5849c224e3
1. Mark polices which accessing proc/sysfs file system
2. Add violator attribute to modules violate vendor/system rule.
MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8
Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
30 lines
1.1 KiB
Plaintext
30 lines
1.1 KiB
Plaintext
#cmddumper access external modem ttySDIO2
|
|
allow cmddumper ttySDIO_device:chr_file { read write ioctl open };
|
|
|
|
# for modem logging sdcard access
|
|
allow cmddumper sdcard_type:dir create_dir_perms;
|
|
allow cmddumper sdcard_type:file create_file_perms;
|
|
|
|
# cmddumper access on /data/mdlog
|
|
allow cmddumper mdlog_data_file:fifo_file create_file_perms;
|
|
allow cmddumper mdlog_data_file:file create_file_perms;
|
|
allow cmddumper mdlog_data_file:dir { create_dir_perms relabelto };
|
|
|
|
#allow emdlogger to set property
|
|
allow cmddumper debug_mdlogger_prop:property_service set;
|
|
allow cmddumper debug_prop:property_service set;
|
|
|
|
# purpose: allow cmddumper to access storage in N version
|
|
allow cmddumper media_rw_data_file:file { create_file_perms };
|
|
allow cmddumper media_rw_data_file:dir { create_dir_perms };
|
|
|
|
# purpose: access vmodem device
|
|
#allow cmddumper vmodem_device:chr_file { create_file_perms };
|
|
|
|
# purpose: access plat_file_contexts
|
|
allow cmddumper file_contexts_file:file { read getattr open };
|
|
|
|
# purpose: access /sys/devices/virtual/BOOT/BOOT/boot/boot_mode
|
|
#allow cmddumper sysfs:file { read open };
|
|
|