diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-10 06:55:31 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-10 06:55:31 +0000 |
| commit | 917fe9b84260e088175085f2b051ad0df91ccad9 (patch) | |
| tree | 5f0bdf382efc219fc3695c92e553ce718cc81b2e | |
| parent | 02567000bbec1a0f07cc1a0768e5abd9add301f3 (diff) | |
| parent | 2102c1a6a616afa52c8a0a35dba8f3c669f2b088 (diff) | |
| download | wembley-sepolicy-android13-mainline-extservices-release.tar.gz | |
Snap for 8564071 from 2102c1a6a616afa52c8a0a35dba8f3c669f2b088 to mainline-extservices-releaseaml_ext_331814220aml_ext_331412000aml_ext_331312000aml_ext_331112010aml_ext_331012020android13-mainline-extservices-release
Change-Id: I06bd9f1df24a4ca1aefeb40899497428180d4af2
341 files changed, 3078 insertions, 25659 deletions
diff --git a/METADATA b/METADATA new file mode 100644 index 0000000..6dde475 --- /dev/null +++ b/METADATA @@ -0,0 +1,7 @@ +# *** THIS PACKAGE HAS SPECIAL LICENSING CONDITIONS. PLEASE +# CONSULT THE OWNERS AND opensource-licensing@google.com BEFORE +# DEPENDING ON IT IN YOUR PROJECT. *** +third_party { + license_note: "Mediatek proprietary" + license_type: BY_EXCEPTION_ONLY +} @@ -1 +1,4 @@ -include device/mediatek/wembley-kernel:/OWNERS +# This file ships to AOSP, so we can't reference internal lists. +# So we provide an explicit OWNERS list. +gkaiser@google.com +tjoines@google.com diff --git a/neverallows/non_plat/app_neverallows.te b/neverallows/non_plat/app_neverallows.te new file mode 100644 index 0000000..48d161d --- /dev/null +++ b/neverallows/non_plat/app_neverallows.te @@ -0,0 +1,80 @@ +### +### neverallow rules for untrusted app domains +### + +define(`all_untrusted_apps',`{ + ephemeral_app + isolated_app + mediaprovider +# mediaprovider_app # private + untrusted_app + untrusted_app_25 + untrusted_app_27 + untrusted_app_29 + untrusted_app_all +}') + +# Do not permit untrusted apps to perform actions on HwBinder service_manager +# other than find actions for services listed below +neverallow all_untrusted_apps *:hwservice_manager ~find; + +# Do not permit access from apps which host arbitrary code to HwBinder services. +# The two main reasons for this are: +# 1. HwBinder servers do not perform client authentication because HIDL +# currently does not expose caller UID information and, even if it did, many +# HwBinder services either operate at a level below that of apps (e.g., HALs) +# or must not rely on app identity for authorization. Thus, to be safe, the +# default assumption is that every HwBinder service treats all its clients as +# equally authorized to perform operations offered by the service. +# 2. HAL servers (a subset of HwBinder services) contain code with higher +# incidence rate of security issues than system/core components and have +# access to lower layes of the stack (all the way down to hardware) thus +# increasing opportunities for bypassing the Android security model.# +# Safe services include: +# - same process services: because they by definition run in the process +# of the client and thus have the same access as the client domain in which +# the process runs +# - coredomain_hwservice: are considered safe because they do not pose risks +# associated with reason #2 above. +# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been +# designed for use by any domain. +# - hal_graphics_allocator_hwservice: because these operations are also offered +# by surfaceflinger Binder service, which apps are permitted to access +# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec +# Binder service which apps were permitted to access. +# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. +neverallow all_untrusted_apps ~{ + fwk_bufferhub_hwservice # coredomain_hwservice. Designed for use by any domain + hal_cas_hwservice + hal_codec2_hwservice + hal_configstore_ISurfaceFlingerConfigs + hal_drm_hwservice # technical_debt.cil + hal_graphics_allocator_hwservice + hal_graphics_mapper_hwservice # same process services + hal_neuralnetworks_hwservice # AOSP:589714 + hal_omx_hwservice + hal_renderscript_hwservice # same process services + hidl_allocator_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_manager_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_memory_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_token_hwservice # coredomain_hwservice. Designed for use by any domain + mtk_safe_hwservice_manager_type +}:hwservice_manager find; + +# Restrict *Binder access from apps to HAL domains. We can only do this on full +# Treble devices where *Binder communications between apps and HALs are tightly +# restricted. +full_treble_only(` + neverallow all_untrusted_apps { + halserverdomain + -coredomain + -hal_cas_server + -hal_codec2_server + -hal_configstore_server + -hal_drm_server + -hal_graphics_allocator_server + -hal_neuralnetworks_server + -hal_omx_server + -mtk_safe_halserverdomain_type +}:binder { call transfer }; +') diff --git a/neverallows/non_plat/neverallows.te b/neverallows/non_plat/neverallows.te new file mode 100644 index 0000000..64524ac --- /dev/null +++ b/neverallows/non_plat/neverallows.te @@ -0,0 +1,260 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +# Do not allow access to the generic sysfs label. This is too broad. +# Instead, if access to part of sysfs is desired, it should have a +# more specific label. +# TODO: Remove hal_usb/mtk_hal_usb and so on once there are no violations. +# allow hal_usb sysfs:file write; +# hal_server_domain(mtk_hal_usb, hal_usb) +# +# r_dir_file(hal_wifi, sysfs_type) +# hal_server_domain(mtk_hal_wifi, hal_wifi) +# +full_treble_only(` + neverallow ~{ + apexd + init + merged_hal_service + mtk_hal_bluetooth + # TODO(b/152082918) Remove mtk_hal_camera line when permissions are fixed. + mtk_hal_camera + mtk_hal_power + mtk_hal_usb + mtk_hal_wifi + hal_bluetooth_btlinux + hal_bluetooth_default + hal_drm_clearkey + hal_drm_clearkey_aidl + hal_drm_default + hal_drm_widevine + hal_fingerprint_default + hal_radio_config_default + hal_radio_default + hal_usb_default + hal_wifi_default + hal_wifi_supplicant_default + rild + tee + ueventd + vendor_init + vold + } sysfs:file *; + + neverallow { + merged_hal_service + mtk_hal_bluetooth + mtk_hal_power + mtk_hal_wifi + hal_bluetooth_btlinux + hal_bluetooth_default + hal_drm_clearkey + hal_drm_clearkey_aidl + hal_drm_default + hal_drm_widevine + hal_fingerprint_default + hal_radio_config_default + hal_radio_default + hal_wifi_default + hal_wifi_supplicant_default + rild + tee + } sysfs:file ~r_file_perms; + + neverallow { + hal_usb_default + init + mtk_hal_usb + ueventd + vendor_init + vold + } sysfs:file ~{ r_file_perms write setattr append relabelfrom relabelto }; +') + +# Do not allow access to the generic proc label. This is too broad. +# Instead, if access to part of proc is desired, it should have a +# more specific label. +# TODO: Remove mtk_hal_audio/audioserver and so on once there are no violations. +# +# r_dir_file(hal_audio, proc) +# hal_server_domain(mtk_hal_audio, hal_audio) +# hal_client_domain(audioserver, hal_audio) +# +full_treble_only(` + neverallow ~{ + audiocmdservice_atci + audioserver + bluetooth + hal_audio_default + hal_graphics_allocator_default + init + merged_hal_service + mtk_hal_audio + rild + system_server + vendor_init + vold + } proc:file *; + + neverallow { + audiocmdservice_atci + audioserver + bluetooth + hal_audio_default + hal_graphics_allocator_default + init + merged_hal_service + mtk_hal_audio + rild + system_server + vold + } proc:file ~r_file_perms; + + neverallow vendor_init proc:file ~{ r_file_perms setattr }; + + neverallow ~{ + audiocmdservice_atci + audioserver + bluetooth + hal_audio_default + init + mtk_hal_audio + rild + system_server + } proc:lnk_file ~{ read getattr }; + + neverallow { + audiocmdservice_atci + audioserver + bluetooth + hal_audio_default + init + mtk_hal_audio + rild + system_server + } proc:lnk_file ~r_file_perms; +') + + +# Do not allow access to the generic system_data_file label. This is +# too broad. +# Instead, if access to part of system_data_file is desired, it should +# have a more specific label. +# TODO: Remove merged_hal_service and so on once there are no violations. +# +# allow hal_drm system_data_file:file { getattr read }; +# hal_server_domain(merged_hal_service, hal_drm) +# +full_treble_only(` + neverallow { + domain + -coredomain + -appdomain + -hal_cas_default + -hal_drm_clearkey + -hal_drm_clearkey_aidl + -hal_drm_default + -hal_drm_widevine + -merged_hal_service + -tee + } system_data_file:file *; + + neverallow ~{ + appdomain + app_zygote + hal_drm_clearkey + hal_drm_clearkey_aidl + hal_drm_default + hal_drm_widevine + init + installd + iorap_prefetcherd + mediadrmserver + mediaextractor + mediaserver + merged_hal_service + system_server + tee + toolbox + vold + vold_prepare_subdirs + with_asan(`asan_extract') + } system_data_file:file ~r_file_perms; + + neverallow { appdomain app_zygote } system_data_file:file ~{ getattr read map }; + + neverallow init system_data_file:file ~{ create getattr open read write setattr relabelfrom unlink map getattr relabelto }; + + neverallow installd system_data_file:file ~{ getattr relabelfrom unlink }; + + neverallow iorap_prefetcherd system_data_file:file ~{ open read }; + + neverallow { + hal_drm_clearkey + hal_drm_clearkey_aidl + hal_drm_default + hal_drm_widevine + mediadrmserver + mediaextractor + mediaserver + merged_hal_service + tee + } system_data_file:file ~{ getattr read }; + + neverallow system_server system_data_file:file ~{ create_file_perms relabelfrom link }; + + neverallow { toolbox vold_prepare_subdirs } system_data_file:file ~{ getattr unlink }; + + neverallow vold system_data_file:file ~read; +') + +# Do not allow access to the generic device label. This is too broad. +# Instead, if access to part of device is desired, it should have a +# more specific label. +# TODO: Remove hal_camera and so on once there are no violations. +# +# allow hal_camera device:dir r_dir_perms; +# hal_client_domain(cameraserver, hal_camera) +# +full_treble_only(` + neverallow ~{ + apexd + cameraserver + fastbootd + hal_camera + hal_camera_default + hal_evs_default + init + mtk_hal_camera + otapreopt_chroot + recovery + shell + slideshow + system_server + vendor_init + vold + ueventd + } device:dir ~{ search getattr }; + + neverallow { + cameraserver + fastbootd + hal_camera + hal_camera_default + hal_evs_default + mtk_hal_camera + system_server + shell + slideshow + recovery + } device:dir ~r_dir_perms; + + neverallow init device:dir ~{ create_dir_perms mounton relabelto }; + + neverallow vendor_init device:dir ~{ create_dir_perms mounton }; + + neverallow vold device:dir ~{ search getattr write }; + + neverallow ueventd device:dir ~create_dir_perms; +') diff --git a/neverallows/plat_private/app_neverallows.te b/neverallows/plat_private/app_neverallows.te new file mode 100644 index 0000000..92a48bd --- /dev/null +++ b/neverallows/plat_private/app_neverallows.te @@ -0,0 +1,80 @@ +### +### neverallow rules for untrusted app domains +### + +define(`all_untrusted_apps',`{ + ephemeral_app + isolated_app + mediaprovider + mediaprovider_app + untrusted_app + untrusted_app_25 + untrusted_app_27 + untrusted_app_29 + untrusted_app_all +}') + +# Do not permit untrusted apps to perform actions on HwBinder service_manager +# other than find actions for services listed below +neverallow all_untrusted_apps *:hwservice_manager ~find; + +# Do not permit access from apps which host arbitrary code to HwBinder services. +# The two main reasons for this are: +# 1. HwBinder servers do not perform client authentication because HIDL +# currently does not expose caller UID information and, even if it did, many +# HwBinder services either operate at a level below that of apps (e.g., HALs) +# or must not rely on app identity for authorization. Thus, to be safe, the +# default assumption is that every HwBinder service treats all its clients as +# equally authorized to perform operations offered by the service. +# 2. HAL servers (a subset of HwBinder services) contain code with higher +# incidence rate of security issues than system/core components and have +# access to lower layes of the stack (all the way down to hardware) thus +# increasing opportunities for bypassing the Android security model.# +# Safe services include: +# - same process services: because they by definition run in the process +# of the client and thus have the same access as the client domain in which +# the process runs +# - coredomain_hwservice: are considered safe because they do not pose risks +# associated with reason #2 above. +# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been +# designed for use by any domain. +# - hal_graphics_allocator_hwservice: because these operations are also offered +# by surfaceflinger Binder service, which apps are permitted to access +# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec +# Binder service which apps were permitted to access. +# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. +neverallow all_untrusted_apps ~{ + fwk_bufferhub_hwservice # coredomain_hwservice. Designed for use by any domain + hal_cas_hwservice + hal_codec2_hwservice + hal_configstore_ISurfaceFlingerConfigs + hal_drm_hwservice # technical_debt.cil + hal_graphics_allocator_hwservice + hal_graphics_mapper_hwservice # same process services + hal_neuralnetworks_hwservice # AOSP:589714 + hal_omx_hwservice + hal_renderscript_hwservice # same process services + hidl_allocator_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_manager_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_memory_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_token_hwservice # coredomain_hwservice. Designed for use by any domain + mtk_safe_hwservice_manager_type +}:hwservice_manager find; + +# Restrict *Binder access from apps to HAL domains. We can only do this on full +# Treble devices where *Binder communications between apps and HALs are tightly +# restricted. +full_treble_only(` + neverallow all_untrusted_apps { + halserverdomain + -coredomain + -hal_cas_server + -hal_codec2_server + -hal_configstore_server + -hal_drm_server + -hal_graphics_allocator_server + -hal_neuralnetworks_server + -hal_omx_server + -mtk_safe_halserverdomain_type +}:binder { call transfer }; +') diff --git a/plat_private/domain.te b/neverallows/plat_private/neverallows.te index 4252e23..695a6c7 100644 --- a/plat_private/domain.te +++ b/neverallows/plat_private/neverallows.te @@ -2,8 +2,6 @@ # MTK Policy Rule # ============================================== -# Rules for all domains. - # Do not allow access to the generic system_data_file label. This is # too broad. # Instead, if access to part of system_data_file is desired, it should @@ -35,6 +33,7 @@ full_treble_only(` -toolbox -vold -vold_prepare_subdirs + with_asan(`-asan_extract') -zygote } system_data_file:file *; @@ -85,6 +84,7 @@ full_treble_only(` tee vold webview_zygote + with_asan(`asan_extract') zygote } system_data_file:lnk_file *; @@ -115,3 +115,48 @@ full_treble_only(` neverallow system_server system_data_file:lnk_file ~create_file_perms; ') + +# Do not allow access to the generic device label. This is too broad. +# Instead, if access to part of device is desired, it should have a +# more specific label. +# TODO: Remove hal_camera and so on once there are no violations. +# +# allow hal_camera device:dir r_dir_perms; +# hal_client_domain(cameraserver, hal_camera) +# +full_treble_only(` + neverallow { + coredomain + -apexd + -cameraserver + -fastbootd + -hal_camera + -init + -otapreopt_chroot + -recovery + -shell + -slideshow + -system_server + -vendor_init + -vold + -ueventd + } device:dir ~{ search getattr }; + + neverallow init device:dir ~{ create_dir_perms mounton relabelto }; + + neverallow { + cameraserver + fastbootd + hal_camera + system_server + shell + slideshow + recovery + } device:dir ~r_dir_perms; + + neverallow vendor_init device:dir ~{ create_dir_perms mounton }; + + neverallow vold device:dir ~{ search getattr write }; + + neverallow ueventd device:dir ~create_dir_perms; +') diff --git a/neverallows/plat_public/app_neverallows.te b/neverallows/plat_public/app_neverallows.te new file mode 100644 index 0000000..48d161d --- /dev/null +++ b/neverallows/plat_public/app_neverallows.te @@ -0,0 +1,80 @@ +### +### neverallow rules for untrusted app domains +### + +define(`all_untrusted_apps',`{ + ephemeral_app + isolated_app + mediaprovider +# mediaprovider_app # private + untrusted_app + untrusted_app_25 + untrusted_app_27 + untrusted_app_29 + untrusted_app_all +}') + +# Do not permit untrusted apps to perform actions on HwBinder service_manager +# other than find actions for services listed below +neverallow all_untrusted_apps *:hwservice_manager ~find; + +# Do not permit access from apps which host arbitrary code to HwBinder services. +# The two main reasons for this are: +# 1. HwBinder servers do not perform client authentication because HIDL +# currently does not expose caller UID information and, even if it did, many +# HwBinder services either operate at a level below that of apps (e.g., HALs) +# or must not rely on app identity for authorization. Thus, to be safe, the +# default assumption is that every HwBinder service treats all its clients as +# equally authorized to perform operations offered by the service. +# 2. HAL servers (a subset of HwBinder services) contain code with higher +# incidence rate of security issues than system/core components and have +# access to lower layes of the stack (all the way down to hardware) thus +# increasing opportunities for bypassing the Android security model.# +# Safe services include: +# - same process services: because they by definition run in the process +# of the client and thus have the same access as the client domain in which +# the process runs +# - coredomain_hwservice: are considered safe because they do not pose risks +# associated with reason #2 above. +# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been +# designed for use by any domain. +# - hal_graphics_allocator_hwservice: because these operations are also offered +# by surfaceflinger Binder service, which apps are permitted to access +# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec +# Binder service which apps were permitted to access. +# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. +neverallow all_untrusted_apps ~{ + fwk_bufferhub_hwservice # coredomain_hwservice. Designed for use by any domain + hal_cas_hwservice + hal_codec2_hwservice + hal_configstore_ISurfaceFlingerConfigs + hal_drm_hwservice # technical_debt.cil + hal_graphics_allocator_hwservice + hal_graphics_mapper_hwservice # same process services + hal_neuralnetworks_hwservice # AOSP:589714 + hal_omx_hwservice + hal_renderscript_hwservice # same process services + hidl_allocator_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_manager_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_memory_hwservice # coredomain_hwservice. Designed for use by any domain + hidl_token_hwservice # coredomain_hwservice. Designed for use by any domain + mtk_safe_hwservice_manager_type +}:hwservice_manager find; + +# Restrict *Binder access from apps to HAL domains. We can only do this on full +# Treble devices where *Binder communications between apps and HALs are tightly +# restricted. +full_treble_only(` + neverallow all_untrusted_apps { + halserverdomain + -coredomain + -hal_cas_server + -hal_codec2_server + -hal_configstore_server + -hal_drm_server + -hal_graphics_allocator_server + -hal_neuralnetworks_server + -hal_omx_server + -mtk_safe_halserverdomain_type +}:binder { call transfer }; +') diff --git a/plat_public/domain.te b/neverallows/plat_public/neverallows.te index 3feb681..d4141b5 100644 --- a/plat_public/domain.te +++ b/neverallows/plat_public/neverallows.te @@ -12,6 +12,7 @@ full_treble_only(` neverallow { coredomain + -apexd -init -ueventd -vold @@ -35,12 +36,14 @@ full_treble_only(` neverallow ~{ init + otapreopt_chroot ueventd vendor_init } sysfs:dir ~r_dir_perms; neverallow { init + otapreopt_chroot ueventd vendor_init } sysfs:dir ~{ r_dir_perms relabelfrom relabelto mounton setattr }; @@ -132,7 +135,7 @@ full_treble_only(` vendor_init } debugfs:dir ~{ search getattr }; - neverallow init debugfs:dir ~{ search getattr relabelfrom open read setattr relabelto }; + neverallow init debugfs:dir ~{ search getattr relabelfrom open read setattr relabelto userdebug_or_eng(`mounton') }; neverallow vendor_init debugfs:dir ~{ search getattr read setattr open }; ') @@ -154,7 +157,7 @@ full_treble_only(` system_server } system_data_file:{ chr_file blk_file sock_file fifo_file } *; - neverallow init system_data_file:{ chr_file blk_file } ~{ relabelto };; + neverallow init system_data_file:{ chr_file blk_file } ~{ relabelto }; neverallow init system_data_file:{ sock_file fifo_file } ~{ create getattr open read setattr relabelfrom unlink relabelto }; @@ -176,6 +179,7 @@ full_treble_only(` -toolbox -vold -vold_prepare_subdirs + with_asan(`-asan_extract') } system_data_file:file ~r_file_perms; neverallow { appdomain app_zygote } system_data_file:file ~{ getattr read map }; @@ -200,6 +204,10 @@ full_treble_only(` neverallow vold system_data_file:file ~read; + with_asan(` + neverallow asan_extract system_data_file:file ~{ create_file_perms relabelfrom execute }; + ') + neverallow ~{ appdomain app_zygote @@ -215,6 +223,7 @@ full_treble_only(` tee vold webview_zygote + with_asan(`asan_extract') zygote } system_data_file:lnk_file ~getattr; @@ -243,6 +252,10 @@ full_treble_only(` neverallow system_server system_data_file:lnk_file ~create_file_perms; + with_asan(` + neverallow asan_extract system_data_file:lnk_file ~create_file_perms ; + ') + neverallow ~{ apexd init @@ -254,6 +267,7 @@ full_treble_only(` traced_probes vold vold_prepare_subdirs + with_asan(`asan_extract') zygote } system_data_file:dir ~{ search getattr }; @@ -280,7 +294,9 @@ full_treble_only(` neverallow vold system_data_file:dir ~{ create rw_dir_perms mounton setattr rmdir }; - neverallow vold_prepare_subdirs system_data_file:dir ~{ open read write add_name remove_name rmdir relabelfrom search getattr }; + with_asan(` + neverallow asan_extract system_data_file:dir ~{ create_dir_perms relabelfrom }; + ') neverallow zygote system_data_file:dir ~{ r_dir_perms mounton relabelto }; ') @@ -336,37 +352,225 @@ full_treble_only(` # Do not allow access to the generic app_data_file label. This is too broad. # Instead, if access to part of app_data_file is desired, it should have a # more specific label. -#neverallow * app_data_file:dir_file_class_set *; +#full_treble_only(` +# neverallow * app_data_file:dir_file_class_set *; +#') # Do not allow access to the generic default_prop label. This is too broad. # Instead, if access to part of default_prop is desired, it should have a # more specific label. -#neverallow * default_prop:dir_file_class_set *; +#full_treble_only(` +# neverallow * default_prop:dir_file_class_set *; +#') # Do not allow access to the generic vendor_default_prop label. This is # too broad. # Instead, if access to part of vendor_default_prop is desired, it should # have a more specific label. -#neverallow * vendor_default_prop:dir_file_class_set *; +#full_treble_only(` +# neverallow * vendor_default_prop:dir_file_class_set *; +#') # Do not allow access to the generic device label. This is too broad. # Instead, if access to part of device is desired, it should have a # more specific label. -#neverallow * device:dir_file_class_set *; +# TODO: Remove hal_camera and so on once there are no violations. +# +# allow hal_camera device:dir r_dir_perms; +# hal_client_domain(cameraserver, hal_camera) +# +full_treble_only(` + neverallow * device:{ sock_file fifo_file } *; + + neverallow ~{ + init + shell + ueventd + vendor_init + } device:chr_file *; + + neverallow { init vendor_init } device:chr_file ~setattr; + + neverallow shell device:chr_file ~getattr; + + neverallow ueventd device:chr_file ~{ getattr create setattr unlink }; + + neverallow ~{ + apexd + dumpstate + e2fs + fsck + fsck_untrusted + init + recovery + shell + ueventd + vendor_init + } device:blk_file *; + + neverallow { + dumpstate + e2fs + fsck + fsck_untrusted + shell + vendor_init + } device:blk_file ~getattr; + + neverallow init device:blk_file ~r_file_perms; + + neverallow recovery device:blk_file ~rw_file_perms; + + neverallow ueventd device:blk_file ~{ getattr relabelfrom relabelto create setattr unlink }; + + neverallow ~{ + init + vendor_init + ueventd + } device:file *; + + neverallow init device:file ~{ create_file_perms relabelfrom }; + + neverallow ueventd device:file ~create_file_perms; + + neverallow vendor_init device:file ~{ read setattr map open getattr }; + + neverallow ~{ + init + vendor_init + ueventd + } device:lnk_file ~r_file_perms; + + neverallow { init vendor_init } device:lnk_file ~{ r_file_perms create }; + + neverallow ueventd device:lnk_file ~{ r_file_perms create unlink }; + + neverallow { + coredomain + -apexd + -cameraserver + -fastbootd + -hal_camera + -init + -otapreopt_chroot + -recovery + -shell + -slideshow + -system_server + -vendor_init + -vold + -ueventd + } device:dir ~{ search getattr }; + + neverallow { + cameraserver + fastbootd + hal_camera + system_server + shell + slideshow + recovery + } device:dir ~r_dir_perms; + + neverallow init device:dir ~{ create_dir_perms mounton relabelto }; + + neverallow vendor_init device:dir ~{ create_dir_perms mounton }; + + neverallow vold device:dir ~{ search getattr write }; + + neverallow ueventd device:dir ~create_dir_perms; +') # Do not allow access to the generic socket_device label. This is too broad. # Instead, if access to part of socket_device is desired, it should have a # more specific label. -#neverallow * socket_device:dir_file_class_set *; +full_treble_only(` + neverallow * socket_device:{ file sock_file fifo_file } *; + + neverallow ~{ + init + shell + ueventd + vendor_init + } socket_device:chr_file *; + + neverallow { + init + vendor_init + } socket_device:chr_file ~{ setattr }; + + neverallow shell socket_device:chr_file ~{ getattr }; + + neverallow ueventd socket_device:chr_file ~{ getattr create setattr unlink }; + + neverallow ~{ + apexd + dumpstate + e2fs + fsck + fsck_untrusted + init + recovery + shell + ueventd + vendor_init + } socket_device:blk_file *; + + neverallow { + apexd + dumpstate + e2fs + fsck + fsck_untrusted + shell + vendor_init + } socket_device:blk_file ~getattr; + + neverallow init socket_device:blk_file ~r_file_perms; + + neverallow recovery socket_device:blk_file ~rw_file_perms; + + neverallow ueventd socket_device:blk_file ~{ getattr relabelfrom relabelto create setattr unlink }; + + neverallow ~{ + init + ueventd + vendor_init + } socket_device:lnk_file ~r_file_perms; + + neverallow { + init + vendor_init + } socket_device:lnk_file ~{ r_file_perms create }; + + neverallow ueventd socket_device:lnk_file ~{ r_file_perms create unlink }; + + neverallow ~{ + init + ueventd + vendor_init + } socket_device:dir ~r_dir_perms; + + neverallow init socket_device:dir ~{ create_dir_perms relabelto }; + + neverallow { + ueventd + vendor_init + } socket_device:dir ~create_dir_perms; + +') # Do not allow access to the generic block_device label. This is too broad. # Instead, if access to part of block_device is desired, it should have a # more specific label. -#neverallow * block_device:dir_file_class_set *; +#full_treble_only(` +# neverallow * block_device:dir_file_class_set *; +#') # Do not allow access to the generic bootdevice_block_device label. This is # too broad. # Instead, if access to part of bootdevice_block_device is desired, it should # have a more specific label. -#neverallow * bootdevice_block_device:dir_file_class_set *; - +#full_treble_only(` +# neverallow * bootdevice_block_device:dir_file_class_set *; +#') diff --git a/non_plat/aee_aed.te b/non_plat/aee_aed.te deleted file mode 100644 index fb69ca2..0000000 --- a/non_plat/aee_aed.te +++ /dev/null @@ -1,69 +0,0 @@ -# ============================================== -# Policy File of /system/bin/aee_aed Executable File - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK14.32 -# Operation : AEE UT -# Purpose : for AEE module -allow aee_aed aed_device:chr_file rw_file_perms; -allow aee_aed expdb_device:chr_file rw_file_perms; -allow aee_aed expdb_block_device:blk_file rw_file_perms; -allow aee_aed etb_device:chr_file rw_file_perms; - -# open/dev/mtd/mtd12 failed(expdb) -allow aee_aed mtd_device:dir create_dir_perms; -allow aee_aed mtd_device:chr_file rw_file_perms; - -# NE flow: /dev/RT_Monitor -allow aee_aed RT_Monitor_device:chr_file r_file_perms; - -#data/aee_exp -allow aee_aed aee_exp_data_file:dir create_dir_perms; -allow aee_aed aee_exp_data_file:file create_file_perms; - -#data/dumpsys -allow aee_aed aee_dumpsys_data_file:dir create_dir_perms; -allow aee_aed aee_dumpsys_data_file:file create_file_perms; - -#/data/core -allow aee_aed aee_core_data_file:dir create_dir_perms; -allow aee_aed aee_core_data_file:file create_file_perms; - -# /data/data_tmpfs_log -allow aee_aed data_tmpfs_log_file:dir create_dir_perms; -allow aee_aed data_tmpfs_log_file:file create_file_perms; - -# Purpose: aee_aed set property -set_prop(aee_aed, persist_mtk_aee_prop); -set_prop(aee_aed, persist_aee_prop); -set_prop(aee_aed, debug_mtk_aee_prop); - -# /proc/lk_env -allow aee_aed proc_lk_env:file rw_file_perms; - -# Purpose: Allow aee_aed to read /proc/pid/exe -#allow aee_aed exec_type:file r_file_perms; - -# Purpose: Allow aee_aed to read /proc/cpu/alignment -allow aee_aed proc_cpu_alignment:file { write open }; - -# Purpose: Allow aee_aed to access /sys/devices/virtual/timed_output/vibrator/enable -allow aee_aed sysfs_vibrator_setting:dir search; -allow aee_aed sysfs_vibrator_setting:file w_file_perms; -allow aee_aed sysfs_vibrator:dir search; -allow aee_aed sysfs_leds:dir search; - -# Purpose: Allow aee_aed to read /proc/kpageflags -allow aee_aed proc_kpageflags:file r_file_perms; - -# temp solution -get_prop(aee_aed, vendor_default_prop) - -hal_client_domain(aee_aed, mtk_hal_log) - -# Purpose: create /data/aee_exp at runtime -allow aee_aed file_contexts_file:file r_file_perms; -allow aee_aed aee_exp_data_file:dir relabelto; diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index e5d7aad..d8f8037 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -53,12 +53,12 @@ allow aee_aedv usermodehelper:file r_file_perms; # Date: W15.34 # Operation: Migration # Purpose: For pagemap & pageflags information in NE DB -userdebug_or_eng(`allow aee_aedv self:capability sys_admin;') +allow aee_aedv self:capability sys_admin; # Purpose: aee_aedv set property -set_prop(aee_aedv, persist_mtk_aeev_prop); -set_prop(aee_aedv, persist_aeev_prop); -set_prop(aee_aedv, debug_mtk_aeev_prop); +set_prop(aee_aedv, vendor_mtk_persist_mtk_aeev_prop) +set_prop(aee_aedv, vendor_mtk_persist_aeev_prop) +set_prop(aee_aedv, vendor_mtk_debug_mtk_aeev_prop) # Purpose: mnt/user/* allow aee_aedv mnt_user_file:dir search; @@ -118,27 +118,33 @@ allow aee_aedv crash_dump:file r_file_perms; allow aee_aedv vendor_file:file execute_no_trans; # Purpose: debugfs files -allow aee_aedv debugfs_binder:dir { read open }; -allow aee_aedv debugfs_binder:file { read open }; -allow aee_aedv debugfs_blockio:file { read open }; +allow aee_aedv debugfs_binder:dir r_dir_perms; +allow aee_aedv debugfs_binder:file r_file_perms; +allow aee_aedv debugfs_blockio:file r_file_perms; allow aee_aedv debugfs_fb:dir search; -allow aee_aedv debugfs_fb:file { read open }; +allow aee_aedv debugfs_fb:file r_file_perms; allow aee_aedv debugfs_fuseio:dir search; -allow aee_aedv debugfs_fuseio:file { read open }; +allow aee_aedv debugfs_fuseio:file r_file_perms; allow aee_aedv debugfs_ged:dir search; -allow aee_aedv debugfs_ged:file { read open }; +allow aee_aedv debugfs_ged:file r_file_perms; allow aee_aedv debugfs_rcu:dir search; -allow aee_aedv debugfs_shrinker_debug:file { read open }; -allow aee_aedv debugfs_wakeup_sources:file { read open }; -allow aee_aedv debugfs_dmlog_debug:file { read open }; -allow aee_aedv debugfs_page_owner_slim_debug:file { read open }; +allow aee_aedv debugfs_shrinker_debug:file r_file_perms; +allow aee_aedv debugfs_wakeup_sources:file r_file_perms; +allow aee_aedv debugfs_dmlog_debug:file r_file_perms; +allow aee_aedv debugfs_page_owner_slim_debug:file r_file_perms; allow aee_aedv debugfs_ion_mm_heap:dir search; allow aee_aedv debugfs_ion_mm_heap:file r_file_perms; allow aee_aedv debugfs_ion_mm_heap:lnk_file read; allow aee_aedv debugfs_cpuhvfs:dir search; -allow aee_aedv debugfs_cpuhvfs:file { read open }; -allow aee_aedv debugfs_emi_mbw_buf:file { read open }; -allow aee_aedv debugfs_vpu_device_dbg:file { read open }; +allow aee_aedv debugfs_cpuhvfs:file r_file_perms; +allow aee_aedv debugfs_emi_mbw_buf:file r_file_perms; +allow aee_aedv debugfs_vpu_device_dbg:file r_file_perms; +allow aee_aedv debugfs_vpu_memory:file r_file_perms; +allow aee_aedv debugfs_apusys_midware_register_all:file r_file_perms; +allow aee_aedv debugfs_apusys_mdla_memory:file r_file_perms; +allow aee_aedv debugfs_apusys_mnoc_sta_dump:file r_file_perms; +allow aee_aedv debugfs_apusys_debug_log:file r_file_perms; +allow aee_aedv debugfs_apusys_midware_mem:file r_file_perms; # Purpose: # 01-01 00:02:46.390 3315 3315 W aee_dumpstatev: type=1400 audit(0.0:4728): @@ -273,7 +279,8 @@ allow aee_aedv debugfs_dynamic_debug:file r_file_perms; # [ 241.001976] <1>.