980fcee399
In factory mode, It is failed that get size of sdcard in sdcard test. Because the policy BLKGETSIZE is missed. Add the policy rule, the test case will pass. MTK-Commit-Id: 80a2d4ddd763ea35fb6c7fdf5dda40d158c1c95c Change-Id: I88c685e98bb1439b0992d39285a715020a7c1ce3 CR-Id: ALPS04745284 Feature: Factory Mode
399 lines
15 KiB
Plaintext
399 lines
15 KiB
Plaintext
# ==============================================
|
|
# Policy File of /system/bin/factory Executable File
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
#file_type_auto_trans(factory, system_data_file, factory_data_file)
|
|
type factory, domain;
|
|
type factory_exec, exec_type, file_type, vendor_file_type;
|
|
init_daemon_domain(factory)
|
|
|
|
#============= factory ==============
|
|
allow factory MTK_SMI_device:chr_file r_file_perms;
|
|
allow factory ashmem_device:chr_file execute;
|
|
allow factory ebc_device:chr_file rw_file_perms;
|
|
allow factory stpbt_device:chr_file rw_file_perms;
|
|
|
|
# Date: WK14.47
|
|
# Operation : Migration
|
|
# Purpose : CCCI
|
|
allow factory eemcs_device:chr_file rw_file_perms;
|
|
allow factory ccci_device:chr_file rw_file_perms;
|
|
allow factory gsm0710muxd_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: file system requirement
|
|
allow factory debugfs_usb:file rw_file_perms;
|
|
allow factory debugfs_usb:dir search;
|
|
allow factory devpts:chr_file rw_file_perms;
|
|
allow factory vfat:dir w_dir_perms;
|
|
allow factory labeledfs:filesystem unmount;
|
|
allow factory rootfs:dir mounton;
|
|
allow factory vfat:dir { read open search mounton };
|
|
allow factory vfat:filesystem { mount unmount };
|
|
|
|
# Purpose : SDIO
|
|
allow factory ttySDIO_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: USB
|
|
allow factory ttyMT_device:chr_file rw_file_perms;
|
|
allow factory ttyS_device:chr_file rw_file_perms;
|
|
allow factory ttyGS_device:chr_file rw_file_perms;
|
|
|
|
# Purpose: OTG
|
|
allow factory usb_device:chr_file rw_file_perms;
|
|
allow factory usb_device:dir r_dir_perms;
|
|
|
|
# Date: WK15.01
|
|
# Purpose : OTG Mount
|
|
allow factory sdcard_type:dir mounton;
|
|
# Date: WK15.07
|
|
# Purpose : use c2k flight mode;
|
|
allow factory vmodem_device:chr_file rw_file_perms;
|
|
|
|
# Date: WK15.13
|
|
# Purpose: for nand project
|
|
allow factory mtd_device:dir search;
|
|
allow factory mtd_device:chr_file rw_file_perms;
|
|
allow factory self:capability sys_resource;
|
|
allow factory pro_info_device:chr_file rw_file_perms;
|
|
|
|
# Data: WK15.28
|
|
# Purpose: for mt-ramdump reset
|
|
allow factory proc_mrdump_rst:file w_file_perms;
|
|
|
|
#Date: WK15.31
|
|
#Purpose: define factory_data_file instead of system_data_file
|
|
# because system_data_file is sensitive partition from M
|
|
wakelock_use(factory);
|
|
allow factory storage_file:dir { write create add_name search mounton };
|
|
|
|
# Date: WK15.44
|
|
# Purpose: factory idle current status
|
|
allow factory vendor_factory_idle_state_prop:property_service set;
|
|
|
|
# Date: WK15.46
|
|
# Purpose: gps factory mode
|
|
allow factory agpsd_data_file:dir search;
|
|
allow factory gps_data_file:dir { write add_name search remove_name unlink};
|
|
allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
|
|
allow factory gps_data_file:lnk_file read;
|
|
