NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../plat_private/meta_tst.te
Bo Ye 3ace839be3 [ALPS03825066] Mark file context to fix build fails 
Restore the policies accessing files labeled
    as proc_xxx or sysfs_xxx, but there are some
    exceptions for coredomain process, such as
    meta_tst,dump_state,kpoc_charger

MTK-Commit-Id: 7953b5203bb3cac099c3326d330643b4cd73746d

Change-Id: I4b16c09c352891783e837bea370c264966ca6d13
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:41 +08:00

49 lines
1.8 KiB
Plaintext
Raw Blame History

# ==============================================
# Policy File of /system/bin/meta_tst Executable File
# ==============================================
# Type Declaration
# ==============================================
type meta_tst_exec , exec_type, file_type;
typeattribute meta_tst coredomain;
# ==============================================
# MTK Policy Rule
# ==============================================
init_daemon_domain(meta_tst)
# Date : WK16.12
# Operation : Migration
# Purpose : for meta mode driver module operation
#============= meta_tst =========================
allow meta_tst port:tcp_socket { name_connect name_bind };
#allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner dac_override sys_admin };
allow meta_tst self:tcp_socket { create connect setopt bind };
allow meta_tst self:tcp_socket { bind setopt listen accept read write };
allow meta_tst self:udp_socket { create ioctl };
allow meta_tst self:capability { sys_boot ipc_lock };
allow meta_tst sysfs_wake_lock:file rw_file_perms;
#allow meta_tst sysfs:file write;
allow meta_tst property_socket:sock_file w_file_perms;
#allow meta_tst vold_socket:sock_file w_file_perms;
allow meta_tst init:unix_stream_socket connectto;
allow meta_tst kisd:unix_stream_socket connectto;
allow meta_tst vold:unix_stream_socket connectto;
allow meta_tst node:tcp_socket node_bind;
allow meta_tst labeledfs:filesystem unmount;
allow meta_tst shell_exec:file execute;
set_prop(meta_tst, powerctl_prop);
# Date: WK16.12
# Operation : Migration
# Purpose : for meta mode file system
allow meta_tst system_data_file:sock_file create_file_perms;
allow meta_tst system_file:file x_file_perms;
allow meta_tst system_data_file:dir w_dir_perms;
allow meta_tst block_device:dir search;
allow meta_tst rootfs:file entrypoint;
Reference in New Issue View Git Blame Copy Permalink