(1)[209:logd.auditd]type=1400 audit(1262304586.172:515): avc: denied { read } # for pid=1978 comm="aee_aedv64" name="atag,devinfo" dev="sysfs" ino=2349 scontext=u:r:aee_aedv:s0 # tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 -allow aee_aedv sysfs_mrdump_lbaooo:file w_file_perms; +allow aee_aedv sysfs_mrdump:file rw_file_perms; +allow aee_aedv sysfs_memory:file r_file_perms; # Purpose: Allow aee_aedv to use HwBinder IPC. hwbinder_use(aee_aedv) @@ -402,7 +409,8 @@ allow aee_aedv proc_slabtrace:file r_file_perms; allow aee_aedv proc_cmdq_debug:file r_file_perms; # temp solution -get_prop(aee_aedv, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(aee_aedv, vendor_default_prop) #data/dipdebug allow aee_aedv aee_dipdebug_vendor_file:dir r_dir_perms; @@ -437,3 +445,37 @@ allow aee_aedv proc_aed_reboot_reason:file r_file_perms; allow aee_aedv proc_drop_caches:file rw_file_perms; allow aee_aedv proc_wmt_aee:file r_file_perms; + +allow aee_aedv proc_aed:file rw_file_perms; +allow aee_aedv proc_aed:dir r_dir_perms; +allow aee_aedv proc_ppm:dir r_dir_perms; + +allow aee_aedv dpm_block_device:blk_file r_file_perms; +allow aee_aedv boot_para_block_device:blk_file rw_file_perms; + +allow aee_aedv proc_modules:file r_file_perms; + +set_prop(aee_aedv, powerctl_prop) + +allow aee_aedv debugfs_apusys_power_fail_log:file r_file_perms; + +allow aee_aedv proc_ccci_dump:file r_file_perms; +allow aee_aedv proc_log_much:file r_file_perms; + +# Purpose: Allow aee_aedv to read /sys/kernel/tracing/instances/mmstat/trace +allow aee_aedv debugfs_tracing_instances:dir r_dir_perms; +allow aee_aedv debugfs_tracing_instances:file r_file_perms; + +allow aee_aedv binderfs_logs:dir r_dir_perms; +allow aee_aedv binderfs_logs:file r_file_perms; + +allow aee_aedv proc_ion:dir r_dir_perms; +allow aee_aedv proc_ion:file r_file_perms; +allow aee_aedv proc_m4u_dbg:dir r_dir_perms; +allow aee_aedv proc_m4u_dbg:file r_file_perms; +allow aee_aedv proc_mtkfb:file r_file_perms; + +allow aee_aedv debugfs_cmdq:file r_file_perms; + +allow aee_aedv sysfs_dvfsrc_dbg:dir r_dir_perms; +allow aee_aedv sysfs_dvfsrc_dbg:file r_file_perms; diff --git a/non_plat/aee_hidl.te b/non_plat/aee_hidl.te index 5bc639b..49536fb 100644 --- a/non_plat/aee_hidl.te +++ b/non_plat/aee_hidl.te @@ -5,13 +5,16 @@ type aee_hal,domain; type aee_hal_exec, exec_type, file_type, vendor_file_type; typeattribute aee_hal mlstrustedsubject; # Purpose : for create hidl server +allow aee_hal aee_exp_vendor_file:dir w_dir_perms; +allow aee_hal aee_exp_vendor_file:file create_file_perms; +allow aee_hal aee_exp_data_file:file { read write }; hal_server_domain(aee_hal, mtk_hal_aee) # ============================================== # MTK Policy Rule # ============================================== init_daemon_domain(aee_hal) -set_prop(aee_hal, persist_mtk_aeev_prop); -set_prop(aee_hal, persist_aeev_prop); -set_prop(aee_hal, debug_mtk_aeev_prop); +set_prop(aee_hal, vendor_mtk_persist_mtk_aeev_prop) +set_prop(aee_hal, vendor_mtk_persist_aeev_prop) +set_prop(aee_hal, vendor_mtk_debug_mtk_aeev_prop) diff --git a/non_plat/app.te b/non_plat/app.te index 455cafb..776ea4b 100644 --- a/non_plat/app.te +++ b/non_plat/app.te @@ -1,21 +1,22 @@ # ============================================== # MTK Policy Rule -# ============ +# ============================================== # Date : WK16.33 # Purpose: Allow to access ged for gralloc_extra functions allow appdomain proc_ged:file rw_file_perms; allowxperm appdomain proc_ged:file ioctl { proc_ged_ioctls }; +# Data : WK16.42 +# Operator: Whitney bring up +# Purpose: call surfaceflinger due to powervr +allow appdomain surfaceflinger:fifo_file rw_file_perms; + # Date : W16.42 # Operation : Integration # Purpose : DRM / DRI GPU driver required allow appdomain gpu_device:dir search; -# Date : W17.30 -# Purpose : Allow MDP user access cmdq driver -allow appdomain mtk_cmdq_device:chr_file {open read ioctl}; - # Date : W17.41 # Operation: SQC # Purpose : Allow HWUI to access perfmgr @@ -28,12 +29,6 @@ allowxperm appdomain proc_perfmgr:file ioctl { PERFMGR_FPSGO_BQID }; -# Date : W19.4 -# Purpose : Allow MDP user access mdp driver -allow appdomain mdp_device:chr_file rw_file_perms; -allow appdomain mtk_mdp_device:chr_file rw_file_perms; -allow appdomain sw_sync_device:chr_file rw_file_perms; - # Date : W19.23 # Operation : Migration # Purpose : For platform app com.android.gallery3d @@ -44,7 +39,12 @@ allow { appdomain -isolated_app } radio_data_file:file rw_file_perms; # Purpose : For app com.tencent.qqpimsecure allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START; -# Date: 2019/06/17 +# Date : W20.26 # Operation : Migration -# Purpose : appdomain need get mtk_amslog_prop -get_prop(appdomain, mtk_amslog_prop) +# Purpose : For apps other than isolated_app call hidl +hwbinder_use({ appdomain -isolated_app }) +get_prop({ appdomain -isolated_app }, hwservicemanager_prop) +allow { appdomain -isolated_app } hidl_manager_hwservice:hwservice_manager find; +binder_call({ appdomain -isolated_app }, mtk_safe_halserverdomain_type) +binder_call(mtk_safe_halserverdomain_type, { appdomain -isolated_app }) +allow { appdomain -isolated_app } mtk_safe_hwservice_manager_type:hwservice_manager find; diff --git a/non_plat/appdomain.te b/non_plat/appdomain.te deleted file mode 100644 index 3311b98..0000000 --- a/non_plat/appdomain.te +++ /dev/null @@ -1,8 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow appdomain surfaceflinger:fifo_file rw_file_perms; diff --git a/non_plat/atci_service.te b/non_plat/atci_service.te index e55c5a8..3ca0b46 100644 --- a/non_plat/atci_service.te +++ b/non_plat/atci_service.te @@ -45,9 +45,12 @@ allow atci_service nvram_device:blk_file { open read write }; allow atci_service input_device:dir { open read search }; allow atci_service input_device:file { open read write ioctl }; allow atci_service input_device:chr_file { open read write ioctl }; -allow atci_service MAINAF_device:chr_file { open read write ioctl }; -allow atci_service MAIN2AF_device:chr_file { open read write ioctl }; -allow atci_service SUBAF_device:chr_file { open read write ioctl }; +allow atci_service MAINAF_device:chr_file rw_file_perms; +allow atci_service MAIN2AF_device:chr_file rw_file_perms; +allow atci_service MAIN3AF_device:chr_file rw_file_perms; +allow atci_service MAIN4AF_device:chr_file rw_file_perms; +allow atci_service SUBAF_device:chr_file rw_file_perms; +allow atci_service SUB2AF_device:chr_file rw_file_perms; allow atci_service tmpfs:lnk_file read; allow atci_service self:capability2 block_suspend; @@ -66,7 +69,7 @@ allow atci_service storage_file:lnk_file read; #============= atci_service ============== allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open}; -set_prop(atci_service, mtk_em_prop) +set_prop(atci_service, vendor_mtk_em_prop) # Date : 2016/03/02 # Operation : M-Migration @@ -101,20 +104,20 @@ allow atci_service MT_pmic_adc_cali_device:chr_file rw_file_perms; allow atci_service CAM_CAL_DRV_device:chr_file rw_file_perms; allow atci_service CAM_CAL_DRV1_device:chr_file rw_file_perms; allow atci_service CAM_CAL_DRV2_device:chr_file rw_file_perms; +allow atci_service camera_eeprom_device:chr_file rw_file_perms; allow atci_service fwk_sensor_hwservice:hwservice_manager find; allow atci_service hidl_allocator_hwservice:hwservice_manager find; allow atci_service hidl_memory_hwservice:hwservice_manager find; allow atci_service ion_device:chr_file { read ioctl open }; -allow atci_service mtk_cmdq_device:chr_file { read ioctl open }; -allow atci_service mtk_mdp_device:chr_file rw_file_perms; -allow atci_service sw_sync_device:chr_file rw_file_perms; -allow atci_service mtk_hal_power:binder call; -allow atci_service mtk_hal_power_hwservice:hwservice_manager find; +allow atci_service mtk_cmdq_device:chr_file r_file_perms; +allow atci_service mtk_mdp_device:chr_file r_file_perms; +allow atci_service mtk_mdp_sync:chr_file r_file_perms; +allow atci_service sw_sync_device:chr_file r_file_perms; +hal_client_domain(atci_service, hal_power) allow atci_service sysfs_batteryinfo:dir search; allow atci_service sysfs_batteryinfo:file { read getattr open }; allow atci_service system_file:dir { read open }; allow atci_service camera_pipemgr_device:chr_file { read ioctl open }; -allow atci_service mtkcam_prop:file { read getattr open }; allow atci_service mtk_hal_camera:binder call; allow atci_service debugfs_ion:dir search; allow atci_service sysfs_tpd_setting:file { read write open getattr }; diff --git a/non_plat/atcid.te b/non_plat/atcid.te index 9503a4f..3b9f851 100644 --- a/non_plat/atcid.te +++ b/non_plat/atcid.te @@ -9,7 +9,7 @@ type atcid, domain; type atcid_exec, exec_type, file_type, vendor_file_type; init_daemon_domain(atcid) -set_prop(atcid,persist_service_atci_prop) +set_prop(atcid, vendor_mtk_persist_service_atci_prop) allow atcid block_device:dir search; allow atcid gsmrild_socket:sock_file write; @@ -43,8 +43,8 @@ allow atcid sysfs_batteryinfo:file { read open }; # Date : WK18.16 # Operation: P migration -# Purpose: Allow atcid to get tel_switch_prop -get_prop(atcid, tel_switch_prop) +# Purpose: Allow atcid to get vendor_mtk_tel_switch_prop +get_prop(atcid, vendor_mtk_tel_switch_prop) # Date : WK18.21 # Purpose: Allow to use HIDL @@ -55,8 +55,8 @@ add_hwservice(hal_atci_server,hal_atci_hwservice) # Date : WK18.21 # Purpose: For special command for customer -set_prop(atcid, mtk_atci_prop); -set_prop(atcid, powerctl_prop); +set_prop(atcid, vendor_mtk_atci_prop) +set_prop(atcid, powerctl_prop) allow atcid mnt_vendor_file:dir search; allow atcid nvdata_file:dir { open read write search add_name }; allow atcid nvdata_file:file { open read write create getattr setattr }; diff --git a/non_plat/attributes b/non_plat/attributes index 3c2632a..623a8ed 100644 --- a/non_plat/attributes +++ b/non_plat/attributes @@ -5,82 +5,8 @@ # Attribute that represents all mtk property types (except those with ctl_xxx prefix) attribute mtk_core_property_type; -# Date: 2017/06/12 -# LBS HIDL -#attribute mtk_hal_lbs; -#attribute mtk_hal_lbs_client; -#attribute mtk_hal_lbs_server; - -# Date: 2017/06/27 -# IMSA HIDL -attribute hal_imsa; -attribute hal_imsa_client; -attribute hal_imsa_server; - # attribute that represents all MTK IMS types. It should be used by AP side module only. attribute mtkimsapdomain; # # # attribute that represents all MTK IMS types. It should be used by MD side module only. attribute mtkimsmddomain; - -# Date: 2017/07/19 -# PQ HIDL -attribute hal_pq; -attribute hal_pq_client; -attribute hal_pq_server; - -# Date: 2017/07/28 -# KEY ATTESTATION HIDL -attribute mtk_hal_keyattestation; -attribute mtk_hal_keyattestation_client; -attribute mtk_hal_keyattestation_server; -# Date: 2017/07/13 -# NVRAM AGENT HIDL -attribute hal_nvramagent; -attribute hal_nvramagent_client; -attribute hal_nvramagent_server; - -# Date: 2018/05/25 -# FM HIDL -attribute mtk_hal_fm; -attribute mtk_hal_fm_client; -attribute mtk_hal_fm_server; - -# Date: 2018/03/23 -# log hidl -attribute mtk_hal_log; -attribute mtk_hal_log_client; -attribute mtk_hal_log_server; - -# Date: 2018/07/02 -# MDP HIDL -attribute hal_mms; -attribute hal_mms_client; -attribute hal_mms_server; - -attribute hal_mtkcodecservice_server; -attribute hal_mtkcodecservice; - -attribute hal_atci; -attribute hal_atci_client; -attribute hal_atci_server; - -# Date: 2019/06/12 -# modem db filter hidl -attribute mtk_hal_md_dbfilter_server; - -# Date: 2019/07/16 -# HDMI HIDL -attribute hal_hdmi; -attribute hal_hdmi_client; -attribute hal_hdmi_server; - -# Date: 2019/09/06 -# BGService HIDL -attribute mtk_hal_bgs; -attribute mtk_hal_bgs_client; -attribute mtk_hal_bgs_server; - -attribute mtk_hal_aee; -attribute mtk_hal_aee_client; -attribute mtk_hal_aee_server; diff --git a/non_plat/audiocmdservice_atci.te b/non_plat/audiocmdservice_atci.te index 7be9753..624acc5 100644 --- a/non_plat/audiocmdservice_atci.te +++ b/non_plat/audiocmdservice_atci.te @@ -9,20 +9,18 @@ unix_socket_connect(atcid, atci-audio, audiocmdservice_atci); allow audiocmdservice_atci self:unix_stream_socket { create_socket_perms read write }; # Access to storages for audio tuning tool to read/write tuning result -allow audiocmdservice_atci { block_device device }:dir { write search }; +allow audiocmdservice_atci block_device:dir { write search }; allow audiocmdservice_atci mnt_user_file:dir rw_dir_perms; allow audiocmdservice_atci { mnt_user_file storage_file }:lnk_file rw_file_perms; allow audiocmdservice_atci bootdevice_block_device:blk_file { read write }; - # can route /dev/binder traffic to /dev/vndbinder vndbinder_use(audiocmdservice_atci) binder_call(audiocmdservice_atci,mtk_hal_audio); #Android O porting hwbinder_use(audiocmdservice_atci) -get_prop(audiocmdservice_atci, hwservicemanager_prop); -#allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find; +get_prop(audiocmdservice_atci, hwservicemanager_prop) hal_client_domain(audiocmdservice_atci, hal_audio) diff --git a/non_plat/audioserver.te b/non_plat/audioserver.te index 71f7b4f..2438116 100644 --- a/non_plat/audioserver.te +++ b/non_plat/audioserver.te @@ -54,4 +54,5 @@ allow audioserver crash_dump:unix_stream_socket connectto; # Date: 2019/06/14 # Operation : Migration -get_prop(audioserver, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(audioserver, vendor_default_prop) diff --git a/non_plat/bluetooth.te b/non_plat/bluetooth.te index ec4d725..7ef4418 100644 --- a/non_plat/bluetooth.te +++ b/non_plat/bluetooth.te @@ -9,17 +9,19 @@ binder_call(bluetooth, mtk_hal_bluetooth) allow bluetooth storage_stub_file:dir getattr; -# Date: 2018/01/17 -#allow bluetooth to set property -set_prop(bluetooth, vendor_bluetooth_prop) -set_prop(bluetooth, debug_prop) - # Date: 2018/02/02 # Major permission allow are in /system/sepoplicy/private/bluetooth.te # Add dir create perms for bluetooth on /data/misc/bluetooth/logs allow bluetooth bluetooth_logs_data_file:dir { create_dir_perms relabelto }; allow bluetooth bluetooth_logs_data_file:fifo_file { create_file_perms }; -# Date: 2019/06/14 -# Operation : Migration -get_prop(bluetooth, mtk_amslog_prop) +# Date: 2019/09/19 +allow bluetooth mtk_hal_bluetooth_audio_hwservice:hwservice_manager find; + +# Date : 2020/06/11 +# Operation : allow bt native process to access driver debug node and set kernel thread priority +# Purpose: allow bt native process to access driver debug node and set kernel thread priority +allow bluetooth proc_btdbg:file rw_file_perms; +allow bluetooth kernel:process setsched; + + diff --git a/non_plat/bootanim.te b/non_plat/bootanim.te index 3e9cd40..1823f59 100644 --- a/non_plat/bootanim.te +++ b/non_plat/bootanim.te @@ -1,11 +1,6 @@ # ============================================== # MTK Policy Rule -# ============ - -# Date : WK14.37 -# Operation : Migration -# Purpose : for opetator -allow bootanim bootani_prop:property_service set; +# ============================================== # Date : WK14.46 # Operation : Migration diff --git a/non_plat/bt_dump.te b/non_plat/bt_dump.te new file mode 100755 index 0000000..b19196e --- /dev/null +++ b/non_plat/bt_dump.te @@ -0,0 +1,37 @@ +# ============================================== +# Policy File of /system/binstp_dump3 Executable File + + +# ============================================== +# Type Declaration +# ============================================== + +type bt_dump_exec, vendor_file_type, exec_type, file_type; +type bt_dump, domain; + +# ============================================== +# Android Policy Rule +# ============================================== + +# ============================================== +# NSA Policy Rule +# ============================================== + +# ============================================== +# MTK Policy Rule +# ============================================== +allow bt_dump self:capability { net_admin }; +allow bt_dump self:netlink_socket { read write getattr bind create setopt }; +allow bt_dump self:netlink_generic_socket { read write getattr bind create setopt }; +allow bt_dump conninfra_device:chr_file rw_file_perms; +allow bt_dump stpwmt_device:chr_file rw_file_perms; +allow bt_dump tmpfs:lnk_file r_file_perms; +allow bt_dump mnt_user_file:dir search; +allow bt_dump mnt_user_file:lnk_file read; +allow bt_dump storage_file:lnk_file read; +allow bt_dump stp_dump_data_file:dir create_dir_perms; +allow bt_dump stp_dump_data_file:file create_file_perms; +allow bt_dump connsyslog_data_vendor_file:dir create_dir_perms; +allow bt_dump connsyslog_data_vendor_file:file create_file_perms; +get_prop(bt_dump, vendor_mtk_coredump_prop) +init_daemon_domain(bt_dump) diff --git a/non_plat/cameraserver.te b/non_plat/cameraserver.te index 428afa0..4acc82b 100644 --- a/non_plat/cameraserver.te +++ b/non_plat/cameraserver.te @@ -23,11 +23,6 @@ binder_call(cameraserver, hal_graphics_allocator) # Purpose: adb shell dumpsys media.camera --unreachable allow cameraserver self:process { ptrace }; -# ----------------------------------- -# Purpose: property access -# ----------------------------------- -allow cameraserver mtkcam_prop:file { open read getattr }; - # Date : WK14.34 # Operation : Migration # Purpose : nvram access (dumchar case for nand and legacy chip) diff --git a/non_plat/ccci_fsd.te b/non_plat/ccci_fsd.te index 889d1e8..204e4ea 100644 --- a/non_plat/ccci_fsd.te +++ b/non_plat/ccci_fsd.te @@ -42,10 +42,12 @@ allow ccci_fsd otp_part_block_device:blk_file rw_file_perms; allow ccci_fsd otp_device:chr_file rw_file_perms; allow ccci_fsd sysfs_boot_type:file { read open }; #============= ccci_fsd MD block data============== -##restore>NVM_GetDeviceInfo>open /dev/block/platform/bootdevice/by-name/nvram +#restore>NVM_GetDeviceInfo>open /dev/block/by-name/nvram allow ccci_fsd block_device:dir search; allow ccci_fsd nvram_device:blk_file rw_file_perms; allow ccci_fsd nvdata_device:blk_file rw_file_perms; +allow ccci_fsd nvcfg_file:dir create_dir_perms; +allow ccci_fsd nvcfg_file:file create_file_perms; #============= ccci_fsd cryption related ============== allow ccci_fsd rawfs:dir create_dir_perms; allow ccci_fsd rawfs:file create_file_perms; @@ -65,3 +67,11 @@ allow ccci_fsd ccci_data_md1_file:dir create_dir_perms; allow ccci_fsd ccci_data_md1_file:file create_file_perms; allow ccci_fsd sysfs_devices_block:dir search; allow ccci_fsd sysfs_devices_block:file { read getattr open }; + +#============= ccci_fsd access vendor/etc/md file ============== +allow ccci_fsd vendor_etc_md_file:dir search; +allow ccci_fsd vendor_etc_md_file:file r_file_perms; + +#============= ccci_fsd access data/vendor_de/md file ============== +allow ccci_fsd data_vendor_de_md_file:dir create_dir_perms; +allow ccci_fsd data_vendor_de_md_file:file create_file_perms; diff --git a/non_plat/ccci_mdinit.te b/non_plat/ccci_mdinit.te index 6fbe3ba..47a4e6d 100644 --- a/non_plat/ccci_mdinit.te +++ b/non_plat/ccci_mdinit.te @@ -12,43 +12,34 @@ type ccci_mdinit ,domain; # ============================================== init_daemon_domain(ccci_mdinit) wakelock_use(ccci_mdinit) -#=============allow ccci_mdinit to start gsm0710muxd============== -set_prop(ccci_mdinit, ctl_gsm0710muxd_prop) -#=============allow ccci_mdinit to start emcsmdlogger============== -set_prop(ccci_mdinit, ctl_mdlogger_prop) + #=============allow ccci_mdinit to start c2krild============== -set_prop(ccci_mdinit, ctl_viarild_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_viarild_prop) #=============allow ccci_mdinit to start/stop rild, mdlogger============== -set_prop(ccci_mdinit, ctl_mdlogger_prop) -set_prop(ccci_mdinit, ctl_emdlogger1_prop) -set_prop(ccci_mdinit, ctl_emdlogger2_prop) -set_prop(ccci_mdinit, ctl_emdlogger3_prop) -set_prop(ccci_mdinit, ctl_dualmdlogger_prop) -set_prop(ccci_mdinit, ctl_gsm0710muxd_prop) -set_prop(ccci_mdinit, ctl_gsm0710muxd-s_prop) -set_prop(ccci_mdinit, ctl_gsm0710muxd-d_prop) -#set_prop(ccci_mdinit, ctl_rildaemon_prop) -set_prop(ccci_mdinit, ctl_ril-daemon-mtk_prop) -set_prop(ccci_mdinit, ctl_fusion_ril_mtk_prop) -set_prop(ccci_mdinit, ctl_ril-daemon-s_prop) -set_prop(ccci_mdinit, ctl_ril-daemon-d_prop) -set_prop(ccci_mdinit, ctl_ril-proxy_prop) -set_prop(ccci_mdinit, ril_active_md_prop) -set_prop(ccci_mdinit, mtk_md_prop) -#set_prop(ccci_mdinit, radio_prop) -set_prop(ccci_mdinit, net_cdma_mdmstat) +set_prop(ccci_mdinit, system_mtk_ctl_mdlogger_prop) +set_prop(ccci_mdinit, system_mtk_ctl_emdlogger1_prop) +set_prop(ccci_mdinit, system_mtk_ctl_emdlogger2_prop) +set_prop(ccci_mdinit, system_mtk_ctl_emdlogger3_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_gsm0710muxd_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_ril-daemon-mtk_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_fusion_ril_mtk_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_ril-proxy_prop) +set_prop(ccci_mdinit, vendor_mtk_ril_active_md_prop) +set_prop(ccci_mdinit, vendor_mtk_md_prop) +set_prop(ccci_mdinit, vendor_mtk_net_cdma_mdmstat_prop) set_prop(ccci_mdinit, ctl_start_prop) -#=============allow ccci_mdinit to get tel_switch_prop============== -get_prop(ccci_mdinit, tel_switch_prop) +#=============allow ccci_mdinit to get vendor_mtk_tel_switch_prop============== +get_prop(ccci_mdinit, vendor_mtk_tel_switch_prop) #=============allow ccci_mdinit to start/stop fsd============== -set_prop(ccci_mdinit, ctl_ccci_fsd_prop) -set_prop(ccci_mdinit, ctl_ccci2_fsd_prop) -set_prop(ccci_mdinit, ctl_ccci3_fsd_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_ccci_fsd_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_ccci2_fsd_prop) +set_prop(ccci_mdinit, vendor_mtk_ctl_ccci3_fsd_prop) -get_prop(ccci_mdinit, vendor_default_prop) -get_prop(ccci_mdinit, init_svc_emdlogger1_prop) -get_prop(ccci_mdinit, init_svc_aee_aedv_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(ccci_mdinit, vendor_default_prop) +get_prop(ccci_mdinit, system_mtk_init_svc_emdlogger1_prop) +get_prop(ccci_mdinit, system_mtk_init_svc_aee_aedv_prop) allow ccci_mdinit ccci_device:chr_file rw_file_perms; allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms; @@ -71,7 +62,7 @@ allow ccci_mdinit protect_s_data_file:file create_file_perms; allow ccci_mdinit nvram_device:blk_file rw_file_perms; allow ccci_mdinit nvdata_device:blk_file rw_file_perms; -set_prop(ccci_mdinit, ril_mux_report_case_prop) +set_prop(ccci_mdinit, vendor_mtk_ril_mux_report_case_prop) allow ccci_mdinit ccci_cfg_file:dir create_dir_perms; allow ccci_mdinit ccci_cfg_file:file create_file_perms; @@ -95,7 +86,7 @@ allow ccci_mdinit sysfs_ccci:dir search; allow ccci_mdinit sysfs_ccci:file rw_file_perms; allow ccci_mdinit sysfs_ssw:dir search; allow ccci_mdinit sysfs_ssw:file r_file_perms; -allow ccci_mdinit sysfs_boot_mode:file { read open }; +allow ccci_mdinit sysfs_boot_info:file r_file_perms; # Purpose : Allow ccci_mdinit to open and read/write /proc/bootprof allow ccci_mdinit proc_bootprof:file rw_file_perms; @@ -110,3 +101,8 @@ allow ccci_mdinit block_device:dir search; allow ccci_mdinit metadata_file:dir search; allow ccci_mdinit proc_cmdline:file r_file_perms; allow ccci_mdinit sysfs_dt_firmware_android:dir search; + +# Date : 2020-07-06 +# Purpose: no trigger avc log when call nvram api +dontaudit ccci_mdinit gsi_metadata_file:dir search; + diff --git a/non_plat/cmddumper.te b/non_plat/cmddumper.te index d1ee1f6..ca1ad8c 100644 --- a/non_plat/cmddumper.te +++ b/non_plat/cmddumper.te @@ -1,3 +1,7 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + #cmddumper access external modem ttySDIO2 allow cmddumper ttySDIO_device:chr_file { read write ioctl open }; @@ -10,10 +14,6 @@ allow cmddumper mdlog_data_file:fifo_file create_file_perms; allow cmddumper mdlog_data_file:file create_file_perms; allow cmddumper mdlog_data_file:dir { create_dir_perms relabelto }; -#allow emdlogger to set property -allow cmddumper debug_mdlogger_prop:property_service set; -allow cmddumper debug_prop:property_service set; - # purpose: allow cmddumper to access storage in N version allow cmddumper media_rw_data_file:file { create_file_perms }; allow cmddumper media_rw_data_file:dir { create_dir_perms }; @@ -25,7 +25,5 @@ allow cmddumper file_contexts_file:file { read getattr open }; allow cmddumper sysfs_boot_mode:file { read open }; # Android P migration -set_prop(cmddumper, persist_mtklog_prop) -set_prop(cmddumper, vendor_mdl_prop) allow cmddumper tmpfs:lnk_file read; -allow cmddumper vmodem_device:chr_file { read write ioctl open };
\ No newline at end of file +allow cmddumper vmodem_device:chr_file { read write ioctl open }; diff --git a/non_plat/conninfra_loader.te b/non_plat/conninfra_loader.te new file mode 100755 index 0000000..2349ccc --- /dev/null +++ b/non_plat/conninfra_loader.te @@ -0,0 +1,21 @@ +# ============================================== +# Policy File of /vendor/bin/conninfra_loader Executable File + + +# ============================================== +# Type Declaration +# ============================================== +type conninfra_loader, domain; +type conninfra_loader_exec, exec_type, file_type, vendor_file_type; + +# ============================================== +# MTK Policy Rule +# ============================================== +init_daemon_domain(conninfra_loader) + +# Set the property +set_prop(conninfra_loader, vendor_mtk_wmt_prop) + +# add ioctl/open/read/write permission for conninfra_loader with /dev/conninfra_dev +allow conninfra_loader conninfra_device:chr_file rw_file_perms; + diff --git a/non_plat/connsyslogger.te b/non_plat/connsyslogger.te index 25cd310..a1a804d 100644 --- a/non_plat/connsyslogger.te +++ b/non_plat/connsyslogger.te @@ -19,10 +19,6 @@ allow connsyslogger consyslog_data_file:dir { create_dir_perms relabelto }; allow connsyslogger consyslog_data_file:fifo_file { create_file_perms }; allow connsyslogger consyslog_data_file:file { create_file_perms }; -#consys logger socket access -#allow connsyslogger property_socket:sock_file write; -#allow connsyslogger init:unix_stream_socket connectto; - allow connsyslogger tmpfs:lnk_file { create_file_perms }; # purpose: avc: denied { read } for name="plat_file_contexts" @@ -59,15 +55,14 @@ allow connsyslogger rootfs:lnk_file getattr; allow connsyslogger media_rw_data_file:file { create_file_perms }; allow connsyslogger media_rw_data_file:dir { create_dir_perms }; -set_prop(connsyslogger, vendor_connsysfw_prop) - allow connsyslogger vendor_configs_file:file map; #permission to get driver ready status -get_prop(connsyslogger, wmt_prop) +get_prop(connsyslogger, vendor_mtk_wmt_prop) #Date:2019/03/25 # purpose: allow connsyslogger to access persist.meta.connecttype -get_prop(connsyslogger, meta_connecttype_prop); +get_prop(connsyslogger, vendor_mtk_meta_connecttype_prop) + #Date:2019/03/25 # purpose: allow emdlogger to create socket @@ -79,4 +74,5 @@ allow connsyslogger node:tcp_socket node_bind; # usb device ttyGSx for modem logger usb logging allow connsyslogger ttyGS_device:chr_file { rw_file_perms}; - +# Add permission to access new bootmode file +allow connsyslogger sysfs_boot_info:file r_file_perms; diff --git a/non_plat/crash_dump.te b/non_plat/crash_dump.te index 3dda418..cd8d21f 100644 --- a/non_plat/crash_dump.te +++ b/non_plat/crash_dump.te @@ -36,11 +36,6 @@ allow crash_dump aee_core_data_file:file create_file_perms; allow crash_dump data_tmpfs_log_file:dir create_dir_perms; allow crash_dump data_tmpfs_log_file:file create_file_perms; -# Purpose: crash_dump set property -set_prop(crash_dump, persist_mtk_aee_prop); -set_prop(crash_dump, persist_aee_prop); -set_prop(crash_dump, debug_mtk_aee_prop); - # /proc/lk_env allow crash_dump proc_lk_env:file rw_file_perms; @@ -60,7 +55,8 @@ allow crash_dump sysfs_leds:dir search; allow crash_dump proc_kpageflags:file r_file_perms; # temp solution -get_prop(crash_dump, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(crash_dump, vendor_default_prop) hal_client_domain(crash_dump, mtk_hal_aee) diff --git a/non_plat/device.te b/non_plat/device.te index 702a58d..ec88d8f 100644 --- a/non_plat/device.te +++ b/non_plat/device.te @@ -8,6 +8,7 @@ type ttyS_device, dev_type; type ttySDIO_device, dev_type; type vmodem_device, dev_type; type stpwmt_device, dev_type; +type conninfra_device, dev_type; type wmtdetect_device, dev_type; type wmtWifi_device, dev_type; type stpbt_device, dev_type; @@ -37,7 +38,10 @@ type DW9718AF_device, dev_type; type BU64745GWZAF_device, dev_type; type MAINAF_device, dev_type; type MAIN2AF_device, dev_type; +type MAIN3AF_device, dev_type; +type MAIN4AF_device, dev_type; type SUBAF_device, dev_type; +type SUB2AF_device, dev_type; type M4U_device_device, dev_type; type Vcodec_device, dev_type; type MJC_device, dev_type; @@ -68,6 +72,7 @@ type camera_pipemgr_device, dev_type; type ccu_device, dev_type; type vpu_device, dev_type, mlstrustedobject; type mdla_device, dev_type, mlstrustedobject; +type apusys_device, dev_type; type mtk_jpeg_device, dev_type; type kd_camera_hw_device, dev_type; type seninf_device, dev_type; @@ -86,9 +91,11 @@ type ttyGS_device, dev_type; type CAM_CAL_DRV_device, dev_type; type CAM_CAL_DRV1_device, dev_type; type CAM_CAL_DRV2_device, dev_type; +type camera_eeprom_device, dev_type; type MTK_SMI_device, dev_type; type mtk_cmdq_device, dev_type; type mtk_mdp_device, dev_type; +type mtk_mdp_sync, dev_type; type mtk_rrc_device, dev_type; type ebc_device, dev_type; type vow_device, dev_type; @@ -104,7 +111,6 @@ type ccci_monitor_device, dev_type; type gsm0710muxd_device, dev_type; type eemcs_device, dev_type; type emd_device, dev_type; -type mt6605_device, dev_type; type st21nfc_device, dev_type; type st54spi_device, dev_type; type exm0_device, dev_type; @@ -205,7 +211,6 @@ type md1dsp_block_device, dev_type; type md1arm7_block_device, dev_type; type md3img_block_device, dev_type; type mmcblk1_block_device, dev_type; -type mmcblk1p1_block_device, dev_type; type bootdevice_block_device, dev_type; type odm_block_device, dev_type; type oem_block_device, dev_type; @@ -234,6 +239,8 @@ type mdp_device, dev_type; type mrdump_device, dev_type; type kb_block_device,dev_type; type dkb_block_device,dev_type; +type mtk_radio_device, dev_type; +type dpm_block_device, dev_type; ########################## # Sensor common Devices Start @@ -247,6 +254,7 @@ type barometer_device,dev_type; type humidity_device,dev_type; type biometric_device,dev_type; type sensorlist_device,dev_type; +type hf_manager_device,dev_type; ########################## # Sensor Devices Start # @@ -272,3 +280,8 @@ type m_bio_misc_device, dev_type; # Operation : Migration # Purpose : Add permission for gpu access type dri_device, dev_type, mlstrustedobject; + +# Date : 2020/07/16 +# Operation : R Migration +# Purpose : Add permission for adsp access +type adsp_misc_device, dev_type; diff --git a/non_plat/domain.te b/non_plat/domain.te index f9401fc..22323d6 100644 --- a/non_plat/domain.te +++ b/non_plat/domain.te @@ -29,202 +29,3 @@ allow { allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto; allow { domain -coredomain -hal_configstore_server -vendor_init } aee_exp_vendor_file:file w_file_perms; allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:fd use; - - -# Do not allow access to the generic sysfs label. This is too broad. -# Instead, if access to part of sysfs is desired, it should have a -# more specific label. -# TODO: Remove hal_usb/mtk_hal_usb and so on once there are no violations. -# allow hal_usb sysfs:file write; -# hal_server_domain(mtk_hal_usb, hal_usb) -# -# r_dir_file(hal_wifi, sysfs_type) -# hal_server_domain(mtk_hal_wifi, hal_wifi) -# -full_treble_only(` - neverallow ~{ - init - merged_hal_service - mtk_hal_bluetooth - mtk_hal_power - mtk_hal_usb - mtk_hal_wifi - hal_bluetooth_btlinux - hal_bluetooth_default - hal_drm_clearkey - hal_drm_default - hal_drm_widevine - hal_fingerprint_default - hal_radio_config_default - hal_radio_default - hal_usb_default - hal_wifi_default - hal_wifi_supplicant_default - rild - tee - ueventd - vendor_init - vold - } sysfs:file *; - - neverallow { - merged_hal_service - mtk_hal_bluetooth - mtk_hal_power - mtk_hal_wifi - hal_bluetooth_btlinux - hal_bluetooth_default - hal_drm_clearkey - hal_drm_default - hal_drm_widevine - hal_fingerprint_default - hal_radio_config_default - hal_radio_default - hal_wifi_default - hal_wifi_supplicant_default - rild - tee - } sysfs:file ~r_file_perms; - - neverallow { - hal_usb_default - init - mtk_hal_usb - ueventd - vendor_init - vold - } sysfs:file ~{ r_file_perms write setattr append relabelfrom relabelto }; -') - -# Do not allow access to the generic proc label. This is too broad. -# Instead, if access to part of proc is desired, it should have a -# more specific label. -# TODO: Remove mtk_hal_audio/audioserver and so on once there are no violations. -# -# r_dir_file(hal_audio, proc) -# hal_server_domain(mtk_hal_audio, hal_audio) -# hal_client_domain(audioserver, hal_audio) -# -full_treble_only(` - neverallow ~{ - audiocmdservice_atci - audioserver - bluetooth - hal_audio_default - hal_graphics_allocator_default - init - merged_hal_service - mtk_hal_audio - rild - system_server - vendor_init - vold - } proc:file *; - - neverallow { - audiocmdservice_atci - audioserver - bluetooth - hal_audio_default - hal_graphics_allocator_default - init - merged_hal_service - mtk_hal_audio - rild - system_server - vold - } proc:file ~r_file_perms; - - neverallow vendor_init proc:file ~{ r_file_perms setattr }; - - neverallow ~{ - audiocmdservice_atci - audioserver - bluetooth - hal_audio_default - init - mtk_hal_audio - rild - system_server - } proc:lnk_file ~{ read getattr }; - - neverallow { - audiocmdservice_atci - audioserver - bluetooth - hal_audio_default - init - mtk_hal_audio - rild - system_server - } proc:lnk_file ~r_file_perms; -') - - -# Do not allow access to the generic system_data_file label. This is -# too broad. -# Instead, if access to part of system_data_file is desired, it should -# have a more specific label. -# TODO: Remove merged_hal_service and so on once there are no violations. -# -# allow hal_drm system_data_file:file { getattr read }; -# hal_server_domain(merged_hal_service, hal_drm) -# -full_treble_only(` - neverallow { - domain - -coredomain - -appdomain - -hal_cas_default - -hal_drm_clearkey - -hal_drm_default - -hal_drm_widevine - -merged_hal_service - -tee - } system_data_file:file *; - - neverallow ~{ - appdomain - app_zygote - hal_drm_clearkey - hal_drm_default - hal_drm_widevine - init - installd - iorap_prefetcherd - mediadrmserver - mediaextractor - mediaserver - merged_hal_service - system_server - tee - toolbox - vold - vold_prepare_subdirs - } system_data_file:file ~r_file_perms; - - neverallow { appdomain app_zygote } system_data_file:file ~{ getattr read map }; - - neverallow init system_data_file:file ~{ create getattr open read write setattr relabelfrom unlink map getattr relabelto }; - - neverallow installd system_data_file:file ~{ getattr relabelfrom unlink }; - - neverallow iorap_prefetcherd system_data_file:file ~{ open read }; - - neverallow { - hal_drm_clearkey - hal_drm_default - hal_drm_widevine - mediadrmserver - mediaextractor - mediaserver - merged_hal_service - tee - } system_data_file:file ~{ getattr read }; - - neverallow system_server system_data_file:file ~{ create_file_perms relabelfrom link }; - - neverallow { toolbox vold_prepare_subdirs } system_data_file:file ~{ getattr unlink }; - - neverallow vold system_data_file:file ~read; -') diff --git a/non_plat/dumpstate.te b/non_plat/dumpstate.te index badbe56..22cae01 100644 --- a/non_plat/dumpstate.te +++ b/non_plat/dumpstate.te @@ -2,9 +2,6 @@ # MTK Policy Rule # ============================================== -# Purpose: aee_dumpstate set surfaceflinger property -set_prop(dumpstate, debug_bq_dump_prop); - # Purpose: access dev/aed0 allow dumpstate aed_device:chr_file { read getattr }; @@ -17,36 +14,36 @@ allow dumpstate aee_exp_data_file:dir { w_dir_perms }; allow dumpstate aee_exp_data_file:file { create_file_perms }; # Purpose: debugfs files -allow dumpstate debugfs_binder:dir { read open }; -allow dumpstate debugfs_binder:file { read open }; -allow dumpstate debugfs_blockio:file { read open }; +allow dumpstate debugfs_binder:dir r_dir_perms; +allow dumpstate debugfs_binder:file r_file_perms; +allow dumpstate debugfs_blockio:file r_file_perms; allow dumpstate debugfs_fb:dir search; -allow dumpstate debugfs_fb:file { read open }; +allow dumpstate debugfs_fb:file r_file_perms; allow dumpstate debugfs_fuseio:dir search; -allow dumpstate debugfs_fuseio:file { read open }; +allow dumpstate debugfs_fuseio:file r_file_perms; allow dumpstate debugfs_ged:dir search; -allow dumpstate debugfs_ged:file { read open }; +allow dumpstate debugfs_ged:file r_file_perms; allow dumpstate debugfs_rcu:dir search; -allow dumpstate debugfs_shrinker_debug:file { read open }; -allow dumpstate debugfs_wakeup_sources:file { read open }; -allow dumpstate debugfs_dmlog_debug:file { read open }; -allow dumpstate debugfs_page_owner_slim_debug:file { read open }; +allow dumpstate debugfs_shrinker_debug:file r_file_perms; +allow dumpstate debugfs_wakeup_sources:file r_file_perms; +allow dumpstate debugfs_dmlog_debug:file r_file_perms; +allow dumpstate debugfs_page_owner_slim_debug:file r_file_perms; allow dumpstate debugfs_ion_mm_heap:dir search; -allow dumpstate debugfs_ion_mm_heap:file { read open }; +allow dumpstate debugfs_ion_mm_heap:file r_file_perms; allow dumpstate debugfs_ion_mm_heap:lnk_file read; allow dumpstate debugfs_cpuhvfs:dir search; -allow dumpstate debugfs_cpuhvfs:file { read open }; -allow dumpstate debugfs_vpu_device_dbg:file { read open }; +allow dumpstate debugfs_cpuhvfs:file r_file_perms; +allow dumpstate debugfs_vpu_device_dbg:file r_file_perms; # Purpose: /sys/kernel/ccci/md_chn allow dumpstate sysfs_ccci:dir search; -allow dumpstate sysfs_ccci:file { read open }; +allow dumpstate sysfs_ccci:file r_file_perms; # Purpose: leds status allow dumpstate sysfs_leds:lnk_file read; # Purpose: /sys/module/lowmemorykiller/parameters/adj -allow dumpstate sysfs_lowmemorykiller:file { read open }; +allow dumpstate sysfs_lowmemorykiller:file r_file_perms; allow dumpstate sysfs_lowmemorykiller:dir search; # Purpose: /dev/block/mmcblk0p10 @@ -182,3 +179,20 @@ allow dumpstate mnt_expand_file:dir { search getattr }; #Purpose: Allow dumpstate to read /dev/usb-ffs allow dumpstate functionfs:file { getattr }; + +#Purpose: Allow dumpstate to read /sys/bus/platform/drivers/cache_parity/cache_status +allow dumpstate sysfs_cache_status:file r_file_perms; + +hal_client_domain(dumpstate, hal_light) + +#Purpose: Allow dumpstate to read /sys/kernel/tracing/instances/mmstat/trace +allow dumpstate debugfs_tracing_instances:dir r_dir_perms; +allow dumpstate debugfs_tracing_instances:file r_file_perms; + +allow dumpstate proc_ion:dir r_dir_perms; +allow dumpstate proc_ion:file r_file_perms; +allow dumpstate proc_m4u_dbg:dir r_dir_perms; +allow dumpstate proc_m4u_dbg:file r_file_perms; +allow dumpstate proc_mtkfb:file r_file_perms; + +allow dumpstate debugfs_cmdq:file r_file_perms; diff --git a/non_plat/em_hidl.te b/non_plat/em_hidl.te index eb64f6b..ec55315 100644 --- a/non_plat/em_hidl.te +++ b/non_plat/em_hidl.te @@ -14,88 +14,88 @@ hal_server_domain(em_hidl, mtk_hal_em) # Date : 2018/06/28 # Operation : EM DEBUG # Purpose: EM should set ims operator -set_prop(em_hidl, mtk_operator_id_prop) +set_prop(em_hidl, vendor_mtk_operator_id_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should set mtk_simswitch_emmode_prop -set_prop(em_hidl, mtk_simswitch_emmode_prop) +# Purpose: EM should set vendor_mtk_simswitch_emmode_prop +set_prop(em_hidl, vendor_mtk_simswitch_emmode_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should set mtk_dsbp_support_prop -set_prop(em_hidl, mtk_dsbp_support_prop) +# Purpose: EM should set vendor_mtk_dsbp_support_prop +set_prop(em_hidl, vendor_mtk_dsbp_support_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should set mtk_imstestmode_prop -set_prop(em_hidl, mtk_imstestmode_prop) +# Purpose: EM should set vendor_mtk_imstestmode_prop +set_prop(em_hidl, vendor_mtk_imstestmode_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should set mtk_smsformat_prop -set_prop(em_hidl, mtk_smsformat_prop) +# Purpose: EM should set vendor_mtk_smsformat_prop +set_prop(em_hidl, vendor_mtk_smsformat_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should set mtk_gprs_prefer_prop -set_prop(em_hidl, mtk_gprs_prefer_prop) +# Purpose: EM should set vendor_mtk_gprs_prefer_prop +set_prop(em_hidl, vendor_mtk_gprs_prefer_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should set mtk_testsim_cardtype_prop -set_prop(em_hidl, mtk_testsim_cardtype_prop) +# Purpose: EM should set vendor_mtk_testsim_cardtype_prop +set_prop(em_hidl, vendor_mtk_testsim_cardtype_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should set mtk_ct_ir_engmode_prop -set_prop(em_hidl, mtk_ct_ir_engmode_prop) +# Purpose: EM should set vendor_mtk_ct_ir_engmode_prop +set_prop(em_hidl, vendor_mtk_ct_ir_engmode_prop) # Date : 2018/06/28 # Operation : EM DEBUG -# Purpose: EM should mtk_disable_c2k_cap_prop -set_prop(em_hidl, mtk_disable_c2k_cap_prop) +# Purpose: EM should vendor_mtk_disable_c2k_cap_prop +set_prop(em_hidl, vendor_mtk_disable_c2k_cap_prop) # Date : 2018/06/29 # Operation : EM DEBUG -# Purpose: EM should mtk_debug_md_reset_prop -set_prop(em_hidl, mtk_debug_md_reset_prop) +# Purpose: EM should vendor_mtk_debug_md_reset_prop +set_prop(em_hidl, vendor_mtk_debug_md_reset_prop) # Date : 2018/06/29 # Operation : EM DEBUG -# Purpose: EM should video log mtk_omx_log_prop -set_prop(em_hidl, mtk_omx_log_prop) +# Purpose: EM should video log vendor_mtk_omx_log_prop +set_prop(em_hidl, vendor_mtk_omx_log_prop) # Date : 2018/06/29 # Operation : EM DEBUG -# Purpose: EM should video log mtk_vdec_log_prop -set_prop(em_hidl, mtk_vdec_log_prop) +# Purpose: EM should video log vendor_mtk_vdec_log_prop +set_prop(em_hidl, vendor_mtk_vdec_log_prop) # Date : 2018/06/29 # Operation : EM DEBUG -# Purpose: EM should video log mtk_vdectlc_log_prop -set_prop(em_hidl, mtk_vdectlc_log_prop) +# Purpose: EM should video log vendor_mtk_vdectlc_log_prop +set_prop(em_hidl, vendor_mtk_vdectlc_log_prop) # Date : 2018/06/29 # Operation : EM DEBUG -# Purpose: EM should video log mtk_venc_h264_showlog_prop -set_prop(em_hidl, mtk_venc_h264_showlog_prop) +# Purpose: EM should video log vendor_mtk_venc_h264_showlog_prop +set_prop(em_hidl, vendor_mtk_venc_h264_showlog_prop) # Date : 2018/06/29 # Operation : EM DEBUG -# Purpose: EM should video log mtk_modem_warning_prop -set_prop(em_hidl, mtk_modem_warning_prop) +# Purpose: EM should video log vendor_mtk_modem_warning_prop +set_prop(em_hidl, vendor_mtk_modem_warning_prop) # Date : 2018/07/06 # Operation : EM DEBUG -# Purpose: EM allow usb vendor_em_usb_prop -set_prop(em_hidl, vendor_em_usb_prop) +# Purpose: EM allow usb vendor_mtk_em_usb_prop +set_prop(em_hidl, vendor_mtk_em_usb_prop) # Date : 2018/07/06 # Operation : EM DEBUG # Purpose: for setting usb otg enable property -set_prop(em_hidl, vendor_usb_otg_switch) +set_prop(em_hidl, vendor_mtk_usb_otg_switch_prop) # Data : 2018/07/06 # Purpose : EM MCF read nvdata dir and file @@ -105,28 +105,30 @@ allow em_hidl nvcfg_file:file r_file_perms; # Data : 2018/07/06 # Purpose : EM MCF search vendor dir allow em_hidl mnt_vendor_file:dir search; -allow em_hidl vendor_default_prop:file read; +# GOOGLE: Commented out for b/169606103 +#get_prop(em_hidl, vendor_default_prop) # Data : 2018/08/10 # Purpose : EM BT usage allow em_hidl stpbt_device:chr_file { read write open }; allow em_hidl sysfs_boot_mode:file { read open }; allow em_hidl ttyGS_device:chr_file { read write ioctl open }; -allow em_hidl vendor_usb_prop:file { read getattr open }; -set_prop(em_hidl, vendor_usb_prop) +get_prop(em_hidl, vendor_mtk_usb_prop) +set_prop(em_hidl, vendor_mtk_usb_prop) allow em_hidl nvdata_file:file r_file_perms; allow em_hidl nvdata_file:dir search; # Date : 2018/08/28 # Operation : EM DEBUG # Purpose: for em set hidl configure -set_prop(em_hidl, mtk_em_hidl_prop) +set_prop(em_hidl, vendor_mtk_em_hidl_prop) # Date : 2019/08/22 # Operation : EM AAL # Purpose: for em set aal property -set_prop(em_hidl, mtk_pq_prop) +set_prop(em_hidl, vendor_mtk_pq_prop) + # Date : 2019/09/10 # Operation : EM wcn coredump # Purpose: for em set wcn coredump property -set_prop(em_hidl, coredump_prop) +set_prop(em_hidl, vendor_mtk_coredump_prop) diff --git a/non_plat/em_svr.te b/non_plat/em_svr.te index 5c00360..29192a9 100644 --- a/non_plat/em_svr.te +++ b/non_plat/em_svr.te @@ -1,9 +1,4 @@ # Date: WK1812 -# Purpose: add for sensor calibration -allow em_svr als_ps_device:chr_file { read