NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/factory.te
Bo Ye 3ace839be3 [ALPS03825066] Mark file context to fix build fails 
Restore the policies accessing files labeled
    as proc_xxx or sysfs_xxx, but there are some
    exceptions for coredomain process, such as
    meta_tst,dump_state,kpoc_charger

MTK-Commit-Id: 7953b5203bb3cac099c3326d330643b4cd73746d

Change-Id: I4b16c09c352891783e837bea370c264966ca6d13
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:41 +08:00

301 lines
11 KiB
Plaintext
Raw Blame History

# ==============================================
# Policy File of /system/bin/factory Executable File
# ==============================================
# Type Declaration
# ==============================================
# ==============================================
# MTK Policy Rule
# ==============================================
file_type_auto_trans(factory, system_data_file, factory_data_file)
#============= factory ==============
allow factory MTK_SMI_device:chr_file r_file_perms;
allow factory ashmem_device:chr_file execute;
allow factory ebc_device:chr_file rw_file_perms;
allow factory stpbt_device:chr_file rw_file_perms;
# Date: WK14.47
# Operation : Migration
# Purpose : CCCI
allow factory eemcs_device:chr_file rw_file_perms;
allow factory ccci_device:chr_file rw_file_perms;
allow factory gsm0710muxd_device:chr_file rw_file_perms;
#Purpose: file system requirement
allow factory debugfs_usb:file rw_file_perms;
allow factory debugfs_usb:dir search;
allow factory devpts:chr_file rw_file_perms;
allow factory vfat:dir w_dir_perms;
allow factory labeledfs:filesystem unmount;
allow factory rootfs:dir mounton;
allow factory vfat:dir { read open search mounton };
allow factory vfat:filesystem { mount unmount };
# Purpose : SDIO
allow factory ttySDIO_device:chr_file rw_file_perms;
#Purpose: USB
allow factory ttyMT_device:chr_file rw_file_perms;
allow factory ttyGS_device:chr_file rw_file_perms;
# Date: WK15.01
# Purpose : OTG Mount
allow factory sdcard_type:dir mounton;
# Date: WK15.07
# Purpose : use c2k flight mode;
allow factory vmodem_device:chr_file rw_file_perms;
# Date: WK15.13
# Purpose: for nand project
allow factory mtd_device:dir search;
allow factory mtd_device:chr_file rw_file_perms;
allow factory self:capability sys_resource;
allow factory pro_info_device:chr_file rw_file_perms;
# Data: WK15.28
# Purpose: for mt-ramdump reset
allow factory proc_mrdump_rst:file w_file_perms;
#Date: WK15.31
#Purpose: define factory_data_file instead of system_data_file
# because system_data_file is sensitive partition from M
#allow factory self:capability2 block_suspend;
wakelock_use(factory);
allow factory storage_file:dir { write create add_name search mounton };
allow factory factory_data_file:file create_file_perms;
allow factory shell_exec:file r_file_perms;
# Date: WK15.44
# Purpose: factory idle current status
allow factory factory_idle_state_prop:property_service set;
# Date: WK15.46
# Purpose: gps factory mode
typeattribute factory data_between_core_and_vendor_violators;
allow factory agpsd_data_file:dir search;
allow factory apk_data_file:dir write;
#allow factory gps_data_file:dir r_dir_perms;
#allow factory gps_data_file:dir { write open };
#allow factory gps_data_file:file { read write };
allow factory gps_data_file:dir { write add_name search remove_name unlink};
allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
allow factory gps_data_file:lnk_file read;
# allow factory gps_emi_device:chr_file { read write };
allow factory shell_exec:file x_file_perms;
allow factory storage_file:lnk_file r_file_perms;
#Date: WK15.48
#Purpose: capture for factory mode
allow factory devmap_device:chr_file r_file_perms;
allow factory sdcard_type:dir create_dir_perms;
allow factory sdcard_type:file create_file_perms;
