation: P migration
-# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
-allow fuelgauged_nvram mnt_vendor_file:dir search;
-
-allow fuelgauged_nvram sysfs_boot_mode:file { open read };

non_plat/genfs_contexts

@@ -1,278 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-#############################
-# proc files
-#
-genfscon proc /driver/thermal u:object_r:proc_thermal:s0
-genfscon proc /thermlmt u:object_r:proc_thermal:s0
-genfscon proc /fps_tm u:object_r:proc_thermal:s0
-genfscon proc /wmt_tm u:object_r:proc_thermal:s0
-genfscon proc /mobile_tm u:object_r:proc_thermal:s0
-genfscon proc /bcctlmt u:object_r:proc_thermal:s0
-genfscon proc /battery_status u:object_r:proc_thermal:s0
-genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0
-genfscon proc /mtktz u:object_r:proc_mtktz:s0
-genfscon proc /lk_env u:object_r:proc_lk_env:s0
-genfscon proc /driver/storage_logger u:object_r:proc_slogger:s0
-genfscon proc /driver/icusb u:object_r:proc_icusb:s0
-genfscon proc /mrdump_rst u:object_r:proc_mrdump_rst:s0
-genfscon proc /mtk_battery_cmd u:object_r:proc_battery_cmd:s0
-genfscon proc /mtd u:object_r:proc_mtd:s0
-genfscon proc /ged u:object_r:proc_ged:s0
-genfscon proc /mtk_jpeg u:object_r:proc_mtk_jpeg:s0
-genfscon proc /perfmgr u:object_r:proc_perfmgr:s0
-genfscon proc /driver/wmt_dbg u:object_r:proc_wmtdbg:s0
-genfscon proc /zraminfo u:object_r:proc_zraminfo:s0
-genfscon proc /gpulog u:object_r:proc_gpulog:s0
-genfscon proc /sched_debug u:object_r:proc_sched_debug:s0
-genfscon proc /chip u:object_r:proc_chip:s0
-genfscon proc /atf_log u:object_r:proc_atf_log:s0
-genfscon proc /gz_log u:object_r:proc_gz_log:s0
-genfscon proc /bootprof u:object_r:proc_bootprof:s0
-genfscon proc /pl_lk u:object_r:proc_pl_lk:s0
-genfscon proc /msdc_debug u:object_r:proc_msdc_debug:s0
-genfscon proc /ufs_debug u:object_r:proc_ufs_debug:s0
-genfscon proc /pidmap u:object_r:proc_pidmap:s0
-genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
-genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0
-genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmdq_debug:s0
-genfscon proc /cpuhvfs/dbg_repo u:object_r:proc_dbg_repo:s0
-
-# mtk EM FreqHopping setting
-genfscon proc /freqhopping/freqhopping_debug u:object_r:proc_freqhop:s0
-genfscon proc /freqhopping/status u:object_r:proc_freqhop:s0
-genfscon proc /freqhopping/dumpregs u:object_r:proc_freqhop:s0
-
-# mtk EM flash reading
-genfscon proc /partitions u:object_r:proc_partition:s0
-
-# Purpose dump not exit file
-genfscon proc /isp_p2/isp_p2_dump u:object_r:proc_isp_p2_dump:s0
-genfscon proc /isp_p2/isp_p2_kedump u:object_r:proc_isp_p2_kedump:s0
-genfscon proc /mali/memory_usage u:object_r:proc_memory_usage:s0
-genfscon proc /mtk_es_reg_dump u:object_r:proc_mtk_es_reg_dump:s0
-
-# Date : 2018/11/01
-# Purpose : mtk EM c2k bypass read usb file
-genfscon proc /isp_p2 u:object_r:proc_isp_p2:s0
-
-# Date : WK19.27
-# Purpose: Android Migration for SVP
-genfscon proc /m4u u:object_r:proc_m4u:s0
-
-
-#############################
-# sysfs files
-#
-genfscon sysfs /bus/platform/drivers/mtk-kpd u:object_r:sysfs_keypad_file:s0
-genfscon sysfs /power/vcorefs/pwr_ctrl u:object_r:sysfs_vcorefs_pwrctrl:s0
-genfscon sysfs /power/dcm_state u:object_r:sysfs_dcm:s0
-genfscon sysfs /power/mtkdcs/mode u:object_r:sysfs_dcs:s0
-genfscon sysfs /power/mtkpasr/execstate u:object_r:sysfs_execstate:s0
-genfscon sysfs /mtk_ssw u:object_r:sysfs_ssw:s0
-
-# Date : 2018/06/15
-# Purpose : mtk EM Audio headset detect
-genfscon sysfs /bus/platform/drivers/Accdet_Driver/state u:object_r:sysfs_headset:s0
-genfscon sysfs /bus/platform/drivers/dev_info/dev_info u:object_r:sysfs_devinfo:s0
-genfscon sysfs /bus/platform/drivers/meta_com_type_info/meta_com_type_info u:object_r:sysfs_comport_type:s0
-genfscon sysfs /bus/platform/drivers/meta_uart_port_info/meta_uart_port_info u:object_r:sysfs_uart_info:s0
-
-genfscon sysfs /devices/platform/battery    u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/charger/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0
-genfscon sysfs /devices/platform/battery/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0
-genfscon sysfs /devices/platform/charger/Pump_Express u:object_r:sysfs_pump_express:s0
-genfscon sysfs /devices/platform/battery/Pump_Express u:object_r:sysfs_pump_express:s0
-genfscon sysfs /devices/platform/mt_charger/power_supply u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/mt-rtc/rtc    u:object_r:sysfs_rtc:s0
-genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6359-pmic/mt6359-rtc/rtc u:object_r:sysfs_rtc:s0
-genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6358-pmic/mt6358-rtc/rtc u:object_r:sysfs_rtc:s0
-genfscon sysfs /devices/platform/mt-pmic u:object_r:sysfs_pmu:s0
-genfscon sysfs /devices/platform/1000d000.pwrap/mt-pmic u:object_r:sysfs_pmu:s0
-genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6358-pmic/mt-pmic u:object_r:sysfs_pmu:s0
-genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6359-pmic/mt-pmic u:object_r:sysfs_pmu:s0
-genfscon sysfs /devices/platform/mt6333-user u:object_r:sysfs_pmu:s0
-genfscon sysfs /devices/platform/mt6311-user u:object_r:sysfs_pmu:s0
-genfscon sysfs /devices/platform/mt_usb/musb-hdrc/dual_role_usb u:object_r:sysfs_dual_role_usb20:s0
-genfscon sysfs /devices/platform/mt_usb/musb-hdrc/cmode u:object_r:sysfs_usb_cmode:s0
-
-genfscon sysfs /devices/virtual/BOOT/BOOT/boot/boot_mode u:object_r:sysfs_boot_mode:s0
-genfscon sysfs /devices/virtual/BOOT/BOOT/boot/boot_type u:object_r:sysfs_boot_type:s0
-
-genfscon sysfs /devices/virtual/misc/md32  u:object_r:sysfs_md32:s0
-genfscon sysfs /devices/virtual/misc/scp  u:object_r:sysfs_scp:s0
-genfscon sysfs /devices/virtual/misc/scp_B  u:object_r:sysfs_scp:s0
-genfscon sysfs /devices/virtual/misc/sspm  u:object_r:sysfs_sspm:s0
-genfscon sysfs /devices/virtual/misc/adsp  u:object_r:sysfs_adsp:s0
-
-# Date : 2019/09/12
-genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_therm:s0
-genfscon sysfs /devices/class/thermal u:object_r:sysfs_therm:s0
-
-genfscon sysfs /devices/virtual/switch/fps u:object_r:sysfs_fps:s0
-
-genfscon sysfs /firmware/devicetree/base/chosen/atag,devinfo u:object_r:sysfs_devinfo:s0
-
-genfscon sysfs /kernel/ccci u:object_r:sysfs_ccci:s0
-
-# Date : 2018/06/15
-# Purpose : mtk EM touchscreen settings
-genfscon sysfs /module/tpd_debug u:object_r:sysfs_tpd_debug:s0
-genfscon sysfs /module/tpd_setting  u:object_r:sysfs_tpd_setting:s0
-genfscon sysfs /power/vcorefs/vcore_debug    u:object_r:sysfs_vcore_debug:s0
-genfscon sysfs /power/vcorefs/opp_table    u:object_r:sysfs_vcore_debug:s0
-
-# Date: 2018/08/09
-#Purpose : MTK Vibrator
-genfscon sysfs /devices/platform/odm/odm:vibrator@0/leds/vibrator u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/leds-mt65xx/leds u:object_r:sysfs_leds:s0
-# Date : 2018/08/109
-# Purpose : mtk EM Power debug_log setting
-genfscon sysfs /devices/platform/spm u:object_r:sysfs_spm:s0
-
-# Date : 2018/11/01
-# Purpose : mtk EM c2k bypass read usb file
-genfscon sysfs /devices/virtual/usb_rawbulk u:object_r:sys_usb_rawbulk:s0
-
-#Date : 2018/11/22
-#Purpose: allow mdlogger to read mdinfo file
-genfscon sysfs /kernel/md/mdee u:object_r:sysfs_mdinfo:s0
-
-# Date : 2019/04/09
-# Purpose: mtk EM battery temprature settings
-genfscon sysfs /devices/platform/battery/Battery_Temperature u:object_r:sysfs_battery_temp:s0
-genfscon sysfs /devices/platform/battery/FG_Battery_CurrentConsumption u:object_r:sysfs_battery_consumption:s0
-genfscon sysfs /devices/platform/battery/Power_On_Voltage u:object_r:sysfs_power_on_vol:s0
-genfscon sysfs /devices/platform/battery/Power_Off_Voltage u:object_r:sysfs_power_off_vol:s0
-genfscon sysfs /devices/platform/battery/FG_daemon_disable u:object_r:sysfs_fg_disable:s0
-genfscon sysfs /devices/platform/battery/disable_nafg u:object_r:sysfs_dis_nafg:s0
-
-# Date : 2019/07/03
-# Purpose: SIU update mmcblk access
-genfscon sysfs /devices/platform/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0
-genfscon sysfs /devices/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0
-#genfscon sysfs /devices/platform/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0
-genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:0/block/sda u:object_r:sysfs_mmcblk:s0
-genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:1/block/sdb u:object_r:sysfs_mmcblk:s0
-genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:2/block/sdc u:object_r:sysfs_mmcblk:s0
-
-# Date : 2019/07/12
-# Purpose:dumpstate mmcblk1 access
-genfscon sysfs /devices/platform/externdevice/mmc_host/mmc0 u:object_r:sysfs_devices_block:s0
-genfscon sysfs /devices/platform/externdevice/mmc_host/mmc1 u:object_r:sysfs_devices_block:s0
-
-# Date : 2019/10/22
-# Purpose : mrdump_tool(copy_process by aee_aedv) need to write data to lbaooo
-genfscon sysfs /module/mrdump/parameters/lbaooo u:object_r:sysfs_mrdump_lbaooo:s0
-
-#############################
-# debugfs files
-#
-genfscon debugfs /binder u:object_r:debugfs_binder:s0
-genfscon debugfs /blockio u:object_r:debugfs_blockio:s0
-genfscon debugfs /cpuhvfs u:object_r:debugfs_cpuhvfs:s0
-genfscon debugfs /displowpower u:object_r:debugfs_fb:s0
-genfscon debugfs /disp u:object_r:debugfs_fb:s0
-genfscon debugfs /dispsys u:object_r:debugfs_fb:s0
-genfscon debugfs /dmlog u:object_r:debugfs_dmlog_debug:s0
-genfscon debugfs /dynamic_debug u:object_r:debugfs_dynamic_debug:s0
-genfscon debugfs /emi_mbw/dump_buf u:object_r:debugfs_emi_mbw_buf:s0
-genfscon debugfs /fbconfig u:object_r:debugfs_fb:s0
-genfscon debugfs /fpsgo u:object_r:debugfs_fpsgo:s0
-genfscon debugfs /fuseio u:object_r:debugfs_fuseio:s0
-genfscon debugfs /ged u:object_r:debugfs_ged:s0
-genfscon debugfs /ion/client_history u:object_r:debugfs_ion_mm_heap:s0
-genfscon debugfs /ion/clients u:object_r:debugfs_ion:s0
-genfscon debugfs /ion/heaps u:object_r:debugfs_ion_mm_heap:s0
-genfscon debugfs /ion/ion_mm_heap u:object_r:debugfs_ion_mm_heap:s0
-genfscon debugfs /kmemleak u:object_r:debugfs_kmemleak:s0
-genfscon debugfs /mali0/gpu_memory u:object_r:debugfs_gpu_mali_midgard:s0
-genfscon debugfs /mali/gpu_memory u:object_r:debugfs_gpu_mali_utgard:s0
-genfscon debugfs /mtkfb u:object_r:debugfs_fb:s0
-genfscon debugfs /mmprofile u:object_r:debugfs_fb:s0
-genfscon debugfs /musb-hdrc u:object_r:debugfs_usb:s0
-genfscon debugfs /page_owner_slim u:object_r:debugfs_page_owner_slim_debug:s0
-genfscon debugfs /pvr u:object_r:debugfs_gpu_img:s0
-genfscon debugfs /rcu u:object_r:debugfs_rcu:s0
-genfscon debugfs /shrinker u:object_r:debugfs_shrinker_debug:s0
-genfscon debugfs /usb20_phy u:object_r:debugfs_usb20_phy:s0
-genfscon debugfs /usb_c u:object_r:debugfs_usb:s0
-genfscon debugfs /vpu/device_dbg u:object_r:debugfs_vpu_device_dbg:s0
-
-# mtk VPU/MDLA power reading
-genfscon debugfs  /vpu/power u:object_r:debugfs_vpu_power:s0
-genfscon debugfs  /mdla/power u:object_r:debugfs_mdla_power:s0
-genfscon debugfs  /vpu/vpu_memory u:object_r:debugfs_vpu_memory:s0
-
-# mtk eara thermal reading
-genfscon debugfs  /eara_thermal/enable u:object_r:debugfs_eara_thermal:s0
-
-# mtk EM power PMU register
-genfscon debugfs /rt-regmap u:object_r:debugfs_regmap:s0
-
-# 2019/08/15
-genfscon debugfs /smi_mon u:object_r:debugfs_smi_mon:s0
-
-genfscon iso9660 / u:object_r:iso9660:s0
-genfscon rawfs / u:object_r:rawfs:s0
-
-# 2019/08/24
-genfscon sysfs /class/sensor u:object_r:sysfs_sensor:s0
-genfscon sysfs /devices/virtual/sensor u:object_r:sysfs_sensor:s0
-
-# MTEE trusty
-genfscon sysfs /devices/platform/trusty u:object_r:mtee_trusty_file:s0
-
-# Date : 2019/08/29
-# Purpose: allow rild to access /proc/aed/reboot-reason
-genfscon proc /aed/reboot-reason u:object_r:proc_aed_reboot_reason:s0
-
-# 2019/09/05
-# Purpose: Allow powerhal to control kernel resources
-genfscon proc /ppm u:object_r:proc_ppm:s0
-genfscon proc /cpufreq u:object_r:proc_cpufreq:s0
-genfscon proc /hps u:object_r:proc_hps:s0
-genfscon proc /cm_mgr u:object_r:proc_cm_mgr:s0
-genfscon proc /fliperfs u:object_r:proc_fliperfs:s0
-genfscon sysfs /module/ged u:object_r:sysfs_ged:s0
-genfscon sysfs /module/fbt_cpu u:object_r:sysfs_fbt_cpu:s0
-genfscon sysfs /module/fbt_fteh u:object_r:sysfs_fbt_fteh:s0
-
-# 2019/09/05
-# Purpose: Allow powerhal to control cache audit
-genfscon sysfs /module/ca_drv u:object_r:sysfs_ca_drv:s0
-genfscon sysfs /module/pftch_qos u:object_r:sysfs_pftch_qos:s0
-
-# Date : WK19.38
-# Purpose: Android Migration for video codec driver
-genfscon sysfs /firmware/devicetree/base/model u:object_r:sysfs_device_tree_model:s0
-
-# Date : 2019/10/11
-# Purpose : allow system_server to access /proc/wlan/status for Q Migration
-genfscon proc /wlan/status u:object_r:proc_wlan_status:s0
-
-# Date : 2019/10/11
-# Purpose : allow system_server to access /sys/kernel/mm/ksm/pages_xxx
-genfscon sysfs /kernel/mm/ksm/pages_shared u:object_r:sysfs_pages_shared:s0
-genfscon sysfs /kernel/mm/ksm/pages_sharing u:object_r:sysfs_pages_sharing:s0
-genfscon sysfs /kernel/mm/ksm/pages_unshared u:object_r:sysfs_pages_unshared:s0
-genfscon sysfs /kernel/mm/ksm/pages_volatile u:object_r:sysfs_pages_volatile:s0
-
-# Date : 2019/10/25
-# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0
-# to access /proc/device-tree/chosen/atag,chipid or  /sysfs/firmware/devicetree/base/chosen/atag,chipid
-genfscon sysfs /firmware/devicetree/base/chosen/atag,chipid u:object_r:sysfs_chipid:s0
-
-# Date : 2019/10/18
-# Purpose : allow system_server to access rt5509 param and calib node
-genfscon sysfs /devices/platform/rt5509_param.0 u:object_r:sysfs_rt_param:s0
-genfscon sysfs /devices/virtual/rt5509_cal/rt5509.0 u:object_r:sysfs_rt_calib:s0
-genfscon sysfs /devices/platform/11270000.usb3/musb-hdrc/cmode u:object_r:sysfs_usb_cmode:s0
-
-# Date : 2019/12/12
-# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/*
-genfscon sysfs /bus/platform/drivers/mem_bw_ctrl/concurrency_scenario u:object_r:sysfs_concurrency_scenario:s0
-
-genfscon sysfs /devices/platform/CONNAC u:object_r:sysfs_net:s0