open ioctl }; -allow em_svr gsensor_device:chr_file { read open ioctl }; - -# Date: WK1812 # Purpose: add for MD log filter allow em_svr md_block_device:blk_file { read open }; @@ -11,67 +6,3 @@ allow em_svr md_block_device:blk_file { read open }; # Purpose: add for SIB capture allow em_svr para_block_device:blk_file { read open write}; allow em_svr proc_lk_env:file { read write ioctl open }; - -# Date: WK1812 -# Purpose: add for MSDC get/set -allow em_svr misc_sd_device:chr_file { read open ioctl }; - -# Date: WK1812 -# Purpose: add for battery log -allow em_svr proc_battery_cmd:dir { search }; -allow em_svr proc_battery_cmd:file { create write open }; - -# Date: WK1812 -# Purpose: add for light/proximity sensor -allow em_svr nvram_device:blk_file { open read write }; - -# Date: WK1812 -# Purpose: add for Gyroscope sensor -allow em_svr gyroscope_device:chr_file { read ioctl open }; - -# Date : 2018/06/15 -# Purpose : Allow EM access touchscreen settings -allow em_svr sysfs_tpd_debug:dir { search }; -allow em_svr sysfs_tpd_setting:dir { search }; -allow em_svr sysfs_tpd_debug:file { rw_file_perms }; -allow em_svr sysfs_tpd_setting:file { rw_file_perms }; - -# Date : 2018/06/15 -# Purpose : EM FreqHopping setting -allow em_svr proc_freqhop:file { open read write }; - -# Date : 2018/06/15 -# Purpose : EM flash reading -allow em_svr proc_flash:file { open read }; -allow em_svr proc_partition:file { open read }; - -# Date : 2018/06/15 -# Purpose : EM Power PMU reading/setting -allow em_svr sysfs_pmu:dir { search }; -allow em_svr sysfs_pmu:file { rw_file_perms }; -allow em_svr sysfs_pmu:lnk_file { read }; - -# Date : 2018/06/15 -# Purpose : EM Power debug_log setting -allow em_svr sysfs_spm:dir { search }; -allow em_svr sysfs_spm:file { open read write }; - -# Date: 2019/04/09 -# Purpose: battery temprature setting -allow em_svr sysfs_battery_temp:file w_file_perms; -allow em_svr sysfs_battery_consumption:file r_file_perms; -allow em_svr sysfs_power_on_vol:file r_file_perms; -allow em_svr sysfs_power_off_vol:file r_file_perms; -allow em_svr sysfs_fg_disable:file w_file_perms; -allow em_svr sysfs_dis_nafg:file w_file_perms; - - - -# Date : 2018/10/12 -# Purpose : EM Power PMU register reading/setting -allow em_svr debugfs_regmap:dir { search }; -allow em_svr debugfs_regmap:file { rw_file_perms }; - -# Date:2019/04/15 -# Purpose: EM Power -allow em_svr toolbox_exec:file { map }; diff --git a/non_plat/emdlogger.te b/non_plat/emdlogger.te index 58cc8ca..dcb0301 100644 --- a/non_plat/emdlogger.te +++ b/non_plat/emdlogger.te @@ -1,8 +1,3 @@ -#allow emdlogger to set property -#allow emdlogger debug_prop:property_service set; -#allow emdlogger persist_mtklog_prop:property_service set; -#allow emdlogger system_radio_prop:property_service set; - # ccci device for internal modem allow emdlogger ccci_device:chr_file { rw_file_perms }; @@ -94,7 +89,7 @@ allow emdlogger self:capability { chown }; # purpose: allow emdlogger to access persist.meta.connecttype -get_prop(emdlogger, meta_connecttype_prop); +get_prop(emdlogger, vendor_mtk_meta_connecttype_prop) # purpose: allow emdlogger to create socket allow emdlogger port:tcp_socket { name_connect name_bind }; @@ -103,19 +98,9 @@ allow emdlogger emdlogger:tcp_socket { bind setopt listen accept read write }; allow emdlogger node:tcp_socket node_bind; # Android P migration -set_prop(emdlogger, persist_mtklog_prop) -set_prop(emdlogger, vendor_mdl_prop) -set_prop(emdlogger, vendor_mdl_start_prop) -set_prop(emdlogger, debug_mdlogger_prop) -get_prop(emdlogger, vendor_usb_prop) -set_prop(emdlogger, persist_mdlog_prop) -set_prop(emdlogger, vendor_mdl_pulllog_prop) -set_prop(emdlogger, exported_system_radio_prop) -set_prop(emdlogger, debug_prop) -set_prop(emdlogger, system_radio_prop) +get_prop(emdlogger, vendor_mtk_usb_prop) allow emdlogger vendor_configs_file:file map; -allow emdlogger vendor_default_prop:file map; # Date : WK19.12 # Operation: add permission to catch logs @@ -124,3 +109,5 @@ allow emdlogger kernel:system syslog_read; allow emdlogger logcat_exec:file {rx_file_perms}; allow emdlogger logdr_socket:sock_file write; +# Add permission to access new bootmode file +allow emdlogger sysfs_boot_info:file r_file_perms; diff --git a/non_plat/ephemeral_app.te b/non_plat/ephemeral_app.te new file mode 100644 index 0000000..01dfe9e --- /dev/null +++ b/non_plat/ephemeral_app.te @@ -0,0 +1,12 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +# Date: 2020/06/08 +# Purpose: Allow ephemeral app to access mtk jpeg +allow ephemeral_app proc_mtk_jpeg:file rw_file_perms; +allowxperm ephemeral_app proc_mtk_jpeg:file ioctl { + JPG_BRIDGE_DEC_IO_LOCK + JPG_BRIDGE_DEC_IO_WAIT + JPG_BRIDGE_DEC_IO_UNLOCK +}; diff --git a/non_plat/factory.te b/non_plat/factory.te index 6ec8325..2fcb77d 100644 --- a/non_plat/factory.te +++ b/non_plat/factory.te @@ -26,8 +26,8 @@ allow factory ccci_device:chr_file rw_file_perms; allow factory gsm0710muxd_device:chr_file rw_file_perms; #Purpose: file system requirement -allow factory debugfs_usb:file rw_file_perms; -allow factory debugfs_usb:dir search; +allow factory debugfs_usb_nonplat:file rw_file_perms; +allow factory debugfs_usb_nonplat:dir search; allow factory devpts:chr_file rw_file_perms; allow factory vfat:dir w_dir_perms; allow factory labeledfs:filesystem unmount; @@ -46,6 +46,8 @@ allow factory ttyGS_device:chr_file rw_file_perms; # Purpose: OTG allow factory usb_device:chr_file rw_file_perms; allow factory usb_device:dir r_dir_perms; +allow factory sysfs_usb_nonplat:file r_file_perms; +allow factory sysfs_usb_nonplat:dir r_dir_perms; # Date: WK15.01 # Purpose : OTG Mount @@ -73,7 +75,7 @@ allow factory storage_file:dir { write create add_name search mounton }; # Date: WK15.44 # Purpose: factory idle current status -allow factory vendor_factory_idle_state_prop:property_service set; +set_prop(factory, vendor_mtk_factory_idle_state_prop) # Date: WK15.46 # Purpose: gps factory mode @@ -105,6 +107,7 @@ allow factory nvdata_device:blk_file rw_file_perms; #Date: WK16.12 #Purpose: For sensor test +allow factory hf_manager_device:chr_file rw_file_perms; allow factory als_ps_device:chr_file r_file_perms; allow factory barometer_device:chr_file r_file_perms; allow factory gsensor_device:chr_file r_file_perms; @@ -117,17 +120,18 @@ allow factory kd_camera_flashlight_device:chr_file rw_file_perms; allow factory kd_camera_hw_device:chr_file rw_file_perms; allow factory seninf_device:chr_file rw_file_perms; allow factory CAM_CAL_DRV_device:chr_file rw_file_perms; +allow factory camera_eeprom_device:chr_file rw_file_perms; #Purpose: For reboot the target -allow factory powerctl_prop:property_service set; +set_prop(factory, powerctl_prop) #Purpose: For memory card test allow factory misc_sd_device:chr_file r_file_perms; allow factory mmcblk1_block_device:blk_file rw_file_perms; allow factory bootdevice_block_device:blk_file rw_file_perms; -allow factory mmcblk1p1_block_device:blk_file rw_file_perms; +allow factory sdcard_block_device:blk_file rw_file_perms; allow factory block_device:dir w_dir_perms; -allowxperm factory mmcblk1_block_device:blk_file ioctl BLKGETSIZE; +allowxperm factory sdcard_block_device:blk_file ioctl BLKGETSIZE; allowxperm factory bootdevice_block_device:blk_file ioctl BLKGETSIZE; #Purpose: For EMMC test @@ -156,9 +160,6 @@ allow factory wmtWifi_device:chr_file rw_file_perms; #Purpose: For rtc test allow factory rtc_device:chr_file rw_file_perms; -#Purpose: For nfc test -allow factory mt6605_device:chr_file rwx_file_perms; - #Purpose: For gps test allow factory mnld_device:chr_file rw_file_perms; allow factory mnld_exec:file rx_file_perms; @@ -178,7 +179,10 @@ allow factory ccu_device:chr_file rw_file_perms; allow factory vpu_device:chr_file rw_file_perms; allow factory MAINAF_device:chr_file rw_file_perms; allow factory MAIN2AF_device:chr_file rw_file_perms; +allow factory MAIN3AF_device:chr_file rw_file_perms; +allow factory MAIN4AF_device:chr_file rw_file_perms; allow factory SUBAF_device:chr_file rw_file_perms; +allow factory SUB2AF_device:chr_file rw_file_perms; allow factory FM50AF_device:chr_file rw_file_perms; allow factory AD5820AF_device:chr_file rw_file_perms; allow factory DW9714AF_device:chr_file rw_file_perms; @@ -197,9 +201,16 @@ allow factory camera_fdvt_device:chr_file rw_file_perms; allow factory camera_wpe_device:chr_file rw_file_perms; allow factory camera_owe_device:chr_file rw_file_perms; allow factory camera_mfb_device:chr_file rw_file_perms; -allow factory mtk_hal_power_hwservice:hwservice_manager find; -allow factory mtk_hal_power:binder call; -get_prop(factory,mediatek_prop); +hal_client_domain(factory, hal_power) +get_prop(factory, vendor_mtk_mediatek_prop) +# Date: 2020/07/20 +# Operation : For M4U security +allow factory proc_m4u:file r_file_perms; +allowxperm factory proc_m4u:file ioctl { + MTK_M4U_T_SEC_INIT + MTK_M4U_T_CONFIG_PORT +}; + #Purpose: For FM test and headset test allow factory accdet_device:chr_file r_file_perms; allow factory fm_device:chr_file rw_file_perms; @@ -207,7 +218,7 @@ allow factory fm_device:chr_file rw_file_perms; #Purpose: For audio test allow factory audio_device:chr_file rw_file_perms; allow factory audio_device:dir w_dir_perms; -allow factory audiohal_prop:property_service set; +set_prop(factory, vendor_mtk_audiohal_prop) allow factory audio_ipi_device:chr_file { read write ioctl open }; allow factory audio_scp_device:chr_file r_file_perms; @@ -237,12 +248,12 @@ not_full_treble(` # Date: WK16.31 #Purpose: For gps test -allow factory mnld_prop:property_service set; +set_prop(factory, vendor_mtk_mnld_prop) # Date: WK16.33 #Purpose: for unmount sdcardfs and stop services which are using data partition allow factory sdcard_type:filesystem unmount; -allow factory ctl_default_prop:property_service set; +set_prop(factory, ctl_default_prop) # Date : WK16.35 # Operation : Migration @@ -252,7 +263,7 @@ allow factory flashlight_device:chr_file rw_file_perms; # Date: WK15.25 #Purpose: for unmount sdcardfs and stop services which are using data partition -allow factory ctl_emdlogger1_prop:property_service set; +set_prop(factory, system_mtk_ctl_emdlogger1_prop) # Date: WK17.07 # Purpose: Clear bootdevice (eMMC/UFS) may need to unmount tmpfs allow factory tmpfs:filesystem unmount; @@ -270,20 +281,21 @@ allow factory debugfs_ion:dir search; # Date: WK17.27 # Purpose: STMicro NFC solution integration allow factory st21nfc_device:chr_file { open read getattr write ioctl }; -set_prop(factory,hwservicemanager_prop); +set_prop(factory, hwservicemanager_prop) hwbinder_use(factory); hal_client_domain(factory, hal_nfc); # Date : WK17.32 # Operation : O Migration # Purpose: Allow to access cmdq driver -allow factory mtk_cmdq_device:chr_file { read ioctl open }; -allow factory mtk_mdp_device:chr_file rw_file_perms; -allow factory sw_sync_device:chr_file rw_file_perms; +allow factory mtk_cmdq_device:chr_file r_file_perms; +allow factory mtk_mdp_device:chr_file r_file_perms; +allow factory mtk_mdp_sync:chr_file r_file_perms; +allow factory sw_sync_device:chr_file r_file_perms; # Date: WK1733 # Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode -set_prop(factory,ctl_ccci_fsd_prop); +set_prop(factory, vendor_mtk_ctl_ccci_fsd_prop) # Date : WK17.38 # Operation : O Migration @@ -301,8 +313,6 @@ allow factory sysfs_uart_info:file rw_file_perms; # from private -allow factory property_socket:sock_file write; -allow factory init:unix_stream_socket connectto; allow factory kernel:system module_request; allow factory node:tcp_socket node_bind; allow factory userdata_block_device:blk_file rw_file_perms; @@ -333,7 +343,6 @@ allow factory sysfs_vibrator:dir search; # For Audio device permission allow factory proc_asound:dir { read search open }; allow factory proc_asound:file { read open getattr write }; -allow factory audiohal_prop:property_service set; # For Accdet data permission allow factory sysfs_headset:file { read open }; @@ -342,6 +351,9 @@ allow factory sysfs_headset:file { read open }; allow factory sysfs_tpd_setting:dir search; allow factory sysfs_tpd_setting:file { read getattr open }; +# For fingerprinto test +allow factory sysfs_gf_spi_tee:dir search; +allow factory sysfs_gf_spi_tee:file r_file_perms; # Date : WK18.23 # Operation: P migration # Purpose : Allow factory to unmount partition, stop service, and then erase partition @@ -385,12 +397,12 @@ allow factory vendor_nfc_socket:dir { write add_name remove_name search }; allow factory vendor_nfc_socket:sock_file { create write unlink setattr }; # Allow to get AOSP property persist.radio.multisim.config -get_prop(factory, exported3_radio_prop) +get_prop(factory, radio_control_prop) # Date : WK19.38 # Operation : Q Migration # Purpose: Allow clear eMMC -set_prop(factory, ctl_mdlogger_prop); +set_prop(factory, system_mtk_ctl_mdlogger_prop) # Date : WK19.41 # Operation : Q Migration @@ -399,3 +411,28 @@ allow factory sysfs_rt_param:file rw_file_perms; allow factory sysfs_rt_calib:file rw_file_perms; allow factory sysfs_rt_param:dir r_dir_perms; allow factory sysfs_rt_calib:dir r_dir_perms; + +# Date : WK20.13 +# Operation: R migration +# Contains lib to visit file permission +allow factory ashmem_libcutils_device:chr_file execute; + +# Date : WK20.13 +# Operation: R migration +# Purpose : Add permission for new device node. +allow factory sysfs_boot_info:file r_file_perms; +allow factory proc_bootprof:file getattr; +allow factory sysfs_meta_info:file r_file_perms; + +# Date : WK20.17 +# Operation: R migration +# Purpose : Add permission for acess vendor_de. +allow factory factory_vendor_file:file {create_file_perms}; +allow factory factory_vendor_file:dir { w_dir_perms }; + +# Date : WK20.20 +# Operation: R migration +# Purpose : Add permission for health HAL and vbus +hal_client_domain(factory, hal_health); +allow factory sysfs_vbus:file r_file_perms; +allow factory sysfs_chg2_present:file r_file_perms; diff --git a/non_plat/file.te b/non_plat/file.te index 62bdd7e..9699e92 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -59,7 +59,6 @@ type proc_mtk_jpeg, fs_type, proc_type; type proc_perfmgr, fs_type, proc_type; type proc_wmtdbg, fs_type, proc_type; type proc_zraminfo, fs_type, proc_type; -type proc_cpu_alignment, fs_type, proc_type; type proc_gpulog, fs_type, proc_type; type proc_sched_debug, fs_type, proc_type; type proc_chip, fs_type, proc_type; @@ -67,11 +66,11 @@ type proc_atf_log, fs_type, proc_type; type proc_gz_log, fs_type, proc_type; type proc_last_kmsg, fs_type, proc_type; type proc_bootprof, fs_type, proc_type; +type proc_mtprintk, fs_type, proc_type; type proc_pl_lk, fs_type, proc_type; type proc_msdc_debug, fs_type, proc_type; type proc_ufs_debug, fs_type, proc_type; type proc_pidmap, fs_type, proc_type; -#type proc_kpageflags, fs_type, proc_type; type proc_slabtrace, fs_type, proc_type; type proc_cmdq_debug, fs_type, proc_type; type proc_isp_p2, fs_type, proc_type; @@ -80,6 +79,8 @@ type proc_isp_p2_dump, fs_type, proc_type; type proc_isp_p2_kedump, fs_type, proc_type; type proc_memory_usage, fs_type, proc_type; type proc_mtk_es_reg_dump, fs_type, proc_type; +type proc_ccci_dump, fs_type, proc_type; +type proc_log_much, fs_type, proc_type; type sysfs_execstate, fs_type, sysfs_type; type sysfs_therm, fs_type, sysfs_type; type sysfs_fps, fs_type, sysfs_type; @@ -117,6 +118,23 @@ type mediaserver_data_file, file_type, data_file_type; type mediacodec_data_file, file_type, data_file_type; type connsyslog_data_vendor_file, file_type, data_file_type; +# AAO +type data_vendor_aao_file, file_type, data_file_type; +type data_vendor_aaoHwBuf_file, file_type, data_file_type; +type data_vendor_AAObitTrue_file, file_type, data_file_type; + +# Flash +type data_vendor_flash_file, file_type, data_file_type; + +# Flicker +type data_vendor_flicker_file, file_type, data_file_type; + +# AFO +type data_vendor_afo_file, file_type, data_file_type; + +# PDO +type data_vendor_pdo_file, file_type, data_file_type; + #mobilelog data/misc/mblog type logmisc_data_file, file_type, data_file_type, core_data_file_type; @@ -145,6 +163,8 @@ type c2k_file, file_type, data_file_type; #For sensor type sensor_data_file, file_type, data_file_type; type stp_dump_data_file, file_type, data_file_type; +type wifi_dump_data_file, file_type, data_file_type; +type bt_dump_data_file, file_type, data_file_type; type sysfs_keypad_file, fs_type, sysfs_type; type rild_via_socket, file_type; type rpc_socket, file_type; @@ -183,9 +203,6 @@ type fuseblk,sdcard_type,fs_type,mlstrustedobject; # for mt-ramdump reset type proc_mrdump_rst, fs_type, proc_type; -# battery_cmd file -type proc_battery_cmd, fs_type, proc_type; - # binder debugfs file type debugfs_binder, fs_type, debugfs_type; @@ -196,7 +213,7 @@ type debugfs_blockio, fs_type, debugfs_type; type debugfs_fuseio, fs_type, debugfs_type; # usb debugfs file -type debugfs_usb, fs_type, debugfs_type; +type debugfs_usb_nonplat, fs_type, debugfs_type; # display debugfs file type debugfs_fb, fs_type, debugfs_type; @@ -204,9 +221,6 @@ type debugfs_fb, fs_type, debugfs_type; # cpuhvfs debugfs file type debugfs_cpuhvfs, fs_type, debugfs_type; -#for engineermode Usb PHY Tuning -type debugfs_usb20_phy, fs_type, debugfs_type; - # dynamic_debug debugfs file type debugfs_dynamic_debug, fs_type, debugfs_type; @@ -238,12 +252,25 @@ type debugfs_vpu_memory, fs_type, debugfs_type; # mdla debugfs file type debugfs_mdla_power, fs_type, debugfs_type; +# apusys_midware debugfs file +type debugfs_apusys_midware_queue_vpu, fs_type, debugfs_type; +type debugfs_apusys_midware_queue_mdla, fs_type, debugfs_type; +type debugfs_apusys_midware_register_all, fs_type, debugfs_type; +type debugfs_apusys_mnoc_sta_dump, fs_type, debugfs_type; +type debugfs_apusys_mdla_memory, fs_type, debugfs_type; +type debugfs_apusys_power, fs_type, debugfs_type; +type debugfs_apusys_debug_log, fs_type, debugfs_type; +type debugfs_apusys_midware_mem, fs_type, debugfs_type; + # memtrack debugfs file type debugfs_gpu_mali_midgard, fs_type, debugfs_type; type debugfs_gpu_mali_utgard, fs_type, debugfs_type; type debugfs_gpu_img, fs_type, debugfs_type; type debugfs_ion, fs_type, debugfs_type; +# memtrack procfs file +type procfs_gpu_img, fs_type, proc_type; + # /sys/kernel/debug/ion/ion_mm_heap type debugfs_ion_mm_heap, fs_type, debugfs_type; @@ -290,46 +317,25 @@ type consyslog_data_file, file_type, data_file_type, core_data_file_type; # Purpose : for meta to get com port type and uart port info type sysfs_comport_type, fs_type, sysfs_type; type sysfs_uart_info, fs_type, sysfs_type; -type sysfs_usb_cmode, fs_type, sysfs_type; +type sysfs_usb_nonplat, fs_type, sysfs_type; # Date : WK1820 -# Purpose : for charger to access vbus info and pump_express -type sysfs_vbus, fs_type, sysfs_type; +# Purpose : for charger to access pump_express type sysfs_pump_express, fs_type, sysfs_type; +type sysfs_chg2_present, fs_type, sysfs_type; # Widevine move data/mediadrm folder from system to vendor type mediadrm_vendor_data_file, file_type, data_file_type; -# mtk usb hal -type sysfs_dual_role_usb20, fs_type, sysfs_type; - # lbs debug file #type lbs_dbg_data_file, file_type, data_file_type, core_data_file_type; # Touch parameters file type sysfs_tpd_setting, fs_type, sysfs_type; -type sysfs_tpd_debug, fs_type, sysfs_type; - -# Date : 2018/06/11 -# Purpose : mtk EM FreqHopping setting -type proc_freqhop, fs_type, proc_type; -# Date : 2018/06/11 -# Purpose : mtk EM flash reading -type proc_flash, fs_type, proc_type; -type proc_partition, fs_type, proc_type; - -# Date : 2018/06/11 -# Purpose : mtk EM PMU reading/setting -type sysfs_pmu, fs_type, sysfs_type; - -# Date : 2018/06/11 -# Purpose : mtk EM Power debug_log setting -type sysfs_spm, fs_type, sysfs_type; - -# Date : 2018/06/11 -# Purpose : mtk EM Audio headset detect -type sysfs_headset, fs_type, sysfs_type; +# Date : 2019/09/17 +# Purpose : mtk factory fingerprint settings +type sysfs_gf_spi_tee, fs_type, sysfs_type; # socket between atci_service and audio-daemon type atci-audio_socket, file_type; @@ -343,28 +349,12 @@ type rilproxy_atci_socket, file_type; type atci_service_socket, file_type; type adb_atci_socket, file_type; -# EM Power PMU register reading/setting -type debugfs_regmap, fs_type, debugfs_type; - -# Date : 2018/11/01 -# Purpose : mtk EM c2k bypass read usb file -type sys_usb_rawbulk, fs_type, sysfs_type; - # Backlight brightness file type sysfs_leds_setting, fs_type, sysfs_type; # Vibrator vibrate file type sysfs_vibrator_setting, fs_type, sysfs_type; -# Date : 2019/04/09 -# Purpose: mtk EM battery settings -type sysfs_battery_temp, fs_type, sysfs_type; -type sysfs_battery_consumption, fs_type, sysfs_type; -type sysfs_power_on_vol, fs_type, sysfs_type; -type sysfs_power_off_vol, fs_type, sysfs_type; -type sysfs_fg_disable, fs_type, sysfs_type; -type sysfs_dis_nafg, fs_type, sysfs_type; - # drm key manager type provision_file, file_type, data_file_type; type key_install_data_file, file_type, data_file_type; @@ -409,12 +399,31 @@ type proc_fliperfs, fs_type, proc_type; type sysfs_ged, fs_type, sysfs_type; type sysfs_fbt_cpu, fs_type, sysfs_type; type sysfs_fbt_fteh, fs_type, sysfs_type; +type sysfs_fpsgo, fs_type, sysfs_type; +type sysfs_xgf, fs_type, sysfs_type; +type sysfs_gbe, fs_type, sysfs_type; # Date : 2019/09/17 # Purpose: Allow powerhal to control cache audit type sysfs_ca_drv, fs_type, sysfs_type; type sysfs_pftch_qos, fs_type, sysfs_type; +# Date : 2019/09/19 +# Purpose: Allow powerhal to trigger task-turbo +type sysfs_task_turbo, fs_type, sysfs_type; + +# Date : 2019/09/23 +# Purpose: Define change_rate fs_type +type sysfs_change_rate, fs_type, sysfs_type; + +# Date : 2019/10/16 +# Purpose: Define sysfs_ext4_disable_barrier fs_type +type sysfs_ext4_disable_barrier, fs_type, sysfs_type; + +# Date : 2019/11/14 +# Purpose: Allow powerhal to control MCDI +type proc_cpuidle, fs_type, proc_type; + # Date : WK19.38 # Purpose: Android Migration for video codec driver type sysfs_device_tree_model, fs_type, sysfs_type; @@ -432,21 +441,84 @@ type sysfs_pages_volatile, fs_type, sysfs_type; # Date : 2019/10/22 # Purpose : allow aee_aedv write /sys/module/mrdump/parameters/lbaooo -type sysfs_mrdump_lbaooo, fs_type, sysfs_type; +type sysfs_mrdump, fs_type, sysfs_type; +type sysfs_memory, fs_type, sysfs_type; # Date : 2019/10/25 # Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0 # to access /proc/device-tree/chosen/atag,chipid or /sysfs/firmware/devicetree/base/chosen/atag,chipid type sysfs_chipid, fs_type, sysfs_type; + +# Date : 2019/12/10 +# Purpose: Allow bt process or tool to control bt_dbg +type proc_btdbg, fs_type, proc_type; + # Date : 2019/12/12 # Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/* type sysfs_concurrency_scenario, fs_type, sysfs_type; type proc_wmt_aee, fs_type, proc_type; +# Date : 2019/12/19 +# Purpose : Allow ccci_fsd read /vendor/etc/md +type vendor_etc_md_file, vendor_file_type, file_type; + +# Date : 2019/12/23 +# Purpose : Allow ccci_fsd read /data/vendor_de/md +type data_vendor_de_md_file, data_file_type, file_type; + # Date : WK20.07 # Operation: R migration # Purpose : Add permission for new device node. type sysfs_meta_info, fs_type, sysfs_type; +type proc_aed, fs_type, proc_type; + +# Date : 2020/01/16 +# Purpose: Allow mtk_hal_neuralnetworks to read chip id and segment code +type proc_devinfo, fs_type, proc_type; + +# Date : 2019/04/23 +# Operation: R migration +# Purpose : Add permission for acess vendor_de. +type factory_vendor_file, file_type, data_file_type; + +type debugfs_apusys_power_fail_log, fs_type, debugfs_type; + +type sysfs_cache_status, fs_type, sysfs_type; + +# Date : 2020/06/12 +# Purpose: define sysfs_mali_power_policy fs_type +type sysfs_mali_power_policy, fs_type, sysfs_type; + +# Date : 2020/06/12 +# Operation: R migration +# Purpose: Allow powerhal to control displowpower +type proc_displowpower, fs_type, proc_type; + +# Date : 2020/06/29 +# Operation: R migration +# Purpose: Add permission for access /proc/ion/* +type proc_ion, fs_type, proc_type; + +# Date : 2020/07/01 +# Operation: R migration +# Purpose: Add permission for access /proc/m4u_dbg/* +type proc_m4u_dbg, fs_type, proc_type; + +# Date : 20120/07/02 +# Purpose: define sysfs_mtk_nanohub_state fs_type +type sysfs_mtk_nanohub_state, fs_type, sysfs_type; + +type proc_mtkfb, fs_type, proc_type; + +# Date : 2020/07/08 +# Purpose: add permission for /proc/sys/vm/swappiness +type proc_swappiness, fs_type, proc_type; + +type debugfs_cmdq, fs_type, debugfs_type; + +# Date : 20120/07/13 +# Purpose: define sysfs_dvfsrc_dbg fs_type +type sysfs_dvfsrc_dbg, fs_type, sysfs_type; diff --git a/non_plat/file_contexts b/non_plat/file_contexts index 051b949..8ea10bf 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -14,6 +14,12 @@ (/vendor)?/custom(/.*)? u:object_r:custom_file:s0 /dev/socket/netd u:object_r:netd_socket:s0 +################################### +# ccci_fsd access vendor/etc/md file +/vendor/etc/md(/.*)? u:object_r:vendor_etc_md_file:s0 + +# ccci_fsd access /data/vendor_de/md file +/data/vendor_de/md(/.*)? u:object_r:data_vendor_de_md_file:s0 ############################# # Data files @@ -26,6 +32,7 @@ #/data/mnl_flp(/.*)? u:object_r:mnld_data_file:s0 #/data/mnl_gfc(/.*)? u:object_r:mnld_data_file:s0 /data/vendor/gps(/.*)? u:object_r:gps_data_file:s0 +/data/vendor/log/gps(/.*)? u:object_r:gps_data_file:s0 /data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0 /data/vendor/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0 /data/vendor/mdlpm(/.*)? u:object_r:ccci_data_md1_file:s0 @@ -61,7 +68,6 @@ #/data/setkey_latest.conf u:object_r:ims_ipsec_data_file:s0 /data/vendor/audiohal(/.*)? u:object_r:mtk_audiohal_data_file:s0 /data/vendor/powerhal(/.*)? u:object_r:mtk_powerhal_data_file:s0 -#/data/vendor/nfc(/.*)? u:object_r:nfc_data_file:s0 /data/connsyslog(/.*)? u:object_r:consyslog_data_file:s0 /data/vendor/stp_dump(/.*)? u:object_r:stp_dump_data_file:s0 /data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 @@ -86,6 +92,23 @@ /mnt/vendor/nvdata(/.*)? u:object_r:nvdata_file:s0 /mnt/vendor/nvcfg(/.*)? u:object_r:nvcfg_file:s0 +# AAO +/data/vendor/aao(/.*)? u:object_r:data_vendor_aao_file:s0 +/data/vendor/aaoHwBuf(/.*)? u:object_r:data_vendor_aaoHwBuf_file:s0 +/data/vendor/AAObitTrue(/.*)? u:object_r:data_vendor_AAObitTrue_file:s0 + +# Flash +/data/vendor/flash(/.*)? u:object_r:data_vendor_flash_file:s0 + +# Flicker +/data/vendor/flicker(/.*)? u:object_r:data_vendor_flicker_file:s0 + +# AFO +/data/vendor/AFObitTrue(/.*)? u:object_r:data_vendor_afo_file:s0 + +# PDO +/data/vendor/pdo(/.*)? u:object_r:data_vendor_pdo_file:s0 + # protected data file /mnt/vendor/protect_f(/.*)? u:object_r:protect_f_data_file:s0 /mnt/vendor/protect_s(/.*)? u:object_r:protect_s_data_file:s0 @@ -104,7 +127,7 @@ /dev/ampc0(/.*)? u:object_r:ampc0_device:s0 /dev/android(/.*)? u:object_r:android_device:s0 /dev/block/zram0 u:object_r:swap_block_device:s0 -/dev/block/platform/bootdevice/by-name/otp u:object_r:otp_part_block_device:s0 +/dev/block/by-name/otp u:object_r:otp_part_block_device:s0 /dev/bmtpool(/.*)? u:object_r:bmtpool_device:s0 /dev/bootimg(/.*)? u:object_r:bootimg_device:s0 /dev/BOOT(/.*)? u:object_r:BOOT_device:s0 @@ -114,11 +137,15 @@ /dev/BU64745GWZAF(/.*)? u:object_r:BU64745GWZAF_device:s0 /dev/MAINAF(/.*)? u:object_r:MAINAF_device:s0 /dev/MAIN2AF(/.*)? u:object_r:MAIN2AF_device:s0 +/dev/MAIN3AF(/.*)? u:object_r:MAIN3AF_device:s0 +/dev/MAIN4AF(/.*)? u:object_r:MAIN4AF_device:s0 /dev/SUBAF(/.*)? u:object_r:SUBAF_device:s0 +/dev/SUB2AF(/.*)? u:object_r:SUB2AF_device:s0 /dev/cache(/.*)? u:object_r:cache_device:s0 /dev/CAM_CAL_DRV(/.*)? u:object_r:CAM_CAL_DRV_device:s0 /dev/CAM_CAL_DRV1(/.*)? u:object_r:CAM_CAL_DRV1_device:s0 /dev/CAM_CAL_DRV2(/.*)? u:object_r:CAM_CAL_DRV2_device:s0 +/dev/camera_eeprom[0-9]+ u:object_r:camera_eeprom_device:s0 /dev/gz_kree(/.*)? u:object_r:gz_device:s0 /dev/camera-fdvt(/.*)? u:object_r:camera_fdvt_device:s0 /dev/camera-isp(/.*)? u:object_r:camera_isp_device:s0 @@ -135,6 +162,7 @@ /dev/ccu(/.*)? u:object_r:ccu_device:s0 /dev/vpu(/.*)? u:object_r:vpu_device:s0 /dev/mdlactl(/.*)? u:object_r:mdla_device:s0 +/dev/apusys(/.*)? u:object_r:apusys_device:s0 /dev/ccci_monitor u:object_r:ccci_monitor_device:s0 /dev/ccci.* u:object_r:ccci_device:s0 /dev/cpu_dma_latency(/.*)? u:object_r:cpu_dma_latency_device:s0 @@ -197,7 +225,6 @@ /dev/MT6516_MM_QUEUE(/.*)? u:object_r:MT6516_MM_QUEUE_device:s0 /dev/MT6516_MP4_DEC(/.*)? u:object_r:MT6516_MP4_DEC_device:s0 /dev/MT6516_MP4_ENC(/.*)? u:object_r:MT6516_MP4_ENC_device:s0 -/dev/mt6605 u:object_r:mt6605_device:s0 /dev/st21nfc u:object_r:st21nfc_device:s0 /dev/st54spi u:object_r:st54spi_device:s0 /dev/mt9p012(/.*)? u:object_r:mt9p012_device:s0 @@ -212,8 +239,9 @@ /dev/mtk_sched(/.*)? u:object_r:mtk_sched_device:s0 /dev/MTK_SMI(/.*)? u:object_r:MTK_SMI_device:s0 /dev/mtk_cmdq(/.*)? u:object_r:mtk_cmdq_device:s0 +/dev/mtk_mdp(/.*)? u:object_r:mtk_mdp_device:s0 /dev/mdp_device(/.*)? u:object_r:mdp_device:s0 -/dev/mdp_sync(/.*)? u:object_r:mtk_mdp_device:s0 +/dev/mdp_sync(/.*)? u:object_r:mtk_mdp_sync:s0 /dev/mtk_rrc(/.*)? u:object_r:mtk_rrc_device:s0 /dev/mtk_dfrc(/.*)? u:object_r:mtk_dfrc_device:s0 /dev/mt-mdp(/.*)? u:object_r:mt_mdp_device:s0 @@ -330,6 +358,7 @@ /dev/gpsdl1 u:object_r:mnld_device:s0 /dev/gpsdl1(/.*)? u:object_r:gpsdl_device:s0 /dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0 +/dev/conninfra_dev(/.*)? u:object_r:conninfra_device:s0 /dev/sw_sync(/.*)? u:object_r:sw_sync_device:s0 /dev/tgt(/.*)? u:object_r:tgt_device:s0 /dev/touch(/.*)? u:object_r:touch_device:s0 @@ -364,6 +393,8 @@ /dev/offloadservice(/.*)? u:object_r:offloadservice_device:s0 /dev/audio_ipi(/.*)? u:object_r:audio_ipi_device:s0 /dev/adsp(/.*)? u:object_r:adsp_device:s0 +/dev/adsp_0(/.*)? u:object_r:adsp_device:s0 +/dev/adsp_1(/.*)? u:object_r:adsp_device:s0 /dev/audio_scp(/.*)? u:object_r:audio_scp_device:s0 /dev/irtx u:object_r:irtx_device:s0 /dev/spm(/.*)? u:object_r:spm_device:s0 @@ -377,6 +408,7 @@ /dev/nebula-ipc-dev0 u:object_r:tee_device:s0 /dev/mbim u:object_r:mbim_device:s0 /dev/alarm(/.*)? u:object_r:alarm_device:s0 +/dev/radio(/.*)? u:object_r:mtk_radio_device:s0 ########################## # Sensor common Devices Start # @@ -389,6 +421,7 @@ /dev/msensor(/.*)? u:object_r:msensor_device:s0 /dev/biometric(/.*)? u:object_r:biometric_device:s0 /dev/sensorlist(/.*)? u:object_r:sensorlist_device:s0 +/dev/hf_manager(/.*)? u:object_r:hf_manager_device:s0 ########################## # Sensor Devices Start # @@ -418,7 +451,7 @@ /dev/block/mmcblk0 u:object_r:bootdevice_block_device:s0 /dev/block/sdc u:object_r:bootdevice_block_device:s0 /dev/block/mmcblk1 u:object_r:mmcblk1_block_device:s0 -/dev/block/mmcblk1p1 u:object_r:mmcblk1p1_block_device:s0 +/dev/block/mmcblk1p1 u:object_r:sdcard_block_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/proinfo u:object_r:nvram_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvram u:object_r:nvram_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvdata u:object_r:nvdata_device:s0 @@ -463,50 +496,52 @@ /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/sspm(_[ab])? u:object_r:sspm_block_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/spmfw(_[ab])? u:object_r:spmfw_block_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/vbmeta(_system|_vendor)?(_[ab])? u:object_r:vbmeta_block_device:s0 - -/dev/block/platform/bootdevice/by-name/proinfo u:object_r:nvram_device:s0 -/dev/block/platform/bootdevice/by-name/nvram u:object_r:nvram_device:s0 -/dev/block/platform/bootdevice/by-name/nvdata u:object_r:nvdata_device:s0 -/dev/block/platform/bootdevice/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/bootdevice/by-name/expdb u:object_r:expdb_block_device:s0 -/dev/block/platform/bootdevice/by-name/misc2 u:object_r:misc2_block_device:s0 -/dev/block/platform/bootdevice/by-name/logo u:object_r:logo_block_device:s0 -/dev/block/platform/bootdevice/by-name/para u:object_r:para_block_device:s0 -/dev/block/platform/bootdevice/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/bootdevice/by-name/seccfg u:object_r:seccfg_block_device:s0 -/dev/block/platform/bootdevice/by-name/secro u:object_r:secro_block_device:s0 -/dev/block/platform/bootdevice/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/bootdevice/by-name/cache u:object_r:cache_block_device:s0 -/dev/block/platform/bootdevice/by-name/recovery u:object_r:recovery_block_device:s0 -/dev/block/platform/bootdevice/by-name/protect1 u:object_r:protect1_block_device:s0 -/dev/block/platform/bootdevice/by-name/protect2 u:object_r:protect2_block_device:s0 -/dev/block/platform/bootdevice/by-name/keystore u:object_r:keystore_block_device:s0 -/dev/block/platform/bootdevice/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/bootdevice/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/bootdevice/by-name/nvcfg u:object_r:nvcfg_block_device:s0 -/dev/block/platform/bootdevice/by-name/sec1 u:object_r:sec1_block_device:s0 -/dev/block/platform/bootdevice/by-name/boot_para u:object_r:boot_para_block_device:s0 -/dev/block/platform/bootdevice/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/bootdevice/by-name/cam_vpu[1-3](_[ab])? u:object_r:cam_vpu_block_device:s0 -/dev/block/platform/bootdevice/by-name/system(_[ab])? u:object_r:system_block_device:s0 -/dev/block/platform/bootdevice/by-name/boot(_[ab])? u:object_r:boot_block_device:s0 -/dev/block/platform/bootdevice/by-name/odm(_[ab])? u:object_r:odm_block_device:s0 -/dev/block/platform/bootdevice/by-name/oem(_[ab])? u:object_r:oem_block_device:s0 -/dev/block/platform/bootdevice/by-name/vendor(_[ab])? u:object_r:vendor_block_device:s0 -/dev/block/platform/bootdevice/by-name/lk(_[ab])? u:object_r:lk_block_device:s0 -/dev/block/platform/bootdevice/by-name/odmdtbo(_[ab])? u:object_r:dtbo_block_device:s0 -/dev/block/platform/bootdevice/by-name/dtbo(_[ab])? u:object_r:dtbo_block_device:s0 -/dev/block/platform/bootdevice/by-name/tee([12]|_[ab]) u:object_r:tee_block_device:s0 -/dev/block/platform/bootdevice/by-name/md1img(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/bootdevice/by-name/md1dsp(_[ab])? u:object_r:dsp_block_device:s0 -/dev/block/platform/bootdevice/by-name/md1arm7(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/bootdevice/by-name/md3img(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/bootdevice/by-name/scp(_[ab])? u:object_r:scp_block_device:s0 -/dev/block/platform/bootdevice/by-name/sspm(_[ab])? u:object_r:sspm_block_device:s0 -/dev/block/platform/bootdevice/by-name/spmfw(_[ab])? u:object_r:spmfw_block_device:s0 -/dev/block/platform/bootdevice/by-name/mcupmfw(_[ab])? u:object_r:mcupmfw_block_device:s0 -/dev/block/platform/bootdevice/by-name/loader_ext(_[ab])? u:object_r:loader_ext_block_device:s0 -/dev/block/platform/bootdevice/by-name/vbmeta(_system|_vendor)?(_[ab])? u:object_r:vbmeta_block_device:s0 +/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/dpm.* u:object_r:dpm_block_device:s0 + +/dev/block/by-name/proinfo u:object_r:nvram_device:s0 +/dev/block/by-name/nvram u:object_r:nvram_device:s0 +/dev/block/by-name/nvdata u:object_r:nvdata_device:s0 +/dev/block/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/by-name/expdb u:object_r:expdb_block_device:s0 +/dev/block/by-name/misc2 u:object_r:misc2_block_device:s0 +/dev/block/by-name/logo u:object_r:logo_block_device:s0 +/dev/block/by-name/para u:object_r:para_block_device:s0 +/dev/block/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/by-name/seccfg u:object_r:seccfg_block_device:s0 +/dev/block/by-name/secro u:object_r:secro_block_device:s0 +/dev/block/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/by-name/protect1 u:object_r:protect1_block_device:s0 +/dev/block/by-name/protect2 u:object_r:protect2_block_device:s0 +/dev/block/by-name/keystore u:object_r:keystore_block_device:s0 +/dev/block/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/by-name/nvcfg u:object_r:nvcfg_block_device:s0 +/dev/block/by-name/sec1 u:object_r:sec1_block_device:s0 +/dev/block/by-name/boot_para u:object_r:boot_para_block_device:s0 +/dev/block/by-name/super u:object_r:super_block_device:s0 +/dev/block/by-name/cam_vpu[1-3](_[ab])? u:object_r:cam_vpu_block_device:s0 +/dev/block/by-name/system(_[ab])? u:object_r:system_block_device:s0 +/dev/block/by-name/boot(_[ab])? u:object_r:boot_block_device:s0 +/dev/block/by-name/odm(_[ab])? u:object_r:odm_block_device:s0 +/dev/block/by-name/oem(_[ab])? u:object_r:oem_block_device:s0 +/dev/block/by-name/vendor(_[ab])? u:object_r:vendor_block_device:s0 +/dev/block/by-name/lk(_[ab])? u:object_r:lk_block_device:s0 +/dev/block/by-name/odmdtbo(_[ab])? u:object_r:dtbo_block_device:s0 +/dev/block/by-name/dtbo(_[ab])? u:object_r:dtbo_block_device:s0 +/dev/block/by-name/tee([12]|_[ab]) u:object_r:tee_block_device:s0 +/dev/block/by-name/md1img(_[ab])? u:object_r:md_block_device:s0 +/dev/block/by-name/md1dsp(_[ab])? u:object_r:dsp_block_device:s0 +/dev/block/by-name/md1arm7(_[ab])? u:object_r:md_block_device:s0 +/dev/block/by-name/md3img(_[ab])? u:object_r:md_block_device:s0 +/dev/block/by-name/scp(_[ab])? u:object_r:scp_block_device:s0 +/dev/block/by-name/sspm(_[ab])? u:object_r:sspm_block_device:s0 +/dev/block/by-name/spmfw(_[ab])? u:object_r:spmfw_block_device:s0 +/dev/block/by-name/mcupmfw(_[ab])? u:object_r:mcupmfw_block_device:s0 +/dev/block/by-name/loader_ext(_[ab])? u:object_r:loader_ext_block_device:s0 +/dev/block/by-name/vbmeta(_system|_vendor)?(_[ab])? u:object_r:vbmeta_block_device:s0 +/dev/block/by-name/dpm.* u:object_r:dpm_block_device:s0 # Key manager /dev/block/platform/soc/[0-9]+\.mmc/by-name/kb u:object_r:kb_block_device:s0 @@ -515,11 +550,16 @@ # W19.23 Q new feature - Userdata Checkpoint /dev/block/by-name/md_udc u:object_r:metadata_block_device:s0 +# W20.29 R migration - ADSP for tablet +/dev/adsp_misc(/.