android_device_mediatek_sepolicy/plat_private/dumpstate.te

# ==============================================
# MTK Policy Rule
# ==============================================

# Purpose: access for SYS_MEMORY_INFO
allow dumpstate fuse:dir { w_dir_perms };
allow dumpstate fuse:file { write create open setattr append };

# Purpose: mnt/user/*
allow dumpstate mnt_user_file:dir search;
allow dumpstate mnt_user_file:lnk_file read;

# Purpose: /storage/*
allow dumpstate storage_file:lnk_file read;

# Purpose: timer_intval. this is neverallow
#allow dumpstate app_data_file:dir search;
allow dumpstate kmsg_device:chr_file r_file_perms;

# Purpose:
# 01-01 18:00:35.600  7723  7723 I ps      : type=1400 audit(0.0:63712): avc:
# denied { ioctl } for path="/storage/emulated/0/mtklog/aee_exp/temp/db.PQtNt4/
# SYS_ALL_THREADS" dev="fuse" ino=209 ioctlcmd=5401 scontext=u:r:dumpstate:s0
# tcontext=u:object_r:fuse:s0 tclass=file permissive=1
allow dumpstate fuse:file ioctl;

# Purpose:
# 01-01 17:59:14.440  7664  7664 I aee_dumpstate: type=1400 audit(0.0:63497):
# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev=
# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
# tracing_shell_writable:s0 tclass=file permissive=1
allow dumpstate debugfs_tracing:file { write read open };

# Data : WK17.03
# Purpose: Allow to access gpu
allow dumpstate gpu_device:dir search;

# Date: 2017/07/11
# Purpose: 01-01 08:30:57.474   286   286 E SELinux : avc:  denied  { find } for interface=
# android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext=
# u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager
hal_client_domain(dumpstate, hal_camera)
allow dumpstate hal_camera_hwservice:hwservice_manager find;

#Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb
userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };')

# Purpose: Allow dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
allow dumpstate sysfs_vibrator:file write;

# Purpose : Allow dumpstate self to sys_nice
allow dumpstate self:capability sys_nice;

# Date: W1826
# Purpose : mobile_log_d exec 'logcat -L' via dumpstate
allow dumpstate mobile_log_d:fd use;
allow dumpstate mobile_log_d:fifo_file write;
allow dumpstate mobile_log_d:unix_stream_socket { read write };