non_plat/gpuservice.te

@@ -1,8 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK19.31
-# Operation : Migration
-# Purpose : [ALPS04685294] com.google.android.graphics.gts.VulkanTest#checkVulkan1_1Requirements-fail
-allow gpuservice gpu_device:dir search;

non_plat/gsm0710muxd.te

@@ -1,42 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/gsm0710muxd Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type gsm0710muxd, domain;
-type gsm0710muxd_exec , exec_type, file_type, vendor_file_type;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(gsm0710muxd)
-
-# Capabilities assigned for gsm0710muxd
-allow gsm0710muxd self:capability { chown fowner setuid };
-
-# Property service
-# Set ctl.ril-daemon property
-set_prop(gsm0710muxd, ctl_rildaemon_prop)
-set_prop(gsm0710muxd, ctl_ril-daemon-mtk_prop)
-set_prop(gsm0710muxd, ctl_fusion_ril_mtk_prop)
-set_prop(gsm0710muxd, gsm0710muxd_prop)
-set_prop(gsm0710muxd, vendor_radio_prop)
-# allow set muxreport control properties
-set_prop(gsm0710muxd, ril_mux_report_case_prop)
-
-# Allow read/write to devices/files
-allow gsm0710muxd gsm0710muxd_device:chr_file rw_file_perms;
-allow gsm0710muxd device:dir rw_dir_perms;
-allow gsm0710muxd device:lnk_file { create unlink };
-allow gsm0710muxd devpts:chr_file setattr;
-allow gsm0710muxd eemcs_device:chr_file rw_file_perms;
-allow gsm0710muxd sysfs:file r_file_perms;
-
-# Allow read to sys/kernel/ccci/* files
-allow gsm0710muxd sysfs_ccci:dir search;
-allow gsm0710muxd sysfs_ccci:file r_file_perms;
-
-#Date: W1818
-#Purpose: allow rild access property of vendor_radio_prop
-set_prop(rild, vendor_radio_prop)

non_plat/hal_audio.te

@@ -1,10 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-# Date: 2019/06/14
-# Operation : Migration
-# Purpose : interface=android.hardware.audio::IDevicesFactory for hal_audio_hwservice
-binder_call(hal_audio_client, hal_audio_server)
-binder_call(hal_audio_server, hal_audio_client)
-hal_attribute_hwservice(hal_audio, hal_audio_hwservice)

non_plat/hal_bootctl_default.te

@@ -1,15 +0,0 @@
-# Add for bootctl
-#============= hal_bootctl_default ==============
-allow hal_bootctl_default para_block_device:blk_file { read open write};
-allow hal_bootctl_default rootfs:file { read getattr open };
-allow hal_bootctl_default sysfs:dir { read open };
-allow hal_bootctl_default sysfs_boot_type:file { read open };
-allow hal_bootctl_default block_device:dir search;
-allow hal_bootctl_default misc_sd_device:chr_file rw_file_perms;
-allow hal_bootctl_default bootdevice_block_device:blk_file rw_file_perms;
-allowxperm hal_bootctl_default bootdevice_block_device:blk_file ioctl MMC_IOCTLCMD;
-allowxperm hal_bootctl_default bootdevice_block_device:blk_file ioctl UFS_IOCTLCMD;
-allow hal_bootctl_default proc_cmdline:file r_file_perms;
-allow hal_bootctl_default sysfs_boot_type:file r_file_perms;
-allow hal_bootctl_default self:capability sys_rawio;
-allow hal_bootctl_default misc_block_device:blk_file rw_file_perms;

non_plat/hal_cas_default.te

@@ -1,5 +0,0 @@
-# Date : 2017/08/14
-# Operation : O1 Migration
-# Purpose : hal_cas_default needs to use vendor binder to communicate
-vndbinder_use(hal_cas_default);
-

non_plat/hal_dfps.te

@@ -1,4 +0,0 @@
-binder_call(hal_dfps_client, hal_dfps_server)
-binder_call(hal_dfps_server, hal_dfps_client)
-
-allow hal_dfps_client mtk_hal_dfps_hwservice:hwservice_manager find;

non_plat/hal_drm_clearkey.te

@@ -1,11 +0,0 @@
-# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey
-type hal_drm_clearkey, domain;
-type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(hal_drm_clearkey)
-
-hal_server_domain(hal_drm_clearkey, hal_drm)
-
-vndbinder_use(hal_drm_clearkey);
-
-allow hal_drm_clearkey { appdomain -isolated_app }:fd use;

non_plat/hal_drm_default.te

@@ -1,6 +0,0 @@
-vndbinder_use(hal_drm_default);
-
-#============= hal_drm_default ==============
-allow hal_drm_default debugfs_tracing:file write;
-allow hal_drm_default debugfs_ion:dir search;
-

non_plat/hal_drm_widevine.te

@@ -1,17 +0,0 @@
-# define SELinux domain
-type hal_drm_widevine, domain;
-hal_server_domain(hal_drm_widevine, hal_drm)
-
-type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_drm_widevine)
-
-allow hal_drm_widevine mediacodec:fd use;
-allow hal_drm_widevine { appdomain -isolated_app }:fd use;
-
-vndbinder_use(hal_drm_widevine);
-hal_client_domain(hal_drm_widevine, hal_graphics_composer);
-allow hal_drm_widevine hal_allocator_server:fd use;
-allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
-allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
-
-allow hal_drm_widevine teei_client_device:chr_file rw_file_perms;

non_plat/hal_fingerprint_default.te

@@ -1,3 +0,0 @@
-allow hal_fingerprint_default teei_fp_device:chr_file { read write open ioctl };
-
-allow hal_fingerprint_default teei_client_device:chr_file { read write open ioctl };

non_plat/hal_gatekeeper_default.te

@@ -1 +0,0 @@
-allow hal_gatekeeper_default teei_client_device:chr_file rw_file_perms;

non_plat/hal_gnss.te

@@ -1,2 +0,0 @@
-#TODO:: work around solution, wait for correct solution from google
-vndbinder_use(hal_gnss)

non_plat/hal_gnss_default.te

@@ -1,7 +0,0 @@
-# Communicate over a socket created by mnld process.
-allow hal_gnss_default mnld_data_file:sock_file create_file_perms;
-allow hal_gnss_default mnld_data_file:sock_file rw_file_perms;
-allow hal_gnss_default mnld_data_file:dir create_file_perms;
-allow hal_gnss_default mnld_data_file:dir rw_dir_perms;
-
-allow hal_gnss_default mnld:unix_dgram_socket sendto;

non_plat/hal_gpu.te

@@ -1,6 +0,0 @@
-# HwBinder IPC from clients into server, and callbacks
-binder_call(hal_gpu_client, hal_gpu_server)
-binder_call(hal_gpu_server, hal_gpu_client)
-
-# give permission for hal client
-allow hal_gpu_client mtk_hal_gpu_hwservice :hwservice_manager find;

non_plat/hal_graphics_allocator.te

@@ -1,5 +0,0 @@
-# Date : WK17.13
-# Operation : Add sepolicy
-# Purpose : Add policy for gralloc HIDL
-
-allow hal_graphics_allocator proc_ged:file r_file_perms;

non_plat/hal_graphics_allocator_default.te

@@ -1,25 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default gpu_device:dir search;
-
-#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default sw_sync_device:chr_file { open read write getattr ioctl };
-
-#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default debugfs_ion:dir search;
-
-#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default debugfs_tracing:file write;
-
-#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default debugfs_tracing:file open;
-
-#============= hal_graphics_allocator_default ==============
-allow hal_graphics_allocator_default proc_ged:file r_file_perms;
-allowxperm hal_graphics_allocator_default proc_ged:file ioctl { proc_ged_ioctls };
-
-# TEE
-allow hal_graphics_allocator_default teei_client_device:chr_file rw_file_perms;

non_plat/hal_graphics_composer_default.te

@@ -1,58 +0,0 @@
-vndbinder_use(hal_graphics_composer_default)
-
-allow hal_graphics_composer_default debugfs_ged:dir search;
-
-# Date : WK17.09
-# Operation : Add sepolicy
-# Purpose : Add polivy for hwc HIDL
-
-allow hal_graphics_composer_default proc:file { read getattr open ioctl };
-allow hal_graphics_composer_default proc_ged:file r_file_perms;
-allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read bind create setopt };
-
-# Date : WK17.21
-# Purpose: GPU driver required
-allow hal_graphics_composer_default sw_sync_device:chr_file rw_file_perms;
-allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
-
-# Date : W17.24
-# Purpose: GPU driver required
-allow hal_graphics_composer_default gpu_device:dir search;
-
-allow hal_graphics_composer_default debugfs_ion:dir search;
-allow hal_graphics_composer_default debugfs_tracing:file write;
-allow hal_graphics_composer_default debugfs_tracing:file open;
-
-# Date : WK17.30
-# Operation : O Migration
-# Purpose: Allow to access cmdq driver
-allow hal_graphics_composer_default mtk_cmdq_device:chr_file { read ioctl open };
-
-# Date : W17.30
-# Add for control PowerHAL
-allow hal_graphics_composer_default mtk_hal_power_hwservice:hwservice_manager find;
-binder_call(hal_graphics_composer_default, mtk_hal_power)
-
-# Date : WK17.32
-# Operation : O Migration
-# Purpose: Allow to access property
-set_prop(hal_graphics_composer_default, graphics_hwc_pid_prop)
-get_prop(hal_graphics_composer_default, graphics_hwc_pid_prop)
-set_prop(hal_graphics_composer_default, graphics_hwc_latch_unsignaled_prop)
-set_prop(hal_graphics_composer_default, graphics_hwc_hdr_prop)
-
-# Date : WK18.03
-# Purpose: Allow to access property dev/mdp_sync
-allow hal_graphics_composer_default mtk_mdp_device:chr_file rw_file_perms;
-allow hal_graphics_composer_default mdp_device:chr_file rw_file_perms;
-allow hal_graphics_composer_default tee_device:chr_file rw_file_perms;
-allowxperm hal_graphics_composer_default proc_ged:file ioctl { proc_ged_ioctls };
-
-# Date: 2018/11/08
-# Operation : JPEG
-# Purpose : JPEG need to use PQ via MMS HIDL
-allow hal_graphics_composer_default sysfs_boot_mode:file r_file_perms;
-
-# Date : WK19.46
-# Purpose: Allow to access ged debug node
-allow hal_graphics_composer_default debugfs_ged:file { w_file_perms };

non_plat/hal_hdmi.te

@@ -1,6 +0,0 @@
-# HwBinder IPC from clients into server, and callbacks
-binder_call(hal_hdmi_client, hal_hdmi_server)
-binder_call(hal_hdmi_server, hal_hdmi_client)
-
-# give permission for hal client
-allow hal_hdmi_client mtk_hal_hdmi_hwservice :hwservice_manager find;

