NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/mpe.te
Bo Ye 5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:36 +08:00

68 lines
2.5 KiB
Plaintext
Raw Blame History

# ==============================================
# Policy File of /vendor/bin/MPED Executable File
# ==============================================
# Type Declaration
# ==============================================
type MPED, domain;
type MPED_exec, exec_type, file_type, vendor_file_type;
# ==============================================
# MTK Policy Rule
# ==============================================
# Date : WK15.29
# Operation : Feature Developing
# Purpose : Sensor Aiding GPS
# ==============================================
init_daemon_domain(MPED)
net_domain(MPED)
typeattribute MPED data_between_core_and_vendor_violators;
# Date : WK15.29
# Operation : Feature Developing
# Purpose : Setup Connection with GPS for sensor aiding data exchange
allow MPED sdcard_type:file create_file_perms;
allow MPED sdcard_type:dir create_dir_perms;
allow MPED init:unix_stream_socket connectto;
allow MPED init:udp_socket rw_socket_perms;
#allow MPED self:capability { fsetid dac_override };
allow MPED sysfs:file rw_file_perms;
allow MPED tmpfs:lnk_file create_file_perms;
# TODO::mtk work around and will fix it later
# allow MPED system_server:unix_dgram_socket sendto;
# allow MPED system_server:unix_stream_socket rw_socket_perms;
# allow MPED system_server:binder call;
# Date : WK15.30
# Operation : Feature Developing
# Purpose : Setup Connection with sensormanager to obtain mems sensor data for the calculation of dead reckoning algorithm
# binder_use(MPED)
# TODO::mtk work around and will fix it later
# binder_call(MPED,binderservicedomain)
# allow MPED servicemanager:dir search;
# allow MPED servicemanager:file r_file_perms;
# Create data/mtk_mpe_server as mpe socket
type_transition MPED system_data_file:sock_file MPED_socket "mtk_mpe_server";
allow MPED MPED_socket:sock_file { create_file_perms link };
# allow MPED system_data_file:dir remove_name;
# allow MPED system_data_file:sock_file create_file_perms;
# All others under /data get MPED_data_file
file_type_auto_trans(MPED, system_data_file, MPED_data_file);
allow MPED MPED_data_file:dir w_dir_perms;
allow MPED MPED_data_file:file create_file_perms;
# Date : WK15.33
# Operation : Feature Developing
# Purpose : Add permission for mped socket
allow MPED MPED_socket:sock_file setattr;
# Date : WK15.40
# Operation : Feature Developing
# Purpose : Add sensorservice registration permission to obtain sensor data from sensor listener
# TODO::mtk work around and will fix it later
# allow MPED sensorservice_service:service_manager find;
Reference in New Issue View Git Blame Copy Permalink