51167c8474
[Detail] add sepolicy for sysenv get device path by fstab MTK-Commit-Id: 3b4654113dec0bebfd1ba6f4b90fd501ccc6513d Change-Id: I8cfdaf572363f8ac9ce5276eb4ddff525dd7c841 CR-Id: ALPS03908752 Feature: eMMC Boot Up (cherry picked from commit 9a53df024a1c1a1cba9a94373b867a50956225d4)
49 lines
1.4 KiB
Plaintext
49 lines
1.4 KiB
Plaintext
# ==============================================
|
|
# Policy File of /vendor/bin/sysenv_daemon Executable File
|
|
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
type sysenv_daemon_exec , exec_type, file_type, vendor_file_type;
|
|
type sysenv_daemon ,domain;
|
|
|
|
# ==============================================
|
|
# Android Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# NSA Policy Rule
|
|
# ==============================================
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
init_daemon_domain(sysenv_daemon)
|
|
|
|
# Date : WK16.24
|
|
# Operation : Create
|
|
# Purpose : move sysenv to userspace.
|
|
allow sysenv_daemon block_device:dir search;
|
|
allow sysenv_daemon para_block_device:blk_file rw_file_perms;
|
|
allow sysenv_daemon proc_lk_env:file rw_file_perms;
|
|
allow sysenv_daemon self:netlink_socket { read bind create };
|
|
|
|
# Date : WK17.29
|
|
# Operation : Migration
|
|
# Purpose : for device bring up, not to block early SQC
|
|
allow sysenv_daemon sysfs:file { open read };
|
|
|
|
# Date : WK17.43
|
|
# Operation : Migration
|
|
# Purpose : to access mtd device
|
|
allow sysenv_daemon mtd_device:blk_file { open read write };
|
|
|
|
# Date: WK18.02
|
|
# Operation: Create
|
|
# Purpose : get device path by read fstab in read/write lk_env
|
|
allow sysenv_daemon sysfs:dir { read open };
|
|
allow sysenv_daemon sysfs:file getattr;
|
|
|