allow factory storage_file:lnk_file r_file_perms;
|
|
|
|
#Date: WK15.48
|
|
#Purpose: capture for factory mode
|
|
allow factory devmap_device:chr_file r_file_perms;
|
|
allow factory sdcard_type:dir create_dir_perms;
|
|
allow factory sdcard_type:file create_file_perms;
|
|
allow factory mnt_user_file:dir search;
|
|
allow factory mnt_user_file:lnk_file read;
|
|
allow factory storage_file:lnk_file read;
|
|
|
|
#Date: WK16.05
|
|
#Purpose: For access NVRAM
|
|
allow factory factory:capability chown;
|
|
allow factory nvram_data_file:dir create_dir_perms;
|
|
allow factory nvram_data_file:file create_file_perms;
|
|
allow factory nvram_data_file:lnk_file r_file_perms;
|
|
allow factory nvdata_file:lnk_file r_file_perms;
|
|
allow factory nvram_device:chr_file rw_file_perms;
|
|
allow factory nvram_device:blk_file rw_file_perms;
|
|
allow factory nvdata_device:blk_file rw_file_perms;
|
|
|
|
#Date: WK16.12
|
|
#Purpose: For sensor test
|
|
allow factory als_ps_device:chr_file r_file_perms;
|
|
allow factory barometer_device:chr_file r_file_perms;
|
|
allow factory gsensor_device:chr_file r_file_perms;
|
|
allow factory gyroscope_device:chr_file r_file_perms;
|
|
allow factory msensor_device:chr_file r_file_perms;
|
|
allow factory biometric_device:chr_file r_file_perms;
|
|
|
|
#Purpose: For camera Test
|
|
allow factory kd_camera_flashlight_device:chr_file rw_file_perms;
|
|
allow factory kd_camera_hw_device:chr_file rw_file_perms;
|
|
allow factory seninf_device:chr_file rw_file_perms;
|
|
allow factory CAM_CAL_DRV_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: For reboot the target
|
|
allow factory powerctl_prop:property_service set;
|
|
|
|
#Purpose: For memory card test
|
|
allow factory misc_sd_device:chr_file r_file_perms;
|
|
allow factory mmcblk1_block_device:blk_file rw_file_perms;
|
|
allow factory bootdevice_block_device:blk_file rw_file_perms;
|
|
allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
|
|
allow factory block_device:dir w_dir_perms;
|
|
allowxperm factory mmcblk1_block_device:blk_file ioctl BLKGETSIZE;
|
|
allowxperm factory bootdevice_block_device:blk_file ioctl BLKGETSIZE;
|
|
|
|
#Purpose: For EMMC test
|
|
allow factory nvdata_file:dir create_dir_perms;
|
|
allow factory nvdata_file:file create_file_perms;
|
|
|
|
#Purpose: For HRM test
|
|
allow factory hrm_device:chr_file r_file_perms;
|
|
|
|
#Purpose: For IrTx LED test
|
|
allow factory irtx_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: For battery test, ext_buck test and ext_vbat_boost test
|
|
allow factory pmic_ftm_device:chr_file rw_file_perms;
|
|
allow factory MT_pmic_adc_cali_device:chr_file rw_file_perms;
|
|
allow factory MT_pmic_cali_device:chr_file r_file_perms;
|
|
allow factory charger_ftm_device:chr_file r_file_perms;
|
|
|
|
#Purpose: For HDMI test
|
|
allow factory graphics_device:dir w_dir_perms;
|
|
allow factory graphics_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: For WIFI test
|
|
allow factory wmtWifi_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: For rtc test
|
|
allow factory rtc_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: For nfc test
|
|
allow factory mt6605_device:chr_file rwx_file_perms;
|
|
|
|
#Purpose: For gps test
|
|
allow factory mnld_device:chr_file rw_file_perms;
|
|
allow factory mnld_exec:file rx_file_perms;