non_plat/hal_imsa.te

@@ -1,6 +0,0 @@
-# HwBinder IPC from clients into server, and callbacks
-binder_call(hal_imsa_client, hal_imsa_server)
-binder_call(hal_imsa_server, hal_imsa_client)
-
-# give permission for hal client
-allow hal_imsa_client mtk_hal_imsa_hwservice :hwservice_manager find;

non_plat/hal_ir.te

@@ -1,4 +0,0 @@
-#============= hal_ir_default ==============
-allow hal_ir_default irtx_device:chr_file rw_file_perms;
-allow hal_ir_default irtx_device:chr_file { ioctl open };
-allow hal_ir_default irtx_device:chr_file { read write };

non_plat/hal_keymaster_attestation.te

@@ -1,21 +0,0 @@
-type hal_keymaster_attestation, domain;
-hal_server_domain(hal_keymaster_attestation, mtk_hal_keyattestation)
-
-type hal_keymaster_attestation_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_keymaster_attestation)
-
-hwbinder_use(hal_keymaster_attestation);
-
-#============= hal_keymaster_attestation ==============
-allow hal_keymaster_attestation tee_device:chr_file { read write open ioctl };
-
-# Date : WK17.42 2017/10/19
-# Operation: Keymaster 3.0
-# Purpose: Access attestation key in persist partition
-allow hal_keymaster_attestation mnt_vendor_file:dir search;
-allow hal_keymaster_attestation persist_data_file:dir { write search add_name };
-allow hal_keymaster_attestation persist_data_file:file { write create open getattr };
-
-allow hal_keymaster_attestation ut_keymaster_device:chr_file { read write ioctl open };
-
-allow hal_keymaster_attestation teei_client_device:chr_file { read write open ioctl};

non_plat/hal_keymaster_default.te

@@ -1,3 +0,0 @@
-allow hal_keymaster_default ut_keymaster_device:chr_file { read write open ioctl};
-
-allow hal_keymaster_default teei_client_device:chr_file { read write open ioctl};

non_plat/hal_memtrack_default.te

@@ -1,9 +0,0 @@
-# Date : WK16.52
-# Operation : HIDL Migration
-# Purpose : For memtrack related service access
-allow hal_memtrack debugfs_gpu_mali_midgard:file {open read getattr };
-allow hal_memtrack debugfs_gpu_mali_utgard:file {open read getattr };
-allow hal_memtrack debugfs_gpu_img:dir search;
-allow hal_memtrack debugfs_gpu_img:file {open read getattr };
-allow hal_memtrack debugfs_ion:dir rw_dir_perms;
-allow hal_memtrack debugfs_ion:file {open read getattr };

non_plat/hal_mms.te

@@ -1,6 +0,0 @@
-# HwBinder IPC from clients into server, and callbacks
-binder_call(hal_mms_client, hal_mms_server)
-binder_call(hal_mms_server, hal_mms_client)
-
-# give permission for hal client
-allow hal_mms_client mtk_hal_mms_hwservice :hwservice_manager find;

non_plat/hal_nfc.te

@@ -1,5 +0,0 @@
-# ==============================================
-# ST NFC HAL rule
-# ==============================================
-
-allow hal_nfc st21nfc_device:chr_file { read write getattr open ioctl };

non_plat/hal_nvramagent.te

@@ -1,6 +0,0 @@
-#for nvram hidl client support
-binder_call(hal_nvramagent_client, hal_nvramagent_server)
-allow hal_nvramagent_client nvram_agent_binder_hwservice:hwservice_manager find;
-
-# add/find permission rule to hwservicemanager
-add_hwservice(hal_nvramagent_server, nvram_agent_binder_hwservice)

non_plat/hal_pq.te

@@ -1,6 +0,0 @@
-# HwBinder IPC from clients into server, and callbacks
-binder_call(hal_pq_client, hal_pq_server)
-binder_call(hal_pq_server, hal_pq_client)
-
-# give permission for hal client
-allow hal_pq_client mtk_hal_pq_hwservice :hwservice_manager find;

non_plat/hal_thermal_default.te

@@ -1,8 +0,0 @@
-
-# Date : WK18.23
-# Operation : P Migration
-# Purpose : add grant permission for Thermal HAL mtktz and proc
-
-allow hal_thermal_default proc_mtktz:dir search;
-allow hal_thermal_default proc_mtktz:file {open read getattr};
-allow hal_thermal_default proc_stat:file {open read getattr };

non_plat/hal_usb.te

@@ -1,11 +0,0 @@
-type mtk_hal_usb, domain;
-hal_server_domain(mtk_hal_usb, hal_usb)
-
-type mtk_hal_usb_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(mtk_hal_usb)
-
-allow hal_usb_default sysfs_dual_role_usb20:dir {search read};
-allow hal_usb_default sysfs_dual_role_usb20:file {open read getattr};
-
-allow mtk_hal_usb sysfs_dual_role_usb20:dir {search read open};
-allow mtk_hal_usb sysfs_dual_role_usb20:file {open read getattr};

non_plat/hal_vibrator.te

@@ -1,6 +0,0 @@
-# vibrator sysfs rw access
-allow hal_vibrator sysfs_vibrator:dir r_dir_perms;
-allow hal_vibrator sysfs_leds:file rw_file_perms;
-allow hal_vibrator sysfs_leds:dir r_dir_perms;
-allow hal_vibrator sysfs_leds:lnk_file read;
-allow hal_vibrator_default sysfs:file { open write read };

non_plat/hal_wifi.te

@@ -1,10 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Allow hal wifi service to open/read/setattr wifi device.
-# wmtWifi is wifi char device file to control wifi driver.
-allow hal_wifi wmtWifi_device:chr_file w_file_perms;
-
-# Write wlan driver/fw version into property
-set_prop(hal_wifi_default, vendor_wifi_version)

non_plat/hwservice.te

@@ -1,72 +0,0 @@
-type mtk_hal_bluetooth_hwservice, hwservice_manager_type;
-
-# Date: 2017/05/9
-type mtk_hal_rild_hwservice, hwservice_manager_type;
-
-# Date: 2017/06/07
-# power hidl
-type mtk_hal_power_hwservice, hwservice_manager_type;
-
-# Date: 2017/06/12
-# LBS HIDL
-type mtk_hal_lbs_hwservice, hwservice_manager_type;
-
-# Date: 2017/06/27
-# IMSA HIDL
-type mtk_hal_imsa_hwservice, hwservice_manager_type;
-
-# Date: 2017/07/12
-# NVRAM HIDL
-type nvram_agent_binder_hwservice, hwservice_manager_type;
-
-# Date: 2017/07/19
-# PQ HIDL
-type mtk_hal_pq_hwservice, hwservice_manager_type;
-
-# Date: 2017/07/20
-# keymaster attestation hidl
-type mtk_hal_keyattestation_hwservice, hwservice_manager_type;
-
-# Date: 2018/05/25
-# FM HIDL
-type mtk_hal_fm_hwservice, hwservice_manager_type;
-
-# Date: 2018/03/23
-# log hidl
-type mtk_hal_log_hwservice, hwservice_manager_type;
-
-# Date: 2018/06/26
-# em hidl
-type mtk_hal_em_hwservice, hwservice_manager_type;
-
-# Date: 2018/07/02
-# MMS HIDL
-type mtk_hal_mms_hwservice, hwservice_manager_type;
-
-type hal_atci_hwservice, hwservice_manager_type;
-type mtk_hal_keymanage_hwservice, hwservice_manager_type;
-
-# Date: 2019/04/26
-# GPU HIDL
-type mtk_hal_gpu_hwservice, hwservice_manager_type;
-
-# Date: 2019/06/12
-# modem db filter hidl
-type mtk_hal_md_dbfilter_hwservice, hwservice_manager_type;
-
-# Date: 2019/07/16
-# HDMI HIDL
-type mtk_hal_hdmi_hwservice, hwservice_manager_type;
-
-# Date: 2019/09/06
-# BGService HIDL
-type mtk_hal_bgs_hwservice, hwservice_manager_type;
-
-# vtservice
-type mtk_hal_videotelephony_hwservice, hwservice_manager_type;
-
-# Keyinstall
-type mtk_hal_keyinstall_hwservice, hwservice_manager_type;
-
-# DFPS
-type mtk_hal_dfps_hwservice, hwservice_manager_type;

non_plat/hwservice_contexts

@@ -1,86 +0,0 @@
-vendor.mediatek.hardware.bluetooth::IMtkBluetoothHci u:object_r:mtk_hal_bluetooth_hwservice:s0
-
-# Date: 2017/05/9
-vendor.mediatek.hardware.mtkradioex::IMtkRadioEx u:object_r:mtk_hal_rild_hwservice:s0
-vendor.mediatek.hardware.radio::ISap u:object_r:mtk_hal_rild_hwservice:s0
-vendor.mediatek.hardware.interfaces_tc1.mtkradioex_tc1::IMtkRadioEx u:object_r:mtk_hal_rild_hwservice:s0
-vendor.mediatek.hardware.radio_op::IRadioOp u:object_r:mtk_hal_rild_hwservice:s0
-
-# Date: 2017/06/07
-# power hidl
-vendor.mediatek.hardware.mtkpower::IMtkPerf u:object_r:mtk_hal_power_hwservice:s0
-vendor.mediatek.hardware.mtkpower::IMtkPower u:object_r:mtk_hal_power_hwservice:s0
-vendor.mediatek.hardware.power::IPerf u:object_r:mtk_hal_power_hwservice:s0
-vendor.mediatek.hardware.power::IPower u:object_r:mtk_hal_power_hwservice:s0
-
-
-
-# Date: 2017/06/12
-# LBS HIDL
-vendor.mediatek.hardware.lbs::ILbs u:object_r:mtk_hal_lbs_hwservice:s0
-
-# Date : 2017/06/27
-# IMSA HIDL
-vendor.mediatek.hardware.imsa::IImsa u:object_r:mtk_hal_imsa_hwservice:s0
-
-# Date : 2017/07/12
-#nvram hidl
-vendor.mediatek.hardware.nvram::INvram u:object_r:nvram_agent_binder_hwservice:s0
-
-# Date : 2017/07/19
-# PQ HIDL
-vendor.mediatek.hardware.pq::IPictureQuality u:object_r:mtk_hal_pq_hwservice:s0
-
-# Date: 2017/07/20
-# keymaster attestation hidl
-vendor.mediatek.hardware.keymaster_attestation::IKeymasterDevice u:object_r:mtk_hal_keyattestation_hwservice:s0
-
-# Date: 2018/05/25
-# FM HIDL
-vendor.mediatek.hardware.fm::IFmRadio u:object_r:mtk_hal_fm_hwservice:s0
-
-# Date: 2018/03/23
-# log hidl
-vendor.mediatek.hardware.log::ILog u:object_r:mtk_hal_log_hwservice:s0
-
-# Date: 2018/06/26
-# em hidl
-vendor.mediatek.hardware.engineermode::IEmd u:object_r:mtk_hal_em_hwservice:s0
-
-# Date : 2018/07/02
-# MMS HIDL
-vendor.mediatek.hardware.mms::IMms u:object_r:mtk_hal_mms_hwservice:s0
-
-# Date : 2019/04/19
-# GPU HIDL
-vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0
-
-# Date: 2019/06/12
-# modem db filter hidl
-vendor.mediatek.hardware.modemdbfilter::ICopyDBFilter u:object_r:mtk_hal_md_dbfilter_hwservice:s0
-
-# Date: 2019/07/04
-vendor.mediatek.hardware.camera.lomoeffect::ILomoEffect u:object_r:hal_camera_hwservice:s0
-vendor.mediatek.hardware.camera.ccap::ICCAPControl u:object_r:hal_camera_hwservice:s0
-vendor.mediatek.hardware.camera.bgservice::IBGService u:object_r:mtk_hal_bgs_hwservice:s0
-vendor.mediatek.hardware.camera.isphal::IISPModule u:object_r:mtk_hal_bgs_hwservice:s0
-
-# Date : 2019/07/31
-vendor.mediatek.hardware.camera.postproc::IPostDevice u:object_r:mtk_hal_bgs_hwservice:s0
-
-# Date : 2019/07/16
-# HDMI HIDL
-vendor.mediatek.hardware.hdmi::IMtkHdmiService u:object_r:mtk_hal_hdmi_hwservice:s0
-
-#Date: 2019/09/02
-# ATMs hidl
-vendor.mediatek.hardware.camera.atms::IATMs u:object_r:hal_camera_hwservice:s0
-
-# vtservice
-vendor.mediatek.hardware.videotelephony::IVideoTelephony u:object_r:mtk_hal_videotelephony_hwservice:s0
-
-# Keyinstall
-vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0
-
-# DFPS
-vendor.mediatek.hardware.dfps::IFpsPolicyService u:object_r:mtk_hal_dfps_hwservice:s0

