blob: 70e3a973f7778a921d2efd2abaadbde67640ec4a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
# ==============================================
# Policy File of /system/binccci_mdinit Executable File
# ==============================================
# Type Declaration
# ==============================================
type ccci_mdinit_exec , exec_type, file_type;
type ccci_mdinit ,domain;
# ==============================================
# Android Policy Rule
# ==============================================
# ==============================================
# NSA Policy Rule
# ==============================================
# ==============================================
# MTK Policy Rule
# ==============================================
#permissive ccci_mdinit;
init_daemon_domain(ccci_mdinit)
#unconfined_domain(ccci_mdinit)
wakelock_use(ccci_mdinit)
#=============allow ccci_mdinit to start gsm0710muxd==============
allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set;
#=============allow ccci_mdinit to start emcsmdlogger==============
allow ccci_mdinit ctl_mdlogger_prop:property_service set;
#=============allow ccci_mdinit to start c2krild==============
allow ccci_mdinit ctl_viarild_prop:property_service set;
unix_socket_connect(ccci_mdinit, property, init)
#allow ccci_mdinit ctl_mdlogger_prop:property_service set;
allow ccci_mdinit { ctl_mdlogger_prop ctl_emdlogger1_prop ctl_emdlogger2_prop ctl_emdlogger3_prop ctl_dualmdlogger_prop }:property_service set;
#allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set;
allow ccci_mdinit { ctl_gsm0710muxd_prop ctl_gsm0710muxd-s_prop ctl_gsm0710muxd-d_prop ctl_gsm0710muxdmd2_prop}:property_service set;
#allow ccci_mdinit ctl_ril-daemon-mtk_prop:property_service set;
allow ccci_mdinit { ctl_rildaemon_prop ctl_ril-daemon-mtk_prop ctl_ril-daemon-s_prop ctl_ril-daemon-d_prop ctl_ril-daemon-md2_prop ctl_ril-proxy_prop }:property_service set;
allow ccci_mdinit ril_active_md_prop:property_service set;
allow ccci_mdinit mtk_md_prop:property_service set;
allow ccci_mdinit radio_prop:property_service set;
allow ccci_mdinit net_cdma_mdmstat:property_service set;
allow ccci_mdinit { ctl_ccci_fsd_prop ctl_ccci2_fsd_prop ctl_ccci3_fsd_prop }:property_service set;
allow ccci_mdinit { ctl_ccci_rpcd_prop ctl_ccci2_rpcd_prop }:property_service set;
allow ccci_mdinit ccci_device:chr_file rw_file_perms;
allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms;
# TODO: Do not allow write access to all of /sys
allow ccci_mdinit sysfs:file write;
allow ccci_mdinit nvram_data_file:dir rw_dir_perms;
allow ccci_mdinit nvram_data_file:file create_file_perms;
allow ccci_mdinit nvram_data_file:lnk_file read;
allow ccci_mdinit nvdata_file:dir rw_dir_perms;
allow ccci_mdinit nvdata_file:file create_file_perms;
allow ccci_mdinit nvram_device:chr_file rw_file_perms;
allow ccci_mdinit protect_f_data_file:dir rw_dir_perms;
allow ccci_mdinit protect_f_data_file:file create_file_perms;
allow ccci_mdinit protect_s_data_file:dir rw_dir_perms;
allow ccci_mdinit protect_s_data_file:file create_file_perms;
allow ccci_mdinit nvram_device:blk_file { read write open };
allow ccci_mdinit nvdata_device:blk_file { read write open };
allow ccci_mdinit mmcblk0_block_device:blk_file { read write open };
allow ccci_mdinit ril_mux_report_case_prop:property_service set;
allow ccci_mdinit mdlog_data_file:dir search;
allow ccci_mdinit mdlog_data_file:file { read open };
allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
allow ccci_mdinit ccci_cfg_file:file create_file_perms;
allow ccci_mdinit block_device:dir search;
allow ccci_mdinit preloader_block_device:blk_file r_file_perms;
allow ccci_mdinit secro_block_device:blk_file r_file_perms;
allow ccci_mdinit preloader_device:chr_file rw_file_perms;
allow ccci_mdinit misc_sd_device:chr_file { read open };
allow ccci_mdinit sec_ro_device:chr_file { read open };
allow ccci_mdinit custom_file:dir { search };
allow ccci_mdinit custom_file:file { open read getattr };
allow ccci_mdinit mtk_tele_prop:property_service set;
# Date WK15.13
# Operation : Migration
# Purpose : for nand partition access
allow ccci_mdinit mtd_device:dir search;
allow ccci_mdinit mtd_device:chr_file { read write open };
allow ccci_mdinit devmap_device:chr_file { read ioctl open };
# Date : WK15.30
# Operation : Migration
# Purpose : for device bring up, not to block early migration/sanity
allow ccci_mdinit proc_lk_env:file rw_file_perms;
allow ccci_mdinit para_block_device:blk_file rw_file_perms;
|