*)? u:object_r:adsp_misc_device:s0 + ############################# # System files # /(system\/vendor|vendor)/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0 /(system\/vendor|vendor)/bin/stp_dump3 u:object_r:stp_dump3_exec:s0 +/(system\/vendor|vendor)/bin/wifi_dump u:object_r:wifi_dump_exec:s0 +/(system\/vendor|vendor)/bin/bt_dump u:object_r:bt_dump_exec:s0 /(system\/vendor|vendor)/bin/wmt_launcher u:object_r:mtk_wmt_launcher_exec:s0 /(system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0 /(system\/vendor|vendor)/bin/fuelgauged u:object_r:fuelgauged_exec:s0 @@ -548,25 +588,34 @@ /(system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0 /(system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0 /(system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0 +/(system\/vendor|vendor)/bin/conninfra_loader u:object_r:conninfra_loader_exec:s0 /(system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0 #/system/bin/connsyslogger u:object_r:connsyslogger_exec:s0 +/(system\/vendor|vendor)/bin/gbe u:object_r:gbe_native_exec:s0 /(system\/vendor|vendor)/bin/biosensord_nvram u:object_r:biosensord_nvram_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-mediatek u:object_r:mtk_hal_bluetooth_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.gnss@2\.0-service-mediatek u:object_r:mtk_hal_gnss_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.gnss@2\.1-service-mediatek u:object_r:mtk_hal_gnss_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.audio@5\.0-service-mediatek u:object_r:mtk_hal_audio_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.audio@6\.0-service-mediatek u:object_r:mtk_hal_audio_exec:s0 /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkpower@1\.0-service u:object_r:mtk_hal_power_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.sensors@1\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.sensors@2\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.sensors@2\.0-service\.multihal-mediatek u:object_r:mtk_hal_sensors_exec:s0 /(system\/vendor|vendor)/bin/hw/rilproxy u:object_r:rild_exec:s0 /(system\/vendor|vendor)/bin/hw/mtkfusionrild u:object_r:rild_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.light@2\.0-service-mediatek u:object_r:mtk_hal_light_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.light@2\.0-service-mediatek-lazy u:object_r:mtk_hal_light_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.lights-service\.example u:object_r:mtk_hal_light_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.lights-service\.mediatek u:object_r:mtk_hal_light_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek u:object_r:hal_vibrator_default_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek-lazy u:object_r:hal_vibrator_default_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator-service\.example u:object_r:hal_vibrator_default_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator-service\.mediatek u:object_r:hal_vibrator_default_exec:s0 /(system\/vendor|vendor)/bin/hw/camerahalserver u:object_r:mtk_hal_camera_exec:s0 /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.imsa@1\.0-service u:object_r:mtk_hal_imsa_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.graphics\.allocator@4\.0-service-mediatek u:object_r:hal_graphics_allocator_default_exec:s0 # Google Trusty system files /(vendor|system\/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0 @@ -574,20 +623,20 @@ #PQ hal /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.pq@2\.2-service u:object_r:mtk_hal_pq_exec:s0 #MMS hal -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.3-service u:object_r:mtk_hal_mms_exec:s0 -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.3-service-lazy u:object_r:mtk_hal_mms_exec:s0 +/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.5-service u:object_r:mtk_hal_mms_exec:s0 # Keymaster Attestation Hal /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.keymaster_attestation@1\.1-service u:object_r:hal_keymaster_attestation_exec:s0 #ST NFC 1.2 hidl service /(system\/vendor|vendor)/bin/hw/android\.hardware\.nfc@1\.2-service-st u:object_r:hal_nfc_default_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service-st54spi u:object_r:st54spi_hal_secure_element_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-st54spi u:object_r:st54spi_hal_secure_element_exec:s0 # MTK Wifi Hal /(system\/vendor|vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-mediatek u:object_r:mtk_hal_wifi_exec:s0 /(system\/vendor|vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-lazy-mediatek u:object_r:mtk_hal_wifi_exec:s0 # MTK USB hal /(system\/vendor|vendor)/bin/hw/android\.hardware\.usb@1\.1-service-mediatek u:object_r:mtk_hal_usb_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.usb@1\.1-service-mediatekv2 u:object_r:mtk_hal_usb_exec:s0 # MTK OMAPI for UICC -/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service-mediatek u:object_r:mtk_hal_secure_element_exec:s0 +/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-mediatek u:object_r:mtk_hal_secure_element_exec:s0 #gpu hal /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.gpu@1\.0-service u:object_r:mtk_hal_gpu_exec:s0 @@ -603,6 +652,7 @@ # same-process HAL files and their dependencies # /vendor/lib(64)?/hw/gralloc\.mt[0-9]+[a-z]*\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/gralloc\.rogue\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.mt[0-9]+\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libIMGegl\.so u:object_r:same_process_hal_file:s0 @@ -610,6 +660,7 @@ /vendor/lib(64)?/libPVRScopeServices\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libsrv_um\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libmpvr\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libPVRMtkutils\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libusc\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libtqvalidate\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libPVROCL\.so u:object_r:same_process_hal_file:s0 @@ -622,14 +673,19 @@ /vendor/lib(64)?/libgralloc_extra\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libgpu_aux\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libgpud\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libgralloc_metadata\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libgralloctypes_mtk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libged\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libion_mtk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libion_ulit\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/mtk_cache\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2\.1\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-mediatek\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/vendor\.mediatek\.hardware\.mms@[0-9]\.[0-9]\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libdpframework\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libpq_cust_base\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/vendor\.mediatek\.hardware\.pq@[0-9]\.[0-9]\.so u:object_r:same_process_hal_file:s0 @@ -667,7 +723,7 @@ /vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0 #MRDUMP -/dev/block/platform/bootdevice/by-name/mrdump(/.*)? u:object_r:mrdump_device:s0 +/dev/block/by-name/mrdump(/.*)? u:object_r:mrdump_device:s0 # Date: 2019/07/16 # hdmi hal @@ -680,6 +736,11 @@ /vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 /vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service-lazy\.clearkey u:object_r:hal_drm_clearkey_exec:s0 +# Date: 2019/09/05 +# Purpose: GiFT related libraries +/vendor/lib(64)?/libDefaultFpsActor.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libNoFpsActor.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libFrameRecord.so u:object_r:same_process_hal_file:s0 # Date : 2019/10/28 # Purpose : move these contexts from plat_private/file_contexts @@ -687,3 +748,13 @@ /(system\/vendor|vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0 /vendor/bin/aeev u:object_r:aee_aedv_exec:s0 + +# Date : 2019/04/23 +# Operation: R migration +# Purpose : Add permission for acess vendor_de. +/data/vendor_de/factory(/.*)? u:object_r:factory_vendor_file:s0 + +# Date: 2020/06/16 +# Operation: R migration +# Purpose: Add permission for boot control lazy HAL +/vendor/bin/hw/android\.hardware\.boot@[0-9]+\.[0-9]+-service-lazy u:object_r:hal_bootctl_default_exec:s0 diff --git a/non_plat/fuelgauged.te b/non_plat/fuelgauged.te index 332043a..4501fb0 100644 --- a/non_plat/fuelgauged.te +++ b/non_plat/fuelgauged.te @@ -56,8 +56,8 @@ allow fuelgauged kernel:system module_request; # Date: W18.03 # Operation : change fuelgagued access from cache to nvcfg # Purpose : add fuelgauged to nvcfg read write permit -allow fuelgauged nvcfg_file:dir { search write open read add_name create getattr}; -allow fuelgauged nvcfg_file:file { read write getattr open create }; +allow fuelgauged nvcfg_file:dir create_dir_perms; +allow fuelgauged nvcfg_file:file create_file_perms; # Date: W18.17 # Operation : add label for /sys/devices/platform/battery(/.*) diff --git a/non_plat/fuelgauged_nvram.te b/non_plat/fuelgauged_nvram.te index 96862d9..1794aba 100644 --- a/non_plat/fuelgauged_nvram.te +++ b/non_plat/fuelgauged_nvram.te @@ -49,8 +49,8 @@ allow fuelgauged_nvram MT_pmic_adc_cali_device:chr_file rw_file_perms; # Operation : change fuelgagued_nvram access from cache to nvcfg # Purpose : add fuelgauged to nvcfg read write permit # need add label -allow fuelgauged_nvram nvcfg_file:dir { search write open read add_name create getattr}; -allow fuelgauged_nvram nvcfg_file:file { read write getattr open create }; +allow fuelgauged_nvram nvcfg_file:dir create_dir_perms; +allow fuelgauged_nvram nvcfg_file:file create_file_perms; # Date: W18.17 # Operation : add label for /sys/devices/platform/battery(/.*) @@ -64,3 +64,6 @@ r_dir_file(fuelgauged_nvram, sysfs_batteryinfo) allow fuelgauged_nvram mnt_vendor_file:dir search; allow fuelgauged_nvram sysfs_boot_mode:file { open read }; + +# Allow ReadDefaultFstab(). +read_fstab(fuelgauged_nvram) diff --git a/non_plat/gbe_native.te b/non_plat/gbe_native.te new file mode 100644 index 0000000..3d15334 --- /dev/null +++ b/non_plat/gbe_native.te @@ -0,0 +1,18 @@ +# ============================================== +# Policy File of /vendor/bin/gbe Executable File + +# ============================================== +# Type Declaration +# ============================================== +type gbe_native_exec, exec_type, file_type, vendor_file_type; +type gbe_native, domain; + +# ============================================== +# MTK Policy Rule +# ============================================== +init_daemon_domain(gbe_native) + +allow gbe_native self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +set_prop(gbe_native, vendor_mtk_gbe_prop) +allow gbe_native sysfs_boot_mode:file r_file_perms; +hal_client_domain(gbe_native, hal_power) diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts index 1d11eb3..f0b0e56 100644 --- a/non_plat/genfs_contexts +++ b/non_plat/genfs_contexts @@ -18,7 +18,6 @@ genfscon proc /lk_env u:object_r:proc_lk_env:s0 genfscon proc /driver/storage_logger u:object_r:proc_slogger:s0 genfscon proc /driver/icusb u:object_r:proc_icusb:s0 genfscon proc /mrdump_rst u:object_r:proc_mrdump_rst:s0 -genfscon proc /mtk_battery_cmd u:object_r:proc_battery_cmd:s0 genfscon proc /mtd u:object_r:proc_mtd:s0 genfscon proc /ged u:object_r:proc_ged:s0 genfscon proc /mtk_jpeg u:object_r:proc_mtk_jpeg:s0 @@ -26,30 +25,22 @@ genfscon proc /perfmgr u:object_r:proc_perfmgr:s0 genfscon proc /driver/wmt_dbg u:object_r:proc_wmtdbg:s0 genfscon proc /zraminfo u:object_r:proc_zraminfo:s0 genfscon proc /gpulog u:object_r:proc_gpulog:s0 -genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0 genfscon proc /sched_debug u:object_r:proc_sched_debug:s0 genfscon proc /chip u:object_r:proc_chip:s0 genfscon proc /atf_log u:object_r:proc_atf_log:s0 genfscon proc /gz_log u:object_r:proc_gz_log:s0 genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0 genfscon proc /bootprof u:object_r:proc_bootprof:s0 +genfscon proc /mtprintk u:object_r:proc_mtprintk:s0 genfscon proc /pl_lk u:object_r:proc_pl_lk:s0 genfscon proc /msdc_debug u:object_r:proc_msdc_debug:s0 genfscon proc /ufs_debug u:object_r:proc_ufs_debug:s0 genfscon proc /pidmap u:object_r:proc_pidmap:s0 -#genfscon proc /kpageflags u:object_r:proc_kpageflags:s0 genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0 genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmdq_debug:s0 +genfscon proc /mtk_cmdq_debug/record u:object_r:proc_cmdq_debug:s0 genfscon proc /cpuhvfs/dbg_repo u:object_r:proc_dbg_repo:s0 -# mtk EM FreqHopping setting -genfscon proc /freqhopping/freqhopping_debug u:object_r:proc_freqhop:s0 -genfscon proc /freqhopping/status u:object_r:proc_freqhop:s0 -genfscon proc /freqhopping/dumpregs u:object_r:proc_freqhop:s0 - -# mtk EM flash reading -genfscon proc /partitions u:object_r:proc_partition:s0 - # Purpose dump not exit file genfscon proc /isp_p2/isp_p2_dump u:object_r:proc_isp_p2_dump:s0 genfscon proc /isp_p2/isp_p2_kedump u:object_r:proc_isp_p2_kedump:s0 @@ -66,6 +57,9 @@ genfscon proc /m4u u:object_r:proc_m4u:s0 genfscon proc /driver/wmt_aee u:object_r:proc_wmt_aee:s0 +genfscon proc /aed u:object_r:proc_aed:s0 +genfscon proc /ccci_dump u:object_r:proc_ccci_dump:s0 +genfscon proc /log_much u:object_r:proc_log_much:s0 ############################# # sysfs files @@ -77,33 +71,36 @@ genfscon sysfs /power/mtkdcs/mode u:object_r:sysfs_dcs:s0 genfscon sysfs /power/mtkpasr/execstate u:object_r:sysfs_execstate:s0 genfscon sysfs /mtk_ssw u:object_r:sysfs_ssw:s0 -# Date : 2018/06/15 -# Purpose : mtk EM Audio headset detect -genfscon sysfs /bus/platform/drivers/Accdet_Driver/state u:object_r:sysfs_headset:s0 genfscon sysfs /bus/platform/drivers/dev_info/dev_info u:object_r:sysfs_devinfo:s0 genfscon sysfs /bus/platform/drivers/meta_com_type_info/meta_com_type_info u:object_r:sysfs_comport_type:s0 genfscon sysfs /bus/platform/drivers/meta_uart_port_info/meta_uart_port_info u:object_r:sysfs_uart_info:s0 genfscon sysfs /devices/platform/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/charger/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0 -genfscon sysfs /devices/platform/battery/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0 genfscon sysfs /devices/platform/charger/Pump_Express u:object_r:sysfs_pump_express:s0 genfscon sysfs /devices/platform/battery/Pump_Express u:object_r:sysfs_pump_express:s0 +genfscon sysfs /devices/platform/charger/power_supply/mtk-slave-charger/present u:object_r:sysfs_chg2_present:s0 genfscon sysfs /devices/platform/mt_charger/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:main_pmic/mt6357-gauge/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/soc/1000d000.pwrap/1000d000.pwrap:main_pmic/mt6359-gauge/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10026000.pwrap/10026000.pwrap:mt6359p/mt6359p-gauge/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/11016000.i2c5/i2c-5/5-0034/mt6370_pmu_charger/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/soc/11016000.i2c5/i2c-5/5-0034/mt6360_pmu_chg.2.auto/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/soc/11e00000.i2c/i2c-7/7-0034/mt6360_chg.1.auto/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:main_pmic/mt6357-charger-type-detection/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/mt-rtc/rtc u:object_r:sysfs_rtc:s0 genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6359-pmic/mt6359-rtc/rtc u:object_r:sysfs_rtc:s0 genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6358-pmic/mt6358-rtc/rtc u:object_r:sysfs_rtc:s0 genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:main_pmic/mt6397-rtc/rtc u:object_r:sysfs_rtc:s0 -genfscon sysfs /devices/platform/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6358-pmic/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6359-pmic/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/mt6333-user u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/mt6311-user u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/mt_usb/musb-hdrc/dual_role_usb u:object_r:sysfs_dual_role_usb20:s0 -genfscon sysfs /devices/platform/mt_usb/musb-hdrc/cmode u:object_r:sysfs_usb_cmode:s0 +genfscon sysfs /devices/platform/soc/1000d000.pwrap/1000d000.pwrap:main_pmic/mt6397-rtc/rtc u:object_r:sysfs_rtc:s0 +genfscon sysfs /devices/platform/10026000.pwrap/10026000.pwrap:mt6359-pmic/mt6359-rtc/rtc u:object_r:sysfs_rtc:s0 +genfscon sysfs /class/typec u:object_r:sysfs_usb_nonplat:s0 +genfscon sysfs /devices/platform/mt_usb/musb-hdrc/dual_role_usb u:object_r:sysfs_usb_nonplat:s0 +genfscon sysfs /devices/platform/mt_usb/musb-hdrc/cmode u:object_r:sysfs_usb_nonplat:s0 +genfscon sysfs /devices/platform/11270000.usb3/musb-hdrc/cmode u:object_r:sysfs_usb_nonplat:s0 +genfscon sysfs /devices/platform/soc/usb0/cmode u:object_r:sysfs_usb_nonplat:s0 +genfscon sysfs /devices/platform/mt_usb/musb-hdrc/usb1 u:object_r:sysfs_usb_nonplat:s0 +genfscon sysfs /devices/platform/soc/usb0/11200000.xhci0/usb1 u:object_r:sysfs_usb_nonplat:s0 +genfscon sysfs /devices/platform/usb_xhci/usb1 u:object_r:sysfs_usb_nonplat:s0 genfscon sysfs /devices/virtual/BOOT/BOOT/boot/boot_mode u:object_r:sysfs_boot_mode:s0 genfscon sysfs /devices/virtual/BOOT/BOOT/boot/boot_type u:object_r:sysfs_boot_type:s0 @@ -113,6 +110,8 @@ genfscon sysfs /devices/virtual/misc/scp u:object_r:sysfs_scp:s0 genfscon sysfs /devices/virtual/misc/scp_B u:object_r:sysfs_scp:s0 genfscon sysfs /devices/virtual/misc/sspm u:object_r:sysfs_sspm:s0 genfscon sysfs /devices/virtual/misc/adsp u:object_r:sysfs_adsp:s0 +genfscon sysfs /devices/virtual/misc/adsp_0 u:object_r:sysfs_adsp:s0 +genfscon sysfs /devices/virtual/misc/adsp_1 u:object_r:sysfs_adsp:s0 # Date : 2019/09/12 genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_therm:s0 @@ -126,7 +125,6 @@ genfscon sysfs /kernel/ccci u:object_r:sysfs_ccci:s0 # Date : 2018/06/15 # Purpose : mtk EM touchscreen settings -genfscon sysfs /module/tpd_debug u:object_r:sysfs_tpd_debug:s0 genfscon sysfs /module/tpd_setting u:object_r:sysfs_tpd_setting:s0 genfscon sysfs /power/vcorefs/vcore_debug u:object_r:sysfs_vcore_debug:s0 genfscon sysfs /power/vcorefs/opp_table u:object_r:sysfs_vcore_debug:s0 @@ -136,45 +134,48 @@ genfscon sysfs /power/vcorefs/opp_table u:object_r:sysfs_vcore_debug:s0 genfscon sysfs /devices/virtual/timed_output/vibrator u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/odm/odm:vibrator@0/leds/vibrator u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/soc/soc:regulator_vibrator/leds/vibrator u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/soc/soc:pwm_leds/leds/lcd-backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/regulator_vibrator/leds/vibrator u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/leds-mt65xx/leds u:object_r:sysfs_leds:s0 -# Date : 2018/08/109 -# Purpose : mtk EM Power debug_log setting -genfscon sysfs /devices/platform/spm u:object_r:sysfs_spm:s0 - -# Date : 2018/11/01 -# Purpose : mtk EM c2k bypass read usb file -genfscon sysfs /devices/virtual/usb_rawbulk u:object_r:sys_usb_rawbulk:s0 +genfscon sysfs /devices/platform/pwmleds/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/disp_leds/leds u:object_r:sysfs_leds:s0 #Date : 2018/11/22 #Purpose: allow mdlogger to read mdinfo file genfscon sysfs /kernel/md/mdee u:object_r:sysfs_mdinfo:s0 -# Date : 2019/04/09 -# Purpose: mtk EM battery temprature settings -genfscon sysfs /devices/platform/battery/Battery_Temperature u:object_r:sysfs_battery_temp:s0 -genfscon sysfs /devices/platform/battery/FG_Battery_CurrentConsumption u:object_r:sysfs_battery_consumption:s0 -genfscon sysfs /devices/platform/battery/Power_On_Voltage u:object_r:sysfs_power_on_vol:s0 -genfscon sysfs /devices/platform/battery/Power_Off_Voltage u:object_r:sysfs_power_off_vol:s0 -genfscon sysfs /devices/platform/battery/FG_daemon_disable u:object_r:sysfs_fg_disable:s0 -genfscon sysfs /devices/platform/battery/disable_nafg u:object_r:sysfs_dis_nafg:s0 - # Date : 2019/07/03 -# Purpose: SIU update mmcblk access -genfscon sysfs /devices/platform/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 -genfscon sysfs /devices/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 -genfscon sysfs /devices/platform/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:0/block/sda u:object_r:sysfs_devices_block:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:1/block/sdb u:object_r:sysfs_devices_block:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:2/block/sdc u:object_r:sysfs_devices_block:s0 +# Purpose: SIU update sysfs_devices_block access for emmc and ufs +genfscon sysfs /devices/platform/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:0/block/sda u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:1/block/sdb u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:2/block/sdc u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/soc/11270000.ufshci/host0/target0:0:0/0:0:0:0/block/sda u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/soc/11270000.ufshci/host0/target0:0:0/0:0:0:1/block/sdb u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/soc/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdc u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/soc/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdc/sdc15 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/soc/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdc/sdc33 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/soc/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdc/sdc43 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/soc/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdc/sdc53 u:object_r:sysfs_devices_block:s0 # Date : 2019/07/12 # Purpose:dumpstate mmcblk1 access genfscon sysfs /devices/platform/externdevice/mmc_host/mmc0 u:object_r:sysfs_devices_block:s0 genfscon sysfs /devices/platform/externdevice/mmc_host/mmc1 u:object_r:sysfs_devices_block:s0 +# Date : 2019/09/16 +# Purpose : mtk factory fingerprint settings +genfscon sysfs /module/gf_spi_tee u:object_r:sysfs_gf_spi_tee:s0 + # Date : 2019/10/22 # Purpose : mrdump_tool(copy_process by aee_aedv) need to write data to lbaooo -genfscon sysfs /module/mrdump/parameters/lbaooo u:object_r:sysfs_mrdump_lbaooo:s0 +genfscon sysfs /module/mrdump/version u:object_r:sysfs_mrdump:s0 +genfscon sysfs /firmware/devicetree/base/chosen/mrdump,lk u:object_r:sysfs_mrdump:s0 +genfscon sysfs /module/mrdump/parameters/lbaooo u:object_r:sysfs_mrdump:s0 +genfscon sysfs /firmware/devicetree/base/memory/reg u:object_r:sysfs_memory:s0 +genfscon sysfs /firmware/devicetree/base/memory@0x40000000/reg u:object_r:sysfs_memory:s0 ############################# # debugfs files @@ -201,13 +202,12 @@ genfscon debugfs /mali0/gpu_memory u:object_r:debugfs_gpu_mali_midgard:s0 genfscon debugfs /mali/gpu_memory u:object_r:debugfs_gpu_mali_utgard:s0 genfscon debugfs /mtkfb u:object_r:debugfs_fb:s0 genfscon debugfs /mmprofile u:object_r:debugfs_fb:s0 -genfscon debugfs /musb-hdrc u:object_r:debugfs_usb:s0 +genfscon debugfs /musb-hdrc u:object_r:debugfs_usb_nonplat:s0 genfscon debugfs /page_owner_slim u:object_r:debugfs_page_owner_slim_debug:s0 genfscon debugfs /pvr u:object_r:debugfs_gpu_img:s0 genfscon debugfs /rcu u:object_r:debugfs_rcu:s0 genfscon debugfs /shrinker u:object_r:debugfs_shrinker_debug:s0 -genfscon debugfs /usb20_phy u:object_r:debugfs_usb20_phy:s0 -genfscon debugfs /usb_c u:object_r:debugfs_usb:s0 +genfscon debugfs /usb_c u:object_r:debugfs_usb_nonplat:s0 genfscon debugfs /vpu/device_dbg u:object_r:debugfs_vpu_device_dbg:s0 # mtk VPU/MDLA power reading @@ -215,12 +215,20 @@ genfscon debugfs /vpu/power u:object_r:debugfs_vpu_power:s0 genfscon debugfs /mdla/power u:object_r:debugfs_mdla_power:s0 genfscon debugfs /vpu/vpu_memory u:object_r:debugfs_vpu_memory:s0 +# mtk APUSYS information reading +genfscon debugfs /apusys_midware/device/vpu/queue u:object_r:debugfs_apusys_midware_queue_vpu:s0 +genfscon debugfs /apusys_midware/device/mdla/queue u:object_r:debugfs_apusys_midware_queue_mdla:s0 +genfscon debugfs /apusys_midware/debug/apusys_reg_all u:object_r:debugfs_apusys_midware_register_all:s0 +genfscon debugfs /apusys_mnoc/mnoc_int_sta_dump u:object_r:debugfs_apusys_mnoc_sta_dump:s0 +genfscon debugfs /mdla/mdla_memory u:object_r:debugfs_apusys_mdla_memory:s0 +genfscon debugfs /apusys/power u:object_r:debugfs_apusys_power:s0 +genfscon debugfs /apusys_debug/log u:object_r:debugfs_apusys_debug_log:s0 +genfscon debugfs /apusys_midware/mem u:object_r:debugfs_apusys_midware_mem:s0 + + # mtk eara thermal reading genfscon debugfs /eara_thermal/enable u:object_r:debugfs_eara_thermal:s0 -# mtk EM power PMU register -genfscon debugfs /rt-regmap u:object_r:debugfs_regmap:s0 - # 2019/08/15 genfscon debugfs /smi_mon u:object_r:debugfs_smi_mon:s0 @@ -249,12 +257,30 @@ genfscon proc /fliperfs u:object_r:proc_fliperfs:s0 genfscon sysfs /module/ged u:object_r:sysfs_ged:s0 genfscon sysfs /module/fbt_cpu u:object_r:sysfs_fbt_cpu:s0 genfscon sysfs /module/fbt_fteh u:object_r:sysfs_fbt_fteh:s0 +genfscon sysfs /module/xgf u:object_r:sysfs_xgf:s0 # 2019/09/05 # Purpose: Allow powerhal to control cache audit genfscon sysfs /module/ca_drv u:object_r:sysfs_ca_drv:s0 genfscon sysfs /module/pftch_qos u:object_r:sysfs_pftch_qos:s0 +# 2019/09/19 +# Purpose: Allow powerhal to trigger task-turbo +genfscon sysfs /module/task_turbo u:object_r:sysfs_task_turbo:s0 + +# Date : 2019/09/23 +# Operation: SQC +# Purpose : Allow powerHAL to control touch boost +genfscon sysfs /devices/platform/mtk-tpd2.0/change_rate u:object_r:sysfs_change_rate:s0 + +# Date : 2019/10/16 +# Operation: SQC +# Purpose : Allow powerHAL to control /sys/fs/ext4/xxx/disable_barrier +genfscon sysfs /fs/ext4/sdc46/disable_barrier u:object_r:sysfs_ext4_disable_barrier:s0 +genfscon sysfs /fs/ext4/sdc47/disable_barrier u:object_r:sysfs_ext4_disable_barrier:s0 +genfscon sysfs /fs/ext4/sdc48/disable_barrier u:object_r:sysfs_ext4_disable_barrier:s0 +genfscon sysfs /fs/ext4/dm-6/disable_barrier u:object_r:sysfs_ext4_disable_barrier:s0 + # Date : WK19.38 # Purpose: Android Migration for video codec driver genfscon sysfs /firmware/devicetree/base/model u:object_r:sysfs_device_tree_model:s0 @@ -277,9 +303,16 @@ genfscon sysfs /firmware/devicetree/base/chosen/atag,chipid u:object_r:sysfs_chi # Date : 2019/10/18 # Purpose : allow system_server to access rt5509 param and calib node -genfscon sysfs /devices/platform/rt5509_param.0 u:object_r:sysfs_rt_param:s0 -genfscon sysfs /devices/virtual/rt5509_cal/rt5509.0 u:object_r:sysfs_rt_calib:s0 -genfscon sysfs /devices/platform/11270000.usb3/musb-hdrc/cmode u:object_r:sysfs_usb_cmode:s0 +genfscon sysfs /devices/platform/1100f000.i2c3/i2c-3/3-0034/rt5509_param.0 u:object_r:sysfs_rt_param:s0 +genfscon sysfs /devices/platform/1100f000.i2c3/i2c-3/3-0034/rt5509_cal/rt5509.0 u:object_r:sysfs_rt_calib:s0 + +# 2019/11/14 +# Purpose: Allow powerhal to control MCDI +genfscon proc /cpuidle u:object_r:proc_cpuidle:s0 + +# Date : 2019/12/10 +# Purpose: Allow bt process or tool to control bt_dbg +genfscon proc /driver/bt_dbg u:object_r:proc_btdbg:s0 # Date : 2019/12/12 # Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/* @@ -290,3 +323,84 @@ genfscon sysfs /bus/platform/drivers/mem_bw_ctrl/concurrency_scenario u:object_r # Purpose : Add permission for new device node. genfscon sysfs /firmware/devicetree/base/chosen/atag,meta u:object_r:sysfs_meta_info:s0 +# Date : WK20.03 +# Purpose: Allow mtk_hal_neuralnetworks to read chip id and segment code +# /proc/device-tree/chosen/atag,chipid is linked to +genfscon proc /device-tree/chosen/atag,devinfo u:object_r:proc_devinfo:s0 + +genfscon sysfs /bus/platform/drivers/cache_parity/cache_status u:object_r:sysfs_cache_status:s0 + +genfscon debugfs /apusys/power_dump_fail_log u:object_r:debugfs_apusys_power_fail_log:s0 + +# Date : WK20.17 +# Purpose: Allow powerhal to control ged hal +genfscon sysfs /kernel/ged u:object_r:sysfs_ged:s0 + +# Date : WK20.19 +# Purpose: Allow powerhal to control fpsgo +genfscon sysfs /kernel/fpsgo u:object_r:sysfs_fpsgo:s0 + +# Date : WK20.23 +# Purpose: Allow powerhal to control gbe +genfscon sysfs /kernel/gbe u:object_r:sysfs_gbe:s0 + +# Date : 2020/06/12 +# Purpose : Allow powerhal to control mali power policy +genfscon sysfs /class/misc/mali0/device/power_policy u:object_r:sysfs_mali_power_policy:s0 + +# 2020/06/12 +# Operation: R migration +# Purpose: Allow powerhal to control displowpower +genfscon proc /displowpower u:object_r:proc_displowpower:s0 + +# Date : WK20.25 +# Operation: R migration +# Purpose : for VTS NetdSELinuxTest.CheckProperMTULabels requirement. +genfscon sysfs /devices/platform/18000000.wifi/net/wlan0/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/18000000.wifi/net/wlan1/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/soc/18000000.wifi/net/wlan0/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/soc/18000000.wifi/net/wlan1/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/180f0000.wifi/net/wlan0/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/180f0000.wifi/net/wlan1/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/180f0000.wifi/net/p2p0/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/180f0000.wifi/net/p2p1/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/wlan0/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/wlan1/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/p2p0/mtu u:object_r:sysfs_net:s0 +genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/p2p1/mtu u:object_r:sysfs_net:s0 + +# 2020/06/29 +# Operation: R migration +# Purpose: Add permission for access /proc/ion/* +genfscon proc /ion u:object_r:proc_ion:s0 + +# 2020/07/01 +# Operation: R migration +# Purpose: Add permission for access /proc/m4u_dbg/* +genfscon proc /m4u_dbg u:object_r:proc_m4u_dbg:s0 + +# Date : 2020/07/02 +# Purpose : mtk nanohub sensor state detect +genfscon sysfs /bus/platform/drivers/mtk_nanohub/state u:object_r:sysfs_mtk_nanohub_state:s0 + +genfscon proc /mtkfb u:object_r:proc_mtkfb:s0 + +# 2020/07/07 +# Operation: R migration +# Purpose: Add permission for access /proc/pvr/* +genfscon proc /pvr u:object_r:procfs_gpu_img:s0 + +# Date : 2020/07/08 +# Purpose: add permission for /proc/sys/vm/swappiness +genfscon proc /sys/vm/swappiness u:object_r:proc_swappiness:s0 + +genfscon debugfs /cmdq/cmdq-status u:object_r:debugfs_cmdq:s0 +genfscon debugfs /cmdq/cmdq-record u:object_r:debugfs_cmdq:s0 + +# Date : 2020/07/13 +# Purpose : Add permission for access dvfsrc dbg sysfs +genfscon sysfs /devices/platform/10012000.dvfsrc/helio-dvfsrc u:object_r:sysfs_dvfsrc_dbg:s0 +genfscon sysfs /devices/platform/10012000.dvfsrc/10012000.dvfsrc:dvfsrc-debug u:object_r:sysfs_dvfsrc_dbg:s0 +genfscon sysfs /devices/platform/10012000.dvfsrc/10012000.dvfsrc:dvfsrc-up u:object_r:sysfs_dvfsrc_dbg:s0 +genfscon sysfs /devices/platform/soc/10012000.dvfsrc/10012000.dvfsrc:dvfsrc-debug u:object_r:sysfs_dvfsrc_dbg:s0 +genfscon sysfs /devices/platform/soc/10012000.dvfsrc/10012000.dvfsrc:dvfsrc-up u:object_r:sysfs_dvfsrc_dbg:s0 diff --git a/non_plat/gsm0710muxd.te b/non_plat/gsm0710muxd.te index 2596e18..eb9d1fc 100644 --- a/non_plat/gsm0710muxd.te +++ b/non_plat/gsm0710muxd.te @@ -16,19 +16,18 @@ init_daemon_domain(gsm0710muxd) allow gsm0710muxd self:capability { chown fowner setuid }; # Property service -# Set ctl.ril-daemon property -#set_prop(gsm0710muxd, ctl_rildaemon_prop) -set_prop(gsm0710muxd, ctl_ril-daemon-mtk_prop) -set_prop(gsm0710muxd, ctl_fusion_ril_mtk_prop) -set_prop(gsm0710muxd, gsm0710muxd_prop) -set_prop(gsm0710muxd, vendor_radio_prop) +set_prop(gsm0710muxd, vendor_mtk_ctl_ril-daemon-mtk_prop) +set_prop(gsm0710muxd, vendor_mtk_ctl_fusion_ril_mtk_prop) +set_prop(gsm0710muxd, vendor_mtk_gsm0710muxd_prop) +set_prop(gsm0710muxd, vendor_mtk_radio_prop) + # allow set muxreport control properties -set_prop(gsm0710muxd, ril_mux_report_case_prop) +set_prop(gsm0710muxd, vendor_mtk_ril_mux_report_case_prop) # Allow read/write to devices/files allow gsm0710muxd gsm0710muxd_device:chr_file rw_file_perms; -allow gsm0710muxd device:dir rw_dir_perms; -allow gsm0710muxd device:lnk_file { create unlink }; +allow gsm0710muxd mtk_radio_device:dir rw_dir_perms; +allow gsm0710muxd mtk_radio_device:lnk_file { create unlink }; allow gsm0710muxd devpts:chr_file setattr; allow gsm0710muxd eemcs_device:chr_file rw_file_perms; @@ -37,5 +36,5 @@ allow gsm0710muxd sysfs_ccci:dir search; allow gsm0710muxd sysfs_ccci:file r_file_perms; #Date: W1818 -#Purpose: allow rild access property of vendor_radio_prop -set_prop(rild, vendor_radio_prop) +#Purpose: allow rild access property of vendor_mtk_radio_prop +set_prop(rild, vendor_mtk_radio_prop) diff --git a/non_plat/hal_bootctl_default.te b/non_plat/hal_bootctl_default.te index 757c0fe..f40c566 100644 --- a/non_plat/hal_bootctl_default.te +++ b/non_plat/hal_bootctl_default.te @@ -1,6 +1,5 @@ # Add for bootctl #============= hal_bootctl_default ============== -allow hal_bootctl_default para_block_device:blk_file { read open write}; allow hal_bootctl_default rootfs:file { read getattr open }; allow hal_bootctl_default sysfs:dir { read open }; allow hal_bootctl_default sysfs_boot_type:file { read open }; @@ -12,4 +11,4 @@ allowxperm hal_bootctl_default bootdevice_block_device:blk_file ioctl UFS_IOCTLC allow hal_bootctl_default proc_cmdline:file r_file_perms; allow hal_bootctl_default sysfs_boot_type:file r_file_perms; allow hal_bootctl_default self:capability sys_rawio; -allow hal_bootctl_default misc_block_device:blk_file rw_file_perms; +allow hal_bootctl_default para_block_device:blk_file rw_file_perms; diff --git a/non_plat/hal_graphics_composer_default.te b/non_plat/hal_graphics_composer_default.te index a3c4243..58e3210 100644 --- a/non_plat/hal_graphics_composer_default.te +++ b/non_plat/hal_graphics_composer_default.te @@ -25,24 +25,24 @@ allow hal_graphics_composer_default debugfs_tracing:file open; # Date : WK17.30 # Operation : O Migration # Purpose: Allow to access cmdq driver -allow hal_graphics_composer_default mtk_cmdq_device:chr_file { read ioctl open }; +allow hal_graphics_composer_default mtk_cmdq_device:chr_file r_file_perms; # Date : W17.30 # Add for control PowerHAL -allow hal_graphics_composer_default mtk_hal_power_hwservice:hwservice_manager find; -binder_call(hal_graphics_composer_default, mtk_hal_power) +hal_client_domain(hal_graphics_composer_default, hal_power) # Date : WK17.32 # Operation : O Migration # Purpose: Allow to access property -set_prop(hal_graphics_composer_default, graphics_hwc_pid_prop) -get_prop(hal_graphics_composer_default, graphics_hwc_pid_prop) -set_prop(hal_graphics_composer_default, graphics_hwc_latch_unsignaled_prop) -set_prop(hal_graphics_composer_default, graphics_hwc_hdr_prop) +set_prop(hal_graphics_composer_default, vendor_mtk_graphics_hwc_pid_prop) +set_prop(hal_graphics_composer_default, vendor_mtk_graphics_hwc_latch_unsignaled_prop) +set_prop(hal_graphics_composer_default, vendor_mtk_graphics_hwc_hdr_prop) +set_prop(hal_graphics_composer_default, vendor_mtk_graphics_hwc_validate_separate_prop) # Date : WK18.03 # Purpose: Allow to access property dev/mdp_sync -allow hal_graphics_composer_default mtk_mdp_device:chr_file rw_file_perms; +allow hal_graphics_composer_default mtk_mdp_sync:chr_file r_file_perms; +allow hal_graphics_composer_default mtk_mdp_device:chr_file r_file_perms; allow hal_graphics_composer_default mdp_device:chr_file rw_file_perms; allow hal_graphics_composer_default tee_device:chr_file rw_file_perms; allowxperm hal_graphics_composer_default proc_ged:file ioctl { proc_ged_ioctls }; @@ -55,3 +55,13 @@ allow hal_graphics_composer_default sysfs_boot_mode:file r_file_perms; # Date : WK19.46 # Purpose: Allow to access ged debug node allow hal_graphics_composer_default debugfs_ged:file { w_file_perms }; + +# Data: 2019/09/04 +# Purpose: Display architecture chage to DRM, so HWC has to access +# the DRM device node "/dev/dri/card0". +allow hal_graphics_composer_default dri_device:chr_file rw_file_perms; + +# Data: 2020/03/25 +# Purpose: HWC has to access allocator for dbq +hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator); +binder_call(hal_graphics_composer_default, hal_graphics_allocator) diff --git a/non_plat/hal_memtrack_default.te b/non_plat/hal_memtrack_default.te index 8594ac3..5a75130 100644 --- a/non_plat/hal_memtrack_default.te +++ b/non_plat/hal_memtrack_default.te @@ -7,3 +7,11 @@ allow hal_memtrack debugfs_gpu_img:dir search; allow hal_memtrack debugfs_gpu_img:file {open read getattr }; allow hal_memtrack debugfs_ion:dir rw_dir_perms; allow hal_memtrack debugfs_ion:file {open read getattr }; +allow hal_memtrack procfs_gpu_img:dir search; +allow hal_memtrack procfs_gpu_img:file r_file_perms; + +# Date : 2020/06/29 +# Operation: R migration +# Purpose: Add permission for access /proc/ion/* +allow hal_memtrack proc_ion:dir r_dir_perms; +allow hal_memtrack proc_ion:file r_file_perms; diff --git a/non_plat/hal_usb.te b/non_plat/hal_usb.te deleted file mode 100644 index b1f7134..0000000 --- a/non_plat/hal_usb.te +++ /dev/null @@ -1,11 +0,0 @@ -type mtk_hal_usb, domain; -hal_server_domain(mtk_hal_usb, hal_usb) - -type mtk_hal_usb_exec, exec_type, file_type, vendor_file_type; -init_daemon_domain(mtk_hal_usb) - -allow hal_usb_default sysfs_dual_role_usb20:dir {search read}; -allow hal_usb_default sysfs_dual_role_usb20:file {open read getattr}; - -allow mtk_hal_usb sysfs_dual_role_usb20:dir {search read open}; -allow mtk_hal_usb sysfs_dual_role_usb20:file {open read getattr}; diff --git a/non_plat/hal_vibrator.te b/non_plat/hal_vibrator.te index 11742f8..16d8376 100644 --- a/non_plat/hal_vibrator.te +++ b/non_plat/hal_vibrator.te @@ -4,3 +4,4 @@ allow hal_vibrator sysfs_leds:file rw_file_perms; allow hal_vibrator sysfs_leds:dir r_dir_perms; allow hal_vibrator sysfs_leds:lnk_file read; allow hal_vibrator sysfs_vibrator:file rw_file_perms; +allow hal_vibrator_default sysfs_vibrator:file rw_file_perms; diff --git a/non_plat/hwservice.te b/non_plat/hwservice.te index 88933c8..887fc26 100644 --- a/non_plat/hwservice.te +++ b/non_plat/hwservice.te @@ -41,7 +41,7 @@ type mtk_hal_em_hwservice, hwservice_manager_type; # Date: 2018/07/02 # MMS HIDL -type mtk_hal_mms_hwservice, hwservice_manager_type; +type mtk_hal_mms_hwservice, hwservice_manager_type, mtk_safe_hwservice_manager_type; type hal_atci_hwservice, hwservice_manager_type; type mtk_hal_keymanage_hwservice, hwservice_manager_type; @@ -63,3 +63,7 @@ type mtk_hal_hdmi_hwservice, hwservice_manager_type; type mtk_hal_bgs_hwservice, hwservice_manager_type; type mtk_hal_aee_hwservice, hwservice_manager_type; + +# Date: 2019/07/04 +# bluetooth audio hidl +type mtk_hal_bluetooth_audio_hwservice,hwservice_manager_type; diff --git a/non_plat/hwservice_contexts b/non_plat/hwservice_contexts index f91c880..3e14130 100644 --- a/non_plat/hwservice_contexts +++ b/non_plat/hwservice_contexts @@ -8,12 +8,8 @@ vendor.mediatek.hardware.radio_op::IRadioOp u:object_r:mtk_hal_rild_hwservice:s0 # Date: 2017/06/07 # power hidl -vendor.mediatek.hardware.mtkpower::IMtkPerf u:object_r:mtk_hal_power_hwservice:s0 -vendor.mediatek.hardware.mtkpower::IMtkPower u:object_r:mtk_hal_power_hwservice:s0 -vendor.mediatek.hardware.power::IPerf u:object_r:mtk_hal_power_hwservice:s0 -vendor.mediatek.hardware.power::IPower u:object_r:mtk_hal_power_hwservice:s0 - - +vendor.mediatek.hardware.mtkpower::IMtkPerf u:object_r:hal_power_hwservice:s0 +vendor.mediatek.hardware.mtkpower::IMtkPower u:object_r:hal_power_hwservice:s0 # Date: 2017/06/12 # LBS HIDL @@ -77,3 +73,7 @@ vendor.mediatek.hardware.hdmi::IMtkHdmiService u:object_r:mtk_hal_hdmi_hwservice vendor.mediatek.hardware.camera.atms::IATMs u:object_r:hal_camera_hwservice:s0 vendor.mediatek.hardware.aee::IAee u:object_r:mtk_hal_aee_hwservice:s0 + +# Date: 2019/09/04 +# bluetooth audio hidl +vendor.mediatek.