|
|
|
|
#Purpose: For keypad test
|
|
allow factory mtk_kpd_device:chr_file r_file_perms;
|
|
|
|
#Purpose: For Humidity test
|
|
allow factory humidity_device:chr_file r_file_perms;
|
|
|
|
#Purpose: For camera test
|
|
allow factory camera_isp_device:chr_file rw_file_perms;
|
|
allow factory camera_dip_device:chr_file rw_file_perms;
|
|
allow factory camera_pipemgr_device:chr_file r_file_perms;
|
|
allow factory camera_sysram_device:chr_file r_file_perms;
|
|
allow factory ccu_device:chr_file rw_file_perms;
|
|
allow factory vpu_device:chr_file rw_file_perms;
|
|
allow factory MAINAF_device:chr_file rw_file_perms;
|
|
allow factory MAIN2AF_device:chr_file rw_file_perms;
|
|
allow factory SUBAF_device:chr_file rw_file_perms;
|
|
allow factory FM50AF_device:chr_file rw_file_perms;
|
|
allow factory AD5820AF_device:chr_file rw_file_perms;
|
|
allow factory DW9714AF_device:chr_file rw_file_perms;
|
|
allow factory DW9714A_device:chr_file rw_file_perms;
|
|
allow factory LC898122AF_device:chr_file rw_file_perms;
|
|
allow factory LC898212AF_device:chr_file rw_file_perms;
|
|
allow factory BU6429AF_device:chr_file rw_file_perms;
|
|
allow factory DW9718AF_device:chr_file rw_file_perms;
|
|
allow factory BU64745GWZAF_device:chr_file rw_file_perms;
|
|
allow factory cct_data_file:dir create_dir_perms;
|
|
allow factory cct_data_file:file create_file_perms;
|
|
allow factory camera_tsf_device:chr_file rw_file_perms;
|
|
allow factory camera_rsc_device:chr_file rw_file_perms;
|
|
allow factory camera_gepf_device:chr_file rw_file_perms;
|
|
allow factory camera_fdvt_device:chr_file rw_file_perms;
|
|
allow factory camera_wpe_device:chr_file rw_file_perms;
|
|
allow factory camera_owe_device:chr_file rw_file_perms;
|
|
allow factory camera_mfb_device:chr_file rw_file_perms;
|
|
allow factory mtk_hal_power_hwservice:hwservice_manager find;
|
|
allow factory vendor_data_file:file getattr;
|
|
allow factory mtk_hal_power:binder call;
|
|
get_prop(factory,mediatek_prop);
|
|
#Purpose: For FM test and headset test
|
|
allow factory accdet_device:chr_file r_file_perms;
|
|
allow factory fm_device:chr_file rw_file_perms;
|
|
|
|
#Purpose: For audio test
|
|
allow factory audio_device:chr_file rw_file_perms;
|
|
allow factory audio_device:dir w_dir_perms;
|
|
allow factory audiohal_prop:property_service set;
|
|
allow factory audio_ipi_device:chr_file { read write ioctl open };
|
|
allow factory audio_scp_device:chr_file r_file_perms;
|
|
|
|
#Purpose: For key and touch event
|
|
allow factory input_device:chr_file r_file_perms;
|
|
allow factory input_device:dir rw_dir_perms;
|
|
|
|
# Date: WK16.17
|
|
# Purpose: N Migration For ccci sysfs node
|
|
# Allow read to sys/kernel/ccci/* files
|
|
allow factory sysfs_ccci:dir search;
|
|
allow factory sysfs_ccci:file r_file_perms;
|
|
|
|
# Date: WK16.18
|
|
# Purpose: N Migration For boot_mode
|
|
# Allow to read boot mode
|
|
# avc: denied { read } for name="boot_mode" dev="sysfs" ino=117
|
|
# scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0
|
|
# tclass=file permissive=0
|
|
allow factory sysfs_boot_mode:file { read open };
|
|
allow factory sysfs_boot_type:file { read open };
|
|
|
|
#TODO:: MTK need to remove later
|
|
not_full_treble(`
|
|
allow factory mnld:unix_dgram_socket sendto;
|
|
')
|
|
|
|
