1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
|
# ==============================================
# MTK Policy Rule
# ============
allow radio custom_file:dir getattr;
#violate never allow rule
#allow radio device:chr_file { read write ioctl open getattr };
allow radio dm_agent_binder:binder call;
allow radio rild2_socket:sock_file write;
allow radio rild3_socket:sock_file write;
allow radio rild4_socket:sock_file write;
allow radio rild_via_socket:sock_file write;
allow radio rild_md2_socket:sock_file write;
allow radio rild_mal_socket:sock_file write;
allow radio rild_mal_at_socket:sock_file write;
allow radio rild_mal_md2_socket:sock_file write;
allow radio rild_mal_at_md2_socket:sock_file write;
allow radio sdcard_internal:dir { write create add_name };
allow radio sdcard_internal:file { read write getattr open create };
##violate never allow rule
#allow radio sysfs:file write;
##violate never allow rule
#allow radio system_data_file:file append;
allow radio zygote:unix_stream_socket { getopt getattr };
# Date : WK14.36
# Operation : Migration
# Purpose : for mtkrild and viarild
allow radio rilproxy:unix_stream_socket connectto;
allow radio mtkrild:unix_stream_socket connectto;
allow radio mtkrildmd2:unix_stream_socket connectto;
allow radio statusd:unix_stream_socket connectto;
allow radio viarild:unix_stream_socket connectto;
# Date : WK14.38 2014/09/16
# Operation : Migration
# Purpose : for engineermode
allow radio mediatek_prop:property_service set;
allow radio em_svr:unix_stream_socket connectto;
allow radio mt_otg_test_device:chr_file { read write ioctl open };
allow radio mtgpio_device:chr_file { read ioctl open };
allow radio stpbt_device:chr_file { read write open };
allow radio stpant_device:chr_file { read write open };
allow radio bt_int_adp_socket:sock_file write;
allow radio guiext-server:binder { transfer call };
allow radio persist_ril_prop:property_service set;
allow radio mt6605_device:chr_file { read write ioctl open getattr };
allow radio nfc_socket:dir { write add_name remove_name search };
allow radio nfc_socket:sock_file { create write unlink setattr };
allow radio system_prop:property_service set;
# Date: wk14.40
# Operation : SQC
# Purpose : [ALPS01756200] wwop boot up fail
allow radio custom_file:dir { search getattr open read };
allow radio custom_file:file { read open getattr};
# C2K System Property
allow radio cdma_prop:property_service set;
# Date : 2014/10/13
# Operation : IT
# Purpose : mtk_agpsd establishes the local socket as agpsd for all A-GPS
# application to do something with mtk_agpsd
unix_socket_connect(radio, agpsd, mtk_agpsd)
# Date : 2014/10/14
# Operation : IT
# Purpose : for IMSA connect to volte_imsa1 provided by imcb process
unix_socket_connect(radio, volte_imsa1, volte_imcb)
# Date : 2014/10/16
# Operation : IT
# Purpose : for TTLIA apk connect to rild_atci by mtkrild process
allow radio rild_atci_socket:sock_file write;
# Date : 2014/10/17
# Operation : IT
# Purpose : Talks to ril-3gddaemon via the rild-dongle socket.
unix_socket_connect(radio, rild-dongle, ril-3gddaemon)