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:object_r:mtk_hal_bluetooth_audio_hwservice:s0 diff --git a/non_plat/init.te b/non_plat/init.te index 6ccdd74..6a36eb6 100644 --- a/non_plat/init.te +++ b/non_plat/init.te @@ -140,3 +140,6 @@ allow init proc_cpu_alignment:file w_file_perms; # Purpose: Allow to relabelto for selinux_android_restorecon allow init boot_block_device:lnk_file relabelto; allow init vbmeta_block_device:lnk_file relabelto; + +# Purpose: Allow to write /proc/mtprintk +allow init proc_mtprintk:file w_file_perms; diff --git a/non_plat/ioctl_defines b/non_plat/ioctl_defines index 0bdfe2f..06bf7b0 100644 --- a/non_plat/ioctl_defines +++ b/non_plat/ioctl_defines @@ -59,6 +59,9 @@ define(`JPG_BRIDGE_ENC_IO_CONFIG', `0x780c') define(`JPG_BRIDGE_ENC_IO_WAIT', `0x780d') define(`JPG_BRIDGE_ENC_IO_DEINIT', `0x780e') define(`JPG_BRIDGE_ENC_IO_START', `0x780f') +define(`JPG_BRIDGE_DEC_IO_LOCK', `0x7812') +define(`JPG_BRIDGE_DEC_IO_WAIT', `0x7813') +define(`JPG_BRIDGE_DEC_IO_UNLOCK', `0x7814') ##################################### # m4u_priv.h define(`MTK_M4U_T_ALLOC_MVA', `0x6704') @@ -68,3 +71,5 @@ define(`MTK_M4U_T_DMA_OP', `0x671d') define(`MTK_M4U_T_SEC_INIT', `0x6732') define(`MTK_M4U_T_CONFIG_PORT_ARRAY', `0x671a') define(`MTK_M4U_T_CACHE_SYNC', `0x670a') +define(`MTK_M4U_GZ_SEC_INIT', `0x673c') + diff --git a/non_plat/mdlogger.te b/non_plat/mdlogger.te index 55f524a..a7adb63 100644 --- a/non_plat/mdlogger.te +++ b/non_plat/mdlogger.te @@ -1,6 +1,7 @@ -#allow mdlogger to set property -set_prop(mdlogger, debug_mdlogger_prop) -set_prop(mdlogger, debug_prop) +# ============================================== +# MTK Policy Rule +# ============================================== + # ccci device for internal modem allow mdlogger ccci_device:chr_file { rw_file_perms }; @@ -15,7 +16,6 @@ allow mdlogger mdlog_data_file:file { create_file_perms }; # modem logger control port access /dev/ttyC1 allow mdlogger mdlog_device:chr_file { rw_file_perms}; - #modem logger SD logging in factory mode allow mdlogger vfat:dir create_dir_perms; allow mdlogger vfat:file create_file_perms; @@ -30,7 +30,6 @@ allow mdlogger sdcard_type:dir { create_dir_perms }; allow mdlogger storage_file:dir { create_dir_perms }; allow mdlogger storage_file:file { create_file_perms }; - # Allow read to sys/kernel/ccci/* files allow mdlogger sysfs_ccci:dir search; allow mdlogger sysfs_ccci:file r_file_perms; @@ -54,8 +53,5 @@ allow mdlogger sysfs_boot_mode:file { read open }; # avc: denied { open } for path="system/etc/mddb" dev="mmcblk0p21" scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 allow mdlogger system_file:dir { read open }; -# Android P migration -set_prop(mdlogger, vendor_mdl_prop) -set_prop(mdlogger, debug_mdlogger_prop) -set_prop(mdlogger, persist_mdlog_prop) -set_prop(mdlogger, persist_mtklog_prop) +# Add permission to access new bootmode file +allow mdlogger sysfs_boot_info:file r_file_perms; diff --git a/non_plat/mediacodec.te b/non_plat/mediacodec.te index 67b4c0d..853da9b 100644 --- a/non_plat/mediacodec.te +++ b/non_plat/mediacodec.te @@ -114,9 +114,10 @@ allow mediacodec debugfs_ion:dir search; # Date : WK17.30 # Operation : O Migration # Purpose: Allow mediacodec to access cmdq driver -allow mediacodec mtk_cmdq_device:chr_file { read ioctl open }; -allow mediacodec mtk_mdp_device:chr_file rw_file_perms; -allow mediacodec sw_sync_device:chr_file rw_file_perms; +allow mediacodec mtk_cmdq_device:chr_file r_file_perms; +allow mediacodec mtk_mdp_device:chr_file r_file_perms; +allow mediacodec mtk_mdp_sync:chr_file r_file_perms; +allow mediacodec sw_sync_device:chr_file r_file_perms; # Date : WK17.28 # Operation : MT6757 SQC @@ -125,15 +126,12 @@ allow mediacodec sw_sync_device:chr_file rw_file_perms; # Date : WK17.30 # Purpose : For Power Hal -allow mediacodec mtk_hal_power_hwservice:hwservice_manager find; -allow mediacodec mtk_hal_power:binder call; -allow mediacodec mtk_hal_power:unix_stream_socket connectto; - +hal_client_domain(mediacodec, hal_power) # Date : WK17.12 # Operation : MT6799 SQC # Purpose : Change thermal config -set_prop(mediacodec, mtk_thermal_config_prop) +set_prop(mediacodec, vendor_mtk_thermal_config_prop) # Date : WK17.43 # Operation : Migration diff --git a/non_plat/mediaextractor.te b/non_plat/mediaextractor.te index 1ce425f..097363c 100644 --- a/non_plat/mediaextractor.te +++ b/non_plat/mediaextractor.te @@ -13,3 +13,5 @@ allow mediaextractor mediaserver_service:service_manager find; allow mediaextractor platform_app:dir search; allow mediaextractor platform_app:file r_file_perms; + +hal_client_domain(mediaextractor, hal_omx) diff --git a/non_plat/mediaserver.te b/non_plat/mediaserver.te index ff75df1..4b8fb26 100644 --- a/non_plat/mediaserver.te +++ b/non_plat/mediaserver.te @@ -98,7 +98,10 @@ allow mediaserver DW9718AF_device:chr_file rw_file_perms; allow mediaserver BU64745GWZAF_device:chr_file rw_file_perms; allow mediaserver MAINAF_device:chr_file rw_file_perms; allow mediaserver MAIN2AF_device:chr_file rw_file_perms; +allow mediaserver MAIN3AF_device:chr_file rw_file_perms; +allow mediaserver MAIN4AF_device:chr_file rw_file_perms; allow mediaserver SUBAF_device:chr_file rw_file_perms; +allow mediaserver SUB2AF_device:chr_file rw_file_perms; # Data : WK14.38 @@ -155,6 +158,7 @@ allow mediaserver uhid_device:chr_file rw_file_perms; allow mediaserver CAM_CAL_DRV_device:chr_file rw_file_perms; allow mediaserver CAM_CAL_DRV1_device:chr_file rw_file_perms; allow mediaserver CAM_CAL_DRV2_device:chr_file rw_file_perms; +allow mediaserver camera_eeprom_device:chr_file rw_file_perms; # Date : WK14.43 # Operation : Migration @@ -288,8 +292,9 @@ allow mediaserver camera_owe_device:chr_file rw_file_perms; # Date : WK17.30 # Operation : O Migration # Purpose: Allow to access cmdq driver -allow mediaserver mtk_cmdq_device:chr_file { read ioctl open }; -allow mediaserver mtk_mdp_device:chr_file rw_file_perms; +allow mediaserver mtk_cmdq_device:chr_file r_file_perms; +allow mediaserver mtk_mdp_device:chr_file r_file_perms; +allow mediaserver mtk_mdp_sync:chr_file r_file_perms; # Date : WK17.43 # Operation : Migration diff --git a/non_plat/merged_hal_service.te b/non_plat/merged_hal_service.te index c2d8db4..8f69765 100644 --- a/non_plat/merged_hal_service.te +++ b/non_plat/merged_hal_service.te @@ -56,6 +56,15 @@ allow merged_hal_service proc_mtktz:dir search; allow merged_hal_service proc_mtktz:file {open read getattr}; allow merged_hal_service proc_stat:file {open read getattr }; +#for uevent handle +allow merged_hal_service self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +#for thermal sysfs +allow merged_hal_service sysfs_therm:file w_file_perms; +allow merged_hal_service sysfs_therm:file r_file_perms; +allow merged_hal_service sysfs_therm:dir search; + + # Date : WK19.11 # Operation : Q Migration allowxperm merged_hal_service proc_ged:file ioctl { proc_ged_ioctls }; diff --git a/non_plat/meta_tst.te b/non_plat/meta_tst.te index 4ebfcbc..940af74 100644 --- a/non_plat/meta_tst.te +++ b/non_plat/meta_tst.te @@ -69,7 +69,7 @@ allow meta_tst nvdata_device:blk_file rw_file_perms; allow meta_tst audio_device:chr_file rw_file_perms; allow meta_tst audio_device:dir r_dir_perms; allow meta_tst audio_ipi_device:chr_file rw_file_perms; -set_prop(meta_tst, audiohal_prop); +set_prop(meta_tst, vendor_mtk_audiohal_prop) # Date: WK16.12 # Operation : Migration @@ -77,13 +77,6 @@ set_prop(meta_tst, audiohal_prop); allow meta_tst rtc_device:chr_file r_file_perms; allow meta_tst MT_pmic_adc_cali_device:chr_file rw_file_perms; -# Date: WK14.45 -# Operation : Migration -# Purpose : HDCP -allow meta_tst persist_data_file:dir create_dir_perms; -allow meta_tst persist_data_file:file create_file_perms; - - # Date: WK14.46 # Operation : Migration # Purpose : Camera @@ -104,7 +97,10 @@ allow meta_tst DW9718AF_device:chr_file rw_file_perms; allow meta_tst BU64745GWZAF_device:chr_file rw_file_perms; allow meta_tst MAINAF_device:chr_file rw_file_perms; allow meta_tst MAIN2AF_device:chr_file rw_file_perms; +allow meta_tst MAIN3AF_device:chr_file rw_file_perms; +allow meta_tst MAIN4AF_device:chr_file rw_file_perms; allow meta_tst SUBAF_device:chr_file rw_file_perms; +allow meta_tst SUB2AF_device:chr_file rw_file_perms; # Date: WK16.12 # Operation : Migration @@ -147,12 +143,7 @@ allow meta_tst agpsd_data_file:dir search; allow meta_tst agpsd_data_file:sock_file write; allow meta_tst mnld_device:chr_file rw_file_perms; allow meta_tst mnld_exec:file rx_file_perms; -set_prop(meta_tst, mnld_prop); - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode NFC -allow meta_tst mt6605_device:chr_file rw_file_perms; +set_prop(meta_tst, vendor_mtk_mnld_prop) #Date WK14.49 #Operation : Migration @@ -191,8 +182,8 @@ allow meta_tst sysfs_boot_mode:file rw_file_perms; allow meta_tst sysfs_boot_type:file r_file_perms; allow meta_tst sysfs_android_usb:file rw_file_perms; allow meta_tst sysfs_android_usb:dir search; -allow meta_tst sysfs_usb_cmode:file rw_file_perms; -allow meta_tst sysfs_usb_cmode:dir search; +allow meta_tst sysfs_usb_nonplat:file rw_file_perms; +allow meta_tst sysfs_usb_nonplat:dir search; allow meta_tst sysfs_batteryinfo:file rw_file_perms; allow meta_tst sysfs_batteryinfo:dir search; @@ -230,7 +221,7 @@ allow meta_tst storage_stub_file:dir search; # Date : WK16.19 # Operation: meta_tst set persist.meta.connecttype property # Purpose: Switch meta connect type, set persist.meta.connecttype as "wifi" or "usb". -set_prop(meta_tst, meta_connecttype_prop); +set_prop(meta_tst, vendor_mtk_meta_connecttype_prop) # Date : WK16.23 # Purpose: support meta_tst check key event @@ -243,19 +234,17 @@ allow meta_tst ashmem_device:chr_file execute; #Date: W16.50 # Purpose : Allow meta_tst stop service which occupy data partition. -allow meta_tst ctl_default_prop:property_service set; +set_prop(meta_tst, ctl_default_prop) #Date: W17.25 # Purpose : Allow meta_tst stop service which occupy data partition. -allow meta_tst ctl_emdlogger1_prop:property_service set; +set_prop(meta_tst, system_mtk_ctl_emdlogger1_prop) #Date: W17.27 # Purpose: STMicro NFC solution integration -allow meta_tst st21nfc_device:chr_file { open read write ioctl }; allow meta_tst vendor_file:file { getattr execute execute_no_trans read open }; -set_prop(meta_tst,hwservicemanager_prop); +set_prop(meta_tst, hwservicemanager_prop) hwbinder_use(meta_tst); -hal_client_domain(meta_tst, hal_nfc); allow meta_tst debugfs_tracing:file { open write }; # Date: W17.29 @@ -283,7 +272,6 @@ allow meta_tst mtk_hal_audio:binder call; allow meta_tst mtk_audiohal_data_file:dir {read search open}; allow meta_tst audio_device:chr_file rw_file_perms; allow meta_tst audio_device:dir w_dir_perms; -allow meta_tst audiohal_prop:property_service set; #Data:W1745 # Purpose : Allow meta_tst to open and read proc/bootprof @@ -300,16 +288,16 @@ allow meta_tst mtd_device:blk_file rw_file_perms; #Date: W17.51 #Purpose : Allow meta_tst to access pesist.atm.mdmode in ATM. -set_prop(meta_tst, atm_mdmode_prop); +set_prop(meta_tst, vendor_mtk_atm_mdmode_prop) #Date: W17.51 #Purpose : Allow meta_tst to access pesist.atm.ipaddress in ATM. -set_prop(meta_tst, atm_ipaddr_prop); +set_prop(meta_tst, vendor_mtk_atm_ipaddr_prop) # Date : WK18.16 # Operation: P migration -# Purpose: Allow meta_tst to get tel_switch_prop -get_prop(meta_tst, tel_switch_prop); +# Purpose: Allow meta_tst to get vendor_mtk_tel_switch_prop +get_prop(meta_tst, vendor_mtk_tel_switch_prop) # Date : WK18.21 # Operation: P migration @@ -359,7 +347,6 @@ allow meta_tst self:udp_socket { write connect }; allow meta_tst proc_asound:dir { read search open }; allow meta_tst proc_asound:file { read open getattr write }; allow meta_tst mtk_audiohal_data_file:dir { read search open }; -allow meta_tst audiohal_prop:property_service set; allow meta_tst sysfs_headset:file { read open }; # Date: W18.05 @@ -369,7 +356,7 @@ allow meta_tst meta_tst:netlink_kobject_uevent_socket { read bind create setopt # Date : WK18.28 # Operation: P migration # Purpose : -set_prop(meta_tst, vendor_usb_prop); +set_prop(meta_tst, vendor_mtk_usb_prop) # Date: W18.29 # Operation: Catch log @@ -381,7 +368,7 @@ allow meta_tst loghidlvendorservice:unix_stream_socket connectto; # Purpose : Allow meta_tst to set powerctl property # avc: denied { set } for property=sys.powerctl pid=330 uid=0 gid=1001 scontext=u:r:meta_tst:s0 # tcontext=u:object_r:powerctl_prop:s0 tclass=property_service permissive=0 -set_prop(meta_tst, powerctl_prop); +set_prop(meta_tst, powerctl_prop) # Date: W18.33 # Operation: Android P migration @@ -418,9 +405,29 @@ allow meta_tst adsp_device:chr_file rw_file_perms; # Purpose : audio scp recovery allow meta_tst audio_scp_device:chr_file r_file_perms; +# Date : WK19.50 +# Purpose: Allow bt process or tool to control bt_dbg +allow meta_tst proc_btdbg:file rw_file_perms; + # Date : WK20.07 # Operation: R migration # Purpose : Add permission for new device node. allow meta_tst sysfs_boot_info:file r_file_perms; allow meta_tst proc_bootprof:file getattr; allow meta_tst sysfs_meta_info:file r_file_perms; + +# Date : WK20.16 +# Operation: R migration +# Purpose : Allow meta_tst to access /sys/power/* +allow meta_tst sysfs_power:file rw_file_perms; +allow meta_tst sysfs_power:dir r_dir_perms; +allow meta_tst self:capability2 {block_suspend}; + +# Date : WK20.14 +# Purpose: Allow meta connect GPS MNLD +allow meta_tst mnld:unix_stream_socket connectto; + +# Date : WK20.25 +# Operation: Android R migration +# Purpose : for sensor test +allow meta_tst hf_manager_device:chr_file rw_file_perms; diff --git a/non_plat/mnld.te b/non_plat/mnld.te index 11fe7a4..17bacba 100644 --- a/non_plat/mnld.te +++ b/non_plat/mnld.te @@ -37,7 +37,6 @@ allow mnld mnld_data_file:file rw_file_perms; allow mnld mnld_data_file:file create_file_perms; allow mnld mnld_data_file:fifo_file create_file_perms; # Purpose : For init process -allow mnld init:unix_stream_socket connectto; allow mnld init:udp_socket { read write }; # Send the message to the LBS HIDL Service to forward to applications @@ -47,10 +46,8 @@ allow mnld lbs_hidl_service:unix_dgram_socket sendto; allow mnld merged_hal_service:unix_dgram_socket sendto; # Purpose : For access system data -allow mnld bootdevice_block_device:blk_file rw_file_perms; allow mnld block_device:dir search; -allow mnld mnld_prop:property_service set; -allow mnld property_socket:sock_file write; +set_prop(mnld, vendor_mtk_mnld_prop) allow mnld mdlog_device:chr_file { read write }; allow mnld self:capability { fsetid }; allow mnld stpbt_device:chr_file { read write }; @@ -68,12 +65,11 @@ allow mnld tmpfs:lnk_file { read create open }; allow mnld mtd_device:dir search; allow mnld mnt_user_file:lnk_file read; allow mnld mnt_user_file:dir search; -allow mnld gps_data_file:dir { write add_name search remove_name unlink}; +allow mnld gps_data_file:dir { create_dir_perms unlink }; allow mnld gps_data_file:file { read write open create getattr append setattr unlink lock rename }; allow mnld gps_data_file:lnk_file read; allow mnld storage_file:lnk_file read; -allow mnld nvcfg_file:dir search; # Date : WK15.30 # Operation : Migration @@ -87,16 +83,31 @@ allow mnld mtk_hal_gnss:unix_dgram_socket sendto; hwbinder_use(mnld); binder_call(mnld, system_server) allow mnld fwk_sensor_hwservice:hwservice_manager find; -#allow mnld hwservicemanager_prop:file { read open getattr }; -get_prop(mnld, hwservicemanager_prop); +get_prop(mnld, hwservicemanager_prop) allow mnld debugfs_tracing:file { open write }; allow mnld mnt_vendor_file:dir search; +#get waks_alarm timer create prop +allow mnld mnld:capability2 wake_alarm; + # Date : WK18.26 # Purpose : for atci gps test allow mnld atci_service:unix_dgram_socket sendto; allow mnld sysfs_boot_mode:file { read open }; -set_prop(mnld, vendor_radio_prop); +set_prop(mnld, vendor_mtk_radio_prop) + +allow mnld proc_cmdline:file r_file_perms; +allow mnld sysfs_dt_firmware_android:dir search; +allow mnld sysfs_dt_firmware_android:file r_file_perms; +allow mnld metadata_file:dir search; +#for mnld get screen on/off +allow mnld sysfs_leds:dir search; +allow mnld sysfs_leds:file r_file_perms; +#Add for /nvcfg/almanac.dat +allow mnld nvcfg_file:dir w_dir_perms; +allow mnld nvcfg_file:file create_file_perms; + +allow mnld self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh }; diff --git a/non_plat/mobile_log_d.te b/non_plat/mobile_log_d.te index 36bbf63..fb38e41 100644 --- a/non_plat/mobile_log_d.te +++ b/non_plat/mobile_log_d.te @@ -38,9 +38,6 @@ allow mobile_log_d logtemp_data_file:file create_file_perms; allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms; allow mobile_log_d data_tmpfs_log_file:file create_file_perms; -#mobile itself property -set_prop(mobile_log_d, mobile_log_prop) - # Date: 2016/11/11 # purpose: allow MobileLog to access aee socket allow mobile_log_d crash_dump:unix_stream_socket connectto; @@ -49,7 +46,7 @@ allow mobile_log_d crash_dump:unix_stream_socket connectto; allow mobile_log_d ttyGS_device:chr_file { read write ioctl open }; # purpose: allow mobile_log_d to access persist.meta.connecttype -get_prop(mobile_log_d, meta_connecttype_prop); +get_prop(mobile_log_d, vendor_mtk_meta_connecttype_prop) # purpose: allow mobile_log_d to create socket allow mobile_log_d port:tcp_socket { name_connect name_bind }; @@ -58,7 +55,5 @@ allow mobile_log_d mobile_log_d:tcp_socket { bind setopt listen accept read writ allow mobile_log_d node:tcp_socket node_bind; # purpose: allow mobile_log_d to read system property init.svc.vendor. -get_prop(mobile_log_d, vendor_default_prop) - -# purpose: allow mobile_log_d to read persist.vendor.mtk.aee -get_prop(mobile_log_d, persist_mtk_aee_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(mobile_log_d, vendor_default_prop) diff --git a/non_plat/mtk_agpsd.te b/non_plat/mtk_agpsd.te index 5c71128..c9488e0 100644 --- a/non_plat/mtk_agpsd.te +++ b/non_plat/mtk_agpsd.te @@ -61,10 +61,14 @@ allow mtk_agpsd merged_hal_service:unix_dgram_socket sendto; allow mtk_agpsd rild:unix_dgram_socket sendto; # Allow libapmonitor to read the property of hwservicemanager.ready -get_prop(mtk_agpsd,hwservicemanager_prop) +get_prop(mtk_agpsd, hwservicemanager_prop) # Read the property of vendor.debug.gps.mnld.ne -get_prop(mtk_agpsd,mnld_prop) +get_prop(mtk_agpsd, vendor_mtk_mnld_prop) # Read the property of ro.vendor.mtk_log_hide_gps -get_prop(mtk_agpsd,mtk_gps_support_prop) +get_prop(mtk_agpsd, vendor_mtk_gps_support_prop) + +wakelock_use(mtk_agpsd) + +allow mtk_agpsd self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh }; diff --git a/non_plat/mtk_hal_audio.te b/non_plat/mtk_hal_audio.te index 48ef236..95a1b54 100644 --- a/non_plat/mtk_hal_audio.te +++ b/non_plat/mtk_hal_audio.te @@ -9,6 +9,7 @@ hal_client_domain(mtk_hal_audio, hal_allocator) hwbinder_use(mtk_hal_audio) wakelock_use(mtk_hal_audio); +add_hwservice(mtk_hal_audio, mtk_hal_bluetooth_audio_hwservice) allow mtk_hal_audio ion_device:chr_file r_file_perms; allow mtk_hal_audio system_file:dir { open read }; @@ -27,7 +28,8 @@ neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans; # mtk_hal_audio should never need network access. # Disallow network sockets. -neverallow mtk_hal_audio domain:{ tcp_socket udp_socket rawip_socket } *; +neverallow mtk_hal_audio domain:{ udp_socket rawip_socket } *; +neverallow mtk_hal_audio { domain userdebug_or_eng(`-su') }:tcp_socket *; # Date : WK14.32 # Operation : Migration @@ -88,7 +90,7 @@ allow mtk_hal_audio sdcard_type:file append; # Data : WK14.39 # Operation : Migration # Purpose : dump for debug -allow mtk_hal_audio audiohal_prop:property_service set; +set_prop(mtk_hal_audio, vendor_mtk_audiohal_prop) # Date : WK14.40 # Operation : Migration @@ -172,9 +174,7 @@ allow mtk_hal_audio tmpfs:dir search; # Purpose: Dump debug info allow mtk_hal_audio debugfs_binder:dir search; allow mtk_hal_audio kmsg_device:chr_file { open write }; -allow mtk_hal_audio property_socket:sock_file write; allow mtk_hal_audio fuse:file rw_file_perms; -allow mtk_hal_audio init:unix_stream_socket connectto; # Date : WK16.27 # Operation : Migration @@ -192,7 +192,7 @@ allow mtk_hal_audio sdcard_type:file { create_file_perms }; # Purpose: Allow to access ged for gralloc_extra functions allow mtk_hal_audio proc_ged:file rw_file_perms; -set_prop(mtk_hal_audio,hwservicemanager_prop); +set_prop(mtk_hal_audio, hwservicemanager_prop) allow mtk_hal_audio storage_file:dir search; # Fix bootup violation @@ -213,9 +213,8 @@ binder_call(mtk_hal_audio,audiocmdservice_atci); # Add for control PowerHAL -allow mtk_hal_audio mtk_hal_power_hwservice:hwservice_manager find; -binder_call(mtk_hal_audio, mtk_hal_power) -binder_call(mtk_hal_audio, merged_hal_service) +hal_client_domain(mtk_hal_audio, hal_power) + # cm4 smartpa allow mtk_hal_audio audio_ipi_device:chr_file { read write ioctl open }; allow mtk_hal_audio audio_scp_device:chr_file r_file_perms; @@ -235,3 +234,25 @@ allow mtk_hal_audio sysfs_dt_firmware_android:dir search; # Operation: adsp allow mtk_hal_audio adsp_device:file rw_file_perms; allow mtk_hal_audio adsp_device:chr_file rw_file_perms; + +# Date : 2020/3/21 +# Operation: audio dptx +allow mtk_hal_audio dri_device:chr_file rw_file_perms; +allow mtk_hal_audio gpu_device:dir search; + +allow mtk_hal_audio mtk_hal_bluetooth_audio_hwservice:hwservice_manager find; + +# Date : WK20.26 +allow mtk_hal_audio sysfs_dt_firmware_android:file r_file_perms; +allow mtk_hal_audio metadata_file:dir search; +allow mtk_hal_audio nvdata_file:dir create_dir_perms; + +# Date : WK20.29 +# Purpose: no trigger avc log when call nvram api +dontaudit mtk_hal_audio gsi_metadata_file:dir search; + +# Date : WK20.29 +# Operation : Migration +# Purpose : SoundTrigger Hal for tablet +allow mtk_hal_audio adsp_misc_device:chr_file rw_file_perms; +allow mtk_hal_audio self:netlink_kobject_uevent_socket getopt;
\ No newline at end of file diff --git a/non_plat/mtk_hal_bluetooth.te b/non_plat/mtk_hal_bluetooth.te index d51b29b..f84328d 100644 --- a/non_plat/mtk_hal_bluetooth.te +++ b/non_plat/mtk_hal_bluetooth.te @@ -46,4 +46,15 @@ allow hal_bluetooth_client mtk_hal_bluetooth_hwservice:hwservice_manager find; hal_server_domain(mtk_hal_bluetooth,hal_bluetooth); # Purpose: Allow BT Driver to insmod -allow mtk_hal_bluetooth wmt_prop:property_service set; +set_prop(mtk_hal_bluetooth, vendor_mtk_wmt_prop) + +# Date : 2019/10/30 +# Operation : get bt fw branch info, set to property for eng mode +# Purpose: get bt fw branch info, set to property for eng mode +allow mtk_hal_bluetooth proc_btdbg:file rw_file_perms; +set_prop(mtk_hal_bluetooth, vendor_mtk_wmt_prop) + +# Date : 2019/12/03 +# Operation : ability to enable bt driver thread as RT priority +# Purpose: ability to enable bt driver thread as RT priority +allow mtk_hal_bluetooth kernel:process setsched; diff --git a/non_plat/mtk_hal_camera.te b/non_plat/mtk_hal_camera.te index 489540a..3f98d04 100644 --- a/non_plat/mtk_hal_camera.te +++ b/non_plat/mtk_hal_camera.te @@ -29,7 +29,7 @@ hal_server_domain(mtk_hal_camera, mtk_hal_bgs) hwbinder_use(mtk_hal_camera) vndbinder_use(mtk_hal_camera) -allow mtk_hal_camera hwservicemanager_prop:file { open read getattr }; +get_prop(mtk_hal_camera, hwservicemanager_prop) # ----------------------------------- # Purpose: Allow camerahalserver to perform binder IPC to servers and callbacks. @@ -48,7 +48,7 @@ binder_call(mtk_hal_camera, aee_aedv) binder_call(mtk_hal_camera, hal_graphics_allocator) # call PowerHal -binder_call(mtk_hal_camera, mtk_hal_power) +hal_client_domain(mtk_hal_camera, hal_power) # ----------------------------------- # Purpose: Allow camerahalserver to find a service from hwservice_manager @@ -56,7 +56,6 @@ binder_call(mtk_hal_camera, mtk_hal_power) allow mtk_hal_camera hal_graphics_mapper_hwservice:hwservice_manager find; #allow mtk_hal_camera hal_graphics_allocator_hwservice:hwservice_manager find; allow mtk_hal_camera fwk_sensor_hwservice:hwservice_manager find; -allow mtk_hal_camera mtk_hal_power_hwservice:hwservice_manager find; allow mtk_hal_camera nvram_data_file:lnk_file { read write getattr setattr read create open }; allow mtk_hal_camera nvdata_file:lnk_file { read write getattr setattr read create open }; hal_client_domain(mtk_hal_camera, hal_graphics_allocator) @@ -99,7 +98,13 @@ allow mtk_hal_camera camera_wpe_device:chr_file rw_file_perms; allow mtk_hal_camera mtk_jpeg_device:chr_file r_file_perms; allow mtk_hal_camera ccu_device:chr_file rw_file_perms; + +# APUSYS allow mtk_hal_camera vpu_device:chr_file rw_file_perms; +allow mtk_hal_camera mdla_device:chr_file rw_file_perms; +allow mtk_hal_camera apusys_device:chr_file rw_file_perms; +allow mtk_hal_camera debugfs_apusys_midware_queue_vpu:file r_file_perms; +allow mtk_hal_camera debugfs_apusys_midware_queue_mdla:file r_file_perms; # Purpose: RSC driver allow mtk_hal_camera camera_rsc_device:chr_file rw_file_perms; @@ -110,7 +115,10 @@ allow mtk_hal_camera camera_owe_device:chr_file rw_file_perms; # Purpose: AF related allow mtk_hal_camera MAINAF_device:chr_file rw_file_perms; allow mtk_hal_camera MAIN2AF_device:chr_file rw_file_perms; +allow mtk_hal_camera MAIN3AF_device:chr_file rw_file_perms; +allow mtk_hal_camera MAIN4AF_device:chr_file rw_file_perms; allow mtk_hal_camera SUBAF_device:chr_file rw_file_perms; +allow mtk_hal_camera SUB2AF_device:chr_file rw_file_perms; allow mtk_hal_camera FM50AF_device:chr_file rw_file_perms; allow mtk_hal_camera AD5820AF_device:chr_file rw_file_perms; allow mtk_hal_camera DW9714AF_device:chr_file rw_file_perms; @@ -127,6 +135,7 @@ allow mtk_hal_camera BU64745GWZAF_device:chr_file rw_file_perms; allow mtk_hal_camera CAM_CAL_DRV_device:chr_file rw_file_perms; allow mtk_hal_camera CAM_CAL_DRV1_device:chr_file rw_file_perms; allow mtk_hal_camera CAM_CAL_DRV2_device:chr_file rw_file_perms; +allow mtk_hal_camera camera_eeprom_device:chr_file rw_file_perms; # ----------------------------------- # Purpose: Other device drivers used by camera @@ -160,11 +169,6 @@ allow mtk_hal_camera sdcard_type:dir { write add_name create }; allow mtk_hal_camera sdcard_type:file { append create getattr }; # ----------------------------------- -# Purpose: property access -# ----------------------------------- -allow mtk_hal_camera mtkcam_prop:file { open read getattr }; - -# ----------------------------------- # Android O # Purpose: Shell Debugging # ----------------------------------- @@ -257,13 +261,13 @@ allow mtk_hal_camera debugfs_tracing:file { write open }; ## Purpose : camera3 IT/CTS allow mtk_hal_camera debugfs_ion:dir search; allow mtk_hal_camera hal_graphics_composer_default:fd use; -allow mtk_hal_camera property_socket:sock_file write; # Date : WK17.30 # Operation : O Migration # Purpose: Allow to access cmdq driver -allow mtk_hal_camera mtk_cmdq_device:chr_file { read ioctl open }; -allow mtk_hal_camera mtk_mdp_device:chr_file rw_file_perms; +allow mtk_hal_camera mtk_cmdq_device:chr_file r_file_perms; +allow mtk_hal_camera mtk_mdp_device:chr_file r_file_perms; +allow mtk_hal_camera mtk_mdp_sync:chr_file r_file_perms; # Date : WK17.36 # Operation : O Migration @@ -274,7 +278,7 @@ allow mtk_hal_camera sysfs_batteryinfo:file { getattr open read }; # Date : WK17.39 # Operation : O Migration # Purpose: Change thermal config -allow mtk_hal_camera mtk_thermal_config_prop:property_service set; +set_prop(mtk_hal_camera, vendor_mtk_thermal_config_prop) # Date : WK18.31 # Stage: P Migration @@ -298,7 +302,7 @@ allow mtk_hal_camera aee_aedv:unix_stream_socket connectto; # Date : WK18.02 # Stage: O Migration # Purpose: ISP tuning remapping -allow mtk_hal_camera mediatek_prop:property_service set; +set_prop(mtk_hal_camera, vendor_mtk_mediatek_prop) # Date : WK18.22 # Stage: p Migration @@ -315,6 +319,30 @@ allow mtk_hal_camera nvcfg_file:file { read write getattr setattr open create }; allow mtk_hal_camera mnt_vendor_file:dir search; allow mtk_hal_camera mnt_vendor_file:file create_file_perms; +# AAO +allow mtk_hal_camera data_vendor_aao_file:dir create_dir_perms; +allow mtk_hal_camera data_vendor_aao_file:file create_file_perms; +allow mtk_hal_camera data_vendor_aaoHwBuf_file:dir create_dir_perms; +allow mtk_hal_camera data_vendor_aaoHwBuf_file:file create_file_perms; +allow mtk_hal_camera data_vendor_AAObitTrue_file:dir create_dir_perms; +allow mtk_hal_camera data_vendor_AAObitTrue_file:file create_file_perms; + +# Flash +allow mtk_hal_camera data_vendor_flash_file:dir create_dir_perms; +allow mtk_hal_camera data_vendor_flash_file:file create_file_perms; + +# Flicker +allow mtk_hal_camera data_vendor_flicker_file:dir create_dir_perms; +allow mtk_hal_camera data_vendor_flicker_file:file create_file_perms; + +# AFO +allow mtk_hal_camera data_vendor_afo_file:dir create_dir_perms; +allow mtk_hal_camera data_vendor_afo_file:file create_file_perms; + +# PDO +allow mtk_hal_camera data_vendor_pdo_file:dir create_dir_perms; +allow mtk_hal_camera data_vendor_pdo_file:file create_file_perms; + # Date : WK18.35 # Purpose: allow mtk_hal_camera to access gz_device node allow mtk_hal_camera gz_device:chr_file rw_file_perms; @@ -345,3 +373,11 @@ MTK_M4U_T_SEC_INIT # Operation : For android Q allowing ioctl allow mtk_hal_camera mtk_hal_camera:unix_stream_socket { ioctl }; allowxperm mtk_hal_camera mtk_hal_camera:unix_stream_socket ioctl IIOCNETAIF; + +# TODO(b/152082918): Hacks to get OpenCamera/CameraGo "work"ing. +allow mtk_hal_camera sysfs:file rw_file_perms; +allow mtk_hal_camera system_server:binder call; +allow mtk_hal_camera Vcodec_device:chr_file rw_file_perms; + +# Allow ReadDefaultFstab(). +read_fstab(mtk_hal_camera) diff --git a/non_plat/mtk_hal_gpu.te b/non_plat/mtk_hal_gpu.te index ab08bdd..4ce369d 100644 --- a/non_plat/mtk_hal_gpu.te +++ b/non_plat/mtk_hal_gpu.te @@ -31,9 +31,6 @@ hal_client_domain(mtk_hal_gpu, hal_allocator) # Purpose : Allow to use kernel driver allow mtk_hal_gpu graphics_device:chr_file rw_file_perms; -# Purpose : Allow permission to set pq property -#set_prop(mtk_hal_gpu, mtk_gpu_prop) - allow mtk_hal_gpu debugfs_ged:dir rw_dir_perms; allow mtk_hal_gpu debugfs_ged:file rw_file_perms; allow mtk_hal_gpu proc_ged:file rw_file_perms; diff --git a/non_plat/mtk_hal_hdmi.te b/non_plat/mtk_hal_hdmi.te index a1995ca..7bfefb2 100644 --- a/non_plat/mtk_hal_hdmi.te +++ b/non_plat/mtk_hal_hdmi.te @@ -45,4 +45,4 @@ hal_client_domain(mtk_hal_hdmi, hal_keymaster) allow mtk_hal_hdmi mtk_hal_keymanage_hwservice:hwservice_manager find; # Purpose : Allow permission to set hdmi property -set_prop(mtk_hal_hdmi, mtk_hdmi_prop); +set_prop(mtk_hal_hdmi, vendor_mtk_hdmi_prop) diff --git a/non_plat/mtk_hal_imsa.te b/non_plat/mtk_hal_imsa.te index bb04277..b926716 100644 --- a/non_plat/mtk_hal_imsa.te +++ b/non_plat/mtk_hal_imsa.te @@ -25,11 +25,11 @@ allow mtk_hal_imsa rild_imsm_socket:sock_file write; # Date : 2017/06/08 # Operation : IMSA sanity # Purpose : Add permission for IMSA connect to hwservicemanager -allow mtk_hal_imsa hwservicemanager_prop:file { read open }; -allow mtk_hal_imsa hwservicemanager_prop:file getattr; +get_prop(mtk_hal_imsa, hwservicemanager_prop) +get_prop(mtk_hal_imsa, hwservicemanager_prop) # Date : 2017/06/13 # Operation : IMSA sanity # Purpose : Add permission for IMSA to access radio allow mtk_hal_imsa radio:binder call; -allow mtk_hal_imsa debugfs_tracing:file { write open };
\ No newline at end of file +allow mtk_hal_imsa debugfs_tracing:file { write open }; diff --git a/non_plat/mtk_hal_mms.te b/non_plat/mtk_hal_mms.te index a78247c..d5e62b1 100644 --- a/non_plat/mtk_hal_mms.te +++ b/non_plat/mtk_hal_mms.te @@ -5,7 +5,7 @@ # Type Declaration # ============================================== -type mtk_hal_mms, domain; +type mtk_hal_mms, domain, mtk_safe_halserverdomain_type; type mtk_hal_mms_exec, exec_type, file_type, vendor_file_type; # ============================================== @@ -16,7 +16,7 @@ type mtk_hal_mms_exec, exec_type, file_type, vendor_file_type; init_daemon_domain(mtk_hal_mms) # Allow to use HWBinder IPC -hwbinder_use(mtk_hal_mms); +hwbinder_use(mtk_hal_mms) # Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. hal_server_domain(mtk_hal_mms, hal_mms) @@ -27,14 +27,15 @@ add_hwservice(hal_mms_server, mtk_hal_mms_hwservice) # Purpose : Allow to use kernel driver allow mtk_hal_mms graphics_device:chr_file { read write open ioctl }; allow mtk_hal_mms ion_device:chr_file { read open ioctl }; -allow mtk_hal_mms mtk_cmdq_device:chr_file { read open ioctl }; -allow mtk_hal_mms mtk_mdp_device:chr_file rw_file_perms; -allow mtk_hal_mms sw_sync_device:chr_file rw_file_perms; -allow mtk_hal_mms mtk_hal_pq_hwservice:hwservice_manager find; +allow mtk_hal_mms mtk_cmdq_device:chr_file r_file_perms; +allow mtk_hal_mms mtk_mdp_device:chr_file r_file_perms; +allow mtk_hal_mms mtk_mdp_sync:chr_file r_file_perms; +allow mtk_hal_mms sw_sync_device:chr_file r_file_perms; # Purpose : Allow to use allocator for JPEG hal_client_domain(mtk_hal_mms, hal_allocator) -allow mtk_hal_mms mtk_hal_pq:binder call; +hal_client_domain(mtk_hal_mms, hal_graphics_allocator) +hal_client_domain(mtk_hal_mms, hal_pq) # Purpose : Allow to use graphics allocator fd for gralloc_extra allow mtk_hal_mms hal_graphics_allocator_default:fd use; @@ -51,7 +52,11 @@ allowxperm mtk_hal_mms proc_mtk_jpeg:file ioctl { JPG_BRIDGE_ENC_IO_DEINIT JPG_BRIDGE_ENC_IO_START }; -# Allow to use mms by JPEG with handle + +# Purpose : Allow to use mms by JPEG with handle allow mtk_hal_mms platform_app:fd use; # Purpose : Allow Miravision to set Sharpness allow mtk_hal_mms system_app:fd use; + +# Purpose : Allow to set property for AIPQ +allow mtk_hal_mms apusys_device:chr_file rw_file_perms; diff --git a/non_plat/mtk_hal_power.te b/non_plat/mtk_hal_power.te index d6de04d..d2d9f86 100644 --- a/non_plat/mtk_hal_power.te +++ b/non_plat/mtk_hal_power.te @@ -6,14 +6,6 @@ type mtk_hal_power_exec, exec_type, file_type, vendor_file_type; # hwbinder access init_daemon_domain(mtk_hal_power) -hwbinder_use(mtk_hal_power); - -get_prop(mtk_hal_power, hwservicemanager_prop) -allow mtk_hal_power hal_power_hwservice:hwservice_manager { add find }; -allow mtk_hal_power hidl_base_hwservice:hwservice_manager add; - -add_hwservice(mtk_hal_power, mtk_hal_power_hwservice) -allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find; hal_server_domain(mtk_hal_power, hal_power); hal_server_domain(mtk_hal_power, hal_wifi); @@ -72,7 +64,7 @@ allow mtk_hal_power proc_net:file w_file_perms; allow mtk_hal_power mediacodec:dir r_dir_perms; allow mtk_hal_power mediacodec:file r_file_perms; -set_prop(mtk_hal_power, mtk_thermal_config_prop) +set_prop(mtk_hal_power, vendor_mtk_thermal_config_prop) # Date : 2018/03/16 # Operation: SQC @@ -127,7 +119,7 @@ allow mtk_hal_power debugfs_eara_thermal:file { getattr open write read }; # Date : 2019/05/22 # Operation: SQC # Purpose : Allow powerHAL to access prop -set_prop(mtk_hal_power, mtk_powerhal_prop) +set_prop(mtk_hal_power, vendor_mtk_powerhal_prop) # Date : 2019/05/29 # Operation: SQC @@ -140,7 +132,7 @@ allowxperm mtk_hal_power self:udp_socket ioctl priv_sock_ioctls; # Date : W19.20 # Operation : MTK power hal migration # Purpose : MTK power hal interface permission -set_prop(mtk_hal_power, mtk_powerhal_prop) +set_prop(mtk_hal_power, vendor_mtk_powerhal_prop) # Date : 2019/09/05 # Operation: SQC @@ -161,6 +153,14 @@ allow mtk_hal_power sysfs_fbt_cpu:dir r_dir_perms; allow mtk_hal_power sysfs_fbt_cpu:file rw_file_perms; allow mtk_hal_power sysfs_fbt_fteh:dir r_dir_perms; allow mtk_hal_power sysfs_fbt_fteh:file rw_file_perms; +allow mtk_hal_power sysfs_xgf:dir r_dir_perms; +allow mtk_hal_power sysfs_xgf:file rw_file_perms; +allow mtk_hal_power sysfs_fpsgo:dir r_dir_perms; +allow mtk_hal_power sysfs_fpsgo:file rw_file_perms; +allow mtk_hal_power sysfs_gbe:dir r_dir_perms; +allow mtk_hal_power sysfs_gbe:file rw_file_perms; +allow mtk_hal_power gbe_native:dir r_dir_perms; +allow mtk_hal_power gbe_native:file r_file_perms; # Date : 2019/09/17 # Operation: SQC @@ -175,3 +175,37 @@ allow mtk_hal_power sysfs_pftch_qos:file rw_file_perms; # Purpose : Add f2fs permission allow mtk_hal_power sysfs_fs_f2fs:dir r_dir_perms; allow mtk_hal_power sysfs_fs_f2fs:file rw_file_perms; + +# Date : 2019/09/19 +# Operation: SQC +# Purpose : Add task turbo +allow mtk_hal_power sysfs_task_turbo:dir r_dir_perms; +allow mtk_hal_power sysfs_task_turbo:file rw_file_perms; + +# Date : 2019/09/23 +# Operation: SQC +# Purpose : Allow powerHAL to access touch boost +allow mtk_hal_power sysfs_change_rate:file rw_file_perms; + + +# Date : 2019/10/16 +# Operation: SQC +allow mtk_hal_power sysfs_ext4_disable_barrier:file write; +allow mtk_hal_power block_device:dir search; + +# Date : 2019/11/14 +# Operation: SQC +# Purpose : Allow powerhal to control MCDI +allow mtk_hal_power proc_cpuidle:dir r_dir_perms; +allow mtk_hal_power proc_cpuidle:file rw_file_perms; + +# Date : 2020/06/12 +# Operation: SQC +# Purpose : Allow powerhal to control mali power policy +allow mtk_hal_power sysfs_mali_power_policy:file rw_file_perms; + +# Date : 2020/06/12 +# Operation: SQC +# Purpose : Allow powerhal to control displowpower +allow mtk_hal_power proc_displowpower:dir r_dir_perms; +allow mtk_hal_power proc_displowpower:file rw_file_perms; diff --git a/non_plat/mtk_hal_pq.te b/non_plat/mtk_hal_pq.te index 87b6c59..ed2cec3 100644 --- a/non_plat/mtk_hal_pq.te +++ b/non_plat/mtk_hal_pq.te @@ -30,12 +30,12 @@ hal_client_domain(mtk_hal_pq, hal_allocator) # Purpose : Allow to use kernel driver allow mtk_hal_pq graphics_device:chr_file { read write open ioctl }; -# Purpose : Allow property set -allow mtk_hal_pq init:unix_stream_socket connectto; -allow mtk_hal_pq property_socket:sock_file write; - # Purpose : Allow permission to get AmbientLux from hwservice_manager allow mtk_hal_pq fwk_sensor_hwservice:hwservice_manager find; # Purpose : Allow permission to set pq property -set_prop(mtk_hal_pq, mtk_pq_prop) +set_prop(mtk_hal_pq, vendor_mtk_pq_prop) + +# Purpose : +allow mtk_hal_pq gpu_device:dir search; +allow mtk_hal_pq dri_device:chr_file rw_file_perms; diff --git a/non_plat/mtk_hal_secure_element.te b/non_plat/mtk_hal_secure_element.te index bb51108..9151c82 100644 --- a/non_plat/mtk_hal_secure_element.te +++ b/non_plat/mtk_hal_secure_element.te @@ -15,4 +15,4 @@ hal_client_domain(mtk_hal_secure_element, hal_telephony) allow mtk_hal_secure_element hal_telephony_hwservice:hwservice_manager find; # Allow to use persist.radio.multisim.config -get_prop(mtk_hal_secure_element, exported3_radio_prop) +get_prop(mtk_hal_secure_element, radio_control_prop) diff --git a/non_plat/mtk_hal_sensors.te b/non_plat/mtk_hal_sensors.te index 6ecacea..fddf5a7 100644 --- a/non_plat/mtk_hal_sensors.te +++ b/non_plat/mtk_hal_sensors.te @@ -52,6 +52,7 @@ allow mtk_hal_sensors m_situ_misc_device:chr_file rw_file_perms; allow mtk_hal_sensors m_step_c_misc_device:chr_file rw_file_perms; allow mtk_hal_sensors m_fusion_misc_device:chr_file rw_file_perms; allow mtk_hal_sensors m_bio_misc_device:chr_file rw_file_perms; +allow mtk_hal_sensors hf_manager_device:chr_file rw_file_perms; # Access mtk sensor setting and calibration node. # for data @@ -70,3 +71,7 @@ allow mtk_hal_sensors mnt_vendor_file:dir search; # Date : WK19.48 # Purpose: fix [vts_10.0_r2]VtsHalSensorsV2_0Target fail allow mtk_hal_sensors merged_hal_service:fd use; + +# Date : WK20.25 +# Purpose: Allow to read /bus/platform/drivers/mtk_nanohub/state +allow mtk_hal_sensors sysfs_mtk_nanohub_state:file r_file_perms; diff --git a/non_plat/mtk_hal_usb.te b/non_plat/mtk_hal_usb.te new file