non_plat/init.te

@@ -1,153 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : for L early bring up: add for nvram command in init rc files
-allow init nvram_data_file:dir create_dir_perms;
-allow init nvram_data_file:lnk_file r_file_perms;
-allow init nvdata_file:lnk_file r_file_perms;
-allow init nvdata_file:dir create_file_perms;
-
-#============= init ==============
-# Date : W14.42
-# Operation : Migration
-# Purpose : for L : add for partition (chown/chmod)
-allow init block_device:blk_file setattr;
-allow init system_block_device:blk_file setattr;
-allow init nvram_device:blk_file setattr;
-allow init seccfg_block_device:blk_file setattr;
-allow init secro_block_device:blk_file setattr;
-allow init frp_block_device:blk_file setattr;
-allow init logo_block_device:blk_file setattr;
-allow init para_block_device:blk_file setattr;
-allow init recovery_block_device:blk_file setattr;
-
-# Date : WK15.30
-# Operation : Migration
-# Purpose : format wiped partition with "formattable" and "check" flag in fstab file
-allow init protect1_block_device:blk_file rw_file_perms;
-allow init protect2_block_device:blk_file rw_file_perms;
-allow init userdata_block_device:blk_file rw_file_perms;
-allow init cache_block_device:blk_file rw_file_perms;
-allow init nvdata_device:blk_file w_file_perms;
-allow init persist_block_device:blk_file rw_file_perms;
-allow init nvcfg_block_device:blk_file rw_file_perms;
-allow init odm_block_device:blk_file rw_file_perms;
-allow init oem_block_device:blk_file rw_file_perms;
-allow init para_block_device:blk_file w_file_perms;
-
-# Date : WK15.32
-# Operation : Migration
-# Purpose : disable AT_SECURE for LD_PRELOAD
-userdebug_or_eng(`
-  allow init { domain -lmkd -crash_dump -llkd -mediaswcodec }:process noatsecure;
-')
-
-# Date : WK16.26
-# Operation : Access dynamic_debug control file
-# Purpose : For MobileLog on/off pr_debug on user/userdebug load
-allow init debugfs_dynamic_debug:file write;
-
-# Date : W16.28
-# Operation : Migration
-# Purpose : enable modules capability
-allow init self:capability sys_module;
-allow init kernel:system module_request;
-
-# Date : WK16.35
-# Operation : Migration
-# Purpose : create symbolic link from /mnt/sdcard to /sdcard
-allow init tmpfs:lnk_file create;
-
-# Date:W17.07
-# Operation : bt hal
-# Purpose : bt hal interface permission
-allow init mtk_hal_bluetooth_exec:file getattr;
-
-# Date : WK17.12
-# Purpose: Fix bootup fail
-allow init debugfs:file w_file_perms;
-
-# Date : WK17.02
-# Purpose: Fix audio hal service fail
-allow init mtk_hal_audio_exec:file getattr;
-
-# Date : W17.20
-# Purpose: Enable PRODUCT_FULL_TREBLE
-allow init vendor_block_device:lnk_file relabelto;
-
-# Date : WK17.21
-# Purpose: Fix gnss hal service fail
-allow init mtk_hal_gnss_exec:file getattr;
-
-# Fix boot up violation
-allow init debugfs_tracing_instances:file relabelfrom;
-
-# Date: W17.22
-# Operation : New Feature
-# Purpose : Add for A/B system
-allow init debugfs:file write;
-allow init kernel:system module_request;
-allow init nvdata_file:dir mounton;
-allow init oemfs:dir mounton;
-allow init protect_f_data_file:dir mounton;
-allow init protect_s_data_file:dir mounton;
-allow init nvcfg_file:dir mounton;
-allow init persist_data_file:dir mounton;
-allow init tmpfs:lnk_file create;
-
-# boot process denial clean up
-allow init debugfs_ged:file w_file_perms;
-
-
-
-# Date : WK17.39
-# Operation : able to relabel mntl block device link
-# Purpose : Correct permission for mntl
-allow init block_device:lnk_file relabelfrom;
-allow init expdb_block_device:lnk_file relabelto;
-allow init mcupmfw_block_device:lnk_file relabelto;
-allow init tee_block_device:lnk_file relabelto;
-
-# Date : WK17.43
-# Operation : able to insert fpsgo kernel module
-# Purpose : Correct permission for fpsgo
-allow init rootfs:system module_load;
-
-# Date: W17.43
-# Operation : module load
-# Purpose : insmod LKM under /vendor (connsys module KO)
-allow init vendor_file:system module_load;
-
-# Date : WK17.46
-# Operation : feature porting
-# Purpose : kernel module verification
-allow init kernel:key search;
-
-# Date : WK17.50
-# Operation : boost cpu while booting
-# Purpose : enhance boottime
-allow init proc_perfmgr:file write;
-allow init proc_wmtdbg:file w_file_perms;
-
-# Date : W18.20
-# Operation : mount soc vendor's partition when booting
-allow init mnt_vendor_file:dir mounton;
-
-# Date : W19.28
-# Purpose: Allow to setattr /proc/last_kmsg
-allow init proc_last_kmsg:file setattr;
-# Purpose: Allow to write /proc/cpu/alignment
-allow init proc_cpu_alignment:file w_file_perms;
-
-# Purpose: Allow to relabelto for selinux_android_restorecon
-allow init boot_block_device:lnk_file relabelto;
-allow init vbmeta_block_device:lnk_file relabelto;
-
-# TEE
-allow init teei_client_device:chr_file rw_file_perms;
-
-# DFPS
-allow init mtk_hal_dfps_exec:file getattr;

non_plat/installd.te

@@ -1,7 +0,0 @@
-# ==================================
-# MTK Policy Rule
-# ==================================
-
-# Kernel-4.14 migration, fix boot fail.
-allow installd vendor_configs_file:file map;
-

non_plat/ioctl_defines

@@ -1,70 +0,0 @@
-#####################################
-# ged_bridge_id.h
-#
-define(`GED_BRIDGE_IO_LOG_BUF_GET', `0x6700')
-define(`GED_BRIDGE_IO_LOG_BUF_WRITE', `0x6701')
-define(`GED_BRIDGE_IO_LOG_BUF_RESET', `0x6702')
-define(`GED_BRIDGE_IO_BOOST_GPU_FREQ', `0x6703')
-define(`GED_BRIDGE_IO_MONITOR_3D_FENCE', `0x6704')
-define(`GED_BRIDGE_IO_QUERY_INFO', `0x6705')
-define(`GED_BRIDGE_IO_NOTIFY_VSYNC', `0x6706')
-define(`GED_BRIDGE_IO_DVFS_PROBE', `0x6707')
-define(`GED_BRIDGE_IO_DVFS_UM_RETURN', `0x6708')
-define(`GED_BRIDGE_IO_EVENT_NOTIFY', `0x6709')
-define(`GED_BRIDGE_IO_WAIT_HW_VSYNC', `0x670a')
-define(`GED_BRIDGE_IO_QUERY_TARGET_FPS', `0x670b')
-define(`GED_BRIDGE_IO_VSYNC_WAIT', `0x670c')
-define(`GED_BRIDGE_IO_GPU_HINT_TO_CPU', `0x670d')
-define(`GED_BRIDGE_IO_HINT_FORCE_MDP', `0x670e')
-
-define(`GED_BRIDGE_IO_GE_ALLOC', `0x6764')
-define(`GED_BRIDGE_IO_GE_GET', `0x6765')
-define(`GED_BRIDGE_IO_GE_SET', `0x6766')
-define(`GED_BRIDGE_IO_GPU_TIMESTAMP', `0x6767')
-define(`GED_BRIDGE_IO_TARGET_FPS', `0x6768')
-define(`GED_BRIDGE_IO_GE_INFO', `0x6769')
-define(`GED_BRIDGE_IO_GPU_TUNER_STATUS', `0x676a')
-
-#####################################
-# perf_ioctl.h : FPSGO
-#
-define(`PERFMGR_FPSGO_QUEUE', `0x6701')
-define(`PERFMGR_FPSGO_DEQUEUE', `0x6703')
-define(`PERFMGR_FPSGO_VSYNC', `0x6705')
-define(`PERFMGR_FPSGO_TOUCH', `0x670a')
-define(`PERFMGR_FPSGO_QUEUE_CONNECT', `0x670f')
-define(`PERFMGR_FPSGO_BQID', `0x6710')
-
-# perf_ioctl.h : EARA
-define(`PERFMGR_EARA_NN_BEGIN', `0x6701')
-define(`PERFMGR_EARA_NN_END', `0x6702')
-define(`PERFMGR_EARA_GETUSAGE', `0x6703')
-
-# perf_ioctl.h : others
-define(`PERFMGR_CPU_PREFER', `0x6701')
-
-#####################################
-#
-#
-define(`MMC_IOCTLCMD', `0xb300')
-define(`MMC_IOC_MULTI_CMD', `0xb301')
-define(`UFS_IOCTLCMD', `0x5388')
-define(`UFS_IOCTL_RPMB', `0x5391')
-
-#####################################
-#
-#
-define(`JPG_BRIDGE_ENC_IO_INIT', `0x780b')
-define(`JPG_BRIDGE_ENC_IO_CONFIG', `0x780c')
-define(`JPG_BRIDGE_ENC_IO_WAIT', `0x780d')
-define(`JPG_BRIDGE_ENC_IO_DEINIT', `0x780e')
-define(`JPG_BRIDGE_ENC_IO_START', `0x780f')
-#####################################
-# m4u_priv.h
-define(`MTK_M4U_T_ALLOC_MVA', `0x6704')
-define(`MTK_M4U_T_DEALLOC_MVA', `0x6705')
-define(`MTK_M4U_T_CONFIG_PORT', `0x670b')
-define(`MTK_M4U_T_DMA_OP', `0x671d')
-define(`MTK_M4U_T_SEC_INIT', `0x6732')
-define(`MTK_M4U_T_CONFIG_PORT_ARRAY', `0x671a')
-define(`MTK_M4U_T_CACHE_SYNC', `0x670a')

non_plat/ioctl_macros

@@ -1,25 +0,0 @@
-# proc_ged ioctls
-define(`proc_ged_ioctls', `{
-  GED_BRIDGE_IO_LOG_BUF_GET
-  GED_BRIDGE_IO_LOG_BUF_WRITE
-  GED_BRIDGE_IO_LOG_BUF_RESET
-  GED_BRIDGE_IO_BOOST_GPU_FREQ
-  GED_BRIDGE_IO_MONITOR_3D_FENCE
-  GED_BRIDGE_IO_QUERY_INFO
-  GED_BRIDGE_IO_NOTIFY_VSYNC
-  GED_BRIDGE_IO_DVFS_PROBE
-  GED_BRIDGE_IO_DVFS_UM_RETURN
-  GED_BRIDGE_IO_EVENT_NOTIFY
-  GED_BRIDGE_IO_WAIT_HW_VSYNC
-  GED_BRIDGE_IO_QUERY_TARGET_FPS
-  GED_BRIDGE_IO_VSYNC_WAIT
-  GED_BRIDGE_IO_GPU_HINT_TO_CPU
-  GED_BRIDGE_IO_HINT_FORCE_MDP
-  GED_BRIDGE_IO_GE_ALLOC
-  GED_BRIDGE_IO_GE_GET
-  GED_BRIDGE_IO_GE_SET
-  GED_BRIDGE_IO_GPU_TIMESTAMP
-  GED_BRIDGE_IO_TARGET_FPS
-  GED_BRIDGE_IO_GE_INFO
-  GED_BRIDGE_IO_GPU_TUNER_STATUS
-}')

non_plat/ipsec.te

@@ -1,19 +0,0 @@
-type ipsec_exec, exec_type, file_type, vendor_file_type;
-type ipsec, domain;
-
-allow ipsec proc_net:file write;
-allow ipsec { property_socket dnsproxyd_socket fwmarkd_socket }:sock_file write;
-allow ipsec { node port }:{ udp_socket rawip_socket } { node_bind name_bind };
-
-allow ipsec init:unix_stream_socket connectto;
-allow ipsec epdg_wod:unix_stream_socket { read write connectto };
-allow ipsec epdg_wod:fd use;
-
-allow ipsec self:capability { kill net_bind_service net_admin };
-allow ipsec self:{ netlink_route_socket netlink_xfrm_socket } { read write create bind nlmsg_read nlmsg_write };
-allow ipsec self:tcp_socket { read write create getattr connect getopt };
-allow ipsec self:capability2 wake_alarm;
-
-allow ipsec devpts:chr_file { read write open };
-
-set_prop(ipsec, mtk_wod_prop)

non_plat/ipsec_mon.te

@@ -1,22 +0,0 @@
-type ipsec_mon_exec , exec_type, file_type, vendor_file_type;
-type ipsec_mon, domain;
-
-domain_auto_trans(init,ipsec_mon_exec,ipsec_mon)
-
-allow ipsec_mon self:netlink_xfrm_socket { write bind create read nlmsg_read nlmsg_write};
-allow ipsec_mon ims_ipsec_data_file:dir { write add_name search };
-allow ipsec_mon ims_ipsec_data_file:file { setattr read create getattr write ioctl open append };
-allow ipsec_mon init:unix_stream_socket connectto;
-allow ipsec_mon self:key_socket { write read create setopt };
-
-allow ipsec_mon self:capability { net_admin net_raw };
-allow ipsec_mon self:udp_socket { create ioctl };
-allow ipsec_mon self:netlink_route_socket { write read create nlmsg_read bind connect nlmsg_write};
-allowxperm ipsec_mon self:udp_socket ioctl { SIOCDEVPRIVATE_2 };
-allow ipsec_mon devpts:chr_file { open read write };
-allow ipsec_mon proc_net:file { open write };
-
-set_prop(ipsec_mon, mtk_network_prop)
-
-allowxperm ipsec_mon self:udp_socket ioctl SIOCDEVPRIVATE;
-dontaudit ipsec_mon kernel:system  module_request;

