android_device_mediatek_sepolicy/non_plat/ccci_mdinit.te

# ==============================================
# Policy File of /system/bin/ccci_mdinit Executable File

# ==============================================
# Type Declaration
# ==============================================
type ccci_mdinit_exec , exec_type, file_type, vendor_file_type;
type ccci_mdinit ,domain;

# ==============================================
# MTK Policy Rule
# ==============================================
init_daemon_domain(ccci_mdinit)
wakelock_use(ccci_mdinit)
#=============allow ccci_mdinit to start gsm0710muxd==============
set_prop(ccci_mdinit, ctl_gsm0710muxd_prop)
#=============allow ccci_mdinit to start emcsmdlogger==============
set_prop(ccci_mdinit, ctl_mdlogger_prop)
#=============allow ccci_mdinit to start c2krild==============
set_prop(ccci_mdinit, ctl_viarild_prop)
#=============allow ccci_mdinit to start/stop rild, mdlogger==============
set_prop(ccci_mdinit, ctl_mdlogger_prop)
set_prop(ccci_mdinit, ctl_emdlogger1_prop)
set_prop(ccci_mdinit, ctl_emdlogger2_prop)
set_prop(ccci_mdinit, ctl_emdlogger3_prop)
set_prop(ccci_mdinit, ctl_dualmdlogger_prop)
set_prop(ccci_mdinit, ctl_gsm0710muxd_prop)
set_prop(ccci_mdinit, ctl_gsm0710muxd-s_prop)
set_prop(ccci_mdinit, ctl_gsm0710muxd-d_prop)
set_prop(ccci_mdinit, ctl_rildaemon_prop)
set_prop(ccci_mdinit, ctl_ril-daemon-mtk_prop)
set_prop(ccci_mdinit, ctl_fusion_ril_mtk_prop)
set_prop(ccci_mdinit, ctl_ril-daemon-s_prop)
set_prop(ccci_mdinit, ctl_ril-daemon-d_prop)
set_prop(ccci_mdinit, ctl_ril-proxy_prop)
set_prop(ccci_mdinit, ril_active_md_prop)
set_prop(ccci_mdinit, mtk_md_prop)
#set_prop(ccci_mdinit, radio_prop)
set_prop(ccci_mdinit, net_cdma_mdmstat)
#=============allow ccci_mdinit to get tel_switch_prop==============
get_prop(ccci_mdinit, tel_switch_prop)

#=============allow ccci_mdinit to start/stop fsd==============
set_prop(ccci_mdinit, ctl_ccci_fsd_prop)
set_prop(ccci_mdinit, ctl_ccci2_fsd_prop)
set_prop(ccci_mdinit, ctl_ccci3_fsd_prop)

allow ccci_mdinit ccci_device:chr_file rw_file_perms;
allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms;

#=============allow ccci_mdinit to access MD NVRAM==============
allow ccci_mdinit nvram_data_file:dir rw_dir_perms;
allow ccci_mdinit nvram_data_file:file create_file_perms;
allow ccci_mdinit nvram_data_file:lnk_file read;
allow ccci_mdinit nvdata_file:lnk_file read;
allow ccci_mdinit nvdata_file:dir rw_dir_perms;
allow ccci_mdinit nvdata_file:file create_file_perms;
allow ccci_mdinit nvram_device:chr_file rw_file_perms;
allow ccci_mdinit system_data_file:lnk_file read;

#=============allow ccci_mdinit to access ccci config==============
allow ccci_mdinit protect_f_data_file:dir rw_dir_perms;
allow ccci_mdinit protect_f_data_file:file create_file_perms;
#=============allow ccci_mdinit to property==============
allow ccci_mdinit protect_s_data_file:dir rw_dir_perms;
allow ccci_mdinit protect_s_data_file:file create_file_perms;
allow ccci_mdinit nvram_device:blk_file rw_file_perms;
allow ccci_mdinit nvdata_device:blk_file rw_file_perms;
allow ccci_mdinit bootdevice_block_device:blk_file rw_file_perms;

set_prop(ccci_mdinit, ril_mux_report_case_prop)

typeattribute ccci_mdinit data_between_core_and_vendor_violators;
allow ccci_mdinit mdlog_data_file:dir search;
allow ccci_mdinit mdlog_data_file:file r_file_perms;

allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
allow ccci_mdinit ccci_cfg_file:file create_file_perms;
allow ccci_mdinit block_device:dir search;
allow ccci_mdinit preloader_block_device:blk_file r_file_perms;
allow ccci_mdinit secro_block_device:blk_file r_file_perms;
#===============security relate ==========================
allow ccci_mdinit preloader_device:chr_file rw_file_perms;
allow ccci_mdinit misc_sd_device:chr_file r_file_perms;
allow ccci_mdinit sec_ro_device:chr_file r_file_perms;

allow ccci_mdinit custom_file:dir r_dir_perms;
allow ccci_mdinit custom_file:file r_file_perms;

# Purpose : for nand partition access
allow ccci_mdinit mtd_device:dir search;
allow ccci_mdinit mtd_device:chr_file rw_file_perms;
allow ccci_mdinit devmap_device:chr_file r_file_perms;
# Purpose : for device bring up, not to block early migration/sanity
allow ccci_mdinit proc_lk_env:file rw_file_perms;
allow ccci_mdinit para_block_device:blk_file rw_file_perms;
#============= ccci_mdinit sysfs related ==============
allow ccci_mdinit sysfs_ccci:dir search;
allow ccci_mdinit sysfs_ccci:file rw_file_perms;
allow ccci_mdinit sysfs_ssw:dir search;
allow ccci_mdinit sysfs_ssw:file r_file_perms;
allow ccci_mdinit sysfs:file r_file_perms;

# Purpose : Allow ccci_mdinit to open and read/write /proc/bootprof
allow ccci_mdinit proc:file rw_file_perms;
allow ccci_mdinit proc:file getattr;