allow factory mnt_user_file:dir search;
allow factory mnt_user_file:lnk_file read;
allow factory storage_file:lnk_file read;
#Date: WK16.05
#Purpose: For access NVRAM
allow factory factory:capability chown;
allow factory nvram_data_file:dir create_dir_perms;
allow factory nvram_data_file:file create_file_perms;
allow factory nvram_data_file:lnk_file r_file_perms;
allow factory nvdata_file:lnk_file r_file_perms;
allow factory nvram_device:chr_file rw_file_perms;
allow factory nvram_device:blk_file rw_file_perms;
allow factory nvdata_device:blk_file rw_file_perms;
# Purpose : Allow factory read /data/nvram link
allow factory system_data_file:lnk_file read;
#Date: WK16.12
#Purpose: For sensor test
allow factory als_ps_device:chr_file r_file_perms;
allow factory barometer_device:chr_file r_file_perms;
allow factory gsensor_device:chr_file r_file_perms;
allow factory gyroscope_device:chr_file r_file_perms;
allow factory msensor_device:chr_file r_file_perms;
allow factory biometric_device:chr_file r_file_perms;
#Purpose: For camera Test
allow factory kd_camera_flashlight_device:chr_file rw_file_perms;
allow factory kd_camera_hw_device:chr_file rw_file_perms;
allow factory seninf_device:chr_file rw_file_perms;
#Purpose: For reboot the target
allow factory powerctl_prop:property_service set;
#Purpose: For memory card test
allow factory misc_sd_device:chr_file r_file_perms;
allow factory mmcblk1_block_device:blk_file rw_file_perms;
allow factory bootdevice_block_device:blk_file rw_file_perms;
allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
allow factory block_device:dir w_dir_perms;
#Purpose: For EMMC test
allow factory nvdata_file:dir create_dir_perms;
allow factory nvdata_file:file create_file_perms;
#Purpose: For HRM test
allow factory hrm_device:chr_file r_file_perms;
#Purpose: For IrTx LED test
allow factory irtx_device:chr_file rw_file_perms;
#Purpose: For battery test, ext_buck test and ext_vbat_boost test
allow factory pmic_ftm_device:chr_file rw_file_perms;
allow factory MT_pmic_adc_cali_device:chr_file rw_file_perms;
allow factory MT_pmic_cali_device:chr_file r_file_perms;
allow factory charger_ftm_device:chr_file r_file_perms;
#Purpose: For HDMI test
allow factory graphics_device:dir w_dir_perms;
allow factory graphics_device:chr_file rw_file_perms;
#Purpose: For WIFI test
allow factory wmtWifi_device:chr_file rw_file_perms;
#Purpose: For rtc test
allow factory rtc_device:chr_file rw_file_perms;
#Purpose: For nfc test
allow factory mt6605_device:chr_file rwx_file_perms;
#Purpose: For gps test
allow factory mnld_device:chr_file rw_file_perms;
#Purpose: For keypad test
allow factory mtk_kpd_device:chr_file r_file_perms;
#Purpose: For Humidity test
allow factory humidity_device:chr_file r_file_perms;
#Purpose: For camera test
allow factory camera_isp_device:chr_file rw_file_perms;
allow factory camera_dip_device:chr_file rw_file_perms;
allow factory camera_pipemgr_device:chr_file r_file_perms;
allow factory camera_sysram_device:chr_file r_file_perms;
allow factory ccu_device:chr_file rw_file_perms;
allow factory vpu_device:chr_file rw_file_perms;
allow factory MAINAF_device:chr_file rw_file_perms;
allow factory MAIN2AF_device:chr_file rw_file_perms;
allow factory SUBAF_device:chr_file rw_file_perms;
allow factory FM50AF_device:chr_file rw_file_perms;
allow factory AD5820AF_device:chr_file rw_file_perms;
allow factory DW9714AF_device:chr_file rw_file_perms;
allow factory DW9714A_device:chr_file rw_file_perms;
allow factory LC898122AF_device:chr_file rw_file_perms;
allow factory LC898212AF_device:chr_file rw_file_perms;
allow factory BU6429AF_device:chr_file rw_file_perms;
allow factory DW9718AF_device:chr_file rw_file_perms;
allow factory BU64745GWZAF_device:chr_file rw_file_perms;
allow factory cct_data_file:dir create_dir_perms;