non_plat/kernel.te

@@ -1,95 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-# Date : WK14.38
-# Operation : Migration
-# Purpose : run guitar_update for touch F/W upgrade.
-allow kernel sdcard_type:dir search;
-
-# Date : WK14.39
-# Operation : Migration
-# Purpose : ums driver can access blk_file
-allow kernel block_device:blk_file rw_file_perms;
-allow kernel loop_device:blk_file r_file_perms;
-allow kernel vold_device:blk_file rw_file_perms;
-
-# Date : WK14.43
-# Operation : Migration
-# Purpose :  Access to nvarm for reading MAC. (LOS WIFI feature)
-allow kernel system_data_file:lnk_file r_file_perms;
-
-# Date : WK15.35
-# Operation : Migration
-# Purpose : grant fon_image_data_file read permission for loop device
-allow kernel fon_image_data_file:file read;
-
-# Date : WK15.38
-# Operation : Migration
-# Purpose : grant proc_thermal for dir search
-allow kernel proc_thermal:dir search;
-
-# Date : WK16.11
-# Operation : Migration
-# Purpose : grant storage_file and wifi_data_file for kernel thread mtk_wmtd to access /sdcard/wifi.cfg
-# and /data/misc/wifi/wifi.cfg to access wifi.cfg, in which, some wifi driver configuations are there.
-allow kernel mnt_user_file:dir search;
-allow kernel mnt_user_file:lnk_file read;
-allow kernel wifi_data_file:file r_file_perms;
-allow kernel wifi_data_file:dir search;
-allow kernel storage_file:lnk_file read;
-allow kernel sdcard_type:file open;
-
-# Data : WK16.16
-# Operation : Migration
-# Purpose :  Access to TC1 partition for reading MEID
-allow kernel block_device:dir search;
-
-# Data : WK16.16
-# Operation : Migration
-# Purpose :  Access to TC1 partition for reading MEID
-allow kernel misc2_block_device:blk_file rw_file_perms;
-
-# Date : WK16.30
-# Operation: SQC
-# Purpose: Allow sdcardfs workqueue to access lower file systems
-allow kernel { fuseblk }:dir create_dir_perms;
-allow kernel { fuseblk }:file create_file_perms;
-
-# Date : WK16.30
-# Operation: SQC
-# Purpose: Allow sdcardfs workqueue to access lower file systems
-allow kernel {vfat mnt_media_rw_file}:dir create_dir_perms;
-allow kernel {vfat mnt_media_rw_file}:file create_file_perms;
-allow kernel kernel:key { write search setattr };
-
-# Date : WK16.42
-# Operation: SQC
-# Purpose: Allow task of cpuset cgroup can migration to parent cgroup when cpus is NULL
-allow kernel platform_app:process setsched;
-
-# Date : WK17.01
-# Operation: SQC
-# Purpose: Allow OpenDSP kthread to write debug dump to sdcard
-allow kernel audioserver:fd use;
-
-# Date : WK18.02
-# Operation: SQC
-# Purpose: Allow SCP SmartPA kthread to write debug dump to sdcard
-allow kernel mtk_hal_audio:fd use;
-allow kernel factory:fd use;
-
-# Date : WK18.29
-# Operation: SQC
-# Purpose: Allow kernel read firmware binary on vendor partition
-allow kernel vendor_file:file r_file_perms;
-
-# Date : WK18.35
-# Operation: SQC
-# Purpose: Allow VOW kthread to write debug PCM dump
-allow kernel mtk_audiohal_data_file:file write;
-
-# TEE
-allow kernel teei_client_device:chr_file rw_file_perms;
-
-# debugfs
-allow kernel debugfs_mmc:dir search;

non_plat/keystore.te

@@ -1,13 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-# Date : WK14.40 2014/12/26
-# Operation : CTS 5.0_r1
-# Purpose : allow access to /data/data for full CTS
-allow keystore app_data_file:file write;
-
-# Date : WK17.30 2017/07/25
-# Operation : keystore
-# Purpose : Fix keystore boot selinux violation
-allow hal_keymaster_default debugfs_tracing:file write;

non_plat/kisd.te

@@ -1,32 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/kisd Executable File
-
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type kisd ,domain;
-type kisd_exec, exec_type, file_type, vendor_file_type;
-typeattribute kisd mlstrustedsubject;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-init_daemon_domain(kisd)
-
-allow kisd tee_device:chr_file {read write open ioctl};
-allow kisd provision_file:dir {read write open ioctl add_name search remove_name};
-allow kisd provision_file:file {create read write open getattr unlink};
-allow kisd block_device:dir {read write open ioctl search};
-allow kisd kb_block_device:blk_file {read write open ioctl getattr};
-allow kisd dkb_block_device:blk_file {read write open ioctl getattr};
-allow kisd key_install_data_file:dir {write remove_name add_name};
-allow kisd key_install_data_file:file {write getattr read create unlink open};
-allow kisd key_install_data_file:dir search;
-allow kisd mtd_device:chr_file { open read write };
-allow kisd mtd_device:blk_file { open read write ioctl getattr};
-allow kisd mtd_device:dir { search };
-allow kisd kb_block_device:chr_file {read write open ioctl getattr};
-allow kisd dkb_block_device:chr_file {read write open ioctl getattr};

non_plat/lbs_hidl_service.te

@@ -1,11 +0,0 @@
-type lbs_hidl_service, domain;
-hal_server_domain(lbs_hidl_service, mtk_hal_lbs)
-
-type lbs_hidl_service_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(lbs_hidl_service)
-vndbinder_use(lbs_hidl_service)
-
-#r_dir_file(lbs_hidl_service, system_file)
-unix_socket_connect(lbs_hidl_service, agpsd, mtk_agpsd);
-allow lbs_hidl_service mtk_agpsd:unix_dgram_socket sendto;
-allow lbs_hidl_service mnld:unix_dgram_socket sendto;

non_plat/lmkd.te

@@ -1,23 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ============
-
-
-# Data : 2015/01/14
-# Operation : MT6735 SQC bug fix
-# Purpose : ALPS01905960 - selinux_warning: audit(1420845354.752:91): avc:  denied  { search }
-#           for  pid=194 comm="lmkd" name="23573" dev="proc"
-#           ino=915740 scontext=u:r:lmkd:s0 tcontext=u:r:zygote:s0 tclass=dir permissive=0
-dontaudit lmkd zygote:dir rw_dir_perms;
-
-# Data : 2015/04/17
-# Operation : tb8163p1 low memory selinux warning
-# Purpose : ALPS02038466 audit(1429079840.646:7): avc:  denied  { use }
-#           for  pid=170 comm="lmkd"
-#           path=2F6465762F6173686D656D2F4469736361726461626C654D656D6F72794173686D656D416C6C6F6361746F72202864656C6574656429
-#           dev="tmpfs" ino=14475 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=fd permissive=0
-dontaudit lmkd platform_app:fd use;
-
-# Data : 2018/05/25
-# Operation : Add for duraSpeed socket
-allow lmkd system_server:unix_stream_socket connectto;

non_plat/loghidlsysservice.te

@@ -1,6 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/loghidlsysservice Executable File
-
-# Purpose : for create hidl server
-hal_client_domain(loghidlsysservice, mtk_hal_log)
-allow loghidlsysservice connsyslogger:unix_stream_socket connectto;

non_plat/loghidlvendorservice.te

@@ -1,15 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/loghidlvendorservice Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type loghidlvendorservice ,domain;
-type loghidlvendorservice_exec, exec_type, file_type, vendor_file_type;
-typeattribute loghidlvendorservice mlstrustedsubject;
-
-hal_server_domain(loghidlvendorservice, mtk_hal_log)
-init_daemon_domain(loghidlvendorservice)
-# allow loghidlvendorservice self:capability dac_override;
-allow loghidlvendorservice system_app:binder call;

non_plat/mdlogger.te

@@ -1,62 +0,0 @@
-#allow mdlogger to set property
-set_prop(mdlogger, debug_mdlogger_prop)
-set_prop(mdlogger, debug_prop)
-# ccci device for internal modem
-allow mdlogger ccci_device:chr_file { rw_file_perms };
-
-# usb device ttyGSx for modem logger usb logging
-allow mdlogger ttyGS_device:chr_file { rw_file_perms};
-
-# modem logger access on /data/mdlog
-allow mdlogger mdlog_data_file:dir { create_dir_perms relabelto};
-allow mdlogger mdlog_data_file:fifo_file { create_file_perms};
-allow mdlogger mdlog_data_file:file { create_file_perms };
-allow mdlogger system_data_file:dir { create_dir_perms relabelfrom};
-
-# modem logger control port access /dev/ttyC1
-allow mdlogger mdlog_device:chr_file { rw_file_perms};
-
-
-#modem logger SD logging in factory mode
-allow mdlogger vfat:dir create_dir_perms;
-allow mdlogger vfat:file create_file_perms;
-
-#mdlogger for read /sdcard
-allow mdlogger tmpfs:lnk_file read;
-allow mdlogger storage_file:lnk_file rw_file_perms;
-allow mdlogger mnt_user_file:dir search;
-allow mdlogger mnt_user_file:lnk_file rw_file_perms;
-allow mdlogger sdcard_type:file create_file_perms;
-allow mdlogger sdcard_type:dir { create_dir_perms };
-allow mdlogger storage_file:dir { create_dir_perms };
-allow mdlogger storage_file:file { create_file_perms };
-
-
-# Allow read to sys/kernel/ccci/* files
-allow mdlogger sysfs_ccci:dir search;
-allow mdlogger sysfs_ccci:file r_file_perms;
-
-# purpose: allow mdlogger to access storage in new version
-allow mdlogger media_rw_data_file:file  { create_file_perms };
-allow mdlogger media_rw_data_file:dir { create_dir_perms };
-
-#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:mdlogger:s0
-#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0
-#security issue control
-allow mdlogger aee_aed:unix_stream_socket connectto;
-
-## purpose: avc: denied { read } for name="plat_file_contexts"
-allow emdlogger file_contexts_file:file { read getattr open};
-
-#permission for read boot mode
-#avc: denied { open }  path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs"
-allow mdlogger sysfs_boot_mode:file { read open };
-
-# avc: denied { open } for path="system/etc/mddb" dev="mmcblk0p21" scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
-allow mdlogger system_file:dir { read open };
-
-# Android P migration
-set_prop(mdlogger, vendor_mdl_prop)
-set_prop(mdlogger, debug_mdlogger_prop)
-set_prop(mdlogger, persist_mdlog_prop)
-set_prop(mdlogger, persist_mtklog_prop)

non_plat/mediacodec.te

@@ -1,162 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : VP/VR
-allow mediacodec devmap_device:chr_file { ioctl };
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : VDEC/VENC device node
-allow mediacodec Vcodec_device:chr_file rw_file_perms;
-
-# Date : WK16.21
-# Operation : Migration
-# Purpose : VP & VR dump and debug
-allow mediacodec M4U_device_device:chr_file rw_file_perms;
-allow mediacodec proc:file r_file_perms;
-allow mediacodec debugfs_binder:dir search;
-allow mediacodec MTK_SMI_device:chr_file { ioctl read open };
-allow mediacodec storage_file:lnk_file {read write open};
-allow mediacodec tmpfs:dir search;
-allow mediacodec mnt_user_file:dir {write read search};
-allow mediacodec mnt_user_file:lnk_file {read write};
-allow mediacodec sdcard_type:dir {write read search add_name remove_name};
-allow mediacodec sdcard_type:file {getattr write read create open append unlink};
-allow mediacodec nvram_data_file:dir w_dir_perms;
-allow mediacodec nvram_data_file:file create_file_perms;
-allow mediacodec nvram_data_file:lnk_file read;
-allow mediacodec nvdata_file:lnk_file read;
-allow mediacodec nvdata_file:dir w_dir_perms;
-allow mediacodec nvdata_file:file create_file_perms;
-allow mediacodec devmap_device:chr_file r_file_perms;
-allow mediacodec proc_meminfo:file {read getattr open};
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : for SW codec VP/VR
-allow mediacodec mtk_sched_device:chr_file { read write ioctl open };
-
-# Data : WK14.39
-# Operation : Migration
-# Purpose : HW encrypt SW codec
-allow mediacodec mediacodec_data_file:file create_file_perms;
-allow mediacodec mediacodec_data_file:dir create_dir_perms;
-allow mediacodec sec_device:chr_file r_file_perms;
-
-# Data: WK14.44
-# Operation : Migration
-# Purpose : VP
-allow mediacodec surfaceflinger:file getattr;
-
-# Data: WK14.44
-# Operation : Migration
-# Purpose : for low SD card latency issue
-allow mediacodec sysfs_lowmemorykiller:file { read open };
-
-# Data: WK14.45
-# Operation : Migration
-# Purpose : for change thermal policy when needed
-allow mediacodec proc_mtkcooler:dir search;
-allow mediacodec proc_mtktz:dir search;
-allow mediacodec proc_thermal:dir search;
-allow mediacodec proc_mtkcooler:file { read write open };
-allow mediacodec proc_mtktz:file { read write open getattr };
-allow mediacodec proc_thermal:file { read write open getattr};
-allow mediacodec thermal_manager_data_file:file create_file_perms;
-allow mediacodec thermal_manager_data_file:dir { rw_dir_perms setattr };
-allow mediacodec thermal_manager_data_file:dir search;
-
-# Data : WK14.47
-# Operation : CTS
-# Purpose : cts search strange app
-allow mediacodec untrusted_app:dir search;
-
-# Date : WK14.39
-# Operation : Migration
-# Purpose : MJC Driver
-allow mediacodec MJC_device:chr_file { read write ioctl open };
-
-# Date : WK16.27
-# Operation : APE SQC
-# Purpose : for APE file playback
-allow mediacodec MtkCodecService:binder call;
-allow mediacodec MtkCodecService:binder transfer;
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow mediacodec proc_ged:file rw_file_perms;
-allowxperm mediacodec proc_ged:file ioctl { proc_ged_ioctls };
-
-# Data : WK16.42
-# Operator: Whitney bring up
-# Purpose: call surfaceflinger due to powervr
-allow mediacodec surfaceflinger:fifo_file rw_file_perms;
-
-# Date: WK16.43
-# Operator: Whitney SQC
-# Purpose: mediacodec use gpu
-allow mediacodec gpu_device:dir search;
-
-# Date : W18.01
-# Add for turn on SElinux in enforcing mode
-allow mediacodec vndbinder_device:chr_file rw_file_perms;
-
-vndbinder_use(mediacodec)
-
-# Date : WK1721
-# Purpose: For FULL TREBLE
-allow mediacodec system_file:dir r_dir_perms;
-allow mediacodec debugfs_ion:dir search;
-
-
-# Date : WK17.30
-# Operation : O Migration
-# Purpose: Allow mediacodec to access cmdq driver
-allow mediacodec mtk_cmdq_device:chr_file { read ioctl open };
-allow mediacodec mtk_mdp_device:chr_file rw_file_perms;
-allow mediacodec sw_sync_device:chr_file rw_file_perms;
-
-# Date : WK17.28
-# Operation : MT6757 SQC
-# Purpose : Change thermal config
-
-
-# Date : WK17.30
-# Purpose : For Power Hal
-allow mediacodec mtk_hal_power_hwservice:hwservice_manager find;
-allow mediacodec mtk_hal_power:binder call;
-allow mediacodec mtk_hal_power:unix_stream_socket connectto;
-
-
-# Date : WK17.12
-# Operation : MT6799 SQC
-# Purpose : Change thermal config
-set_prop(mediacodec, mtk_thermal_config_prop)
-
-# Date : WK17.43
-# Operation : Migration
-# Purpose : DISP access
-allow mediacodec graphics_device:chr_file { ioctl open read };
-allow mediacodec graphics_device:dir search;
-
-# Date : WK19.27
-# Purpose: Android Migration for SVP
-allow mediacodec proc_m4u:file r_file_perms;
-allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_SEC_INIT;
-
-# Date : WK19.40
-# Purpose: Android Migration for Hybrid Encoder
-allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CONFIG_PORT;
-allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CACHE_SYNC;
-allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CONFIG_PORT_ARRAY;
-
-# Date : 2019/12/12
-# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/*
-allow mediacodec sysfs_concurrency_scenario:file rw_file_perms;
-allow mediacodec sysfs_concurrency_scenario:dir search;
-
-# TEE
-allow mediacodec teei_client_device:chr_file rw_file_perms;

