d5f4f31ade
Remove general socket permission. MTK-Commit-Id: 82b1e7c7fdc88ecec8fe72e2dc97023feda7f932 Change-Id: I48cb912ae8aa3480476dd451d7ebb0657a1c3793 CR-Id: ALPS04773384 Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
80 lines
2.4 KiB
Plaintext
80 lines
2.4 KiB
Plaintext
# ==============================================
|
|
# Policy File of /vendor/bin/rilproxy Executable File
|
|
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# Access to wake locks
|
|
wakelock_use(rild)
|
|
|
|
# rild Bringup Policy
|
|
allow rild init:unix_stream_socket connectto;
|
|
allow rild mtkrild:unix_stream_socket connectto;
|
|
allow rild property_socket:sock_file write;
|
|
allow rild self:capability setuid;
|
|
allow rild radio_prop:property_service set;
|
|
allow rild ril_mux_report_case_prop:property_service set;
|
|
allow rild mtk_agpsd:unix_stream_socket connectto;
|
|
allow servicemanager rild:dir search;
|
|
allow servicemanager rild:file { read open };
|
|
allow servicemanager rild:process getattr;
|
|
allow rild proc:file read;
|
|
|
|
# Allow the socket read/write of netd for rild
|
|
allow rild netd_socket:sock_file write;
|
|
allow rild netd_socket:sock_file read;
|
|
|
|
#Date : W17.13
|
|
#Purpose: Treble SEpolicy denied clean up
|
|
get_prop(rild, hwservicemanager_prop)
|
|
|
|
#Date : W17.18
|
|
#Purpose: Treble SEpolicy denied clean up
|
|
add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice)
|
|
allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find;
|
|
|
|
#Date : W17.21
|
|
#Purpose: Grant permission to access binder dev node
|
|
vndbinder_use(rild)
|
|
|
|
#Date : W17.20
|
|
#Purpose: allow access to audio hal
|
|
binder_call(rild, mtk_hal_audio)
|
|
hal_client_domain(rild, hal_audio)
|
|
|
|
#Date : W18.15
|
|
#Purpose: allow rild access to vendor.ril.ipo system property
|
|
set_prop(mtkrild, vendor_ril_ipo_prop)
|
|
|
|
# Date : WK18.26
|
|
# Operation: P migration
|
|
# Purpose: Allow carrier express HIDL to set vendor property
|
|
set_prop(mtkrild, mtk_cxp_vendor_prop)
|
|
allow mtkrild mnt_vendor_file:dir search;
|
|
allow mtkrild mnt_vendor_file:file create_file_perms;
|
|
allow mtkrild nvdata_file:dir create_dir_perms;
|
|
allow mtkrild nvdata_file:file create_file_perms;
|
|
|
|
# Date : WK18.31
|
|
# Operation: P migration
|
|
# Purpose: Allow supplementary service HIDL to set vendor property
|
|
set_prop(mtkrild, mtk_ss_vendor_prop)
|
|
|
|
# Date : W19.16
|
|
# Operation: Q migration
|
|
# Purpose: Allow rild access to send SUPL INIT to mnld
|
|
allow rild mnld:unix_dgram_socket sendto;
|
|
allow mtkrild mnld:unix_dgram_socket sendto;
|
|
|
|
# Date : W19.35
|
|
# Operation: Q migration
|
|
# Purpose: Fix rilproxy SeLinux warning of pre-defined socket
|
|
allow rild gsmrild_socket:sock_file write;
|
|
|