5849c224e3
1. Mark polices which accessing proc/sysfs file system
2. Add violator attribute to modules violate vendor/system rule.
MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8
Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
50 lines
1.4 KiB
Plaintext
50 lines
1.4 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ============
|
|
|
|
# Date : WK14.31
|
|
# Operation : Migration
|
|
# Purpose : For IPC communication
|
|
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
|
|
#allow bootanim self:netlink_socket create_socket_perms;
|
|
|
|
# Date : WK14.32
|
|
# Operation : Migration
|
|
# Purpose : for playing boot tone
|
|
allow bootanim mediaserver:binder {call transfer};
|
|
allow bootanim mediaserver_service:service_manager find;
|
|
|
|
# Purpose : for playing bootanimation audio
|
|
allow bootanim audioserver:binder {call transfer};
|
|
allow bootanim audioserver_service:service_manager find;
|
|
|
|
# Date : WK14.37
|
|
# Operation : Migration
|
|
# Purpose : for opetator
|
|
allow bootanim property_socket:sock_file write;
|
|
allow bootanim init:unix_stream_socket connectto;
|
|
allow bootanim debug_prop:property_service set;
|
|
|
|
# Date : WK14.46
|
|
# Operation : Migration
|
|
# /data/resource-cache
|
|
allow bootanim resourcecache_data_file:dir search;
|
|
allow bootanim resourcecache_data_file:file { read getattr open };
|
|
|
|
# Data : WK16.42
|
|
# Operator: Whitney bring up
|
|
# Purpose: call surfaceflinger due to powervr
|
|
allow bootanim surfaceflinger:fifo_file rw_file_perms;
|
|
|
|
# Date : W16.42
|
|
# Operation : Integration
|
|
# Purpose : DRM / DRI GPU driver required
|
|
|
|
allow bootanim gpu_device:dir search;
|
|
|
|
#============= bootanim ==============
|
|
#allow bootanim debugfs_tracing:file write;
|
|
|
|
#============= bootanim ==============
|
|
#allow bootanim debugfs_tracing:file open;
|