non_plat/mediadrmserver.te

@@ -1,9 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow mediadrmserver proc_ged:file rw_file_perms;
-
-

non_plat/mediaextractor.te

@@ -1,15 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow mediaextractor proc_ged:file rw_file_perms;
-
-#============= mediaextractor ==============
-allow mediaextractor vfat:file r_file_perms;
-
-allow mediaextractor mediaserver_service:service_manager find;
-
-allow mediaextractor platform_app:dir search;
-allow mediaextractor platform_app:file r_file_perms;

non_plat/mediaserver.te

@@ -1,335 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK14.31
-# Operation : Migration
-# Purpose : camera devices access.
-allow mediaserver camera_isp_device:chr_file rw_file_perms;
-allow mediaserver ccu_device:chr_file rw_file_perms;
-allow mediaserver vpu_device:chr_file rw_file_perms;
-allow mediaserver kd_camera_hw_device:chr_file rw_file_perms;
-allow mediaserver seninf_device:chr_file rw_file_perms;
-allow mediaserver self:capability { setuid ipc_lock sys_nice };
-allow mediaserver sysfs_wake_lock:file rw_file_perms;
-allow mediaserver MTK_SMI_device:chr_file r_file_perms;
-allow mediaserver camera_pipemgr_device:chr_file r_file_perms;
-allow mediaserver kd_camera_flashlight_device:chr_file rw_file_perms;
-allow mediaserver lens_device:chr_file rw_file_perms;
-
-# Date : WK14.32
-# Operation : Migration
-# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
-allow mediaserver sdcard_type:dir { w_dir_perms create };
-allow mediaserver sdcard_type:file create;
-allow mediaserver nvram_data_file:lnk_file read;
-allow mediaserver nvdata_file:lnk_file read;
-allow mediaserver sdcard_type:dir remove_name;
-allow mediaserver sdcard_type:file unlink;
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : nvram access (dumchar case for nand and legacy chip)
-allow mediaserver nvram_device:chr_file rw_file_perms;
-allow mediaserver self:capability { net_admin };
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : VP/VR
-allow mediaserver devmap_device:chr_file { ioctl };
-
-# Date : WK14.34
-# Operation : Migration
-# Purpose : Smartcard Service
-allow mediaserver system_data_file:file open;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : media server and bt process communication for A2DP data.and other control flow
-allow mediaserver bluetooth:unix_dgram_socket sendto;
-allow mediaserver bt_a2dp_stream_socket:sock_file write;
-allow mediaserver bt_int_adp_socket:sock_file write;
-
-# Date : WK14.37
-# Operation : Migration
-# Purpose : camera ioctl
-allow mediaserver camera_sysram_device:chr_file r_file_perms;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : VDEC/VENC device node
-allow mediaserver Vcodec_device:chr_file rw_file_perms;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose :  access nvram, otp, ccci cdoec devices.
-allow mediaserver MtkCodecService:binder call;
-allow mediaserver ccci_device:chr_file rw_file_perms;
-allow mediaserver eemcs_device:chr_file rw_file_perms;
-allow mediaserver devmap_device:chr_file r_file_perms;
-allow mediaserver ebc_device:chr_file rw_file_perms;
-allow mediaserver nvram_device:blk_file rw_file_perms;
-allow mediaserver bootdevice_block_device:blk_file rw_file_perms;
-
-# Date : WK14.36
-# Operation : Migration
-# Purpose : for SW codec VP/VR
-allow mediaserver mtk_sched_device:chr_file rw_file_perms;
-
-# Date : WK14.38
-# Operation : Migration
-# Purpose : NVRam access
-allow mediaserver block_device:dir { write search };
-
-# Date : WK14.38
-# Operation : Migration
-# Purpose : FM driver access
-allow mediaserver fm_device:chr_file rw_file_perms;
-
-# Data : WK14.38
-# Operation : Migration
-# Purpose : for VP/VR
-allow mediaserver block_device:dir search;
-allow mediaserver FM50AF_device:chr_file rw_file_perms;
-allow mediaserver AD5820AF_device:chr_file rw_file_perms;
-allow mediaserver DW9714AF_device:chr_file rw_file_perms;
-allow mediaserver DW9814AF_device:chr_file rw_file_perms;
-allow mediaserver AK7345AF_device:chr_file rw_file_perms;
-allow mediaserver DW9714A_device:chr_file rw_file_perms;
-allow mediaserver LC898122AF_device:chr_file rw_file_perms;
-allow mediaserver LC898212AF_device:chr_file rw_file_perms;
-allow mediaserver BU6429AF_device:chr_file rw_file_perms;
-allow mediaserver DW9718AF_device:chr_file rw_file_perms;
-allow mediaserver BU64745GWZAF_device:chr_file rw_file_perms;
-allow mediaserver MAINAF_device:chr_file rw_file_perms;
-allow mediaserver MAIN2AF_device:chr_file rw_file_perms;
-allow mediaserver SUBAF_device:chr_file rw_file_perms;
-
-
-# Data : WK14.38
-# Operation : Migration
-# Purpose : for boot animation.
-allow mediaserver bootanim:binder { transfer call };
-
-allow mediaserver mtkbootanimation:binder { transfer call };
-
-# Data : WK14.38
-# Operation : Migration
-# Purpose : dump for debug
-allow mediaserver sdcard_type:file append;
-
-# Date : WK14.39
-# Operation : Migration
-# Purpose : FDVT Driver
-allow mediaserver camera_fdvt_device:chr_file rw_file_perms;
-
-# Date : WK14.39
-# Operation : Migration
-# Purpose : APE PLAYBACK
-binder_call(mediaserver,MtkCodecService)
-
-# Date : WK14.40
-# Operation : Migration
-# Purpose : HDMI driver access
-allow mediaserver graphics_device:chr_file rw_file_perms;
-
-# Date : WK14.40
-# Operation : Migration
-# Purpose : Smartpa
-allow mediaserver smartpa_device:chr_file rw_file_perms;
-
-# Data : WK14.40
-# Operation : Migration
-# Purpose : permit 'call' by audio tunning tool audiocmdservice_atci
-allow mediaserver audiocmdservice_atci:binder call;
-binder_call(mediaserver,audiocmdservice_atci)
-
-# Date : WK14.40
-# Operation : Migration
-# Purpose : mtk_jpeg
-allow mediaserver mtk_jpeg_device:chr_file r_file_perms;
-
-# Date : WK14.41
-# Operation : Migration
-# Purpose : WFD HID Driver
-allow mediaserver uhid_device:chr_file rw_file_perms;
-
-# Date : WK14.41
-# Operation : Migration
-# Purpose : Camera EEPROM Calibration
-allow mediaserver CAM_CAL_DRV_device:chr_file rw_file_perms;
-allow mediaserver CAM_CAL_DRV1_device:chr_file rw_file_perms;
-allow mediaserver CAM_CAL_DRV2_device:chr_file rw_file_perms;
-
-# Date : WK14.43
-# Operation : Migration
-# Purpose : VOW
-allow mediaserver vow_device:chr_file rw_file_perms;
-
-# Date: WK14.44
-# Operation : Migration
-# Purpose : EVDO
-allow mediaserver rpc_socket:sock_file write;
-allow mediaserver ttySDIO_device:chr_file rw_file_perms;
-
-# Data: WK14.44
-# Operation : Migration
-# Purpose : VP
-allow mediaserver surfaceflinger:file getattr;
-
-# Data: WK14.44
-# Operation : Migration
-# Purpose : for low SD card latency issue
-allow mediaserver sysfs_lowmemorykiller:file { read open };
-
-# Data: WK14.45
-# Operation : Migration
-# Purpose : for change thermal policy when needed
-allow mediaserver proc_mtkcooler:dir search;
-allow mediaserver proc_mtktz:dir search;
-allow mediaserver proc_thermal:dir search;
-
-# Date : WK14.46
-# Operation : Migration
-# Purpose : for MTK Emulator HW GPU
-allow mediaserver qemu_pipe_device:chr_file rw_file_perms;
-
-# Date : WK14.46
-# Operation : Migration
-# Purpose : for camera init
-allow mediaserver system_server:unix_stream_socket { read write };
-
-# Data : WK14.46
-# Operation : Migration
-# Purpose : for SMS app
-allow mediaserver radio_data_file:dir search;
-allow mediaserver radio_data_file:file open;
-
-# Data : WK14.47
-# Operation : Audio playback
-# Purpose : Music as ringtone
-allow mediaserver radio:dir { search read };
-allow mediaserver radio:file r_file_perms;
-
-# Data : WK14.47
-# Operation : Launch camcorder from MMS
-# Purpose : Camcorder
-allow mediaserver radio_data_file:file open;
-
-# Data : WK14.47
-# Operation : CTS
-# Purpose : cts search strange app
-allow mediaserver untrusted_app:dir search;
-
-# Date : WK15.03
-# Operation : Migration
-# Purpose : offloadservice
-allow mediaserver offloadservice_device:chr_file rw_file_perms;
-
-# Date : WK15.32
-# Operation : Pre-sanity
-# Purpose : 3A algorithm need to access sensor service
-allow mediaserver sensorservice_service:service_manager find;
-
-# Date : WK15.34
-# Operation : Migration
-# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
-allow mediaserver system_data_file:dir write;
-allow mediaserver storage_file:lnk_file {read write};
-allow mediaserver mnt_user_file:dir {write read search};
-allow mediaserver mnt_user_file:lnk_file {read write};
-
-# Date : WK15.35
-# Operation : Migration
-# Purpose: Allow mediaserver to read binder from surfaceflinger
-allow mediaserver surfaceflinger:fifo_file {read write};
-
-# Date : WK15.46
-# Operation : Migration
-# Purpose : DPE Driver
-allow mediaserver camera_dpe_device:chr_file rw_file_perms;
-
-# Date : WK15.46
-# Operation : Migration
-# Purpose : TSF Driver
-allow mediaserver camera_tsf_device:chr_file rw_file_perms;
-
-# Date : WK16.32
-# Operation : N Migration
-# Purpose : RSC Driver
-allow mediaserver camera_rsc_device:chr_file rw_file_perms;
-
-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow mediaserver proc_ged:file rw_file_perms;
-allowxperm mediaserver proc_ged:file ioctl { proc_ged_ioctls };
-
-# Date : WK16.33
-# Operation : N Migration
-# Purpose : GEPF Driver
-allow mediaserver camera_gepf_device:chr_file rw_file_perms;
-
-# Date : WK16.35
-# Operation : Migration
-# Purpose : Update camera flashlight driver device file
-allow mediaserver flashlight_device:chr_file rw_file_perms;
-
-# Data : WK16.42
-# Operator: Whitney bring up
-# Purpose: call surfaceflinger due to powervr
-allow dumpstate surfaceflinger:fifo_file rw_file_perms;
-
-# Date : WK16.43
-# Operation : N Migration
-# Purpose : WPE Driver
-allow mediaserver camera_wpe_device:chr_file rw_file_perms;
-allow mediaserver gpu_device:dir search;
-allow mediaserver sw_sync_device:chr_file rw_file_perms;
-
-# Date : WK17.19
-# Operation : N Migration
-# Purpose : OWE Driver
-allow mediaserver camera_owe_device:chr_file rw_file_perms;
-
-# Date : WK17.30
-# Operation : O Migration
-# Purpose: Allow to access cmdq driver
-allow mediaserver mtk_cmdq_device:chr_file { read ioctl open };
-allow mediaserver mtk_mdp_device:chr_file rw_file_perms;
-
-# Date : WK17.43
-# Operation : Migration
-# Purpose : DISP access
-allow mediaserver graphics_device:chr_file { ioctl open read };
-allow mediaserver graphics_device:dir search;
-
-# Date : WK17.44
-# Operation : Migration
-# Purpose : DIP Driver
-allow mediaserver camera_dip_device:chr_file rw_file_perms;
-
-# Date : WK17.44
-# Operation : Migration
-# Purpose : MFB Driver
-allow mediaserver camera_mfb_device:chr_file rw_file_perms;
-
-# Date : WK17.49
-# Operation : MT6771 SQC
-# Purpose : Allow permgr access
-allow mediaserver proc_perfmgr:dir {read search};
-allow mediaserver proc_perfmgr:file r_file_perms;
-allowxperm mediaserver proc_perfmgr:file ioctl {
- PERFMGR_FPSGO_DEQUEUE
- PERFMGR_FPSGO_QUEUE_CONNECT
- PERFMGR_FPSGO_QUEUE
- PERFMGR_FPSGO_BQID
-};
-
-# Date : WK18.18
-# Operation : Migration
-# Purpose : wifidisplay hdcp
-# DRM Key Manage HIDL
-allow mediaserver  mtk_hal_keymanage:binder call;
-# Purpose : Allow mediadrmserver  to call vendor.mediatek.hardware.keymanage@1.0-service.
-hal_client_domain(mediaserver , hal_keymaster)
-allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find;

non_plat/mediaswcodec.te

@@ -1,11 +0,0 @@
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date : WK19.25
-# Operation : Migration
-# Purpose : [ALPS04669482] DRTS failed due to avc denied
-allow mediaswcodec debugfs_ion:dir rw_dir_perms;
-allow mediaswcodec gpu_device:dir rw_dir_perms;
-allow mediaswcodec dri_device:chr_file rw_file_perms;
-allow mediaswcodec gpu_device:chr_file rw_file_perms;