# Date: WK16.31
|
|
#Purpose: For gps test
|
|
allow factory mnld_prop:property_service set;
|
|
|
|
# Date: WK16.33
|
|
#Purpose: for unmount sdcardfs and stop services which are using data partition
|
|
allow factory sdcard_type:filesystem unmount;
|
|
allow factory ctl_default_prop:property_service set;
|
|
|
|
# Date : WK16.35
|
|
# Operation : Migration
|
|
# Purpose : Update camera flashlight driver device file
|
|
allow factory flashlight_device:chr_file rw_file_perms;
|
|
|
|
|
|
# Date: WK15.25
|
|
#Purpose: for unmount sdcardfs and stop services which are using data partition
|
|
allow factory ctl_emdlogger1_prop:property_service set;
|
|
# Date: WK17.07
|
|
# Purpose: Clear bootdevice (eMMC/UFS) may need to unmount tmpfs
|
|
allow factory tmpfs:filesystem unmount;
|
|
allow factory sysfs:dir { read open };
|
|
allow factory sysfs_leds:dir search;
|
|
allow factory sysfs_leds:lnk_file read;
|
|
allow factory sysfs_leds:file rw_file_perms;
|
|
allow factory sysfs_leds:dir r_dir_perms;
|
|
allow factory sysfs_power:file rw_file_perms;
|
|
allow factory sysfs_power:dir r_dir_perms;
|
|
allow factory self:capability2 {block_suspend};
|
|
allow factory sysfs_vibrator:file {open read write};
|
|
allow factory ion_device:chr_file { read open ioctl };
|
|
allow factory debugfs_ion:dir search;
|
|
# Date: WK17.27
|
|
# Purpose: STMicro NFC solution integration
|
|
allow factory st21nfc_device:chr_file { open read getattr write ioctl };
|
|
set_prop(factory,hwservicemanager_prop);
|
|
hwbinder_use(factory);
|
|
hal_client_domain(factory, hal_nfc);
|
|
|
|
# Date : WK17.32
|
|
# Operation : O Migration
|
|
# Purpose: Allow to access cmdq driver
|
|
allow factory mtk_cmdq_device:chr_file { read ioctl open };
|
|
allow factory mtk_mdp_device:chr_file rw_file_perms;
|
|
allow factory sw_sync_device:chr_file rw_file_perms;
|
|
|
|
# Date: WK1733
|
|
# Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode
|
|
set_prop(factory,ctl_ccci_fsd_prop);
|
|
|
|
# Date : WK17.38
|
|
# Operation : O Migration
|
|
# Purpose: Allow to access sysfs
|
|
allow factory sysfs_therm:dir search;
|
|
allow factory sysfs_therm:file {open read write};
|
|
|
|
#Date: W18.22
|
|
# Purpose: P Migration for factory get com port type and uart port info
|
|
# detail avc log: [ 11.751803] <1>.(1)[227:logd.auditd]type=1400 audit(1262304016.560:10):
|
|
#avc: denied { read } for pid=203 comm="factory" name="meta_com_type_info" dev=
|
|
#"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
|
|
allow factory sysfs_comport_type:file rw_file_perms;
|
|
allow factory sysfs_uart_info:file rw_file_perms;
|
|
|
|
|
|
# from private
|
|
allow factory property_socket:sock_file write;
|
|
allow factory init:unix_stream_socket connectto;
|
|
allow factory kernel:system module_request;
|
|
allow factory node:tcp_socket node_bind;
|
|
allow factory userdata_block_device:blk_file rw_file_perms;
|
|
allow factory port:tcp_socket { name_bind name_connect };
|
|
allow factory self:capability { sys_module ipc_lock sys_nice net_raw fsetid net_admin sys_time sys_boot sys_admin };
|
|
allow factory sdcard_type:dir r_dir_perms;
|
|
allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
|
|
allow factory proc_net:file { read getattr open };
|
|
allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
|
|
allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
|
|
|
|
allow factory self:process execmem;
|
|
allow factory self:tcp_socket create_stream_socket_perms;
|
|
allow factory self:udp_socket create_socket_perms;
|
|
|
|
allow factory sysfs_wake_lock:file rw_file_perms;
|
|
#allow factory system_file:file x_file_perms;
|
|
|
|
# For Light HIDL permission
|
|
hal_client_domain(factory, hal_light);
|
|
allow factory hal_light_hwservice:hwservice_manager find;
|
|
allow factory mtk_hal_light:binder call;
|
|
allow factory merged_hal_service:binder call;
|
|
# For vibrator test permission
|
|
allow factory sysfs_vibrator:file rw_file_perms;
|
|
allow factory sysfs_vibrator:dir search;
|
|
|
|
# For Audio device permission
|
|
allow factory proc_asound:dir { read search open };
|
|
allow factory proc_asound:file { read open getattr write };
|
|
allow factory audiohal_prop:property_service set;
|
|
|
|
# For Accdet data permission
|
|
allow factory sysfs:file { read open };
|
|
allow factory sysfs_headset:file { read open };
|
|
|
|
# For touch auto test
|
|
allow factory sysfs_tpd_setting:dir search;
|
|
allow factory sysfs_tpd_setting:file { read getattr open };
|
|
|
|
# Date : WK18.23
|
|
# Operation: P migration
|
|
# Purpose : Allow factory to unmount partition, stop service, and then erase partition
|
|
allow factory vendor_shell_exec:file { read execute open execute_no_trans };
|
|
allow factory vendor_toolbox_exec:file { execute_no_trans };
|
|
allow factory labeledfs:filesystem { unmount };
|
|
allow factory proc_cmdline:file { read open getattr };
|
|
allow factory factory:capability { sys_boot sys_admin};
|
|
allow factory sysfs_dt_firmware_android:file { read open getattr };
|
|
allow factory sysfs_dt_firmware_android:dir { read open search };
|
|
# Purpose : Allow factory to communicate with driver thru socket
|
|
allow factory factory:capability { sys_module net_admin net_raw };
|
|
|
|
# For power_supply and switch permission
|
|
r_dir_file(factory, sysfs_batteryinfo)
|
|
r_dir_file(factory, sysfs_switch)
|
|
|
|
# Date : WK18.27
|
|
# Operation: P migration
|
|
# Purpose : Allow factory to save test report to /data/vendor
|
|
allow factory vendor_data_file:dir { add_name read write};
|
|
allow factory vendor_data_file:file { create read write open };
|
|
|
|
# Date : WK18.31
|
|
# Operation: P migration
|
|
# Purpose : Refine policy
|
|
allow factory sysfs_mmcblk:dir { search };
|
|
allow factory sysfs_mmcblk:file { read getattr open };
|
|
|
|
# Date : WK18.37
|
|
# Operation: P migration
|
|
# Purpose : ADSP SmartPA calibration
|
|
allow factory vendor_file:file execute_no_trans;
|
|
allow factory mtk_audiohal_data_file:dir create_dir_perms;
|
|
allow factory mtk_audiohal_data_file:file { write create unlink r_file_perms };
|
|
|
|
#Date : WK18.37
|
|
# Operation: P migration
|
|
# Purpose : Allow factory to open /proc/version
|
|
allow factory proc_version:file {read open getattr};
|
|
|
|
# Purpose : adsp
|
|
allow factory adsp_device:chr_file rw_file_perms;
|
|
|
|
# Purpose : NFC
|
|
allow factory vendor_nfc_socket:dir { write add_name remove_name search };
|
|
allow factory vendor_nfc_socket:sock_file { create write unlink setattr };
|
|
|
|
# Allow to get AOSP property persist.radio.multisim.config
|
|
get_prop(factory, exported3_radio_prop)
|
|
|