NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../plat_private/audiocmdservice_atci.te
Bo Ye 5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:36 +08:00

49 lines
1.9 KiB
Plaintext
Raw Blame History

#===============================================
# Policy File of /system/bin/audiocmdservice_atci Executable File
type audiocmdservice_atci_exec , exec_type, file_type;
# New added for move to /system
typeattribute audiocmdservice_atci coredomain;
# ==============================================
# MTK Policy Rule
# ==============================================
# audiocmdservice_atci - audio-daemon service
init_daemon_domain(audiocmdservice_atci)
# Perform Binder IPC for audio tuning tool and access to mediaserver
binder_use(audiocmdservice_atci)
binder_call(audiocmdservice_atci, mediaserver)
#allow audiocmdservice_atci mediaserver:chr_file create_file_perms;
allow audiocmdservice_atci mediaserver:dir w_dir_perms;
allow audiocmdservice_atci mediaserver_service:service_manager find;
# Since Android N, google separates mediaserver to audioserver and cameraserver
binder_call(audiocmdservice_atci, audioserver)
#allow audiocmdservice_atci audioserver:chr_file create_file_perms;
allow audiocmdservice_atci audioserver:dir w_dir_perms;
allow audiocmdservice_atci audioserver_service:service_manager find;
# Access to fuse file system
allow audiocmdservice_atci sdcard_type:file create_file_perms;
allow audiocmdservice_atci sdcard_type:dir w_dir_perms;
# Access to internal storage
allow audiocmdservice_atci media_rw_data_file:dir create_dir_perms;
allow audiocmdservice_atci media_rw_data_file:file create_file_perms;
#To access the file at /dev/kmsg
allow audiocmdservice_atci kmsg_device:chr_file w_file_perms;
userdebug_or_eng(`
allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin};
')
#audio-daemon needs to controlled from adb shell by AudioTuningTool
allow radio audiocmdservice_atci_exec:file getattr;
#Android O porting
hwbinder_use(audiocmdservice_atci)
get_prop(audiocmdservice_atci, hwservicemanager_prop);
#allow audiocmdservice_atci debugfs_tracing:file rw_file_perms;
Reference in New Issue View Git Blame Copy Permalink