non_plat/merged_hal_service.te

@@ -1,72 +0,0 @@
-# ==============================================================================
-# Type Declaration
-# ==============================================================================
-type merged_hal_service, domain;
-#type merged_hal_service, domain;
-type merged_hal_service_exec, exec_type, file_type, vendor_file_type;
-
-init_daemon_domain(merged_hal_service)
-
-hwbinder_use(merged_hal_service)
-hal_server_domain(merged_hal_service, hal_vibrator)
-hal_server_domain(merged_hal_service, hal_light)
-hal_server_domain(merged_hal_service, hal_power)
-hal_server_domain(merged_hal_service, hal_thermal)
-hal_server_domain(merged_hal_service, hal_memtrack)
-
-#adjust light brightness
-allow merged_hal_service sysfs:file write;
-
-#mtk libs_hidl_service permissions
-hal_server_domain(merged_hal_service, mtk_hal_lbs)
-vndbinder_use(merged_hal_service)
-#r_dir_file(merged_hal_service, system_file)
-unix_socket_connect(merged_hal_service, agpsd, mtk_agpsd);
-allow merged_hal_service mtk_agpsd:unix_dgram_socket sendto;
-
-#mtk_gnss permissions
-hal_server_domain(merged_hal_service, hal_gnss);
-allow merged_hal_service mnld_data_file:sock_file create_file_perms;
-allow merged_hal_service mnld_data_file:sock_file rw_file_perms;
-allow merged_hal_service mnld_data_file:dir create_file_perms;
-allow merged_hal_service mnld_data_file:dir rw_dir_perms;
-allow merged_hal_service mnld:unix_dgram_socket sendto;
-
-#graphics allocator permissions
-hal_server_domain(merged_hal_service, hal_graphics_allocator)
-allow merged_hal_service gpu_device:dir search;
-allow merged_hal_service sw_sync_device:chr_file rw_file_perms;
-allow merged_hal_service debugfs_ion:dir search;
-allow merged_hal_service debugfs_tracing:file write;
-allow merged_hal_service debugfs_tracing:file open;
-
-#for ape hidl permissions
-hal_server_domain(merged_hal_service,hal_mtkcodecservice)
-allow merged_hal_service hidl_allocator_hwservice:hwservice_manager find;
-allow merged_hal_service hidl_memory_hwservice:hwservice_manager find;
-hal_client_domain(merged_hal_service, hal_allocator)
-
-#for default drm permissions
-hal_server_domain(merged_hal_service, hal_drm)
-allow merged_hal_service mediacodec:fd use;
-allow merged_hal_service { appdomain -isolated_app }:fd use;
-allow merged_hal_service debugfs_tracing:file write;
-
-# Date : WK18.23
-# Operation : P Migration
-# Purpose : add grant permission for Thermal HAL mtktz and proc
-allow merged_hal_service proc_mtktz:dir search;
-allow merged_hal_service proc_mtktz:file {open read getattr};
-allow merged_hal_service proc_stat:file {open read getattr };
-
-# Date : WK19.11
-# Operation : Q Migration
-allowxperm merged_hal_service proc_ged:file ioctl { proc_ged_ioctls };
-
-# Date: 2019/06/14
-# Operation : Migration
-allow merged_hal_service nvram_agent_binder_hwservice:hwservice_manager find;
-
-# DFPS
-allow merged_hal_service mtk_hal_dfps:binder call;
-hal_client_domain(merged_hal_service, hal_dfps);

non_plat/meta_tst.te

@@ -1,424 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/meta_tst Executable File
-
-
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type meta_tst, domain;
-type meta_tst_exec , exec_type, file_type, vendor_file_type;
-init_daemon_domain(meta_tst)
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : for meta mode device node USB
-allow meta_tst ttyGS_device:chr_file rw_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : for meta mode device node UART
-allow meta_tst ttyMT_device:chr_file rw_file_perms;
-
-# Date: WK17.12
-# Operation : Migration
-# Purpose : for meta mode device node UART
-allow meta_tst ttyS_device:chr_file rw_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : for meta mode device node CCCI
-allow meta_tst ccci_device:chr_file rw_file_perms;
-allow meta_tst eemcs_device:chr_file rw_file_perms;
-allow meta_tst emd_device:chr_file rw_file_perms;
-allow meta_tst ttyACM_device:chr_file rw_file_perms;
-allow meta_tst mdlog_device:chr_file rw_file_perms;
-
-# Data: WK15.07
-# Purpose : SDIO
-allow meta_tst ttySDIO_device:chr_file rw_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : for meta mode file system
-allow meta_tst bootdevice_block_device:blk_file rw_file_perms;
-allow meta_tst mmcblk1_block_device:blk_file rw_file_perms;
-allow meta_tst userdata_block_device:blk_file rw_file_perms;
-allow meta_tst cache_block_device:blk_file rw_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : for meta mode nvram
-allow meta_tst nvram_data_file:dir create_dir_perms;
-allow meta_tst nvram_data_file:file create_file_perms;
-allow meta_tst nvram_data_file:lnk_file r_file_perms;
-allow meta_tst nvdata_file:lnk_file r_file_perms;
-allow meta_tst nvdata_file:dir create_dir_perms;
-allow meta_tst nvdata_file:file create_file_perms;
-allow meta_tst nvram_device:chr_file rw_file_perms;
-allow meta_tst nvram_device:blk_file rw_file_perms;
-allow meta_tst nvdata_device:blk_file rw_file_perms;
-
-# Date: WK14.47
-# Operation : Migration
-# Purpose : for meta mode audio
-allow meta_tst audio_device:chr_file  rw_file_perms;
-allow meta_tst audio_device:dir r_dir_perms;
-allow meta_tst audio_ipi_device:chr_file rw_file_perms;
-set_prop(meta_tst, audiohal_prop);
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : for meta mode RTC and PMIC
-allow meta_tst rtc_device:chr_file r_file_perms;
-allow meta_tst MT_pmic_adc_cali_device:chr_file rw_file_perms;
-
-# Date: WK14.45
-# Operation : Migration
-# Purpose : HDCP
-allow meta_tst persist_data_file:dir create_dir_perms;
-allow meta_tst persist_data_file:file create_file_perms;
-
-
-# Date: WK14.46
-# Operation : Migration
-# Purpose : Camera
-allow meta_tst devmap_device:chr_file rw_file_perms;
-allow meta_tst camera_pipemgr_device:chr_file rw_file_perms;
-allow meta_tst MTK_SMI_device:chr_file rw_file_perms;
-allow meta_tst camera_isp_device:chr_file rw_file_perms;
-allow meta_tst camera_sysram_device:chr_file r_file_perms;
-allow meta_tst kd_camera_flashlight_device:chr_file rw_file_perms;
-allow meta_tst kd_camera_hw_device:chr_file rw_file_perms;
-allow meta_tst AD5820AF_device:chr_file rw_file_perms;
-allow meta_tst DW9714AF_device:chr_file rw_file_perms;
-allow meta_tst DW9714A_device:chr_file rw_file_perms;
-allow meta_tst LC898122AF_device:chr_file rw_file_perms;
-allow meta_tst LC898212AF_device:chr_file rw_file_perms;
-allow meta_tst BU6429AF_device:chr_file rw_file_perms;
-allow meta_tst DW9718AF_device:chr_file rw_file_perms;
-allow meta_tst BU64745GWZAF_device:chr_file rw_file_perms;
-allow meta_tst MAINAF_device:chr_file rw_file_perms;
-allow meta_tst MAIN2AF_device:chr_file rw_file_perms;
-allow meta_tst SUBAF_device:chr_file rw_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : meta mode LCM
-allow meta_tst graphics_device:chr_file rw_file_perms;
-allow meta_tst graphics_device:dir search;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : meta mode sensor
-allow meta_tst als_ps_device:chr_file r_file_perms;
-allow meta_tst gsensor_device:chr_file r_file_perms;
-allow meta_tst msensor_device:chr_file r_file_perms;
-allow meta_tst gyroscope_device:chr_file r_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : meta mode FM
-allow meta_tst fm_device:chr_file rw_file_perms;
-allow meta_tst FM50AF_device:chr_file rw_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : meta mode wifi
-allow meta_tst wmtWifi_device:chr_file w_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : meta mode BT
-allow meta_tst stpbt_device:chr_file rw_file_perms;
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : meta mode GPS
-allow meta_tst gps_data_file:dir { write add_name search remove_name unlink};
-allow meta_tst gps_data_file:file { read write open create getattr append setattr unlink lock};
-allow meta_tst gps_data_file:lnk_file read;
-allow meta_tst tmpfs:lnk_file read;
-allow meta_tst agpsd_data_file:dir search;
-allow meta_tst agpsd_data_file:sock_file write;
-allow meta_tst mnld_device:chr_file rw_file_perms;
-allow meta_tst mnld_exec:file rx_file_perms;
-set_prop(meta_tst, mnld_prop);
-
-# Date: WK16.12
-# Operation : Migration
-# Purpose : meta mode NFC
-allow meta_tst mt6605_device:chr_file rw_file_perms;
-
-#Date WK14.49
-#Operation : Migration
-#Purpose : DRM key installation
-allow meta_tst key_install_data_file:dir w_dir_perms;
-allow meta_tst key_install_data_file:file create_file_perms;
-
-# Date: WK14.51
-# Purpose : set/get cryptfs cfg in sys env
-allow meta_tst misc_device:chr_file rw_file_perms;
-allow meta_tst proc_lk_env:file rw_file_perms;
-
-# Purpose : FT_EMMC_OP_FORMAT_TCARD
-allow meta_tst block_device:blk_file getattr;
-allow meta_tst system_block_device:blk_file getattr;
-
-# Date: WK15.52
-# Purpose : NVRAM related LID
-allow meta_tst pro_info_device:chr_file rw_file_perms;
-
-# Date: WK15.13
-# Purpose: for nand project
-allow meta_tst mtd_device:dir search;
-allow meta_tst mtd_device:chr_file rw_file_perms;
-
-# Date: WK16.17
-# Purpose:  N Migration For ccci sysfs node
-allow meta_tst sysfs_ccci:dir search;
-allow meta_tst sysfs_ccci:file r_file_perms;
-
-#Date: W18.22
-# Purpose: P Migration meta_tst get com port type/uart port info/boot mode/usb state/usb close
-allow meta_tst sysfs_comport_type:file rw_file_perms;
-allow meta_tst sysfs_uart_info:file rw_file_perms;
-allow meta_tst sysfs_boot_mode:file rw_file_perms;
-allow meta_tst sysfs_boot_type:file r_file_perms;
-allow meta_tst sysfs_android_usb:file rw_file_perms;
-allow meta_tst sysfs_android_usb:dir search;
-allow meta_tst sysfs_usb_cmode:file rw_file_perms;
-allow meta_tst sysfs_usb_cmode:dir search;
-allow meta_tst sysfs_batteryinfo:file rw_file_perms;
-allow meta_tst sysfs_batteryinfo:dir search;
-
-#Date: W16.17
-# Purpose:  N Migration For meta_tst load MD NVRAM database
-# Detail avc log: [04-23-20:41:58][  160.687655] <1>.(1)[230:logd.auditd]type=
-#1400 audit(1262304165.560:24): avc: denied { read } for pid=228 comm=
-#"meta_tst" name="mddb" dev="mmcblk0p20" ino=664 scontext=u:r:meta_tst:
-#s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
-allow meta_tst system_file:dir r_dir_perms;
-
-# Date: WK16.18
-# Purpose: for CCCI reboot modem
-allow meta_tst gsm0710muxd_device:chr_file rw_file_perms;
-
-# Date : WK16.35
-# Purpose : Update camera flashlight driver device file
-allow meta_tst flashlight_device:chr_file rw_file_perms;
-
-#Date: W16.36
-# Purpose:  meta_tst use libmeta_rat to write libsysenv
-# Detail avc log:[   25.307141] .(5)[264:logd.auditd]type=1400 audit(1469438818.570:7):
-#avc: denied { read write } for pid=312 comm="meta_tst" name="mmcblk0p2" dev="tmpfs"
-#ino=4561 scontext=u:r:meta_tst:s0 tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0
-allow meta_tst para_block_device:blk_file { read write open };
-
-#Date: W16.44
-allow meta_tst nvcfg_file:dir { search read open };
-
-#Date: W16.45
-# Purpose : Allow unmount sdcardfs mounted on /data/media
-allow meta_tst sdcard_type:filesystem unmount;
-allow meta_tst storage_stub_file:dir search;
-
-# Date : WK16.19
-# Operation: meta_tst set persist.meta.connecttype property
-# Purpose: Switch meta connect type, set persist.meta.connecttype as "wifi" or "usb".
-set_prop(meta_tst, meta_connecttype_prop);
-
-# Date : WK16.23
-# Purpose: support meta_tst check key event
-allow meta_tst input_device:dir r_dir_perms;
-allow meta_tst input_device:chr_file r_file_perms;
-
-# Date : WK16.29
-# Purpose: support meta mode show string on screen
-allow meta_tst ashmem_device:chr_file execute;
-
-#Date: W16.50
-# Purpose : Allow meta_tst stop service which occupy data partition.
-allow meta_tst ctl_default_prop:property_service set;
-
-#Date: W17.25
-# Purpose : Allow meta_tst stop service which occupy data partition.
-allow meta_tst ctl_emdlogger1_prop:property_service set;
-
-#Date: W17.27
-# Purpose: STMicro NFC solution integration
-allow meta_tst st21nfc_device:chr_file { open read write ioctl };
-allow meta_tst vendor_file:file { getattr execute execute_no_trans read open };
-set_prop(meta_tst,hwservicemanager_prop);
-hwbinder_use(meta_tst);
-hal_client_domain(meta_tst, hal_nfc);
-allow meta_tst debugfs_tracing:file { open write };
-
-# Date: W17.29
-# Purpose : Allow meta_tst to call vendor.mediatek.hardware.keymaster_attestation@1.0-service.
-hal_client_domain(meta_tst, mtk_hal_keyattestation)
-
-# Date : WK17.30
-# Operation : Android O migration
-# Purpose : add sepolicy for accessing sysfs_leds
-allow meta_tst sysfs_leds:lnk_file read;
-allow meta_tst sysfs_leds:file rw_file_perms;
-allow meta_tst sysfs_leds:dir r_dir_perms;
-
-# Date: WK17.43
-# Purpose: add permission for meta_tst access md image
-allow meta_tst md_block_device:blk_file { read open };
-allow meta_tst mddb_data_file:file { create open write read getattr};
-allow meta_tst mddb_data_file:dir { search write add_name create getattr read open };
-
-# Date: W17.43
-# Purpose : Allow meta_tst to call Audio HAL service
-binder_call(meta_tst, mtk_hal_audio)
-allow meta_tst mtk_hal_audio:binder call;
-#allow meta_tst hal_audio_hwservice:hwservice_manager find;
-allow meta_tst mtk_audiohal_data_file:dir {read search open};
-allow meta_tst proc:file {read open};
-allow meta_tst audio_device:chr_file rw_file_perms;
-allow meta_tst audio_device:dir w_dir_perms;
-allow meta_tst audiohal_prop:property_service set;
-
-#Data:W1745
-# Purpose : Allow meta_tst to open and read proc/bootprof
-allow meta_tst proc_bootprof:file {write open read};
-
-# Date:W17.51
-# Operation : lbs hal
-# Purpose : lbs hidl interface permission
-hal_client_domain(meta_tst, mtk_hal_lbs)
-
-# Data:W1750
-# Purpose : Allow meta_tst to access mtd device
-allow meta_tst mtd_device:blk_file rw_file_perms;
-
-#Date: W17.51
-#Purpose : Allow meta_tst to access pesist.atm.mdmode in ATM.
-set_prop(meta_tst, atm_mdmode_prop);
-
-#Date: W17.51
-#Purpose : Allow meta_tst to access pesist.atm.ipaddress in ATM.
-set_prop(meta_tst, atm_ipaddr_prop);
-
-# Date : WK18.16
-# Operation: P migration
-# Purpose: Allow meta_tst to get tel_switch_prop
-get_prop(meta_tst, tel_switch_prop);
-
-# Date : WK18.21
-# Operation: P migration
-# Purpose : Allow meta_tst to call nvram hal
-allow meta_tst nvram_agent_binder_hwservice:hwservice_manager find;
-allow meta_tst nvram_agent_binder:binder call;
-
-# Date : WK18.21
-# Operation: P migration
-# Purpose : Allow meta_tst to write misc partition
-allow meta_tst block_device:dir search;
-
-# Date : W18.24
-# Operation: P migration
-# Purpose : Allow meta_tst to access tpd sysfs nodes for CTP test
-allow meta_tst sysfs_tpd_setting:dir search;
-allow meta_tst sysfs_tpd_setting:file { read getattr open };
-
-# Date : WK18.24
-# Operation: P migration
-# Purpose : Allow meta_tst to unmount partition, stop service, and then erase partition
-allow meta_tst vendor_shell_exec:file { read execute open execute_no_trans };
-allow meta_tst vendor_toolbox_exec:file { execute_no_trans };
-allow meta_tst labeledfs:filesystem { unmount };
-allow meta_tst proc_cmdline:file { read open getattr };
-allow meta_tst meta_tst:capability { sys_admin };
-allow meta_tst sysfs_dt_firmware_android:file { read open getattr };
-allow meta_tst sysfs_dt_firmware_android:dir { read open search };
-# Purpose : Allow meta_tst to communicate with driver thru socket
-allow meta_tst meta_tst:capability { sys_module net_admin net_raw };
-allow meta_tst self:udp_socket { create ioctl };
-allowxperm meta_tst self:udp_socket ioctl priv_sock_ioctls;
-
-# Date : WK18.25
-# Operation: P migration
-# Purpose : GPS test, Allow meta_tst to write/connect tcp socket
-allow meta_tst node:tcp_socket node_bind;
-allow meta_tst port:tcp_socket { name_bind name_connect };
-allow meta_tst self:capability net_raw;
-allow meta_tst self:tcp_socket { setopt bind create listen accept connect };
-allow meta_tst self:tcp_socket { read write };
-allow meta_tst self:udp_socket { write connect };
-
-# Date : WK18.28
-# Operation: P migration
-# Purpose : AUDIO test, Allow meta_tst to write/read asound
-allow meta_tst proc_asound:dir { read search open };
-allow meta_tst proc_asound:file { read open getattr write };
-allow meta_tst mtk_audiohal_data_file:dir { read search open };
-allow meta_tst audiohal_prop:property_service set;
-allow meta_tst sysfs:file { read open };
-allow meta_tst sysfs_headset:file { read open };
-
-# Date: W18.05
-# Purpose : Allow meta_tst to use socket for listening uevent
-allow meta_tst meta_tst:netlink_kobject_uevent_socket { read bind create setopt };
-
-# Date : WK18.28
-# Operation: P migration
-# Purpose : 
-set_prop(meta_tst, vendor_usb_prop);
-
-# Date: W18.29
-# Operation: Catch log
-# Purpose : meta connect with loghidlserver by socket.
-allow meta_tst loghidlvendorservice:unix_stream_socket connectto;
-
-# Date: W18.32
-# Operation: Android P migration
-# Purpose : Allow meta_tst to set powerctl property
-# avc:  denied  { set } for property=sys.powerctl pid=330 uid=0 gid=1001 scontext=u:r:meta_tst:s0 
-# tcontext=u:object_r:powerctl_prop:s0 tclass=property_service permissive=0
-set_prop(meta_tst, powerctl_prop);
-
-# Date: W18.33
-# Operation: Android P migration
-# Purpose : Allow meta_tst to set system clock
-# avc: denied { sys_time } for capability=25 scontext=u:r:meta_tst:s0 tcontext=u:r:meta_tst:s0 tclass=capability permissive=0
-allow meta_tst self:capability sys_time;
-
-# Data: W18.35
-# Operation: Android P migration
-# Purpose : check usb online status
-# avc: denied { search } for name="power_supply" dev="sysfs" ino=8712 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
-# avc: denied { read } for name="online" dev="sysfs" ino=8764 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0
-# avc: denied { open } for path="/sys/devices/platform/mt_charger/power_supply/usb/online" dev="sysfs" ino=8764 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0
-allow meta_tst sysfs_batteryinfo:dir search;
-allow meta_tst sysfs_batteryinfo:file {read open};
-
-# Data: W18.42
-# Operation: Android P migration
-# Purpose : add socket permission for meta
-allow meta_tst fwmarkd_socket:sock_file write;
-
-#Date: W18.42
-# Operation: Android P migration
-# Purpose : Add ATM meta mvram sepolicy
-allow meta_tst mnt_vendor_file:dir search;
-
-# Date : WK18.44
-# Operation: P migration
-# Purpose : adsp
-allow meta_tst adsp_device:chr_file rw_file_perms;
-
-# Date : WK19.08
-# Operation: P migration
-# Purpose : audio scp recovery
-allow meta_tst audio_scp_device:chr_file r_file_perms;
-
-# TEE
-allow meta_tst teei_client_device:chr_file { create setattr unlink rw_file_perms };;