# Date : 2014/10/20
# Operation : IT
# Purpose : enable ATCId in engineer mode.
allow radio ctl_atcid-daemon-u_prop:property_service set;
allow radio ctl_atci_service_prop:property_service set;
allow radio persist_service_atci_prop:property_service set;
# Date : 2014/11/05
# Operation : IT
# Purpose : for IMS_RILA connect to rild_ims provided by mtkrild process
unix_socket_connect(radio, rild_ims, mtkrild)
# Purpose : allow to access kpd driver file
allow radio sysfs_keypad_file:dir { open write };
allow radio sysfs_keypad_file:file { open write };
# Date : 2014/12/13
# Operation : IT
# Purpose : for bluetooth relayer mode
allow radio block_device:dir search;
allow radio ttyGS_device:chr_file { open read write ioctl };
# Date : 2014/12/26
# Operation : IT
# Purpose : for engineermode sensor can work normal
allow radio als_ps_device:chr_file { read open ioctl };
# Date : 2015/01/20
# Operation : IT
# Purpose : for engineermode Usb PHY Tuning
allow radio debugfs:file { read getattr };
# Date : 2015/01/21
# Operation : IT
# Purpose : C2K rild
allow radio rild_atci_md2_socket:sock_file write;
allow radio rild_atci_c2k_socket:sock_file write;
allow radio rilproxy_atci_socket:sock_file write;
# Date : WK15.05 2015/01/26
# Operation : IT
# Purpose : for engineermode camera
allow radio debug_prop:property_service set;
# Date : WK15.30
# Operation : Migration
# Purpose : for device bring up, not to block early migration/sanity
allow radio dm_agent_binder_service:service_manager find;
allow radio ppl_agent_service:service_manager find;
# Date : WK15.33 2015/08/13
# Operation : IT
# Purpose : for setting volte enable property
allow radio mtk_volte_prop:property_service set;
# Date : WK15.48 2015/11/23
# Operation : IT
# Purpose : for setting wfc enable property
allow radio mtk_wfc_prop:property_service set;
# Date : WK15.48 2015/11/23
# Operation : IT
# Purpose : for setting vt enable property
allow radio mtk_vt_prop:property_service set;
# Date : W15.32 2015/08/05
# Operation : IT
# Purpose : for VSIM adaptor connect to rild_atci by mtkrild process
unix_socket_connect(radio, rild_vsim, mtkrild)
unix_socket_connect(radio, rild_vsim_md2, mtkrild)
# Date : 2015/04/11
# Operation : VT development
# Purpose : Add vtservice to support video telephony functionality
# 3G VT/ViLTE both use this service which will also communication with IMCB/Rild
allow radio vtservice:binder call;
allow radio vtservice:binder transfer;
allow radio vtservice_service:service_manager find;
allow vtservice self:capability dac_override;
allow vtservice soc_vt_svc_socket:sock_file write;
allow vtservice soc_vt_tcv_socket:sock_file write;
allow vtservice rild_oem_socket:sock_file write;
allow vtservice platform_app:binder call;
allow vtservice system_server:binder call;
allow vtservice fuse:dir write;
allow vtservice fuse:dir add_name;
allow vtservice fuse:dir create;
allow vtservice fuse:file create;
allow vtservice fuse:file getattr;
allow vtservice surfaceflinger:fd use;
allow vtservice tmpfs:lnk_file read;
allow vtservice radio:binder call;
# Date : 2015/08/17
# Operation : VoLTE sanity
# Purpose : Add permission for IMSA connect to IMSM
allow radio rild_imsm_socket:sock_file write;
allow radio mtkmal:unix_stream_socket connectto;
allow radio mal_mfi_socket:sock_file write;
# Date : WK15.34 2015/08/21
# Operation : IT
# Purpose : for engineermode WFD IOT property
allow radio media_wfd_prop:property_service set;
allow radio surfaceflinger:fifo_file { read write };
# Date : 2015/09/14
# Operation : IT
# Purpose : [NFC][NFC Service]
# Purpose : Engineering mode need to get NFC Service
allow radio nfc_service:service_manager find;
# Date: 2015/9/23
# Operation: Program binary service
# Purpose : Add permission for program binary service find from ServiceManager.
allow radio program_binary_service:service_manager find;
#Date : 2015/10/27
#Operation: patch back
# Purpose: for set volte emergency pdn protocol
allow radio mtk_em_pdn_prop:property_service set;
# Date : WK15.44 2015/11/2
# Operation : IT
# Purpose : for mbimd service property
allow radio ctl_mbimd_prop:property_service set;
#Date : 2015/11/11
#Operation: IT
# Purpose: for set ims simulate
allow radio mtk_em_ims_simulate_prop:property_service set;
#Date : 2015/11/13
#Operation: IT
# Purpose: for set auto answer
allow radio mtk_em_auto_answer_prop:property_service set;
# Date : WK15.43 2015/10/21
# Operation : MDM IT with Swift app
# Purpose : for app labled by radio to connenct to md_monitor
allow radio md_monitor:unix_stream_socket connectto;
# Date : WK15.51 2015/12/15
# Operation : SQC
# Purpose : for system app labled by radio to search file
allow radio system_app_data_file:dir search;
# Date : WK15.51 2015/12/19
# Operation : Adapt CMCC FT auto test tool[CMDC Tester] to MTK platform
# Purpose : for [CMDC Tester] run on user load
allow radio radio_data_file:file { execute execute_no_trans };
allow radio media_rw_data_file:dir search;
allow radio proc_mtkcooler:dir search;
allow radio proc_mtktz:dir search;
allow radio md_monitor:dir search;
allow radio md_monitor:file { read open getattr};
|