mode 100644 index 0000000..fc84380 --- /dev/null +++ b/non_plat/mtk_hal_usb.te @@ -0,0 +1,11 @@ +type mtk_hal_usb, domain; +hal_server_domain(mtk_hal_usb, hal_usb) +hal_server_domain(mtk_hal_usb, hal_usb_gadget) + +type mtk_hal_usb_exec, exec_type, file_type, vendor_file_type; +init_daemon_domain(mtk_hal_usb) + +r_dir_file(mtk_hal_usb, sysfs_usb_nonplat) +allow mtk_hal_usb sysfs_usb_nonplat:file w_file_perms; + +set_prop(mtk_hal_usb, vendor_mtk_usb_prop) diff --git a/non_plat/mtk_wmt_launcher.te b/non_plat/mtk_wmt_launcher.te index f0bc360..6aca1be 100644 --- a/non_plat/mtk_wmt_launcher.te +++ b/non_plat/mtk_wmt_launcher.te @@ -14,7 +14,7 @@ type mtk_wmt_launcher_exec , exec_type, file_type, vendor_file_type; init_daemon_domain(mtk_wmt_launcher) # set the property -set_prop(mtk_wmt_launcher, wmt_prop) +set_prop(mtk_wmt_launcher, vendor_mtk_wmt_prop) # add ioctl/open/read/write permission for mtk_wmt_launcher with /dev/stpwmt allow mtk_wmt_launcher stpwmt_device:chr_file rw_file_perms; diff --git a/non_plat/mtkbootanimation.te b/non_plat/mtkbootanimation.te index 4c56c81..5e8c79e 100644 --- a/non_plat/mtkbootanimation.te +++ b/non_plat/mtkbootanimation.te @@ -1,11 +1,6 @@ # ============================================== # MTK Policy Rule -# ============ - -# Date : WK14.37 -# Operation : Migration -# Purpose : for opetator -allow mtkbootanimation bootani_prop:property_service set; +# ============================================== # Date : WK14.46 # Operation : Migration diff --git a/non_plat/mtkrild.te b/non_plat/mtkrild.te index 3e7ec04..82cc1e5 100644 --- a/non_plat/mtkrild.te +++ b/non_plat/mtkrild.te @@ -24,20 +24,16 @@ allow mtkrild cgroup:dir create_dir_perms; # Property service # allow set RIL related properties (radio./net./system./etc) -#set_prop(mtkrild, radio_prop) -#set_prop(mtkrild, net_radio_prop) -#set_prop(mtkrild, system_radio_prop) -auditallow mtkrild net_radio_prop:property_service set; -auditallow mtkrild system_radio_prop:property_service set; -set_prop(mtkrild, ril_active_md_prop) +set_prop(mtkrild, vendor_mtk_ril_active_md_prop) + # allow set muxreport control properties -set_prop(mtkrild, ril_cdma_report_prop) -set_prop(mtkrild, ril_mux_report_case_prop) -set_prop(mtkrild, ctl_muxreport-daemon_prop) +set_prop(mtkrild, vendor_mtk_ril_cdma_report_prop) +set_prop(mtkrild, vendor_mtk_ril_mux_report_case_prop) +set_prop(mtkrild, vendor_mtk_ctl_muxreport-daemon_prop) #Dat: 2017/02/14 #Purpose: allow set telephony Sensitive property -set_prop(mtkrild, mtk_telephony_sensitive_prop) +set_prop(mtkrild, vendor_mtk_telephony_sensitive_prop) # Access to wake locks wakelock_use(mtkrild) @@ -57,9 +53,10 @@ allow mtkrild sdcardfs:dir r_dir_perms; allow mtkrild proc_net:file w_file_perms; # Set and get routes directly via netlink. -allow mtkrild self:netlink_route_socket nlmsg_write; +allow mtkrild self:netlink_route_socket { nlmsg_write bind nlmsg_readpriv nlmsg_getneigh }; # Allow read/write to devices/files +allow mtkrild mtk_radio_device:dir search; allow mtkrild radio_device:chr_file rw_file_perms; allow mtkrild radio_device:blk_file r_file_perms; allow mtkrild mtd_device:dir search; @@ -101,21 +98,21 @@ allow mtkrild node:rawip_socket node_bind; #Date : W18.15 #Purpose: allow rild access to vendor.ril.ipo system property -set_prop(mtkrild, vendor_ril_ipo_prop) +set_prop(mtkrild, vendor_mtk_ril_ipo_prop) # Date : WK18.16 # Operation: P migration -# Purpose: Allow mtkrild to get tel_switch_prop -get_prop(mtkrild, tel_switch_prop) +# Purpose: Allow mtkrild to get vendor_mtk_tel_switch_prop +get_prop(mtkrild, vendor_mtk_tel_switch_prop) #Date: W1817 -#Purpose: allow rild access property of vendor_radio_prop -set_prop(mtkrild, vendor_radio_prop) +#Purpose: allow rild access property of vendor_mtk_radio_prop +set_prop(mtkrild, vendor_mtk_radio_prop) # Date : WK18.26 # Operation: P migration # Purpose: Allow carrier express HIDL to set vendor property -set_prop(mtkrild, mtk_cxp_vendor_prop) +set_prop(mtkrild, vendor_mtk_cxp_vendor_prop) allow mtkrild mnt_vendor_file:dir search; allow mtkrild mnt_vendor_file:file create_file_perms; allow mtkrild nvdata_file:dir create_dir_perms; @@ -124,9 +121,13 @@ allow mtkrild nvdata_file:file create_file_perms; # Date : WK18.31 # Operation: P migration # Purpose: Allow supplementary service HIDL to set vendor property -set_prop(mtkrild, mtk_ss_vendor_prop) +set_prop(mtkrild, vendor_mtk_ss_vendor_prop) # Date : WK19.43 # Purpose: Allow wfc module from rild read system property from wfc module -get_prop(mtkrild, mtk_wfc_serv_prop) +get_prop(mtkrild, vendor_mtk_wfc_serv_prop) +# Date : 2020/06/11 +# Operation: R migration +# Purpose: Allow mtkrild to get system_boot_reason_prop +get_prop(mtkrild, system_boot_reason_prop) diff --git a/non_plat/muxreport.te b/non_plat/muxreport.te index 1b7243b..efc7baf 100644 --- a/non_plat/muxreport.te +++ b/non_plat/muxreport.te @@ -14,7 +14,7 @@ init_daemon_domain(muxreport) # Property service # allow set muxreport control properties -set_prop(muxreport, ril_mux_report_case_prop) +set_prop(muxreport, vendor_mtk_ril_mux_report_case_prop) # Allow read/write to devices/files allow muxreport ccci_device:chr_file { rw_file_perms }; @@ -27,10 +27,10 @@ allow muxreport sysfs_ccci:file r_file_perms; # Date : WK18.16 # Operation: P migration -# Purpose: Allow muxreport to get tel_switch_prop -get_prop(muxreport, tel_switch_prop) +# Purpose: Allow muxreport to get vendor_mtk_tel_switch_prop +get_prop(muxreport, vendor_mtk_tel_switch_prop) #Date: W1824 -#Purpose: allow muxreport access property of vendor_radio_prop -set_prop(muxreport, vendor_radio_prop) +#Purpose: allow muxreport access property of vendor_mtk_radio_prop +set_prop(muxreport, vendor_mtk_radio_prop) diff --git a/non_plat/netd.te b/non_plat/netd.te index f13fc65..a41c79c 100644 --- a/non_plat/netd.te +++ b/non_plat/netd.te @@ -60,4 +60,9 @@ allow netd untrusted_app:unix_stream_socket { read write getopt setopt}; allow netd isolated_app:fd use; # MTK support antutu feature -get_prop(netd, mtk_antutu_prop); +get_prop(netd, vendor_mtk_antutu_prop) + +userdebug_or_eng(` + allow netd mobile_log_d:fd use; + allow netd mobile_log_d:tcp_socket {read write getopt setopt}; +') diff --git a/non_plat/netdiag.te b/non_plat/netdiag.te index cb19c48..0b4e1ee 100644 --- a/non_plat/netdiag.te +++ b/non_plat/netdiag.te @@ -1,3 +1,7 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + # Purpose : for access storage file allow netdiag sdcard_type:dir create_dir_perms; allow netdiag sdcard_type:file create_file_perms; @@ -14,15 +18,9 @@ allow netdiag vfat:dir create_dir_perms; allow netdiag vfat:file create_file_perms; allow netdiag tmpfs:lnk_file read; -#Purpose : for network log property -set_prop(netdiag, debug_netlog_prop) -set_prop(netdiag, persist_mtklog_prop) -set_prop(netdiag, debug_mtklog_prop) - -# Purpose : for acess /system/bin/toybox, mmc_prop,proc_net and safemode_prop -allow netdiag device_logging_prop:file { getattr open }; -allow netdiag mmc_prop:file { getattr open }; - # purpose: allow netdiag to access storage in new version allow netdiag media_rw_data_file:file { create_file_perms }; allow netdiag media_rw_data_file:dir { create_dir_perms }; + +# purpose: read ip address +allow netdiag self:netlink_route_socket nlmsg_readpriv;
\ No newline at end of file diff --git a/non_plat/nvram_agent_binder.te b/non_plat/nvram_agent_binder.te index 6655e6e..3003524 100644 --- a/non_plat/nvram_agent_binder.te +++ b/non_plat/nvram_agent_binder.te @@ -55,8 +55,8 @@ hal_server_domain(nvram_agent_binder, hal_nvramagent) # Date : WK18.16 # Operation: P migration -# Purpose: Allow nvram_daemon to get tel_switch_prop -get_prop(nvram_daemon, tel_switch_prop) +# Purpose: Allow nvram_daemon to get vendor_mtk_tel_switch_prop +get_prop(nvram_daemon, vendor_mtk_tel_switch_prop) # Date : WK18.21 # Operation: P migration diff --git a/non_plat/nvram_daemon.te b/non_plat/nvram_daemon.te index 71db04c..a7128c4 100644 --- a/non_plat/nvram_daemon.te +++ b/non_plat/nvram_daemon.te @@ -37,7 +37,6 @@ allow nvram_daemon als_ps_device:chr_file r_file_perms; allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms; allow nvram_daemon gsensor_device:chr_file r_file_perms; allow nvram_daemon gyroscope_device:chr_file r_file_perms; -allow nvram_daemon init:unix_stream_socket connectto; # Purpose: for property set allow nvram_daemon self:capability { fowner chown fsetid }; @@ -57,7 +56,7 @@ allow nvram_daemon kmsg_device:chr_file w_file_perms; allow nvram_daemon proc_lk_env:file rw_file_perms; # Purpose: property set -allow nvram_daemon service_nvram_init_prop:property_service set; +set_prop(nvram_daemon, vendor_mtk_service_nvram_init_prop) # Purpose: copy /fstab* allow nvram_daemon rootfs:dir { read open }; @@ -67,18 +66,15 @@ allow nvram_daemon rootfs:file r_file_perms; allow nvram_daemon nvram_data_file:lnk_file unlink; # Purpose: for setting property -# ro.wlan.mtk.wifi.5g relabel to wifi_5g_prop -# denied { set } for property=ro.wlan.mtk.wifi.5g pid=242 uid=0 gid=1000 scontext=u:r:nvram_daemon:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1 -set_prop(nvram_daemon, service_nvram_init_prop) -set_prop(nvram_daemon, wifi_5g_prop) +set_prop(nvram_daemon, vendor_mtk_service_nvram_init_prop) #WK17.26 camera 8163 allow nvram_daemon sysfs:dir read; # Date : WK18.16 # Operation: P migration -# Purpose: Allow nvram_daemon to get tel_switch_prop -get_prop(nvram_daemon, tel_switch_prop) +# Purpose: Allow nvram_daemon to get vendor_mtk_tel_switch_prop +get_prop(nvram_daemon, vendor_mtk_tel_switch_prop) # Date : WK18.21 # Operation: P migration @@ -88,3 +84,5 @@ allow nvram_daemon self:capability { fowner chown fsetid }; allow nvram_daemon sysfs_boot_mode:file r_file_perms; +# Allow ReadDefaultFstab(). +read_fstab(nvram_daemon) diff --git a/non_plat/platform_app.te b/non_plat/platform_app.te index 33178e0..182c563 100644 --- a/non_plat/platform_app.te +++ b/non_plat/platform_app.te @@ -2,7 +2,8 @@ # MTK Policy Rule # ============================================== -typeattribute platform_app mlstrustedsubject; +# GOOGLE commented out. Causes screenshots to fail. See b/169108544. +# typeattribute platform_app mlstrustedsubject; # Date : 2017/07/03 # Operation : Migration @@ -90,25 +91,6 @@ hal_client_domain(platform_app, mtk_hal_fm) # Package: com.mediatek.mtklogger hal_client_domain(platform_app, mtk_hal_log) -# Date: 2018/06/08 -# Operation : Migration -# Purpose : MTKLogger need get netlog/mdlog/mobilelog property for property change -# Package: com.mediatek.mtklogger -# allow platform_app debug_mdlogger_prop:file r_file_perms; -# allow platform_app debug_mtklog_prop:file r_file_perms; -get_prop(platform_app, debug_mdlogger_prop) -get_prop(platform_app, debug_mtklog_prop) -get_prop(platform_app, vendor_bluetooth_prop) -get_prop(platform_app, mobile_log_prop) - -get_prop(platform_app, vendor_connsysfw_prop) - -# Date: 2018/11/08 -# Operation : JPEG -# Purpose : JPEG need to use PQ via MMS HIDL -allow platform_app mtk_hal_mms_hwservice:hwservice_manager find; -allow platform_app mtk_hal_mms:binder call; - # Date: 2019/07/04 # Stage: Migration # Purpose: Allow to use lomo effect @@ -125,3 +107,12 @@ binder_call(platform_app, mtk_hal_bgs) binder_call(mtk_hal_bgs, platform_app) binder_call(platform_app, mtk_hal_camera) binder_call(mtk_hal_camera, platform_app) + +# Date: 2020/06/08 +# Purpose: Allow platform app to access mtk jpeg +allow platform_app proc_mtk_jpeg:file rw_file_perms; +allowxperm platform_app proc_mtk_jpeg:file ioctl { + JPG_BRIDGE_DEC_IO_LOCK + JPG_BRIDGE_DEC_IO_WAIT + JPG_BRIDGE_DEC_IO_UNLOCK +}; diff --git a/non_plat/priv_app.te b/non_plat/priv_app.te new file mode 100644 index 0000000..87ecde1 --- /dev/null +++ b/non_plat/priv_app.te @@ -0,0 +1,12 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +# Date: 2020/06/08 +# Purpose: Allow private app to access mtk jpeg +allow priv_app proc_mtk_jpeg:file rw_file_perms; +allowxperm priv_app proc_mtk_jpeg:file ioctl { + JPG_BRIDGE_DEC_IO_LOCK + JPG_BRIDGE_DEC_IO_WAIT + JPG_BRIDGE_DEC_IO_UNLOCK +}; diff --git a/non_plat/property.te b/non_plat/property.te index 5a920c3..0daf09f 100644 --- a/non_plat/property.te +++ b/non_plat/property.te @@ -10,244 +10,169 @@ # vendor_restricted_prop -- Properties which can't be written outside vendor # vendor_public_prop -- Properties with no restrictions -# Properties used only in /vendor -vendor_internal_prop(ctl_gsm0710muxd_prop) -vendor_internal_prop(ctl_gsm0710muxd-s_prop) -vendor_internal_prop(ctl_gsm0710muxd-d_prop) -vendor_internal_prop(ctl_viarild_prop) -vendor_internal_prop(ctl_ril-daemon-mtk_prop) -vendor_internal_prop(ctl_fusion_ril_mtk_prop) -vendor_internal_prop(ctl_ril-daemon-s_prop) -vendor_internal_prop(ctl_ril-daemon-d_prop) -vendor_internal_prop(ctl_ril-proxy_prop) -vendor_internal_prop(ctl_ccci_fsd_prop) -vendor_internal_prop(ctl_ccci2_fsd_prop) -vendor_internal_prop(ctl_ccci3_fsd_prop) +# TODO: Remove after fixing Modem SEPolicy +vendor_internal_prop(ril_mux_report_case_prop) vendor_internal_prop(ctl_muxreport-daemon_prop) -vendor_internal_prop(ctl_emcsmdlogger_prop) -vendor_internal_prop(ctl_eemcs_fsd_prop) -vendor_internal_prop(mtk_powerhal_prop) -vendor_internal_prop(mtk_wfc_serv_prop) -vendor_internal_prop(ctl_mdlogger_prop) -vendor_internal_prop(ctl_emdlogger1_prop) -vendor_internal_prop(ctl_emdlogger2_prop) -vendor_internal_prop(ctl_emdlogger3_prop) -vendor_internal_prop(ctl_dualmdlogger_prop) -vendor_internal_prop(init_svc_emdlogger1_prop) -vendor_internal_prop(init_svc_aee_aedv_prop) - -# Properties which can't be written outside vendor -vendor_restricted_prop(mtk_nn_option_prop) -vendor_restricted_prop(mtk_volte_prop) -vendor_restricted_prop(mtk_cxp_vendor_prop) -vendor_restricted_prop(mtk_antutu_prop) -vendor_restricted_prop(mtk_ss_vendor_prop) -vendor_restricted_prop(atm_ipaddr_prop) -vendor_restricted_prop(mtkcam_prop) -vendor_restricted_prop(graphics_hwc_hdr_prop) -vendor_restricted_prop(graphics_hwc_latch_unsignaled_prop) -vendor_restricted_prop(graphics_hwc_pid_prop) -vendor_restricted_prop(mtk_thermal_config_prop) -vendor_restricted_prop(mtk_telephony_sensitive_prop) -vendor_restricted_prop(meta_connecttype_prop) -vendor_restricted_prop(mtk_debug_md_reset_prop) -vendor_restricted_prop(wmt_prop) -vendor_restricted_prop(ril_active_md_prop) -vendor_restricted_prop(vendor_usb_prop) -vendor_restricted_prop(tel_switch_prop) -vendor_restricted_prop(mtk_nvram_ready_prop) -vendor_restricted_prop(mtk_wifi_hotspot_prop) -vendor_restricted_prop(mtk_hdmi_prop) -vendor_restricted_prop(mtk_default_prop) -vendor_restricted_prop(vendor_ril_ipo_prop) -vendor_restricted_prop(gsm0710muxd_prop) -vendor_restricted_prop(mtk_wifi_prop) -vendor_restricted_prop(persist_mtk_aeev_prop) -vendor_restricted_prop(persist_aeev_prop) -vendor_restricted_prop(debug_mtk_aeev_prop) -vendor_restricted_prop(ro_mtk_aee_prop) -vendor_restricted_prop(ril_mux_report_case_prop) -vendor_restricted_prop(ril_cdma_report_prop) -vendor_restricted_prop(mtk_md_prop) -vendor_restricted_prop(mnld_prop) -vendor_restricted_prop(audiohal_prop) -vendor_restricted_prop(coredump_prop) -vendor_restricted_prop(net_cdma_mdmstat) -vendor_restricted_prop(persist_bt_prop) -vendor_restricted_prop(vendor_factory_idle_state_prop) -vendor_restricted_prop(service_nvram_init_prop) -vendor_restricted_prop(wifi_5g_prop) -vendor_restricted_prop(mtk_em_prop) -vendor_restricted_prop(mediatek_prop) -vendor_restricted_prop(mtk_em_hidl_prop) -vendor_restricted_prop(mtk_operator_id_prop) -vendor_restricted_prop(mtk_simswitch_emmode_prop) -vendor_restricted_prop(mtk_dsbp_support_prop) -vendor_restricted_prop(mtk_imstestmode_prop) -vendor_restricted_prop(mtk_smsformat_prop) -vendor_restricted_prop(mtk_gprs_prefer_prop) -vendor_restricted_prop(mtk_testsim_cardtype_prop) -vendor_restricted_prop(mtk_ct_ir_engmode_prop) -vendor_restricted_prop(mtk_disable_c2k_cap_prop) -vendor_restricted_prop(mtk_omx_log_prop) -vendor_restricted_prop(mtk_vdec_log_prop) -vendor_restricted_prop(mtk_vdectlc_log_prop) -vendor_restricted_prop(mtk_venc_h264_showlog_prop) -vendor_restricted_prop(mtk_modem_warning_prop) -vendor_restricted_prop(ctl_mobile_log_d_prop) -vendor_restricted_prop(ctl_mnld_prop) -vendor_restricted_prop(ctl_mobicore_prop) -vendor_restricted_prop(atm_mdmode_prop) -vendor_restricted_prop(vendor_radio_prop) -vendor_restricted_prop(mtk_ct_volte_prop) -vendor_restricted_prop(mtk_ril_mode_prop) -vendor_restricted_prop(mtk_gps_support_prop) -vendor_restricted_prop(mtk_rat_config_prop) -vendor_restricted_prop(mtk_aal_ro_prop) -vendor_restricted_prop(mtk_pq_ro_prop) -vendor_restricted_prop(mtk_pq_prop) -vendor_restricted_prop(mtk_emmc_support_prop) -vendor_restricted_prop(vendor_em_usb_prop) -vendor_restricted_prop(vendor_usb_otg_switch) -vendor_restricted_prop(mtk_anr_support_prop) -vendor_restricted_prop(mtk_appresolutiontuner_prop) -vendor_restricted_prop(mtk_fullscreenswitch_prop) -vendor_restricted_prop(mtk_malloc_debug_backtrace_prop) -vendor_restricted_prop(mtk_voicerecgnize_prop) -vendor_restricted_prop(persist_service_atci_prop) -vendor_restricted_prop(mtk_atci_prop) -vendor_restricted_prop(mtk_net_ipv6_prop) -vendor_restricted_prop(usp_prop) -vendor_restricted_prop(mtk_md_version_prop) -vendor_restricted_prop(mtk_bt_sap_enable_prop) +vendor_internal_prop(usp_prop) +vendor_internal_prop(mtk_default_prop) -# Properties used only in /system -system_internal_prop(debug_mtklog_prop) -system_internal_prop(persist_mtklog_prop) -system_internal_prop(debug_netlog_prop) -system_internal_prop(debug_mdlogger_prop) -system_internal_prop(vendor_mdl_prop) -system_internal_prop(vendor_mdl_start_prop) -system_internal_prop(persist_mdlog_prop) -system_internal_prop(vendor_mdl_pulllog_prop) -system_internal_prop(persist_aee_prop) -system_internal_prop(debug_mtk_aee_prop) -system_internal_prop(debug_bq_dump_prop) -system_internal_prop(bootani_prop) -system_internal_prop(mobile_log_prop) -system_internal_prop(mtk_em_sys_prop) -system_internal_prop(mtk_em_net_auto_tethering_prop) -system_internal_prop(mtk_bgdata_disabled) -system_internal_prop(mtk_telecom_vibrate) -system_internal_prop(mtk_gprs_attach_type) -system_internal_prop(mtk_power_off_md_type) -system_internal_prop(vendor_connsysfw_prop) -system_internal_prop(vendor_bluetooth_prop) -system_internal_prop(vendor_sim_system_prop) -system_internal_prop(persist_xcap_rawurl_prop) -system_internal_prop(usp_srv_prop) -system_internal_prop(logmuch_prop) +# Properties used only in /vendor +vendor_internal_prop(vendor_mtk_ctl_ccci2_fsd_prop) +vendor_internal_prop(vendor_mtk_ctl_ccci3_fsd_prop) +vendor_internal_prop(vendor_mtk_ctl_ccci_fsd_prop) +vendor_internal_prop(vendor_mtk_ctl_fusion_ril_mtk_prop) +vendor_internal_prop(vendor_mtk_ctl_gsm0710muxd_prop) +vendor_internal_prop(vendor_mtk_ctl_muxreport-daemon_prop) +vendor_internal_prop(vendor_mtk_ctl_ril-daemon-mtk_prop) +vendor_internal_prop(vendor_mtk_ctl_ril-proxy_prop) +vendor_internal_prop(vendor_mtk_ctl_viarild_prop) +vendor_internal_prop(vendor_mtk_powerhal_prop) +vendor_internal_prop(vendor_mtk_wfc_serv_prop) -# Properties with no restrictions -system_public_prop(persist_mtk_aee_prop) -system_public_prop(mtk_amslog_prop) +# Properties which can't be written outside vendor +vendor_restricted_prop(vendor_mtk_aal_ro_prop) +vendor_restricted_prop(vendor_mtk_anr_support_prop) +vendor_restricted_prop(vendor_mtk_antutu_prop) +vendor_restricted_prop(vendor_mtk_appresolutiontuner_prop) +vendor_restricted_prop(vendor_mtk_atci_prop) +vendor_restricted_prop(vendor_mtk_atm_ipaddr_prop) +vendor_restricted_prop(vendor_mtk_atm_mdmode_prop) +vendor_restricted_prop(vendor_mtk_audiohal_prop) +vendor_restricted_prop(vendor_mtk_bt_sap_enable_prop) +vendor_restricted_prop(vendor_mtk_coredump_prop) +vendor_restricted_prop(vendor_mtk_ct_ir_engmode_prop) +vendor_restricted_prop(vendor_mtk_ct_volte_prop) +vendor_restricted_prop(vendor_mtk_cxp_vendor_prop) +vendor_restricted_prop(vendor_mtk_debug_md_reset_prop) +vendor_restricted_prop(vendor_mtk_debug_mtk_aeev_prop) +vendor_restricted_prop(vendor_mtk_default_prop) +vendor_restricted_prop(vendor_mtk_disable_c2k_cap_prop) +vendor_restricted_prop(vendor_mtk_dsbp_support_prop) +vendor_restricted_prop(vendor_mtk_em_hidl_prop) +vendor_restricted_prop(vendor_mtk_emmc_support_prop) +vendor_restricted_prop(vendor_mtk_em_prop) +vendor_restricted_prop(vendor_mtk_em_usb_prop) +vendor_restricted_prop(vendor_mtk_factory_idle_state_prop) +vendor_restricted_prop(vendor_mtk_fullscreenswitch_prop) +vendor_restricted_prop(vendor_mtk_gprs_prefer_prop) +vendor_restricted_prop(vendor_mtk_gps_support_prop) +vendor_restricted_prop(vendor_mtk_graphics_hwc_hdr_prop) +vendor_restricted_prop(vendor_mtk_graphics_hwc_latch_unsignaled_prop) +vendor_restricted_prop(vendor_mtk_graphics_hwc_pid_prop) +vendor_restricted_prop(vendor_mtk_graphics_hwc_validate_separate_prop) +vendor_restricted_prop(vendor_mtk_gsm0710muxd_prop) +vendor_restricted_prop(vendor_mtk_hdmi_prop) +vendor_restricted_prop(vendor_mtk_imstestmode_prop) +vendor_restricted_prop(vendor_mtk_malloc_debug_backtrace_prop) +vendor_restricted_prop(vendor_mtk_md_prop) +vendor_restricted_prop(vendor_mtk_md_version_prop) +vendor_restricted_prop(vendor_mtk_mediatek_prop) +vendor_restricted_prop(vendor_mtk_meta_connecttype_prop) +vendor_restricted_prop(vendor_mtk_mnld_prop) +vendor_restricted_prop(vendor_mtk_modem_warning_prop) +vendor_restricted_prop(vendor_mtk_net_cdma_mdmstat_prop) +vendor_restricted_prop(vendor_mtk_nn_option_prop) +vendor_restricted_prop(vendor_mtk_gbe_prop) +vendor_restricted_prop(vendor_mtk_nvram_ready_prop) +vendor_restricted_prop(vendor_mtk_omx_log_prop) +vendor_restricted_prop(vendor_mtk_operator_id_prop) +vendor_restricted_prop(vendor_mtk_persist_aeev_prop) +vendor_restricted_prop(vendor_mtk_persist_mtk_aeev_prop) +vendor_restricted_prop(vendor_mtk_persist_service_atci_prop) +vendor_restricted_prop(vendor_mtk_pq_prop) +vendor_restricted_prop(vendor_mtk_pq_ro_prop) +vendor_restricted_prop(vendor_mtk_radio_prop) +vendor_restricted_prop(vendor_mtk_rat_config_prop) +vendor_restricted_prop(vendor_mtk_ril_active_md_prop) +vendor_restricted_prop(vendor_mtk_ril_cdma_report_prop) +vendor_restricted_prop(vendor_mtk_ril_ipo_prop) +vendor_restricted_prop(vendor_mtk_ril_mode_prop) +vendor_restricted_prop(vendor_mtk_ril_mux_report_case_prop) +vendor_restricted_prop(vendor_mtk_ro_aee_prop) +vendor_restricted_prop(vendor_mtk_service_nvram_init_prop) +vendor_restricted_prop(vendor_mtk_simswitch_emmode_prop) +vendor_restricted_prop(vendor_mtk_smsformat_prop) +vendor_restricted_prop(vendor_mtk_ss_vendor_prop) +vendor_restricted_prop(vendor_mtk_telephony_sensitive_prop) +vendor_restricted_prop(vendor_mtk_tel_switch_prop) +vendor_restricted_prop(vendor_mtk_testsim_cardtype_prop) +vendor_restricted_prop(vendor_mtk_thermal_config_prop) +vendor_restricted_prop(vendor_mtk_usb_otg_switch_prop) +vendor_restricted_prop(vendor_mtk_usb_prop) +vendor_restricted_prop(vendor_mtk_vdec_log_prop) +vendor_restricted_prop(vendor_mtk_vdectlc_log_prop) +vendor_restricted_prop(vendor_mtk_venc_h264_showlog_prop) +vendor_restricted_prop(vendor_mtk_voicerecgnize_prop) +vendor_restricted_prop(vendor_mtk_volte_prop) +vendor_restricted_prop(vendor_mtk_wifi_hotspot_prop) +vendor_restricted_prop(vendor_mtk_wmt_prop) +vendor_restricted_prop(vendor_mtk_gpu_prop) +vendor_restricted_prop(vendor_mtk_sensor_prop) # Properties with can be read by all domains -typeattribute mtk_default_prop mtk_core_property_type; -typeattribute vendor_ril_ipo_prop mtk_core_property_type; -typeattribute gsm0710muxd_prop mtk_core_property_type; -typeattribute mtk_wifi_prop mtk_core_property_type; -typeattribute persist_mtk_aeev_prop mtk_core_property_type; -typeattribute persist_aeev_prop mtk_core_property_type; -typeattribute debug_mtk_aeev_prop mtk_core_property_type; -typeattribute ro_mtk_aee_prop mtk_core_property_type; -typeattribute ril_active_md_prop mtk_core_property_type; -typeattribute ril_mux_report_case_prop mtk_core_property_type; -typeattribute ril_cdma_report_prop mtk_core_property_type; -typeattribute mtk_md_prop mtk_core_property_type; -typeattribute tel_switch_prop mtk_core_property_type; -typeattribute mnld_prop mtk_core_property_type; -typeattribute audiohal_prop mtk_core_property_type; -typeattribute wmt_prop mtk_core_property_type; -typeattribute coredump_prop mtk_core_property_type; -typeattribute net_cdma_mdmstat mtk_core_property_type; -typeattribute persist_bt_prop mtk_core_property_type; -typeattribute vendor_factory_idle_state_prop mtk_core_property_type; -typeattribute service_nvram_init_prop mtk_core_property_type; -typeattribute wifi_5g_prop mtk_core_property_type; -typeattribute mtk_em_prop mtk_core_property_type; -typeattribute mediatek_prop mtk_core_property_type; -typeattribute mtk_em_hidl_prop mtk_core_property_type; -typeattribute mtk_operator_id_prop mtk_core_property_type; -typeattribute mtk_simswitch_emmode_prop mtk_core_property_type; -typeattribute mtk_dsbp_support_prop mtk_core_property_type; -typeattribute mtk_imstestmode_prop mtk_core_property_type; -typeattribute mtk_smsformat_prop mtk_core_property_type; -typeattribute mtk_gprs_prefer_prop mtk_core_property_type; -typeattribute mtk_testsim_cardtype_prop mtk_core_property_type; -typeattribute mtk_ct_ir_engmode_prop mtk_core_property_type; -typeattribute mtk_disable_c2k_cap_prop mtk_core_property_type; -typeattribute mtk_debug_md_reset_prop mtk_core_property_type; -typeattribute mtk_omx_log_prop mtk_core_property_type; -typeattribute mtk_vdec_log_prop mtk_core_property_type; -typeattribute mtk_vdectlc_log_prop mtk_core_property_type; -typeattribute mtk_venc_h264_showlog_prop mtk_core_property_type; -typeattribute mtk_modem_warning_prop mtk_core_property_type; -typeattribute vendor_radio_prop mtk_core_property_type; -typeattribute mtk_ct_volte_prop mtk_core_property_type; -typeattribute mtk_ril_mode_prop mtk_core_property_type; -typeattribute mtk_ss_vendor_prop mtk_core_property_type; -typeattribute mtk_gps_support_prop mtk_core_property_type; -typeattribute mtk_rat_config_prop mtk_core_property_type; -typeattribute mtk_aal_ro_prop mtk_core_property_type; -typeattribute mtk_pq_ro_prop mtk_core_property_type; -typeattribute mtk_pq_prop mtk_core_property_type; -typeattribute mtk_emmc_support_prop mtk_core_property_type; -typeattribute vendor_em_usb_prop mtk_core_property_type; -typeattribute vendor_usb_otg_switch mtk_core_property_type; -typeattribute mtk_anr_support_prop mtk_core_property_type; -typeattribute mtk_appresolutiontuner_prop mtk_core_property_type; -typeattribute mtk_fullscreenswitch_prop mtk_core_property_type; -typeattribute mtk_antutu_prop mtk_core_property_type; -typeattribute mtk_malloc_debug_backtrace_prop mtk_core_property_type; -typeattribute mtk_voicerecgnize_prop mtk_core_property_type; -typeattribute persist_service_atci_prop mtk_core_property_type; -typeattribute mtk_atci_prop mtk_core_property_type; -typeattribute mtk_net_ipv6_prop mtk_core_property_type; -typeattribute usp_prop mtk_core_property_type; -typeattribute mtk_cxp_vendor_prop mtk_core_property_type; -typeattribute mtk_md_version_prop mtk_core_property_type; -typeattribute mtk_volte_prop mtk_core_property_type; -typeattribute mtk_bt_sap_enable_prop mtk_core_property_type; -typeattribute mtk_nvram_ready_prop mtk_core_property_type; -typeattribute mtk_wifi_hotspot_prop mtk_core_property_type; -typeattribute mtk_hdmi_prop mtk_core_property_type; - -# Properties with can't be accessed by device-sepcific domains -typeattribute debug_mtklog_prop extended_core_property_type; -typeattribute persist_mtklog_prop extended_core_property_type; -typeattribute debug_netlog_prop extended_core_property_type; -typeattribute debug_mdlogger_prop extended_core_property_type; -typeattribute vendor_mdl_prop extended_core_property_type; -typeattribute vendor_mdl_start_prop extended_core_property_type; -typeattribute persist_mdlog_prop extended_core_property_type; -typeattribute vendor_mdl_pulllog_prop extended_core_property_type; -typeattribute persist_mtk_aee_prop extended_core_property_type; -typeattribute persist_aee_prop extended_core_property_type; -typeattribute debug_mtk_aee_prop extended_core_property_type; -typeattribute debug_bq_dump_prop extended_core_property_type; -typeattribute bootani_prop extended_core_property_type; -typeattribute mobile_log_prop extended_core_property_type; -typeattribute mtk_em_sys_prop extended_core_property_type; -typeattribute mtk_em_net_auto_tethering_prop extended_core_property_type; -typeattribute mtk_bgdata_disabled extended_core_property_type; -typeattribute mtk_telecom_vibrate extended_core_property_type; -typeattribute mtk_gprs_attach_type extended_core_property_type; -typeattribute mtk_power_off_md_type extended_core_property_type; -typeattribute vendor_connsysfw_prop extended_core_property_type; -typeattribute vendor_bluetooth_prop extended_core_property_type; -typeattribute vendor_sim_system_prop extended_core_property_type; -typeattribute persist_xcap_rawurl_prop extended_core_property_type; -typeattribute usp_srv_prop extended_core_property_type; -typeattribute mtk_amslog_prop extended_core_property_type; -typeattribute logmuch_prop extended_core_property_type; +typeattribute vendor_mtk_aal_ro_prop mtk_core_property_type; +typeattribute vendor_mtk_anr_support_prop mtk_core_property_type; +typeattribute vendor_mtk_antutu_prop mtk_core_property_type; +typeattribute vendor_mtk_appresolutiontuner_prop mtk_core_property_type; +typeattribute vendor_mtk_atci_prop mtk_core_property_type; +typeattribute vendor_mtk_audiohal_prop mtk_core_property_type; +typeattribute vendor_mtk_bt_sap_enable_prop mtk_core_property_type; +typeattribute vendor_mtk_coredump_prop mtk_core_property_type; +typeattribute vendor_mtk_ct_ir_engmode_prop mtk_core_property_type; +typeattribute vendor_mtk_ct_volte_prop mtk_core_property_type; +typeattribute vendor_mtk_cxp_vendor_prop mtk_core_property_type; +typeattribute vendor_mtk_debug_md_reset_prop mtk_core_property_type; +typeattribute vendor_mtk_debug_mtk_aeev_prop mtk_core_property_type; +typeattribute vendor_mtk_default_prop mtk_core_property_type; +typeattribute vendor_mtk_disable_c2k_cap_prop mtk_core_property_type; +typeattribute vendor_mtk_dsbp_support_prop mtk_core_property_type; +typeattribute vendor_mtk_em_hidl_prop mtk_core_property_type; +typeattribute vendor_mtk_emmc_support_prop mtk_core_property_type; +typeattribute vendor_mtk_em_prop mtk_core_property_type; +typeattribute vendor_mtk_em_usb_prop mtk_core_property_type; +typeattribute vendor_mtk_factory_idle_state_prop mtk_core_property_type; +typeattribute vendor_mtk_fullscreenswitch_prop mtk_core_property_type; +typeattribute vendor_mtk_gprs_prefer_prop mtk_core_property_type; +typeattribute vendor_mtk_gps_support_prop mtk_core_property_type; +typeattribute vendor_mtk_gsm0710muxd_prop mtk_core_property_type; +typeattribute vendor_mtk_hdmi_prop mtk_core_property_type; +typeattribute vendor_mtk_imstestmode_prop mtk_core_property_type; +typeattribute vendor_mtk_malloc_debug_backtrace_prop mtk_core_property_type; +typeattribute vendor_mtk_md_prop mtk_core_property_type; +typeattribute vendor_mtk_md_version_prop mtk_core_property_type; +typeattribute vendor_mtk_mediatek_prop mtk_core_property_type; +typeattribute vendor_mtk_mnld_prop mtk_core_property_type; +typeattribute vendor_mtk_modem_warning_prop mtk_core_property_type; +typeattribute vendor_mtk_net_cdma_mdmstat_prop mtk_core_property_type; +typeattribute vendor_mtk_nvram_ready_prop mtk_core_property_type; +typeattribute vendor_mtk_omx_log_prop mtk_core_property_type; +typeattribute vendor_mtk_operator_id_prop mtk_core_property_type; +typeattribute vendor_mtk_persist_aeev_prop mtk_core_property_type; +typeattribute vendor_mtk_persist_mtk_aeev_prop mtk_core_property_type; +typeattribute vendor_mtk_persist_service_atci_prop mtk_core_property_type; +typeattribute vendor_mtk_pq_prop mtk_core_property_type; +typeattribute vendor_mtk_pq_ro_prop mtk_core_property_type; +typeattribute vendor_mtk_radio_prop mtk_core_property_type; +typeattribute vendor_mtk_rat_config_prop mtk_core_property_type; +typeattribute vendor_mtk_ril_active_md_prop mtk_core_property_type; +typeattribute vendor_mtk_ril_cdma_report_prop mtk_core_property_type; +typeattribute vendor_mtk_ril_ipo_prop mtk_core_property_type; +typeattribute vendor_mtk_ril_mode_prop mtk_core_property_type; +typeattribute vendor_mtk_ril_mux_report_case_prop mtk_core_property_type; +typeattribute vendor_mtk_ro_aee_prop mtk_core_property_type; +typeattribute vendor_mtk_service_nvram_init_prop mtk_core_property_type; +typeattribute vendor_mtk_simswitch_emmode_prop mtk_core_property_type; +typeattribute vendor_mtk_smsformat_prop mtk_core_property_type; +typeattribute vendor_mtk_ss_vendor_prop mtk_core_property_type; +typeattribute vendor_mtk_tel_switch_prop mtk_core_property_type; +typeattribute vendor_mtk_testsim_cardtype_prop mtk_core_property_type; +typeattribute vendor_mtk_usb_otg_switch_prop mtk_core_property_type; +typeattribute vendor_mtk_vdec_log_prop mtk_core_property_type; +typeattribute vendor_mtk_vdectlc_log_prop mtk_core_property_type; +typeattribute vendor_mtk_venc_h264_showlog_prop mtk_core_property_type; +typeattribute vendor_mtk_voicerecgnize_prop mtk_core_property_type; +typeattribute vendor_mtk_volte_prop mtk_core_property_type; +typeattribute vendor_mtk_wifi_hotspot_prop mtk_core_property_type; +typeattribute vendor_mtk_wmt_prop mtk_core_property_type; +typeattribute vendor_mtk_gpu_prop mtk_core_property_type; +typeattribute vendor_mtk_sensor_prop mtk_core_property_type; diff --git a/non_plat/property_contexts b/non_plat/property_contexts index 60e8c63..9ecf97f 100644 --- a/non_plat/property_contexts +++ b/non_plat/property_contexts @@ -3,367 +3,328 @@ # ============================================== #=============allow ccci_mdinit to start gsm0710muxd============== -ctl.vendor.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0 +ctl.vendor.gsm0710muxd u:object_r:vendor_mtk_ctl_gsm0710muxd_prop:s0 #=============allow mtkrild to set persist.ril property============== -vendor.ril.ipo u:object_r:vendor_ril_ipo_prop:s0 - -#=============allow netlog============== -vendor.mtklog u:object_r:debug_mtklog_prop:s0 -persist.vendor.mtklog u:object_r:persist_mtklog_prop:s0 -vendor.netlog u:object_r:debug_netlog_prop:s0 +vendor.ril.ipo u:object_r:vendor_mtk_ril_ipo_prop:s0 #=============allow mdlogger============== -vendor.mdlogger u:object_r:debug_mdlogger_prop:s0 -vendor.mdl u:object_r:vendor_mdl_prop:s0 -vendor.starting.mode u:object_r:vendor_mdl_start_prop:s0 -vendor.usb. u:object_r:vendor_usb_prop:s0 -persist.vendor.usb. u:object_r:vendor_usb_prop:s0 -persist.vendor.mdl u:object_r:persist_mdlog_prop:s0 -vendor.pullmdlog u:object_r:vendor_mdl_pulllog_prop:s0 +vendor.usb. u:object_r:vendor_mtk_usb_prop:s0 +persist.vendor.usb. u:object_r:vendor_mtk_usb_prop:s0 #=============allow AEE============== # persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal -persist.vendor.mtk.aee. u:object_r:persist_mtk_aee_prop:s0 -persist.vendor.mtk.aeev. u:object_r:persist_mtk_aeev_prop:s0 +persist.vendor.mtk.aeev. u:object_r:vendor_mtk_persist_mtk_aeev_prop:s0 # persist.vendor.aee.core.dump && persist.vendor.aee.core.direct -persist.vendor.aee. u:object_r:persist_aee_prop:s0 -persist.vendor.aeev. u:object_r:persist_aeev_prop:s0 +persist.vendor.aeev. u:object_r:vendor_mtk_persist_aeev_prop:s0 # vendor.debug.mtk.aee.db -vendor.debug.mtk.aee. u:object_r:debug_mtk_aee_prop:s0 -vendor.debug.mtk.aeev u:object_r:debug_mtk_aeev_prop:s0 - -ro.vendor.aee.build.info u:object_r:ro_mtk_aee_prop:s0 -ro.vendor.aee.enforcing u:object_r:ro_mtk_aee_prop:s0 -ro.vendor.have_aee_feature u:object_r:ro_mtk_aee_prop:s0 +vendor.debug.mtk.aeev u:object_r:vendor_mtk_debug_mtk_aeev_prop:s0 -#=============allow AEE_Dumpstate============== -vendor.debug.bq.dump u:object_r:debug_bq_dump_prop:s0 +ro.vendor.aee.build.info u:object_r:vendor_mtk_ro_aee_prop:s0 +ro.vendor.aee.enforcing u:object_r:vendor_mtk_ro_aee_prop:s0 +ro.vendor.have_aee_feature u:object_r:vendor_mtk_ro_aee_prop:s0 #=============allow mux============== -vendor.ril.mux. u:object_r:gsm0710muxd_prop:s0 +vendor.ril.mux. u:object_r:vendor_mtk_gsm0710muxd_prop:s0 #=============allow mdinit============== -ctl.vendor.ril-daemon-mtk u:object_r:ctl_ril-daemon-mtk_prop:s0 -ctl.vendor.fusion_ril_mtk u:object_r:ctl_fusion_ril_mtk_prop:s0 -ctl.vendor.ril-proxy u:object_r:ctl_ril-proxy_prop:s0 -ctl.vendor.viarild u:object_r:ctl_viarild_prop:s0 +ctl.vendor.ril-daemon-mtk u:object_r:vendor_mtk_ctl_ril-daemon-mtk_prop:s0 +ctl.vendor.fusion_ril_mtk u:object_r:vendor_mtk_ctl_fusion_ril_mtk_prop:s0 +ctl.vendor.ril-proxy u:object_r:vendor_mtk_ctl_ril-proxy_prop:s0 +ctl.vendor.viarild u:object_r:vendor_mtk_ctl_viarild_prop:s0 -ctl.vendor.muxreport-daemon u:object_r:ctl_muxreport-daemon_prop:s0 -ctl.vendor.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0 -ctl.vendor.ccci2_fsd u:object_r:ctl_ccci2_fsd_prop:s0 -ctl.vendor.ccci3_fsd u:object_r:ctl_ccci3_fsd_prop:s0 +ctl.vendor.muxreport-daemon u:object_r:vendor_mtk_ctl_muxreport-daemon_prop:s0 +ctl.vendor.ccci_fsd u:object_r:vendor_mtk_ctl_ccci_fsd_prop:s0 +ctl.vendor.ccci2_fsd u:object_r:vendor_mtk_ctl_ccci2_fsd_prop:s0 +ctl.vendor.ccci3_fsd u:object_r:vendor_mtk_ctl_ccci3_fsd_prop:s0 -vendor.ril.active.md u:object_r:ril_active_md_prop:s0 -vendor.ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0 -vendor.ril.cdma.report u:object_r:ril_cdma_report_prop:s0 +vendor.ril.active.md u:object_r:vendor_mtk_ril_active_md_prop:s0 +vendor.ril.mux.report.case u:object_r:vendor_mtk_ril_mux_report_case_prop:s0 +vendor.ril.cdma.report u:object_r:vendor_mtk_ril_cdma_report_prop:s0 #=============allow dynamic telephony switch============== -ro.boot.opt_c2k_lte_mode u:object_r:tel_switch_prop:s0 -ro.boot.opt_c2k_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_eccci_c2k u:object_r:tel_switch_prop:s0 -ro.boot.opt_lte_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md1_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md2_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md3_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md5_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_ps1_rat u:object_r:tel_switch_prop:s0 -ro.boot.opt_sim_count u:object_r:tel_switch_prop:s0 -ro.boot.opt_using_default u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_c2k_lte_mode u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_c2k_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_eccci_c2k u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_lte_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_md1_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_md3_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_ps1_rat u:object_r:tel_switch_prop:s0 - -#=============allow bootanim============== -persist.vendor.bootanim. u:object_r:bootani_prop:s0 - -#=============allow mnld_prop ============== -vendor.gps.clock.type u:object_r:mnld_prop:s0 -vendor.gps.gps.version u:object_r:mnld_prop:s0 -vendor.gpsdbglog.enable u:object_r:mnld_prop:s0 -vendor.gpsdbglog. u:object_r:mnld_prop:s0 -vendor.debug.gps. u:object_r:mnld_prop:s0 +ro.boot.opt_c2k_lte_mode u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_c2k_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_eccci_c2k u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_lte_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_md1_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_md2_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_md3_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_md5_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_ps1_rat u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_sim_count u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.boot.opt_using_default u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.vendor.mtk_c2k_lte_mode u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.vendor.mtk_c2k_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.vendor.mtk_eccci_c2k u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.vendor.mtk_lte_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.vendor.mtk_md1_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.vendor.mtk_md3_support u:object_r:vendor_mtk_tel_switch_prop:s0 +ro.vendor.mtk_ps1_rat u:object_r:vendor_mtk_tel_switch_prop:s0 + +#=============allow vendor_mtk_mnld_prop ============== +vendor.gps.clock.type u:object_r:vendor_mtk_mnld_prop:s0 +vendor.gps.gps.version u:object_r:vendor_mtk_mnld_prop:s0 +vendor.gpsdbglog.enable u:object_r:vendor_mtk_mnld_prop:s0 +vendor.gpsdbglog. u:object_r:vendor_mtk_mnld_prop:s0 +vendor.debug.gps. u:object_r:vendor_mtk_mnld_prop:s0 #=============allow audiohal============== -vendor.streamout. u:object_r:audiohal_prop:s0 -vendor.streamin. u:object_r:audiohal_prop:s0 -vendor.a2dp. u:object_r:audiohal_prop:s0 -vendor.audiohal. u:object_r:audiohal_prop:s0 -persist.vendor.audiohal. u:object_r:audiohal_prop:s0 -persist.vendor.vow. u:object_r:audiohal_prop:s0 +vendor.streamout. u:object_r:vendor_mtk_audiohal_prop:s0 +vendor.streamin. u:object_r:vendor_mtk_audiohal_prop:s0 +vendor.a2dp. u:object_r:vendor_mtk_audiohal_prop:s0 +vendor.audiohal. u:object_r:vendor_mtk_audiohal_prop:s0 +persist.vendor.audiohal. u:object_r:vendor_mtk_audiohal_prop:s0 +persist.vendor.vow. u:object_r:vendor_mtk_audiohal_prop:s0 #=============allow wmt ============== -persist.vendor.connsys.coredump.mode u:object_r:coredump_prop:s0 -persist.vendor.connsys. u:object_r:wmt_prop:s0 -vendor.connsys. u:object_r:wmt_prop:s0 +persist.vendor.connsys.coredump.mode u:object_r:vendor_mtk_coredump_prop:s0 +persist.vendor.connsys. u:object_r:vendor_mtk_wmt_prop:s0 +vendor.connsys. u:object_r:vendor_mtk_wmt_prop:s0 #=============allow c2k_prop ============== -vendor.net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0 +vendor.net.cdma.mdmstat u:object_r:vendor_mtk_net_cdma_mdmstat_prop:s0 #=============allow ccci_mdinit md status ============== -vendor.mtk.md u:object_r:mtk_md_prop:s0 -#============= allow factory idle current prop ============== -vendor.debug.factory.idle_state u:object_r:vendor_factory_idle_state_prop:s0 +vendor.mtk.md u:object_r:vendor_mtk_md_prop:s0 -#=============allow mobile log property================ -vendor.MB. u:object_r:mobile_log_prop:s0 +#============= allow factory idle current prop ============== +vendor.debug.factory.idle_state u:object_r:vendor_mtk_factory_idle_state_prop:s0 #=============allow service.nvram_init property================ -vendor.service.nvram_init u:object_r:service_nvram_init_prop:s0 +vendor.service.nvram_init u:object_r:vendor_mtk_service_nvram_init_prop:s0 #=============Allow EM To Set Camera APP Mode ============== -vendor.client. u:object_r:mtk_em_prop:s0 +vendor.client. u:object_r:vendor_mtk_em_prop:s0 -#=============allow mediatek_prop ============== -vendor.debug.camera.p2plug.log u:object_r:mediatek_prop:s0 -vendor.client.em.appmode u:object_r:mediatek_prop:s0 -#=============Property set by EM, for test/debug purpose========= -persist.vendor.em. u:object_r:mtk_em_sys_prop:s0 -persist.vendor.em.hidl. u:object_r:mtk_em_hidl_prop:s0 +#=============allow vendor_mtk_mediatek_prop ============== +vendor.debug.camera.p2plug.log u:object_r:vendor_mtk_mediatek_prop:s0 +vendor.client.em.appmode u:object_r:vendor_mtk_mediatek_prop:s0 -#=============allow em set tethering protocol================ -persist.vendor.net.auto.tethering u:object_r:mtk_em_net_auto_tethering_prop:s0 +#=============Property set by EM, for test/debug purpose========= +persist.vendor.em.hidl. u:object_r:vendor_mtk_em_hidl_prop:s0 #=============allow em set ims operator property=========== -vendor.ril.volte.mal.pctid u:object_r:mtk_operator_id_prop:s0 +vendor.ril.volte.mal.pctid u:object_r:vendor_mtk_operator_id_prop:s0 #=============allow em set simswitch property=========== -persist.vendor.radio.simswitch.emmode u:object_r:mtk_simswitch_emmode_prop:s0 +persist.vendor.radio.simswitch.emmode u:object_r:vendor_mtk_simswitch_emmode_prop:s0 #=============allow em set mtk_dsbp_support property=========== -persist.vendor.radio.mtk_dsbp_support u:object_r:mtk_dsbp_support_prop:s0 +persist.vendor.radio.mtk_dsbp_support u:object_r:vendor_mtk_dsbp_support_prop:s0 #=============allow em set imstestmode property=========== -persist.vendor.radio.imstestmode u:object_r:mtk_imstestmode_prop:s0 +persist.vendor.radio.imstestmode u:object_r:vendor_mtk_imstestmode_prop:s0 #=============allow em set smsformat property=========== -persist.vendor.radio.smsformat u:object_r:mtk_smsformat_prop:s0 +persist.vendor.radio.smsformat u:object_r:vendor_mtk_smsformat_prop:s0 #=============allow em set gprs.prefer property=========== -persist.vendor.radio.gprs.prefer u:object_r:mtk_gprs_prefer_prop:s0 +persist.vendor.radio.gprs.prefer u:object_r:vendor_mtk_gprs_prefer_prop:s0 #=============allow em set testsim.cardtype property=========== -persist.vendor.radio.testsim.cardtype u:object_r:mtk_testsim_cardtype_prop:s0 +persist.vendor.radio.testsim.cardtype u:object_r:vendor_mtk_testsim_cardtype_prop:s0 #=============allow em set ct.ir.engmode property=========== -persist.vendor.radio.ct.ir.engmode u:object_r:mtk_ct_ir_engmode_prop:s0 +persist.vendor.radio.ct.ir.engmode u:object_r:vendor_mtk_ct_ir_engmode_prop:s0 #=============allow em set disable_c2k_cap property=========== -persist.vendor.radio.disable_c2k_cap u:object_r:mtk_disable_c2k_cap_prop:s0 +persist.vendor.radio.disable_c2k_cap u:object_r:vendor_mtk_disable_c2k_cap_prop:s0 #=============allow em to set modem reset delay property================ -vendor.mediatek.debug.md.reset.wait u:object_r:mtk_debug_md_reset_prop:s0 +vendor.mediatek.debug.md.reset.wait u:object_r:vendor_mtk_debug_md_reset_prop:s0 #=============allow em to set video log omx.* property================ -vendor.mtk.omx. u:object_r:mtk_omx_log_prop:s0 +vendor.mtk.omx. u:object_r:vendor_mtk_omx_log_prop:s0 #=============allow em to set vdec log property================ -vendor.mtk.vdec.log u:object_r:mtk_vdec_log_prop:s0 +vendor.mtk.vdec.log u:object_r:vendor_mtk_vdec_log_prop:s0 #=============allow em to set vdectlc logproperty================ -vendor.mtk.vdectlc.log u:object_r:mtk_vdectlc_log_prop:s0 +vendor.mtk.vdectlc.log u:object_r:vendor_mtk_vdectlc_log_prop:s0 #=============allow em to set venc h264 showlog property================ -vendor.mtk.venc.h264.showlog u:object_r:mtk_venc_h264_showlog_prop:s0 +vendor.mtk.venc.h264.showlog u:object_r:vendor_mtk_venc_h264_showlog_prop:s0 #=============allow em to set modem warning property================ -persist.vendor.radio.modem.warning u:object_r:mtk_modem_warning_prop:s0 - -#=============allow em to set bgdata disabled property================ -persist.vendor.radio.bgdata.disabled u:object_r:mtk_bgdata_disabled:s0 - -#=============allow em to set telecom vibrate property================ -persist.vendor.radio.telecom.vibrate u:object_r:mtk_telecom_vibrate:s0 - -#=============allow em to set gprs attach type property================ -persist.vendor.radio.gprs.attach.type u:object_r:mtk_gprs_attach_type:s0 - -#=============allow em to set poweroffmd property================ -vendor.ril.test.poweroffmd u:object_r:mtk_power_off_md_type:s0 -vendor.ril.testmode u:object_r:mtk_power_off_md_type:s0 +persist.vendor.radio.modem.warning u:object_r:vendor_mtk_modem_warning_prop:s0 #=============allow system server to set meta_connecttype property ============== -persist.vendor.meta.connecttype u:object_r:meta_connecttype_prop:s0 +persist.vendor.meta.connecttype u:object_r:vendor_mtk_meta_connecttype_prop:s0 #=============Telephony Sensitive property============== -vendor.ril.iccid.sim u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.uim.subscriberid u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.last_iccid_sim u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.ia.iccid u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.radio.ia u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.c2kirat.ia.sim1 u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.c2kirat.ia.sim2 u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.c2kirat.ia.sim3 u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.c2kirat.ia.sim4 u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.ia u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.ia.1 u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.ia.2 u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.ia.3 u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.data.iccid u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.mobile.data u:object_r:mtk_telephony_sensitive_prop:s0 - -#=============allow sim config property============== -vendor.gsm.sim.operator.default-name u:object_r:vendor_sim_system_prop:s0 +vendor.ril.iccid.sim u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +vendor.ril.uim.subscriberid u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +persist.vendor.radio.last_iccid_sim u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +vendor.ril.ia.iccid u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +vendor.ril.radio.ia u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +vendor.ril.c2kirat.ia.sim1 u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +vendor.ril.c2kirat.ia.sim2 u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +vendor.ril.c2kirat.ia.sim3 u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +vendor.ril.c2kirat.ia.sim4 u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +persist.vendor.radio.ia u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +persist.vendor.radio.ia.1 u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +persist.vendor.radio.ia.2 u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +persist.vendor.radio.ia.3 u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +persist.vendor.radio.data.iccid u:object_r:vendor_mtk_telephony_sensitive_prop:s0 +persist.vendor.radio.mobile.data u:object_r:vendor_mtk_telephony_sensitive_prop:s0 #=============allow processes to change thermal config================ -vendor.thermal.manager.data u:object_r:mtk_thermal_config_prop:s0 +vendor.thermal.manager.data u:object_r:vendor_mtk_thermal_config_prop:s0 + #=============allow composer set property ============================ -vendor.debug.sf.hwc_pid u:object_r:graphics_hwc_pid_prop:s0 -vendor.debug.sf.latch_unsignaled u:object_r:graphics_hwc_latch_unsignaled_prop:s0 -vendor.debug.sf.hdr_enable u:object_r:graphics_hwc_hdr_prop:s0 +vendor.debug.sf.hwc_pid u:object_r:vendor_mtk_graphics_hwc_pid_prop:s0 +vendor.debug.sf.latch_unsignaled u:object_r:vendor_mtk_graphics_hwc_latch_unsignaled_prop:s0 +vendor.debug.sf.hdr_enable u:object_r:vendor_mtk_graphics_hwc_hdr_prop:s0 +vendor.debug.sf.validate_separate u:object_r:vendor_mtk_graphics_hwc_validate_separate_prop:s0 #============= atm modem mode property(ATM) ============== -persist.vendor.atm.mdmode u:object_r:atm_mdmode_prop:s0 +persist.vendor.atm.mdmode u:object_r:vendor_mtk_atm_mdmode_prop:s0 #============= atm ip address property(ATM) ============== -persist.vendor.atm.ipaddress u:object_r:atm_ipaddr_prop:s0 +persist.vendor.atm.ipaddress u:object_r:vendor_mtk_atm_ipaddr_prop:s0 #============= atm boot property(ATM) ============== -ro.boot.atm u:object_r:mtk_default_prop:s0 - -#=============allow consyslogger============== -vendor.connsysfw u:object_r:vendor_connsysfw_prop:s0 +ro.boot.atm u:object_r:vendor_mtk_default_prop:s0 #============Label telephony property======= -vendor.ril. u:object_r:vendor_radio_prop:s0 -ro.vendor.ril. u:object_r:vendor_radio_prop:s0 -vendor.gsm. u:object_r:vendor_radio_prop:s0 -persist.vendor.radio. u:object_r:vendor_radio_prop:s0 - -#=============allow bluetooth============== -vendor.bthcisnoop u:object_r:vendor_bluetooth_prop:s0 +vendor.ril. u:object_r:vendor_mtk_radio_prop:s0 +ro.vendor.ril. u:object_r:vendor_mtk_radio_prop:s0 +vendor.gsm. u:object_r:vendor_mtk_radio_prop:s0 +persist.vendor.radio. u:object_r:vendor_mtk_radio_prop:s0 #=============allow ct volte============== -persist.vendor.mtk_ct_volte_support u:object_r:mtk_ct_volte_prop:s0 +persist.vendor.mtk_ct_volte_support u:object_r:vendor_mtk_ct_volte_prop:s0 #============Label mtk ril mode======= -ro.vendor.mtk_ril_mode u:object_r:mtk_ril_mode_prop:s0 +ro.vendor.mtk_ril_mode u:object_r:vendor_mtk_ril_mode_prop:s0 #=============GPS support properties============== -ro.vendor.mtk_gps_support u:object_r:mtk_gps_support_prop:s0 -ro.vendor.mtk_agps_app u:object_r:mtk_gps_support_prop:s0 -ro.vendor.mtk_log_hide_gps u:object_r:mtk_gps_support_prop:s0 -ro.vendor.mtk_hidl_consolidation u:object_r:mtk_gps_support_prop:s0 +ro.vendor.mtk_gps_support u:object_r:vendor_mtk_gps_support_prop:s0 +ro.vendor.mtk_agps_app u:object_r:vendor_mtk_gps_support_prop:s0 +ro.vendor.mtk_log_hide_gps u:object_r:vendor_mtk_gps_support_prop:s0 +ro.vendor.mtk_hidl_consolidation u:object_r:vendor_mtk_gps_support_prop:s0 #============allow rat config======= -ro.vendor.mtk_protocol1_rat_config u:object_r:mtk_rat_config_prop:s0 +ro.vendor.mtk_protocol1_rat_config u:object_r:vendor_mtk_rat_config_prop:s0 #=============allow mtk aal============== -ro.vendor.mtk_aal_support u:object_r:mtk_aal_ro_prop:s0 -ro.vendor.mtk_ultra_dimming_support u:object_r:mtk_aal_ro_prop:s0 -ro.vendor.mtk_dre30_support u:object_r:mtk_aal_ro_prop:s0 +ro.vendor.mtk_aal_support u:object_r:vendor_mtk_aal_ro_prop:s0 +ro.vendor.mtk_ultra_dimming_support u:object_r:vendor_mtk_aal_ro_prop:s0 +ro.vendor.mtk_dre30_support u:object_r:vendor_mtk_aal_ro_prop:s0 #=============allow mtk pq============== -persist.vendor.sys.pq. u:object_r:mtk_pq_prop:s0 -vendor.debug.pq. u:object_r:mtk_pq_prop:s0 -persist.vendor.sys.isp. u:object_r:mtk_pq_prop:s0 -persist.vendor.sys.mtkaal. u:object_r:mtk_pq_prop:s0 -ro.vendor.mtk_pq_color_mode u:object_r:mtk_pq_ro_prop:s0 -ro.vendor.mtk_blulight_def_support u:object_r:mtk_pq_ro_prop:s0 -ro.vendor.mtk_chameleon_support u:object_r:mtk_pq_ro_prop:s0 -ro.vendor.mtk_pq_support u:object_r:mtk_pq_ro_prop:s0 +persist.vendor.sys.pq. u:object_r:vendor_mtk_pq_prop:s0 +vendor.debug.pq. u:object_r:vendor_mtk_pq_prop:s0 +persist.vendor.sys.isp. u:object_r:vendor_mtk_pq_prop:s0 +persist.vendor.sys.mtkaal. u:object_r:vendor_mtk_pq_prop:s0 +ro.vendor.mtk_pq_color_mode u:object_r:vendor_mtk_pq_ro_prop:s0 +ro.vendor.mtk_blulight_def_support u:object_r:vendor_mtk_pq_ro_prop:s0 +ro.vendor.mtk_chameleon_support u:object_r:vendor_mtk_pq_ro_prop:s0 +ro.vendor.mtk_pq_support u:object_r:vendor_mtk_pq_ro_prop:s0 # Mtk properties that allow all system/vendor processes to read. # Usually they are config properties (but not limited to) -ro.vendor.mtk_tdd_data_only_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_audio_alac_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_support_mp2_playback u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_audio_ape_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_flv_playback_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_mtkps_playback_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_wearable_platform u:object_r:mtk_default_prop:s0 -ro.vendor.mediatek.platform u:object_r:mtk_default_prop:s0 -ro.vendor.mediatek.version.branch u:object_r:mtk_default_prop:s0 -ro.vendor.mediatek.version.release u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_exchange_support u:object_r:mtk_default_prop:s0 -vendor.met.running u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_disable_cap_switch u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_sim_card_onoff u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_perf_plus u:object_r:mtk_default_prop:s0 +ro.vendor.mtk_tdd_data_only_support u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_audio_alac_support u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_support_mp2_playback u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_audio_ape_support u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_flv_playback_support u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_mtkps_playback_support u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_wearable_platform u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mediatek.platform u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mediatek.version.branch u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mediatek.version.release u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_exchange_support u:object_r:vendor_mtk_default_prop:s0 +vendor.met.running u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_disable_cap_switch u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_sim_card_onoff u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_perf_plus u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.pref_scale_enable_cfg u:object_r:vendor_mtk_default_prop:s0 #============mtk emmc======= -ro.vendor.mtk_emmc_support u:object_r:mtk_emmc_support_prop:s0 +ro.vendor.mtk_emmc_support u:object_r:vendor_mtk_emmc_support_prop:s0 # MTK connsys log feature -ro.vendor.connsys.dedicated.log u:object_r:mtk_default_prop:s0 +ro.vendor.connsys.dedicated.log u:object_r:vendor_mtk_default_prop:s0 #=============em usb property============== -vendor.usb.port.mode u:object_r:vendor_em_usb_prop:s0 -vendor.em.usb. u:object_r:vendor_em_usb_prop:s0 +vendor.usb.port.mode u:object_r:vendor_mtk_em_usb_prop:s0 +vendor.em.usb. u:object_r:vendor_mtk_em_usb_prop:s0 #=============allow em to set usb otg switch property ============== -persist.vendor.usb.otg.switch u:object_r:vendor_usb_otg_switch:s0 +persist.vendor.usb.otg.switch u:object_r:vendor_mtk_usb_otg_switch_prop:s0 #============mtk rsc======== -ro.boot.rsc u:object_r:mtk_default_prop:s0 +ro.boot.rsc u:object_r:vendor_mtk_default_prop:s0 #=============mtk anr property============= -persist.vendor.dbg.anrflow u:object_r:mtk_anr_support_prop:s0 -persist.vendor.anr. u:object_r:mtk_anr_support_prop:s0 -vendor.anr.autotest u:object_r:mtk_anr_support_prop:s0 +persist.vendor.dbg.anrflow u:object_r:vendor_mtk_anr_support_prop:s0 +persist.vendor.anr. u:object_r:vendor_mtk_anr_support_prop:s0 +vendor.anr.autotest u:object_r:vendor_mtk_anr_support_prop:s0 #=============mtk app resolution tuner============= -ro.vendor.app_resolution_tuner u:object_r:mtk_appresolutiontuner_prop:s0 -persist.vendor.dbg.disable.art u:object_r:mtk_appresolutiontuner_prop:s0 +ro.vendor.app_resolution_tuner u:object_r:vendor_mtk_appresolutiontuner_prop:s0 +persist.vendor.dbg.disable.art u:object_r:vendor_mtk_appresolutiontuner_prop:s0 #=============mtk fullscreen switch============= -ro.vendor.fullscreen_switch u:object_r:mtk_fullscreenswitch_prop:s0 +ro.vendor.fullscreen_switch u:object_r:vendor_mtk_fullscreenswitch_prop:s0 #============= allow em set ims xcap property =============== -persist.vendor.ss. u:object_r:mtk_ss_vendor_prop:s0 +persist.vendor.ss. u:object_r:vendor_mtk_ss_vendor_prop:s0 # MTK Antutu feature -ro.vendor.net.upload.benchmark.default u:object_r:mtk_antutu_prop:s0 +ro.vendor.net.upload.benchmark.default u:object_r:vendor_mtk_antutu_prop:s0 #=============malloc debug unwind backtrace switch property============== -vendor.debug.malloc.bt.switch u:object_r:mtk_malloc_debug_backtrace_prop:s0 +vendor.debug.malloc.bt.switch u:object_r:vendor_mtk_malloc_debug_backtrace_prop:s0 #=============allow gmo==================== -ro.vendor.gmo.ram_optimize u:object_r:mtk_default_prop:s0 -ro.vendor.gmo.rom_optimize u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_config_max_dram_size u:object_r:mtk_default_prop:s0 +ro.vendor.gmo.ram_optimize u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.gmo.rom_optimize u:object_r:vendor_mtk_default_prop:s0 +ro.vendor.mtk_config_max_dram_size u:object_r:vendor_mtk_default_prop:s0 #=============MTK Voice Recognize property=========== -vendor.voicerecognize.raw u:object_r:mtk_voicerecgnize_prop:s0 -vendor.voicerecognize_data.raw u:object_r:mtk_voicerecgnize_prop:s0 -vendor.voicerecognize.noDL u:object_r:mtk_voicerecgnize_prop:s0 - -#=============allow radio to set/get xcap rawurl config================ -persist.vendor.mtk.xcap.rawurl u:object_r:persist_xcap_rawurl_prop:s0 +vendor.voicerecognize.raw u:object_r:vendor_mtk_voicerecgnize_prop:s0 +vendor.voicerecognize_data.raw u:object_r:vendor_mtk_voicerecgnize_prop:s0 +vendor.voicerecognize.noDL u:object_r:vendor_mtk_voicerecgnize_prop:s0 #=============mtk bt enable SAP profile property============= -ro.vendor.mtk.bt_sap_enable u:object_r:mtk_bt_sap_enable_prop:s0 +ro.vendor.mtk.bt_sap_enable u:object_r:vendor_mtk_bt_sap_enable_prop:s0 #=============allow processes to change powerhal config================ -persist.vendor.powerhal. u:object_r:mtk_powerhal_prop:s0 -vendor.powerhal. u:object_r:mtk_powerhal_prop:s0 +persist.vendor.powerhal. u:object_r:vendor_mtk_powerhal_prop:s0 +vendor.powerhal. u:object_r:vendor_mtk_powerhal_prop:s0 #=============MTK Wifi wlan_assistant property============= -vendor.mtk.nvram.ready u:object_r:mtk_nvram_ready_prop:s0 +vendor.mtk.nvram.ready u:object_r:vendor_mtk_nvram_ready_prop:s0 #=============Wi-Fi Hotspot============== -ro.vendor.wifi.sap.interface u:object_r:mtk_wifi_hotspot_prop:s0 +ro.vendor.wifi.sap.interface u:object_r:vendor_mtk_wifi_hotspot_prop:s0 #=============allow mtk hdmi============== -persist.vendor.sys.hdmi_hidl. u:object_r:mtk_hdmi_prop:s0 +persist.vendor.sys.hdmi_hidl. u:object_r:vendor_mtk_hdmi_prop:s0 #=============mtk nn option============== -ro.vendor.mtk_nn.option u:object_r:mtk_nn_option_prop:s0 +ro.vendor.mtk_nn.option u:object_r:vendor_mtk_nn_option_prop:s0 + +#=============mtk gbe============== +vendor.performance.gbe u:object_r:vendor_mtk_gbe_prop:s0 #============system wfc service property=========== -persist.vendor.wfc. u:object_r:mtk_wfc_serv_prop:s0 +persist.vendor.wfc. u:object_r:vendor_mtk_wfc_serv_prop:s0 + +#=============config no bt consys chip ==================== +ro.vendor.bluetooth.noconsyschip u:object_r:vendor_mtk_default_prop:s0 + +#============mtk gpu property=========== +vendor.debug.gpu. u:object_r:vendor_mtk_gpu_prop:s0 +vendor.debug.gpud. u:object_r:vendor_mtk_gpu_prop:s0 -#=============allow ccci_mdinit to ctl. mdlogger============== -ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0 -ctl.emdlogger1 u:object_r:ctl_emdlogger1_prop:s0 -ctl.emdlogger2 u:object_r:ctl_emdlogger2_prop:s0 -ctl.emdlogger3 u:object_r:ctl_emdlogger3_prop:s0 +#============= sensor set initrc property ============== +ro.vendor.init.sensor.rc u:object_r:vendor_mtk_sensor_prop:s0 -init.svc.emdlogger1 u:object_r:init_svc_emdlogger1_prop:s0 -init.svc.aee_aedv u:object_r:init_svc_aee_aedv_prop:s0 +#=============add for bluetooth ldac abr==================== +vendor.bluetooth.ldac.abr u:object_r:vendor_mtk_default_prop:s0 diff --git a/non_plat/radio.te b/non_plat/radio.te index e81853d..53b9395 100644 --- a/non_plat/radio.te +++ b/non_plat/radio.te @@ -1,6 +1,6 @@ # ============================================== # MTK Policy Rule -# ============ +# ============================================== # Purpose : allow to access kpd driver file allow radio sysfs_keypad_file:dir { r_dir_perms }; @@ -26,7 +26,6 @@ allow radio media_rw_data_file:file { create_file_perms }; # Swift APK integration - access ccci dir/file allow radio ccci_fsd:dir { r_dir_perms }; - # Date : WK17.03 # Operation : O Migration # Purpose : HIDL for rilproxy @@ -34,7 +33,7 @@ binder_call(radio, hal_telephony) #Dat: 2017/02/14 #Purpose: allow get telephony Sensitive property -get_prop(radio, mtk_telephony_sensitive_prop) +get_prop(radio, vendor_mtk_telephony_sensitive_prop) # Date : WK17.26 # Operation : O Migration @@ -53,32 +52,5 @@ binder_call(radio,mtk_hal_audio) # Date : WK18.16 # Operation: P migration -# Purpose: Allow radio to get tel_switch_prop -get_prop(radio, tel_switch_prop) - -# Date : 2018/07/03 -# Purpose : Allow sim system to set prop -set_prop(radio, vendor_sim_system_prop) - -# Date : 2018/07/03 -# Purpose : Allow Mwi to get vendor default properties (ro.vendor.*) -get_prop(radio, vendor_default_prop) - -# Operation : DEBUG -# Purpose : Allow to use mtk_bgdata_disabled -set_prop(radio, mtk_bgdata_disabled) - -# Date : 2018/07/03 -# Operation : DEBUG -# Purpose : Allow to use mtk_telecom_vibrate -set_prop(radio, mtk_telecom_vibrate) - -# Date : 2018/07/03 -# Operation : DEBUG -# Purpose : Allow to use mtk_gprs_attach_type -set_prop(radio, mtk_gprs_attach_type) - -#Date : 2018/11/02 -# Operation : Allow radio persist_xcap_rawurl_prop:property_service set; -# Purpose : for set telephony xcap use raw url property in IMS SS -set_prop(radio, persist_xcap_rawurl_prop) +# Purpose: Allow radio to get vendor_mtk_tel_switch_prop +get_prop(radio, vendor_mtk_tel_switch_prop) diff --git a/non_plat/resize.te b/non_plat/resize.te deleted file mode 100644 index b2e8c7c..0000000 --- a/non_plat/resize.te +++ /dev/null @@ -1,38 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/resize_xxx Executable File - -# ============================================== -# Type Declaration -# ============================================== -type resize, domain; -type resize_exec, exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK15.30 -# Operation : Migration -# Purpose : resize fs(ext4) partition, only run once. -init_daemon_domain(resize) - -allow resize resize_exec:file execute_no_trans; - -# Inherit and use pty created by android_fork_execvp_ext(). -allow resize devpts:chr_file { read write open getattr ioctl }; - -allow resize kmsg_device:chr_file { write open }; - -allow resize userdata_block_device:blk_file rw_file_perms; - -allow resize block_device:dir search; - -allow resize resize:capability sys_admin; - -allow resize labeledfs:filesystem unmount; - -allow resize property_socket:sock_file write; - -allow resize init:unix_stream_socket connectto; - -#allow resize system_file:file execute_no_trans; diff --git a/non_plat/rild.te b/non_plat/rild.te index 29c1c9b..2ced502 100644 --- a/non_plat/rild.te +++ b/non_plat/rild.te @@ -21,13 +21,11 @@ allow rild cgroup:dir create_dir_perms; # Property service # allow set RIL related properties (radio./net./system./etc) -auditallow rild net_radio_prop:property_service set; -auditallow rild system_radio_prop:property_service set; -set_prop(rild, ril_active_md_prop) +set_prop(rild, vendor_mtk_ril_active_md_prop) # allow set muxreport control properties -set_prop(rild, ril_cdma_report_prop) -set_prop(rild, ril_mux_report_case_prop) -set_prop(rild, ctl_muxreport-daemon_prop) +set_prop(rild, vendor_mtk_ril_cdma_report_prop) +set_prop(rild, vendor_mtk_ril_mux_report_case_prop) +set_prop(rild, vendor_mtk_ctl_muxreport-daemon_prop) # Access to wake locks wakelock_use(rild) @@ -50,6 +48,7 @@ allow rild proc_net:file w_file_perms; allow rild self:netlink_route_socket nlmsg_write; # Allow read/write to devices/files +allow rild mtk_radio_device:dir search; allow rild radio_device:chr_file rw_file_perms; allow rild radio_device:blk_file r_file_perms; allow rild mtd_device:dir search; @@ -90,16 +89,11 @@ vndbinder_use(rild) #Dat: 2017/03/27 #Purpose: allow set telephony Sensitive property -set_prop(rild, mtk_telephony_sensitive_prop) +set_prop(rild, vendor_mtk_telephony_sensitive_prop) # For AGPSD allow rild mtk_agpsd:unix_stream_socket connectto; -#Date 2017/10/12 -#Purpose: allow set MTU size -#allow rild toolbox_exec:file getattr; -allow rild mtk_net_ipv6_prop:property_service set; - #Date: 2017/12/6 #Purpose: allow set the RS times for /proc/sys/net/ipv6/conf/ccmniX/router_solicitations allow rild vendor_shell_exec:file {execute_no_trans}; @@ -107,21 +101,21 @@ allow rild vendor_toolbox_exec:file {execute_no_trans}; # Date : WK18.16 # Operation: P migration -# Purpose: Allow rild to get tel_switch_prop -get_prop(rild, tel_switch_prop) +# Purpose: Allow rild to get vendor_mtk_tel_switch_prop +get_prop(rild, vendor_mtk_tel_switch_prop) #Date: W1817 -#Purpose: allow rild access property of vendor_radio_prop -set_prop(rild, vendor_radio_prop) +#Purpose: allow rild access property of vendor_mtk_radio_prop +set_prop(rild, vendor_mtk_radio_prop) #Date : W18.21 #Purpose: allow rild access to vendor.ril.ipo system property -set_prop(rild, vendor_ril_ipo_prop) +set_prop(rild, vendor_mtk_ril_ipo_prop) # Date : WK18.26 # Operation: P migration # Purpose: Allow carrier express HIDL to set vendor property -set_prop(rild, mtk_cxp_vendor_prop) +set_prop(rild, vendor_mtk_cxp_vendor_prop) allow rild mnt_vendor_file:dir search; allow rild mnt_vendor_file:file create_file_perms; allow rild nvdata_file:dir create_dir_perms; @@ -134,11 +128,11 @@ allow rild mtk_hal_secure_element:binder call; # Date : WK18.31 # Operation: P migration # Purpose: Allow supplementary service HIDL to set vendor property -set_prop(rild, mtk_ss_vendor_prop) +set_prop(rild, vendor_mtk_ss_vendor_prop) # Date : 2018/2/27 # Purpose : for NVRAM recovery mechanism -set_prop(rild,powerctl_prop); +set_prop(rild, powerctl_prop) # Date: 2019/06/14 # Operation : Migration @@ -155,9 +149,19 @@ allow rild proc_aed_reboot_reason:file rw_file_perms; # Date : WK19.43 # Purpose: Allow wfc module from rild read system property from wfc module -get_prop(rild, mtk_wfc_serv_prop) +get_prop(rild, vendor_mtk_wfc_serv_prop) # Date: 2019/11/15 # Operation: RILD init flow # Purpose: To handle illegal rild started -set_prop(rild, gsm0710muxd_prop) +set_prop(rild, vendor_mtk_gsm0710muxd_prop) + +# Date : 2019/10/29 +# Operation: imstestmode +# Purpose: Allow HIDL to set vendor property +set_prop(rild, vendor_mtk_imstestmode_prop) + +# Date : 2020/06/11 +# Operation: R migration +# Purpose: Allow rild to get system_boot_reason_prop +get_prop(rild, system_boot_reason_prop) diff --git a/non_plat/rilproxy.te b/non_plat/rilproxy.te index bf1d79e..c97f945 100644 --- a/non_plat/rilproxy.te +++ b/non_plat/rilproxy.te @@ -14,12 +14,10 @@ wakelock_use(rild) # rild Bringup Policy -allow rild init:unix_stream_socket connectto; allow rild mtkrild:unix_stream_socket connectto; -allow rild property_socket:sock_file write; allow rild self:capability setuid; -allow rild radio_prop:property_service set; -allow rild ril_mux_report_case_prop:property_service set; +set_prop(rild, radio_prop) +set_prop(rild, vendor_mtk_ril_mux_report_case_prop) allow rild mtk_agpsd:unix_stream_socket connectto; allow servicemanager rild:dir search; allow servicemanager rild:file { read open }; @@ -49,12 +47,12 @@ hal_client_domain(rild, hal_audio) #Date : W18.15 #Purpose: allow rild access to vendor.ril.ipo system property -set_prop(mtkrild, vendor_ril_ipo_prop) +set_prop(mtkrild, vendor_mtk_ril_ipo_prop) # Date : WK18.26 # Operation: P migration # Purpose: Allow carrier express HIDL to set vendor property -set_prop(mtkrild, mtk_cxp_vendor_prop) +set_prop(mtkrild, vendor_mtk_cxp_vendor_prop) allow mtkrild mnt_vendor_file:dir search; allow mtkrild mnt_vendor_file:file create_file_perms; allow mtkrild nvdata_file:dir create_dir_perms; @@ -63,7 +61,7 @@ allow mtkrild nvdata_file:file create_file_perms; # Date : WK18.31 # Operation: P migration # Purpose: Allow supplementary service HIDL to set vendor property -set_prop(mtkrild, mtk_ss_vendor_prop) +set_prop(mtkrild, vendor_mtk_ss_vendor_prop) # Date : W19.16 # Operation: Q migration diff --git a/non_plat/shell.te b/non_plat/shell.te index 5346726..9f2d309 100644 --- a/non_plat/shell.te +++ b/non_plat/shell.te @@ -1,6 +1,6 @@ # ============================================== # MTK Policy Rule -# ============ +# ============================================== # Date : WK16.46 # Purpose : allow shell to switch aee mode @@ -18,8 +18,3 @@ allow shell aee_exp_vendor_file:dir r_dir_perms; allow shell aee_exp_vendor_file:file r_file_perms; allow shell aee_exp_data_file:dir r_dir_perms; allow shell aee_exp_data_file:file r_file_perms; - -get_prop(shell, mobile_log_prop) -get_prop(shell, persist_mtk_aee_prop); -get_prop(shell, persist_aee_prop); -get_prop(shell, debug_mtk_aee_prop); diff --git a/non_plat/slpd.te b/non_plat/slpd.te index cfce93b..fa3efeb 100644 --- a/non_plat/slpd.te +++ b/non_plat/slpd.te @@ -16,3 +16,5 @@ net_domain(slpd) # mtk_agpsd will send the current SUPL profile to SLPD allow slpd mtk_agpsd:unix_dgram_socket sendto; + +allow slpd self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh }; diff --git a/non_plat/stp_dump3.te b/non_plat/stp_dump3.te index 0501d29..adc5b89 100644 --- a/non_plat/stp_dump3.te +++ b/non_plat/stp_dump3.te @@ -40,5 +40,5 @@ allow stp_dump3 stp_dump_data_file:file create_file_perms; allow stp_dump3 stp_dump_data_file:sock_file { write create unlink setattr }; allow stp_dump3 connsyslog_data_vendor_file:dir create_dir_perms; allow stp_dump3 connsyslog_data_vendor_file:file create_file_perms; -get_prop(stp_dump3, coredump_prop) +get_prop(stp_dump3, vendor_mtk_coredump_prop) init_daemon_domain(stp_dump3) diff --git a/non_plat/surfaceflinger.te b/non_plat/surfaceflinger.te index 795076e..9df1865 100644 --- a/non_plat/surfaceflinger.te +++ b/non_plat/surfaceflinger.te @@ -1,12 +1,11 @@ # ============================================== # MTK Policy Rule -# ============ +# ============================================== # Data : WK14.42 # Operation : Migration # Purpose : Video playback -allow surfaceflinger sw_sync_device:chr_file { rw_file_perms }; -allow surfaceflinger debug_prop:property_service set; +allow surfaceflinger sw_sync_device:chr_file rw_file_perms; # Date : WK16.33 # Purpose: Allow to access ged for gralloc_extra functions @@ -29,7 +28,10 @@ allow surfaceflinger debugfs_ion:dir search; # Date : WK17.30 # Operation : O Migration # Purpose: Allow to access cmdq driver -allow surfaceflinger mtk_cmdq_device:chr_file { read ioctl open }; +allow surfaceflinger mtk_cmdq_device:chr_file r_file_perms; +allow surfaceflinger mtk_mdp_device:chr_file r_file_perms; +allow surfaceflinger mtk_mdp_sync:chr_file r_file_perms; +allow surfaceflinger sysfs_boot_mode:file r_file_perms; # Date : W17.39 # Perform Binder IPC. @@ -58,27 +60,19 @@ allowxperm surfaceflinger proc_perfmgr:file ioctl { # Date : WK17.43 # Operation : Debug # Purpose: Allow to dump HWC backtrace -get_prop(surfaceflinger, graphics_hwc_pid_prop) -get_prop(surfaceflinger, graphics_hwc_latch_unsignaled_prop) +get_prop(surfaceflinger, vendor_mtk_graphics_hwc_pid_prop) +get_prop(surfaceflinger, vendor_mtk_graphics_hwc_latch_unsignaled_prop) +get_prop(surfaceflinger, vendor_mtk_graphics_hwc_validate_separate_prop) allow surfaceflinger hal_graphics_composer_default:dir search; allow surfaceflinger hal_graphics_composer_default:lnk_file read; - -# Date : WK18.36 -# Operation : Debug -# Purpose: Allow to dump buffer queue -get_prop(surfaceflinger, debug_bq_dump_prop) +dontaudit surfaceflinger hal_graphics_composer_default:file r_file_perms; # Date : WK19.4 # Operation : P Migration # Purpose: Allow to access /dev/mdp_device driver allow surfaceflinger mdp_device:chr_file rw_file_perms; -# Date : WK19.09 -# Purpose: Allow to access property dev/mdp_sync -#============= surfaceflinger ============== -allow surfaceflinger mtk_mdp_device:chr_file rw_file_perms; - # Date : WK18.43 # Operation : HDR # Purpose: Allow to skip aosp hdr solution -get_prop(surfaceflinger, graphics_hwc_hdr_prop) +get_prop(surfaceflinger, vendor_mtk_graphics_hwc_hdr_prop) diff --git a/non_plat/system_app.te b/non_plat/system_app.te index 4e18c90..d5cf4e0 100644 --- a/non_plat/system_app.te +++ b/non_plat/system_app.te @@ -13,14 +13,13 @@ hal_client_domain(system_app, mtk_hal_lbs) #Dat: 2017/02/14 #Purpose: allow set telephony Sensitive property -get_prop(system_app, mtk_telephony_sensitive_prop) +get_prop(system_app, vendor_mtk_telephony_sensitive_prop) # Date : WK17.12 # Operation : MT6799 SQC # Purpose : Change thermal config -allow system_app mtk_thermal_config_prop:file { getattr open read }; - +get_prop(system_app, vendor_mtk_thermal_config_prop) # Date : 2017/11/07 # Operation : Migration @@ -29,16 +28,11 @@ allow system_app mtk_thermal_config_prop:file { getattr open read }; allow system_app aee_exp_data_file:file r_file_perms; allow system_app aee_exp_data_file:dir r_dir_perms; -# Date: 2018/11/08 -# Operation : JPEG -# Purpose : JPEG need to use PQ via MMS HIDL -allow system_app mtk_hal_mms_hwservice:hwservice_manager find; -allow system_app mtk_hal_mms:binder call; - # Date: 2019/06/14 # Operation : Migration # Purpose : system_app need vendor_default_prop -get_prop(system_app, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(system_app, vendor_default_prop) # Date: 2019/07/16 # Operation : Migration @@ -48,3 +42,26 @@ allow system_app mtk_hal_hdmi:binder call; allow system_app self:netlink_kobject_uevent_socket {read bind create setopt }; # system_app need to read from sysfs /sys/class/switch/hdmi/state r_dir_file(system_app, sysfs_switch); + +# Date: 2020/06/08 +# Purpose: Allow system app to access mtk jpeg +allow system_app proc_mtk_jpeg:file rw_file_perms; +allowxperm system_app proc_mtk_jpeg:file ioctl { + JPG_BRIDGE_DEC_IO_LOCK + JPG_BRIDGE_DEC_IO_WAIT + JPG_BRIDGE_DEC_IO_UNLOCK +}; + +# Date: 2020/06/29 +# Purpose: Allow system app to access mtk fpsgo +allow system_app sysfs_fpsgo:dir search; +allow system_app sysfs_fpsgo:file r_file_perms; + +# Date 2021/03/29 +# Purpose: To support System navigation selection +allow system_app mtk_cmdq_device:chr_file read; +allow system_app mtk_cmdq_device:chr_file open; +allow system_app mtk_cmdq_device:chr_file ioctl; +allow system_app mtk_mdp_sync:chr_file read; +allow system_app mtk_mdp_sync:chr_file open; +allow system_app mtk_mdp_sync:chr_file ioctl; diff --git a/non_plat/system_server.te b/non_plat/system_server.te index 919f663..8e37c12 100644 --- a/non_plat/system_server.te +++ b/non_plat/system_server.te @@ -1,6 +1,7 @@ # ============================================== # MTK Policy Rule # ============================================== + # Access devices. allow system_server touch_device:chr_file rw_file_perms; allow system_server stpant_device:chr_file rw_file_perms; @@ -18,9 +19,6 @@ allow system_server aee_core_data_file:dir r_dir_perms; # Perform Binder IPC. allow system_server zygote:binder impersonate; -# Property service. -allow system_server