977ad3f552
[Detail] 1. remove md_ctrl.te because we dont use md_ctrl in P. 2. remove debugfs_tracing policy 3. remove nvdata, protect_f, protect_s policy MTK-Commit-Id: d4e5c9893970f0b214b518cba5f9300f130eace9 Change-Id: Iaafc30124fd69ef2b989b9e4e51d71a37d9571e9 CR-Id: ALPS03891225 Feature: Multi-Storage
23 lines
808 B
Plaintext
23 lines
808 B
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# volume manager
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts
|
|
allow vold iso9660:filesystem unmount;
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : vold will traverse /proc when remountUid().
|
|
# It will trigger violation if mtk customize some label in /proc.
|
|
# However, we should ignore the violation if the processes never access the storage.
|
|
dontaudit vold proc_battery_cmd:dir { read open };
|
|
dontaudit vold proc_mtkcooler:dir { read open };
|
|
dontaudit vold proc_mtktz:dir { read open };
|
|
dontaudit vold proc_thermal:dir { read open };
|
|
|
|
allow vold mtd_device:blk_file rw_file_perms;
|