non_plat/mmc_ffu.te

@@ -1,21 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/mmc_ffu Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type mmc_ffu, domain;
-type mmc_ffu_exec, exec_type, file_type, vendor_file_type;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(mmc_ffu)
-# Purpose: For seek file size
-allow mmc_ffu block_device:dir r_dir_perms;
-
-# Purpose: ioctl to /dev/misc-sd and for obtaining emmc vendor id and firmware revision
-allow mmc_ffu misc_sd_device:chr_file r_file_perms;
-
-#Purpose: Write eMMC firmware data to /dev/block/mmcblk0 for upgrade firmware
-allow mmc_ffu bootdevice_block_device:blk_file rw_file_perms;

non_plat/mnld.te

@@ -1,103 +0,0 @@
-# ==============================================
-# Policy File of /vendor/bin/mnld Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type mnld, domain;
-type mnld_exec, exec_type, file_type, vendor_file_type;
-typeattribute mnld mlstrustedsubject;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-# STOPSHIP: Permissive is not allowed. CTS violation!
-init_daemon_domain(mnld)
-
-net_domain(mnld)
-# Purpose : For communicate with AGPSD by socket
-allow mnld agpsd_data_file:dir create_dir_perms;
-allow mnld agpsd_data_file:sock_file create_file_perms;
-allow mnld mtk_agpsd:unix_dgram_socket sendto;
-allow mnld sysfs:file rw_file_perms;
-allow mnld sysfs_wake_lock:file rw_file_perms;
-# Purpose : For access NVRAM data
-allow mnld nvram_data_file:dir create_dir_perms;
-allow mnld nvram_data_file:file create_file_perms;
-allow mnld nvram_data_file:lnk_file read;
-allow mnld nvdata_file:lnk_file read;
-allow mnld nvram_device:blk_file rw_file_perms;
-allow mnld nvram_device:chr_file rw_file_perms;
-allow mnld nvdata_file:dir create_dir_perms;
-allow mnld nvdata_file:file create_file_perms;
-# Purpose : For access kernel device
-allow mnld mnld_data_file:dir rw_dir_perms;
-allow mnld mnld_data_file:sock_file create_file_perms;
-allow mnld mnld_device:chr_file rw_file_perms;
-allow mnld mnld_data_file:file rw_file_perms;
-allow mnld mnld_data_file:file create_file_perms;
-allow mnld mnld_data_file:fifo_file create_file_perms;
-# Purpose : For init process
-allow mnld init:unix_stream_socket connectto;
-allow mnld init:udp_socket { read write };
-
-# Send the message to the LBS HIDL Service to forward to applications
-allow mnld lbs_hidl_service:unix_dgram_socket sendto;
-
-# Send the message to the merged hal Service to forward to applications
-allow mnld merged_hal_service:unix_dgram_socket sendto;
-
-# Purpose : For access system data
-allow mnld bootdevice_block_device:blk_file rw_file_perms;
-allow mnld block_device:dir search;
-allow mnld mnld_prop:property_service set;
-allow mnld property_socket:sock_file write;
-allow mnld mdlog_device:chr_file { read write };
-allow mnld self:capability { fsetid };
-allow mnld stpbt_device:chr_file { read write };
-allow mnld gpsdl_device:chr_file { read write };
-allow mnld ttyGS_device:chr_file { read write };
-# Purpose : For file system operations
-allow mnld sdcard_type:dir search;
-allow mnld sdcard_type:dir write;
-allow mnld sdcard_type:dir add_name;
-allow mnld sdcard_type:file create;
-allow mnld sdcard_type:file rw_file_perms;
-allow mnld sdcard_type:file create_file_perms;
-allow mnld sdcard_type:dir { read remove_name create open };
-allow mnld tmpfs:lnk_file { read create open };
-allow mnld mtd_device:dir search;
-allow mnld mnt_user_file:lnk_file read;
-allow mnld mnt_user_file:dir search;
-allow mnld gps_data_file:dir { write add_name search remove_name unlink};
-allow mnld gps_data_file:file { read write open create getattr append setattr unlink lock rename };
-allow mnld gps_data_file:lnk_file read;
-
-allow mnld storage_file:lnk_file read;
-allow mnld nvcfg_file:dir search;
-
-# Date : WK15.30
-# Operation : Migration
-# Purpose : for device bring up, not to block early migration/sanity
-allow mnld proc_lk_env:file rw_file_perms;
-
-# For HIDL, communicate mtk_hal_gnss instead of system_server
-allow mnld mtk_hal_gnss:unix_dgram_socket sendto;
-
-# Purpose : MPE sensor HIDL policy
-hwbinder_use(mnld);
-binder_call(mnld, system_server)
-allow mnld fwk_sensor_hwservice:hwservice_manager find;
-#allow mnld hwservicemanager_prop:file { read open getattr };
-get_prop(mnld, hwservicemanager_prop);
-allow mnld debugfs_tracing:file { open write };
-
-allow mnld mnt_vendor_file:dir search;
-
-# Date : WK18.26
-# Purpose : for atci gps test
-allow mnld atci_service:unix_dgram_socket sendto;
-
-allow mnld sysfs_boot_mode:file { read open };
-
-set_prop(mnld, vendor_radio_prop);

non_plat/mobile_log_d.te

@@ -1,64 +0,0 @@
-# boot_mdoe file access
-allow mobile_log_d sysfs_boot_mode:file { open read };
-
-#proc/ access
-allow mobile_log_d proc_kmsg:file r_file_perms;
-allow mobile_log_d proc_cmdline:file r_file_perms;
-allow mobile_log_d proc_atf_log:dir search;
-allow mobile_log_d proc_atf_log:file r_file_perms;
-allow mobile_log_d proc_gz_log:file r_file_perms;
-allow mobile_log_d proc_last_kmsg:file r_file_perms;
-allow mobile_log_d proc_bootprof:file r_file_perms;
-allow mobile_log_d proc_pl_lk:file r_file_perms;
-
-#scp
-allow mobile_log_d sysfs_scp:file { open write };
-allow mobile_log_d sysfs_scp:dir search;
-allow mobile_log_d scp_device:chr_file { read open };
-
-#adsp
-allow mobile_log_d sysfs_adsp:file { open write };
-allow mobile_log_d sysfs_adsp:dir search;
-allow mobile_log_d adsp_device:chr_file r_file_perms;
-
-#sspm
-allow mobile_log_d sysfs_sspm:file { open write };
-allow mobile_log_d sysfs_sspm:dir search;
-allow mobile_log_d sspm_device:chr_file { read open };
-
-#data/misc/mblog
-allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms };
-allow mobile_log_d logmisc_data_file:file create_file_perms;
-
-#data/log_temp
-allow mobile_log_d logtemp_data_file:dir { relabelto create_dir_perms };
-allow mobile_log_d logtemp_data_file:file create_file_perms;
-
-#data/data_tmpfs_log
-allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms;
-allow mobile_log_d data_tmpfs_log_file:file create_file_perms;
-
-#mobile itself property
-set_prop(mobile_log_d, mobile_log_prop)
-
-# Date: 2016/11/11
-# purpose: allow MobileLog to access aee socket
-allow mobile_log_d aee_aed:unix_stream_socket connectto;
-
-# purpose: send log to com port
-allow mobile_log_d ttyGS_device:chr_file { read write ioctl open };
-
-# purpose: allow mobile_log_d to access persist.meta.connecttype
-get_prop(mobile_log_d, meta_connecttype_prop);
-
-# purpose: allow mobile_log_d to create socket
-allow mobile_log_d port:tcp_socket { name_connect name_bind };
-allow mobile_log_d mobile_log_d:tcp_socket { create connect setopt bind };
-allow mobile_log_d mobile_log_d:tcp_socket { bind setopt listen accept read write };
-allow mobile_log_d node:tcp_socket node_bind;
-
-# purpose: allow mobile_log_d to read system property init.svc.vendor.
-get_prop(mobile_log_d, vendor_default_prop)
-
-# purpose: allow mobile_log_d to read persist.vendor.mtk.aee
-get_prop(mobile_log_d, persist_mtk_aee_prop)