allow factory cct_data_file:file create_file_perms;
allow factory camera_tsf_device:chr_file rw_file_perms;
allow factory camera_rsc_device:chr_file rw_file_perms;
allow factory camera_gepf_device:chr_file rw_file_perms;
allow factory camera_fdvt_device:chr_file rw_file_perms;
allow factory camera_wpe_device:chr_file rw_file_perms;
allow factory camera_owe_device:chr_file rw_file_perms;
allow factory camera_mfb_device:chr_file rw_file_perms;
#Purpose: For FM test and headset test
allow factory accdet_device:chr_file r_file_perms;
allow factory fm_device:chr_file rw_file_perms;
#Purpose: For audio test
allow factory audio_device:chr_file rw_file_perms;
allow factory audio_device:dir w_dir_perms;
allow factory audiohal_prop:property_service set;
#Purpose: For key and touch event
allow factory input_device:chr_file r_file_perms;
allow factory input_device:dir rw_dir_perms;
#Purpose: For gps test
#allow factory gps_device:chr_file rw_file_perms;
# Date: WK16.17
# Purpose: N Migration For ccci sysfs node
# Allow read to sys/kernel/ccci/* files
allow factory sysfs_ccci:dir search;
allow factory sysfs_ccci:file r_file_perms;
# Date: WK16.18
# Purpose: N Migration For boot_mode
# Allow to read boot mode
# avc: denied { read } for name="boot_mode" dev="sysfs" ino=117
# scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0
# tclass=file permissive=0
#allow factory sysfs:file rw_file_perms;
# Date: WK16.30
#Purpose: For gps test
allow factory media_rw_data_file:dir search;
#allow factory gps_data_file:dir add_name;
#TODO:: MTK need to remove later
not_full_treble(`
allow factory mnld:unix_dgram_socket sendto;
')
# Date: WK16.31
#Purpose: For gps test
allow factory mnld_prop:property_service set;
allow factory media_rw_data_file:dir { read open };
#allow factory gps_data_file:file create_file_perms;
# Date: WK16.33
#Purpose: for unmount sdcardfs and stop services which are using data partition
allow factory sdcard_type:filesystem unmount;
allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
allow factory ctl_default_prop:property_service set;
# Date : WK16.35
# Operation : Migration
# Purpose : Update camera flashlight driver device file
allow factory flashlight_device:chr_file rw_file_perms;
# Date : WK16.48
# Purpose: For SmartPa speaker calibration
allow factory proc:dir search;
#allow factory proc:file {open read write};
# Date: WK15.25
#Purpose: for unmount sdcardfs and stop services which are using data partition
allow factory ctl_emdlogger1_prop:property_service set;
# Date: WK17.07
# Purpose: Clear bootdevice (eMMC/UFS) may need to unmount tmpfs
allow factory tmpfs:filesystem unmount;
allow factory sysfs:dir { read open };
allow factory sysfs_leds:dir search;
allow factory sysfs_leds:lnk_file read;
allow factory sysfs_vibrator:file {open read write};
allow factory ion_device:chr_file { read open ioctl };
allow factory debugfs_ion:dir search;
#allow factory proc:file ioctl;
# Date: WK17.27
# Purpose: STMicro NFC solution integration
allow factory st21nfc_device:chr_file { open read getattr write ioctl };
allow factory nfc_socket:dir search;
#allow factory vendor_file:file { getattr execute execute_no_trans read open };
set_prop(factory,hwservicemanager_prop);
hwbinder_use(factory);
hal_client_domain(factory, hal_nfc);
#allow factory debugfs_tracing:file { open write };
# Date : WK17.32
# Operation : O Migration
# Purpose: Allow to access cmdq driver
allow factory mtk_cmdq_device:chr_file { read ioctl open };
# Date: WK1733
# Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode
set_prop(factory,ctl_ccci_fsd_prop);
# Date : WK17.38
# Operation : O Migration
# Purpose: Allow to access sysfs
allow factory sysfs_therm:dir search;
allow factory sysfs_therm:file {open read write};
Reference in New Issue View Git Blame Copy Permalink