ctl_bootanim_prop:property_service set; - # For dumpsys. allow system_server aee_dumpsys_data_file:file w_file_perms; allow system_server aee_exp_data_file:file w_file_perms; @@ -39,10 +37,6 @@ allow system_server debugfs_wakeup_sources:file r_file_perms; # Allow system_server to read/write /sys/power/dcm_state allow system_server sysfs_dcm:file rw_file_perms; -# Date : WK16.36 -# Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW -allow system_server log_tag_prop:property_service set; - # Data : WK16.42 # Operator: Whitney bring up # Purpose: call surfaceflinger due to powervr @@ -78,6 +72,10 @@ allow system_server proc_mtktz:file r_file_perms; # Purpose : audio hal interface permission allow system_server mtk_hal_audio:process { getsched setsched }; +#Dat: 2017/02/14 +#Purpose: allow get telephony Sensitive property +get_prop(system_server, vendor_mtk_telephony_sensitive_prop) + # Date:W17.07 # Operation : bt hal # Purpose : bt hal interface permission @@ -103,7 +101,6 @@ allow system_server vendor_framework_file:dir r_file_perms; # Fix bootup violation allow system_server vendor_framework_file:file getattr; -allow system_server wifi_prop:file { read getattr open }; # Date:W17.22 # Operation : add aee_aed socket rule @@ -114,10 +111,6 @@ allow system_server wifi_prop:file { read getattr open }; # tclass=unix_stream_socket permissive=0 allow system_server crash_dump:unix_stream_socket connectto; -#Dat: 2017/02/14 -#Purpose: allow get telephony Sensitive property -get_prop(system_server, mtk_telephony_sensitive_prop) - # Date: W17.22 # Operation : New Feature # Purpose : Add for A/B system @@ -161,13 +154,11 @@ hal_client_domain(system_server, mtk_hal_lbs) # Date : WK17.12 # Operation : MT6799 SQC # Purpose : Change thermal config -allow system_server mtk_thermal_config_prop:file { getattr open read }; - +get_prop(system_server, vendor_mtk_thermal_config_prop) # Date : WK17.43 # Operation : Migration # Purpose : perfmgr permission -allow system_server mtk_hal_power_hwservice:hwservice_manager find; allow system_server proc_perfmgr:dir {read search}; allow system_server proc_perfmgr:file {open read ioctl}; allowxperm system_server proc_perfmgr:file ioctl { @@ -182,14 +173,6 @@ allowxperm system_server proc_perfmgr:file ioctl { # Purpose : MTK wifi hal interface permission binder_call(system_server, mtk_hal_wifi) -# Date : WK18.33 -# Purpose : type=1400 audit(0.0:1592): avc: denied { read } -# for comm=4572726F722064756D703A20646174 name= -# "u:object_r:persist_mtk_aee_prop:s0" dev="tmpfs" -# ino=10312 scontext=u:r:system_server:s0 tcontext= -# u:object_r:persist_mtk_aee_prop:s0 tclass=file permissive=0 -get_prop(system_server, persist_mtk_aee_prop); - # Date : W19.15 # Operation : alarm device permission # Purpose : support power-off alarm @@ -202,28 +185,13 @@ allow system_server proc_ged:file rw_file_perms; allowxperm system_server proc_ged:file ioctl { proc_ged_ioctls }; # Date: 2019/06/14 -# Operation : Migration -get_prop(system_server, vendor_default_prop) - -# Date: 2019/06/14 # Operation : when WFD turnning on, turn off hdmi allow system_server mtk_hal_hdmi_hwservice:hwservice_manager find; allow system_server mtk_hal_hdmi:binder call; -#Date:2019/10/08 -#Operation:Q Migration -allow system_server proc_battery_cmd:dir search; - #Date:2019/10/09 #Operation:Q Migration -get_prop(system_server, debug_mtk_aee_prop) - -#Date:2019/10/09 -#Operation:Q Migration -get_prop(system_server, debug_bq_dump_prop) -get_prop(system_server, mtk_telecom_vibrate) allow system_server proc_cmdq_debug:file getattr; -allow system_server proc_freqhop:file getattr; allow system_server proc_last_kmsg:file r_file_perms; allow system_server proc_cm_mgr:dir search; allow system_server proc_isp_p2:dir search; @@ -274,3 +242,24 @@ allow system_server sf_rtt_file:dir rmdir; # Date : 2019/11/29 # Operation : Q Migration allow system_server storage_stub_file:dir getattr; + +#Date : 2020/05/12 +#Operation : R Migration +allow system_server proc_ppm:file r_file_perms; + +# Date: 2019/11/12 +# Purpose: Allow system server to access mtk jpeg +allow system_server proc_mtk_jpeg:file rw_file_perms; +allowxperm system_server proc_mtk_jpeg:file ioctl { + JPG_BRIDGE_DEC_IO_LOCK + JPG_BRIDGE_DEC_IO_WAIT + JPG_BRIDGE_DEC_IO_UNLOCK +}; + +#Date : 2020/06/30 +#Operation : R Migration +dontaudit system_server kernel:process sigkill; + +#Date:2020/07/23 +#Operation:R Migration +dontaudit system_server iorapd:process setsched; diff --git a/non_plat/thermal_manager.te b/non_plat/thermal_manager.te index 3bdf75c..007e868 100644 --- a/non_plat/thermal_manager.te +++ b/non_plat/thermal_manager.te @@ -34,7 +34,7 @@ allow thermal_manager cameraserver:fd use; allow thermal_manager kd_camera_hw_device:chr_file { read write }; allow thermal_manager MTK_SMI_device:chr_file read; allow thermal_manager surfaceflinger:fd use; -set_prop(thermal_manager ,mtk_thermal_config_prop) +set_prop(thermal_manager, vendor_mtk_thermal_config_prop) # Date : 2019/09/12 # Operation : Migration diff --git a/non_plat/ueventd.te b/non_plat/ueventd.te index a98faaa..a77e329 100644 --- a/non_plat/ueventd.te +++ b/non_plat/ueventd.te @@ -5,7 +5,6 @@ allow ueventd proc_net:file r_file_perms; # Date: W17.22 # Operation : New Feature # Purpose : Add for A/B system -allow ueventd device:chr_file { relabelfrom relabelto }; allow ueventd m_acc_misc_device:chr_file { relabelfrom relabelto }; allow ueventd m_mag_misc_device:chr_file { relabelfrom relabelto }; diff --git a/non_plat/uncrypte.te b/non_plat/uncrypte.te deleted file mode 100755 index 80b0635..0000000 --- a/non_plat/uncrypte.te +++ /dev/null @@ -1,4 +0,0 @@ -#====================== uncrypt.te ====================== -allow uncrypt para_block_device:blk_file w_file_perms; -allow uncrypt ota_package_file:file w_file_perms; - diff --git a/non_plat/untrusted_app_all.te b/non_plat/untrusted_app_all.te new file mode 100644 index 0000000..9b06e2e --- /dev/null +++ b/non_plat/untrusted_app_all.te @@ -0,0 +1,13 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +# Date: 2020/06/08 +# Purpose: Allow untrusted app to access mtk jpeg +typeattribute proc_mtk_jpeg mlstrustedobject; +allow untrusted_app_all proc_mtk_jpeg:file rw_file_perms; +allowxperm untrusted_app_all proc_mtk_jpeg:file ioctl { + JPG_BRIDGE_DEC_IO_LOCK + JPG_BRIDGE_DEC_IO_WAIT + JPG_BRIDGE_DEC_IO_UNLOCK +}; diff --git a/non_plat/update_engine.te b/non_plat/update_engine.te index e3013f9..b0d8ab2 100644 --- a/non_plat/update_engine.te +++ b/non_plat/update_engine.te @@ -27,3 +27,8 @@ allow update_engine postinstall_mnt_dir:dir { search getattr open read write sea # Add for AVB20 allow update_engine tmpfs:lnk_file read; + +allow update_engine metadata_file:dir { getattr mounton }; +allow update_engine devpts:chr_file rw_file_perms; +allow update_engine kmsg_device:chr_file w_file_perms; + diff --git a/non_plat/vendor_init.te b/non_plat/vendor_init.te index 783f6c9..ac0b98d 100644 --- a/non_plat/vendor_init.te +++ b/non_plat/vendor_init.te @@ -2,18 +2,19 @@ # MTK Policy Rule # ============================================== -set_prop(vendor_init, mediatek_prop) -set_prop(vendor_init, mtk_md_version_prop) -set_prop(vendor_init, mtk_volte_prop) -set_prop(vendor_init, vendor_radio_prop) -set_prop(vendor_init, mtk_ril_mode_prop) -set_prop(vendor_init, wmt_prop) -set_prop(vendor_init, coredump_prop) +set_prop(vendor_init, vendor_mtk_mediatek_prop) +set_prop(vendor_init, vendor_mtk_md_version_prop) +set_prop(vendor_init, vendor_mtk_volte_prop) +set_prop(vendor_init, vendor_mtk_radio_prop) +set_prop(vendor_init, vendor_mtk_ril_mode_prop) +set_prop(vendor_init, vendor_mtk_wmt_prop) +set_prop(vendor_init, vendor_mtk_coredump_prop) allow vendor_init proc_wmtdbg:file w_file_perms; allow vendor_init proc_cpufreq:file w_file_perms; allow vendor_init proc_bootprof:file write; +allow vendor_init proc_pl_lk:file w_file_perms; allow vendor_init rootfs:dir { write add_name setattr }; allow vendor_init self:capability sys_module; @@ -22,27 +23,27 @@ allow vendor_init unlabeled:dir { relabelfrom getattr setattr search }; allow vendor_init vendor_file:system module_load; allow vendor_init kmsg_device:chr_file unlink; -set_prop(vendor_init, persist_mtk_aee_prop) -set_prop(vendor_init, ro_mtk_aee_prop) -set_prop(vendor_init, vendor_usb_prop) -set_prop(vendor_init, mtk_ct_volte_prop) -set_prop(vendor_init, mtk_gps_support_prop) -set_prop(vendor_init, mtk_rat_config_prop) -set_prop(vendor_init, tel_switch_prop) -set_prop(vendor_init, mtk_aal_ro_prop) -set_prop(vendor_init, mtk_pq_ro_prop) -set_prop(vendor_init, mtk_default_prop) -set_prop(vendor_init, mtk_nn_option_prop) -set_prop(vendor_init, mtk_emmc_support_prop) -set_prop(vendor_init, mtk_anr_support_prop) -set_prop(vendor_init, mtk_antutu_prop) -set_prop(vendor_init, mtk_bt_sap_enable_prop) -set_prop(vendor_init, coredump_prop) +set_prop(vendor_init, system_mtk_persist_mtk_aee_prop) +set_prop(vendor_init, vendor_mtk_ro_aee_prop) +set_prop(vendor_init, vendor_mtk_sensor_prop) +set_prop(vendor_init, vendor_mtk_usb_prop) +set_prop(vendor_init, vendor_mtk_ct_volte_prop) +set_prop(vendor_init, vendor_mtk_gps_support_prop) +set_prop(vendor_init, vendor_mtk_rat_config_prop) +set_prop(vendor_init, vendor_mtk_tel_switch_prop) +set_prop(vendor_init, vendor_mtk_aal_ro_prop) +set_prop(vendor_init, vendor_mtk_pq_ro_prop) +set_prop(vendor_init, vendor_mtk_default_prop) +set_prop(vendor_init, vendor_mtk_nn_option_prop) +set_prop(vendor_init, vendor_mtk_emmc_support_prop) +set_prop(vendor_init, vendor_mtk_anr_support_prop) +set_prop(vendor_init, vendor_mtk_antutu_prop) +set_prop(vendor_init, vendor_mtk_bt_sap_enable_prop) # allow create symbolic link, /mnt/sdcard, for meta/factory mode allow vendor_init tmpfs:lnk_file create; -set_prop(vendor_init, mtk_cxp_vendor_prop) +set_prop(vendor_init, vendor_mtk_cxp_vendor_prop) # Run "ifup lo" to bring up the localhost interface allow vendor_init proc_hostname:file w_file_perms; @@ -57,10 +58,10 @@ allow vendor_init proc_perfmgr:file write; # allow create symbolic link, /mnt/sdcard, for meta/factory mode allow vendor_init tmpfs:lnk_file create; -set_prop(vendor_init, mtk_appresolutiontuner_prop) +set_prop(vendor_init, vendor_mtk_appresolutiontuner_prop) # fullscreen switch -set_prop(vendor_init, mtk_fullscreenswitch_prop) +set_prop(vendor_init, vendor_mtk_fullscreenswitch_prop) # for kernel module verification support, allow vendor domain to search kernel keyring allow vendor_init kernel:key search; @@ -68,10 +69,22 @@ allow vendor_init kernel:key search; # Purpose: /dev/block/mmcblk0p10 allow vendor_init expdb_block_device:blk_file rw_file_perms; -set_prop(vendor_init, mtk_wifi_hotspot_prop) -set_prop(vendor_init, persist_aeev_prop) -set_prop(vendor_init, mtk_powerhal_prop) +set_prop(vendor_init, vendor_mtk_wifi_hotspot_prop) +set_prop(vendor_init, vendor_mtk_persist_aeev_prop) +set_prop(vendor_init, vendor_mtk_powerhal_prop) # mmstat tracer allow vendor_init debugfs_tracing_instances:dir create_dir_perms; allow vendor_init debugfs_tracing_instances:file w_file_perms; + +#boot tracer +allow vendor_init debugfs_tracing_debug:file w_file_perms; + +# Date : 2019/11/21 +# Operation: SQC +# Purpose : Allow vendor_init to control MCDI +allow vendor_init proc_cpuidle:file rw_file_perms; + +# Date : 2020/07/08 +# Purpose: add permission for /proc/sys/vm/swappiness +allow vendor_init proc_swappiness:file w_file_perms; diff --git a/non_plat/vold.te b/non_plat/vold.te index 8679bc7..dab47dd 100644 --- a/non_plat/vold.te +++ b/non_plat/vold.te @@ -14,7 +14,6 @@ allow vold iso9660:filesystem unmount; # Purpose : vold will traverse /proc when remountUid(). # It will trigger violation if mtk customize some label in /proc. # However, we should ignore the violation if the processes never access the storage. -dontaudit vold proc_battery_cmd:dir { read open }; dontaudit vold proc_mtkcooler:dir { read open }; dontaudit vold proc_mtktz:dir { read open }; dontaudit vold proc_thermal:dir { read open }; diff --git a/non_plat/wifi_dump.te b/non_plat/wifi_dump.te new file mode 100755 index 0000000..b3f2d04 --- /dev/null +++ b/non_plat/wifi_dump.te @@ -0,0 +1,37 @@ +# ============================================== +# Policy File of /system/binstp_dump3 Executable File + + +# ============================================== +# Type Declaration +# ============================================== + +type wifi_dump_exec, vendor_file_type, exec_type, file_type; +type wifi_dump, domain; + +# ============================================== +# Android Policy Rule +# ============================================== + +# ============================================== +# NSA Policy Rule +# ============================================== + +# ============================================== +# MTK Policy Rule +# ============================================== +allow wifi_dump self:capability { net_admin }; +allow wifi_dump self:netlink_socket { read write getattr bind create setopt }; +allow wifi_dump self:netlink_generic_socket { read write getattr bind create setopt }; +allow wifi_dump conninfra_device:chr_file rw_file_perms; +allow wifi_dump stpwmt_device:chr_file rw_file_perms; +allow wifi_dump tmpfs:lnk_file r_file_perms; +allow wifi_dump mnt_user_file:dir search; +allow wifi_dump mnt_user_file:lnk_file read; +allow wifi_dump storage_file:lnk_file read; +allow wifi_dump stp_dump_data_file:dir create_dir_perms; +allow wifi_dump stp_dump_data_file:file create_file_perms; +allow wifi_dump connsyslog_data_vendor_file:dir create_dir_perms; +allow wifi_dump connsyslog_data_vendor_file:file create_file_perms; +get_prop(wifi_dump, vendor_mtk_coredump_prop) +init_daemon_domain(wifi_dump) diff --git a/non_plat/wlan_assistant.te b/non_plat/wlan_assistant.te index 830da67..5f3e3ed 100644 --- a/non_plat/wlan_assistant.te +++ b/non_plat/wlan_assistant.te @@ -37,7 +37,5 @@ allow wlan_assistant nvdata_file:file { read getattr open }; allow wlan_assistant wmtWifi_device:chr_file { read write getattr open }; allow wlan_assistant mnt_vendor_file :dir search; -allow wlan_assistant init:unix_stream_socket connectto; -allow wlan_assistant property_socket:sock_file write; -set_prop(wlan_assistant, mtk_nvram_ready_prop) +set_prop(wlan_assistant, vendor_mtk_nvram_ready_prop) diff --git a/non_plat/wmt_loader.te b/non_plat/wmt_loader.te index 25c9bde..747715c 100644 --- a/non_plat/wmt_loader.te +++ b/non_plat/wmt_loader.te @@ -16,7 +16,7 @@ init_daemon_domain(wmt_loader) allow wmt_loader self:capability chown; # Set the property -set_prop(wmt_loader, wmt_prop) +set_prop(wmt_loader, vendor_mtk_wmt_prop) # add ioctl/open/read/write permission for wmt_loader with /dev/wmtdetect allow wmt_loader wmtdetect_device:chr_file rw_file_perms; diff --git a/plat_private/adbd.te b/plat_private/adbd.te index 9f78cb3..0e2a80b 100644 --- a/plat_private/adbd.te +++ b/plat_private/adbd.te @@ -1,2 +1,5 @@ allow adbd debuglog_data_file:dir r_dir_perms; allow adbd debuglog_data_file:file r_file_perms; + +# TODO(b/188853550): We want logcat to be able to write to serial for debugging. +allow logpersist kmsg_debug_device:chr_file w_file_perms; diff --git a/plat_private/aee_aed.te b/plat_private/aee_aed.te deleted file mode 100644 index bc3c436..0000000 --- a/plat_private/aee_aed.te +++ /dev/null @@ -1,132 +0,0 @@ -# ============================================== -# Policy File of /system/bin/aee_aed Executable File - -# ============================================== -# Type Declaration -# ============================================== -type aee_aed_exec, system_file_type, exec_type, file_type; -typeattribute aee_aed coredomain; -typeattribute aee_aed mlstrustedsubject; - -init_daemon_domain(aee_aed) - -# ============================================== -# MTK Policy Rule -# ============================================== - -# AED start: /dev/block/expdb -allow aee_aed block_device:dir search; - -# aee db dir and db files -allow aee_aed sdcard_type:dir create_dir_perms; -allow aee_aed sdcard_type:file create_file_perms; - -#data/anr -allow aee_aed anr_data_file:dir create_dir_perms; -allow aee_aed anr_data_file:file create_file_perms; - -allow aee_aed domain:process { sigkill getattr getsched signal }; -allow aee_aed domain:lnk_file getattr; - -#core-pattern -allow aee_aed usermodehelper:file r_file_perms; - -#suid_dumpable. this is neverallow -#allow aee_aed proc_security:file r_file_perms; - -#allow aee_aed call binaries labeled "system_file" under /system/bin/ -allow aee_aed system_file:file execute_no_trans; - -allow aee_aed init:process getsched; -allow aee_aed kernel:process getsched; - -# Date: W15.34 -# Operation: Migration -# Purpose: For pagemap & pageflags information in NE DB -userdebug_or_eng(`allow aee_aed self:capability sys_admin;') - -# Purpose: allow aee_aed to access toolbox -allow aee_aed toolbox_exec:file rx_file_perms; - -# Purpose: mnt/user/* -allow aee_aed mnt_user_file:dir search; -allow aee_aed mnt_user_file:lnk_file read; - -allow aee_aed storage_file:dir search; -allow aee_aed storage_file:lnk_file read; - -# Date : WK17.09 -# Operation : AEE UT for Android O -# Purpose : for AEE module to dump files -domain_auto_trans(aee_aed, dumpstate_exec, dumpstate) - -# Purpose : aee_aed communicate with aee_core_forwarder -# allow aee_aed aee_core_forwarder:dir search; -# allow aee_aed aee_core_forwarder:file { read getattr open }; - -userdebug_or_eng(` - allow aee_aed su:dir {search read open }; - allow aee_aed su:file { read getattr open }; -') - -# /data/tombstone -allow aee_aed tombstone_data_file:dir w_dir_perms; -allow aee_aed tombstone_data_file:file create_file_perms; - -# /proc/pid/ -allow aee_aed self:capability { fowner chown fsetid sys_nice sys_resource net_admin sys_module setgid setuid kill }; - -# system(cmd) aee_dumpstate aee_archive -allow aee_aed shell_exec:file rx_file_perms; - -# PROCESS_FILE_STATE -allow aee_aed dumpstate:unix_stream_socket { read write ioctl }; -allow aee_aed dumpstate:dir search; -allow aee_aed dumpstate:file r_file_perms; - -allow aee_aed logdr_socket:sock_file write; -allow aee_aed logd:unix_stream_socket connectto; -#allow aee_aed system_ndebug_socket:sock_file write; - -# vibrator -allow aee_aed sysfs_vibrator:file w_file_perms; - -# Data : 2017/03/22 -# Operation : add NE flow rule for Android O -# Purpose : make aee_aed can get specific process NE info -allow aee_aed domain:dir r_dir_perms; -allow aee_aed domain:{ file lnk_file } r_file_perms; - -allow aee_aed dalvikcache_data_file:dir r_dir_perms; -#allow aee_aed zygote_exec:file r_file_perms; -#allow aee_aed init_exec:file r_file_perms; - -# Data : 2017/04/06 -# Operation : add selinux rule for crash_dump notify aee_aed -# Purpose : make aee_aed can get notify from crash_dump -allow aee_aed crash_dump:dir search; -allow aee_aed crash_dump:file r_file_perms; - -# Purpose : allow aee_aed to read /proc/version -allow aee_aed proc_version:file { read open }; - -# Purpose : allow aee_aed self to sys_nice/chown/kill -allow aee_aed self:capability { sys_nice chown fowner kill }; - -# Purpose: Allow aee_aed to write /sys/kernel/debug/tracing/snapshot -userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };') - -# Purpose: Allow aee_aed to read/write /sys/kernel/debug/tracing/tracing_on -#userdebug_or_eng(` allow aee_aed debugfs_tracing:file { r_file_perms write };') - -# Purpose: receive dropbox message -allow aee_aed dropbox_data_file:file {getattr read}; -allow aee_aed dropbox_service:service_manager find; -allow aee_aed servicemanager:binder call; -allow aee_aed system_server:binder call; - -# Purpose: allow aee_aed to read packages.list -allow aee_aed packages_list_file:file r_file_perms; - -# Purpose: Allow aee_aed to read /proc/*/exe -allow aee_aed system_file_type:file r_file_perms; diff --git a/plat_private/aee_core_forwarder.te b/plat_private/aee_core_forwarder.te index 961646c..c7fae44 100644 --- a/plat_private/aee_core_forwarder.te +++ b/plat_private/aee_core_forwarder.te @@ -98,3 +98,10 @@ get_prop(aee_core_forwarder, hwservicemanager_prop) # Purpose : allow aee_core_forwarder to connect aee_aed socket allow aee_core_forwarder crash_dump:unix_stream_socket connectto; + +# Data : 2017/08/04 +# Operation : fix aee_core_forwarder timeout +# Purpose : type=1400 audit(0.0:24315): avc: denied { sys_admin } for +# capability=21 scontext=u:r:aee_core_forwarder:s0 +# tcontext=u:r:aee_core_forwarder:s0 tclass=capability permissive=0 +allow aee_core_forwarder self:capability sys_admin; diff --git a/r_non_plat/vold_prepare_subdirs.te b/plat_private/app.te index 3c531e2..aa96055 100644 --- a/r_non_plat/vold_prepare_subdirs.te +++ b/plat_private/app.te @@ -2,9 +2,7 @@ # MTK Policy Rule # ============================================== -# volume manager - -# Date : WK18.42 +# Date: 2019/06/17 # Operation : Migration -# Purpose : kernel-4.14 migration -allow vold_prepare_subdirs vendor_configs_file:file map; +# Purpose : appdomain need get system_mtk_amslog_prop +get_prop(appdomain, system_mtk_amslog_prop) diff --git a/plat_private/bluetooth.te b/plat_private/bluetooth.te index be0d56a..36ca7cc 100644 --- a/plat_private/bluetooth.te +++ b/plat_private/bluetooth.te @@ -3,6 +3,11 @@ # Add permission only for platform system # ============================================== +# Date: 2018/01/17 +#allow bluetooth to set property +set_prop(bluetooth, system_mtk_vendor_bluetooth_prop) +set_prop(bluetooth, debug_prop) + # Date: 2018/02/02 # Add permission for different storage types logging @@ -35,6 +40,10 @@ allow bluetooth storage_file:dir { create_dir_perms }; allow bluetooth tmpfs:lnk_file read; allow bluetooth storage_file:file { create_file_perms }; +# Date: 2019/06/14 +# Operation : Migration +get_prop(bluetooth, system_mtk_amslog_prop) + # Date: 2019/06/20 # Add dir create perms for bluetooth on /data/debuglogger #{ read write create search open getattr }; diff --git a/plat_private/boot_logo_updater.te b/plat_private/boot_logo_updater.te index 7b537bb..2370498 100644 --- a/plat_private/boot_logo_updater.te +++ b/plat_private/boot_logo_updater.te @@ -14,13 +14,10 @@ init_daemon_domain(boot_logo_updater) # Date : WK14.32 # Operation : Migration # Puration : set boot reason -allow boot_logo_updater system_prop:property_service set; +set_prop(boot_logo_updater, system_prop) allow boot_logo_updater graphics_device:chr_file rw_file_perms; -# For IPC communication -allow boot_logo_updater init:unix_stream_socket connectto; -allow boot_logo_updater property_socket:sock_file write; # To access directory /dev/block/mmcblk0 or /dev/block/sdc allow boot_logo_updater block_device:dir search; allow boot_logo_updater graphics_device:dir search; @@ -28,7 +25,6 @@ allow boot_logo_updater graphics_device:dir search; allow boot_logo_updater mtd_device:chr_file r_file_perms; allow boot_logo_updater mtd_device:dir search; #To access the file at /dev/kmsg -allow boot_logo_updater device:dir write; allow boot_logo_updater kmsg_device:chr_file w_file_perms; #To the access /fstab mount point allow boot_logo_updater rootfs:file r_file_perms; diff --git a/plat_private/bootanim.te b/plat_private/bootanim.te index 46fe429..3f4d9c6 100644 --- a/plat_private/bootanim.te +++ b/plat_private/bootanim.te @@ -1,6 +1,6 @@ # ============================================== # MTK Policy Rule -# ============ +# ============================================== # Date : WK14.32 # Operation : Migration @@ -15,9 +15,12 @@ allow bootanim audioserver_service:service_manager find; # Date : WK14.37 # Operation : Migration # Purpose : for opetator -allow bootanim property_socket:sock_file write; -allow bootanim init:unix_stream_socket connectto; -allow bootanim debug_prop:property_service set; +set_prop(bootanim, debug_prop) + +# Date : WK14.37 +# Operation : Migration +# Purpose : for opetator +set_prop(bootanim, system_mtk_bootani_prop) # Date : WK14.46 # Operation : Migration diff --git a/plat_private/cmddumper.te b/plat_private/cmddumper.te index 01b5dc5..50a565c 100644 --- a/plat_private/cmddumper.te +++ b/plat_private/cmddumper.te @@ -8,19 +8,15 @@ typeattribute cmddumper coredomain; init_daemon_domain(cmddumper) - # for modem logging sdcard access allow cmddumper sdcard_type:dir create_dir_perms; allow cmddumper sdcard_type:file create_file_perms; # modem logger socket access -allow cmddumper init:unix_stream_socket connectto; -allow cmddumper property_socket:sock_file { write read }; allow cmddumper platform_app:unix_stream_socket connectto; allow cmddumper shell_exec:file { rx_file_perms }; allow cmddumper system_file:file x_file_perms; - # purpose: allow cmddumper to access storage in N version allow cmddumper media_rw_data_file:file { create_file_perms }; allow cmddumper media_rw_data_file:dir { create_dir_perms }; @@ -30,3 +26,11 @@ allow cmddumper file_contexts_file:file { read getattr open }; ## Save C2K modem log into data allow cmddumper debuglog_data_file:dir {relabelto create_dir_perms}; allow cmddumper debuglog_data_file:file create_file_perms; + +#allow emdlogger to set property +set_prop(cmddumper, system_mtk_debug_mdlogger_prop) +set_prop(cmddumper, debug_prop) + +# Android P migration +set_prop(cmddumper, system_mtk_persist_mtklog_prop) +set_prop(cmddumper, system_mtk_mdl_prop) diff --git a/plat_private/connsyslogger.te b/plat_private/connsyslogger.te index 6048a29..1984cd0 100644 --- a/plat_private/connsyslogger.te +++ b/plat_private/connsyslogger.te @@ -2,6 +2,8 @@ typeattribute connsyslogger coredomain; type connsyslogger_exec, system_file_type, exec_type, file_type; init_daemon_domain(connsyslogger) +set_prop(connsyslogger, system_mtk_connsysfw_prop) + #Date:2019/06/27 #access data/debuglog allow connsyslogger debuglog_data_file:dir {relabelto create_dir_perms}; diff --git a/plat_private/crash_dump.te b/plat_private/crash_dump.te index 98b8cb7..ca40403 100644 --- a/plat_private/crash_dump.te +++ b/plat_private/crash_dump.te @@ -2,6 +2,12 @@ # MTK Policy Rule # ============================================== +typeattribute crash_dump mlstrustedsubject; + +# /porc/pid/ +allow crash_dump appdomain:dir r_dir_perms; +allow crash_dump coredomain:dir r_dir_perms; + # AED start: /dev/block/expdb allow crash_dump block_device:dir search; @@ -118,3 +124,8 @@ allow crash_dump packages_list_file:file r_file_perms; # Purpose: Allow crash_dump to read /proc/*/exe allow crash_dump system_file_type:file r_file_perms; + +# Purpose: crash_dump set property +set_prop(crash_dump, system_mtk_persist_mtk_aee_prop) +set_prop(crash_dump, system_mtk_persist_aee_prop) +set_prop(crash_dump, system_mtk_debug_mtk_aee_prop) diff --git a/plat_private/dhcp.te b/plat_private/dhcp.te deleted file mode 100644 index 4d50933..0000000 --- a/plat_private/dhcp.te +++ /dev/null @@ -1,26 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date :WK14.34 -# Operation : Migration -# Purpose: for connecting Wifi -allow dhcp devpts:chr_file rw_file_perms; - - -# Date :WK14.41 -# Operation : ALPS01757300 -# Purpose: connect AP, using for wifi connect -allow dhcp kernel:system module_request; - - -# Date :WK14.44 -# Operation : ALPS01798575 -# Purpose: Search on Internet using browser, the 3th App use dhcp -#============= netd ============== -allow dhcp platform_app:fd use; - -allow dhcp init:fifo_file rw_file_perms; -allow dhcp init:unix_stream_socket { read write }; - -allow dhcp untrusted_app:fd use; diff --git a/plat_private/dumpstate.te b/plat_private/dumpstate.te index fb1ffaa..c634df7 100644 --- a/plat_private/dumpstate.te +++ b/plat_private/dumpstate.te @@ -2,6 +2,9 @@ # MTK Policy Rule # ============================================== +# Purpose: aee_dumpstate set surfaceflinger property +set_prop(dumpstate, system_mtk_debug_bq_dump_prop) + # Purpose: access for SYS_MEMORY_INFO allow dumpstate fuse:dir { w_dir_perms }; allow dumpstate fuse:file { write create open setattr append }; @@ -56,3 +59,10 @@ allow dumpstate self:capability sys_nice; allow dumpstate mobile_log_d:fd use; allow dumpstate mobile_log_d:fifo_file write; allow dumpstate mobile_log_d:unix_stream_socket { read write }; + +# Date : 2020/05/21 +# Operation : fix dumpstate dump fail +# Purpose : type=1400 audit(0.0:24312): avc: denied { sys_admin } for +# capability=21 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 +# tclass=capability permissive=0 +allow dumpstate self:capability sys_admin; diff --git a/plat_private/em_svr.te b/plat_private/em_svr.te index 8f60776..2cb9493 100644 --- a/plat_private/em_svr.te +++ b/plat_private/em_svr.te @@ -55,14 +55,5 @@ allow em_svr self:capability { chown fsetid }; allow em_svr shell_exec:file rx_file_perms; # Date: WK1812 -# Purpose: add for power battery charge/PMU -allow em_svr toolbox_exec:file { getattr execute read open execute_no_trans }; - -# Date: WK1812 # Purpose: sys file access allow em_svr sysfs:dir { open read }; - -# Date: WK1822 -# Purpose: battery temprature setting -allow em_svr sysfs_batteryinfo:dir search; - diff --git a/plat_private/emdlogger.te b/plat_private/emdlogger.te index 47a3d9c..35200b9 100644 --- a/plat_private/emdlogger.te +++ b/plat_private/emdlogger.te @@ -10,15 +10,11 @@ init_daemon_domain(emdlogger) binder_use(emdlogger) binder_service(emdlogger) - # for modem logging sdcard access allow emdlogger sdcard_type:dir { create_dir_perms }; allow emdlogger sdcard_type:file { create_file_perms }; - # modem logger socket access -#allow emdlogger property_socket:sock_file write; -#allow emdlogger init:unix_stream_socket connectto; allow emdlogger platform_app:unix_stream_socket connectto; allow emdlogger shell_exec:file { rx_file_perms }; allow emdlogger system_file:file execute_no_trans; @@ -72,7 +68,17 @@ allow emdlogger sysfs_dt_firmware_android:dir { read open search }; allow emdlogger tmpfs:dir write; allow emdlogger sysfs_dt_firmware_android:file { read open getattr }; allow emdlogger system_file:dir open; -allow emdlogger vendor_default_prop:file { read getattr open }; +# GOOGLE: Commented out for b/169606103 +#get_prop(emdlogger, vendor_default_prop) +set_prop(emdlogger, system_mtk_persist_mtklog_prop) +set_prop(emdlogger, system_mtk_mdl_prop) +set_prop(emdlogger, system_mtk_mdl_start_prop) +set_prop(emdlogger, system_mtk_debug_mdlogger_prop) +set_prop(emdlogger, system_mtk_persist_mdlog_prop) +set_prop(emdlogger, system_mtk_mdl_pulllog_prop) +set_prop(emdlogger, usb_prop) +set_prop(emdlogger, debug_prop) +set_prop(emdlogger, usb_control_prop) ## Android Q migration ## purpose: read modem db and filter folder and file diff --git a/plat_private/file.te b/plat_private/file.te index 268f03b..c0b2303 100644 --- a/plat_private/file.te +++ b/plat_private/file.te @@ -19,4 +19,6 @@ type mddb_filter_data_file, file_type, data_file_type, core_data_file_type; type debuglog_data_file, file_type, data_file_type, core_data_file_type; -type sysfs_mcupm, fs_type, sysfs_type;
\ No newline at end of file +type sysfs_mcupm, fs_type, sysfs_type; + +type proc_ccci_lp_mem, fs_type, proc_type; diff --git a/plat_private/file_contexts b/plat_private/file_contexts index defa023..50f8ec3 100644 --- a/plat_private/file_contexts +++ b/plat_private/file_contexts @@ -15,17 +15,18 @@ # /system/bin/mobile_log_d u:object_r:mobile_log_d_exec:s0 -/system/bin/aee_core_forwarder u:object_r:aee_core_forwarder_exec:s0 -/system/bin/mdlogger u:object_r:mdlogger_exec:s0 -/system/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0 +/(system_ext|system/system_ext)/bin/aee_core_forwarder u:object_r:aee_core_forwarder_exec:s0 +/(system_ext|system/system_ext)/bin/mdlogger u:object_r:mdlogger_exec:s0 +/(system_ext|system/system_ext)/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0 /system/bin/modemdbfilter_client u:object_r:modemdbfilter_client_exec:s0 /system/bin/netdiag u:object_r:netdiag_exec:s0 /system/bin/loghidlsysservice u:object_r:loghidlsysservice_exec:s0 /system/bin/cmddumper u:object_r:cmddumper_exec:s0 /system/bin/em_svr u:object_r:em_svr_exec:s0 -/system/bin/aee_aed u:object_r:crash_dump_exec:s0 -/system/bin/aee_aed64 u:object_r:crash_dump_exec:s0 -/system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0 +/(system_ext|system/system_ext)/bin/aee u:object_r:crash_dump_exec:s0 +/(system_ext|system/system_ext)/bin/aee_aed u:object_r:crash_dump_exec:s0 +/(system_ext|system/system_ext)/bin/aee_aed64 u:object_r:crash_dump_exec:s0 +/(system_ext|system/system_ext)/bin/aee_dumpstate u:object_r:dumpstate_exec:s0 /system/bin/lbs_dbg u:object_r:lbs_dbg_exec:s0 /system/bin/connsyslogger u:object_r:connsyslogger_exec:s0 diff --git a/plat_private/genfs_contexts b/plat_private/genfs_contexts index 7cfb555..a7649a6 100644 --- a/plat_private/genfs_contexts +++ b/plat_private/genfs_contexts @@ -3,4 +3,18 @@ genfscon sysfs /devices/platform/vibrator@0/leds/vibrator u:object_r:sysfs_vibra genfscon sysfs /block/mmcblk0rpmb/size u:object_r:access_sys_file:s0 genfscon sysfs /devices/virtual/misc/mcupm u:object_r:sysfs_mcupm:s0 + genfscon sysfs /firmware/devicetree/base/chosen/atag,boot u:object_r:sysfs_boot_info:s0 + +# Date : 2020/04/17 +# Purpose : mtk Audio headset detect +genfscon sysfs /bus/platform/drivers/Accdet_Driver/state u:object_r:sysfs_headset:s0 +genfscon sysfs /bus/platform/drivers/pmic-codec-accdet/state u:object_r:sysfs_headset:s0 + +genfscon proc /ccci_lp_mem u:object_r:proc_ccci_lp_mem:s0 + +# Date : WK20.20 +# Operation: R migration +# Purpose : read vbus voltage +genfscon sysfs /devices/platform/charger/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0 +genfscon sysfs /devices/platform/battery/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0 diff --git a/plat_private/hal_graphics_allocator.te b/plat_private/hal_graphics_allocator.te deleted file mode 100644 index e713f4f..0000000 --- a/plat_private/hal_graphics_allocator.te +++ /dev/null @@ -1,5 +0,0 @@ -# Date : WK17.13 -# Operation : Add sepolicy -# Purpose : Add policy for gralloc HIDL - -allow hal_graphics_allocator proc:file { read getattr open ioctl };
\ No newline at end of file diff --git a/plat_private/lbs_dbg.te b/plat_private/lbs_dbg.te index 01bcdc8..78a1e19 100644 --- a/plat_private/lbs_dbg.te +++ b/plat_private/lbs_dbg.te @@ -18,11 +18,11 @@ allow lbs_dbg storage_file:dir { write create add_name search mounton }; allow lbs_dbg storage_file:lnk_file read; allow lbs_dbg lbs_dbg_data_file:file create_file_perms; -#allow lbs_dbg mnld_device:chr_file rw_file_perms; - -allow lbs_dbg media_rw_data_file:dir search; -allow lbs_dbg media_rw_data_file:dir { read open }; +allow lbs_dbg debuglog_data_file:lnk_file r_file_perms; +allow lbs_dbg mnt_user_file:dir search; +allow lbs_dbg fuse:dir create_dir_perms; +allow lbs_dbg fuse:file create_file_perms; allow lbs_dbg sdcard_type:filesystem unmount; allow lbs_dbg tmpfs:filesystem unmount; allow lbs_dbg sysfs:dir { read open }; @@ -36,18 +36,15 @@ allow lbs_dbg self:netlink_route_socket { bind create getattr write nlmsg_read r allow lbs_dbg self:tcp_socket create_stream_socket_perms; allow lbs_dbg self:udp_socket create_socket_perms; -allow lbs_dbg hwservicemanager_prop:file read; +get_prop(lbs_dbg, hwservicemanager_prop) hal_client_domain(lbs_dbg, mtk_hal_lbs) -allow lbs_dbg media_rw_data_file:dir { write remove_name }; -allow lbs_dbg media_rw_data_file:file getattr; -allow lbs_dbg sdcardfs:dir { write remove_name create add_name }; -allow lbs_dbg sdcardfs:file { rename getattr }; -allow lbs_dbg media_rw_data_file:dir { create add_name }; -allow lbs_dbg media_rw_data_file:file { write rename create open }; -allow lbs_dbg sdcardfs:file { write create open }; -allow lbs_dbg media_rw_data_file:file unlink; -allow lbs_dbg sdcardfs:file unlink; allow lbs_dbg vfat:dir { write remove_name create add_name }; allow lbs_dbg vfat:file { write rename create open getattr unlink }; +allow lbs_dbg debuglog_data_file:dir { create_dir_perms }; +allow lbs_dbg debuglog_data_file:file { create_file_perms }; +allow lbs_dbg sdcardfs:dir { create_dir_perms }; +allow lbs_dbg sdcardfs:file { create_file_perms }; +allow lbs_dbg media_rw_data_file:dir { create_dir_perms }; +allow lbs_dbg media_rw_data_file:file { create_file_perms }; diff --git a/plat_private/mdlogger.te b/plat_private/mdlogger.te index afa04ea..90caf5f 100644 --- a/plat_private/mdlogger.te +++ b/plat_private/mdlogger.te @@ -13,8 +13,6 @@ binder_use(mdlogger) binder_service(mdlogger) # modem logger socket access -#allow mdlogger init:unix_stream_socket connectto; -#allow mdlogger property_socket:sock_file write; allow mdlogger platform_app:unix_stream_socket connectto; allow mdlogger shell_exec:file { rx_file_perms }; allow mdlogger system_file:file x_file_perms; @@ -47,10 +45,21 @@ allow mdlogger file_contexts_file:file { read getattr open }; # Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 # scontext=u:r:mdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 allow mdlogger system_file:dir read; + +# Android P migration +set_prop(mdlogger, system_mtk_mdl_prop) +set_prop(mdlogger, system_mtk_persist_mdlog_prop) +set_prop(mdlogger, system_mtk_persist_mtklog_prop) + ## Android Q migration ## purpose: read modem db and filter folder and file allow mdlogger mddb_filter_data_file:dir { r_dir_perms }; allow mdlogger mddb_filter_data_file:file { r_file_perms }; + ## Save modem log into data allow mdlogger debuglog_data_file:dir {relabelto create_dir_perms}; allow mdlogger debuglog_data_file:file create_file_perms; + +#allow mdlogger to set property +set_prop(mdlogger, system_mtk_debug_mdlogger_prop) +set_prop(mdlogger, debug_prop) diff --git a/plat_private/mobile_log_d.te b/plat_private/mobile_log_d.te index d6c9468..ae92b1d 100644 --- a/plat_private/mobile_log_d.te +++ b/plat_private/mobile_log_d.te @@ -5,6 +5,7 @@ # New added for moving to /system type mobile_log_d_exec, system_file_type, exec_type, file_type; typeattribute mobile_log_d coredomain; +typeattribute mobile_log_d mlstrustedsubject; init_daemon_domain(mobile_log_d) @@ -62,9 +63,9 @@ allow mobile_log_d toolbox_exec:file rx_file_perms; allow mobile_log_d rootfs:file r_file_perms; #dev/__properties__ access -allow mobile_log_d device_logging_prop:file { getattr open }; -allow mobile_log_d mmc_prop:file { getattr open }; -allow mobile_log_d safemode_prop:file { getattr open }; +get_prop(mobile_log_d, device_logging_prop) +get_prop(mobile_log_d, mmc_prop) +get_prop(mobile_log_d, safemode_prop) # purpose: allow MobileLog to access storage in N version allow mobile_log_d media_rw_data_file:file create_file_perms; @@ -86,3 +87,21 @@ allow mobile_log_d sysfs_mcupm:file w_file_perms; allow mobile_log_d sysfs_mcupm:dir search; allow mobile_log_d sysfs_boot_info:file r_file_perms; + +#for logpost feature +userdebug_or_eng(` + allow mobile_log_d domain:dir r_dir_perms; + allow mobile_log_d domain:{file lnk_file} r_file_perms; + allow mobile_log_d dnsproxyd_socket:sock_file write; + allow mobile_log_d self:udp_socket create; + allow mobile_log_d netd:unix_stream_socket connectto; + allow mobile_log_d self:tcp_socket getopt; + allow mobile_log_d fwmarkd_socket:sock_file write; + set_prop(mobile_log_d, system_mtk_mobile_log_post_prop) +') + +#mobile itself property +set_prop(mobile_log_d, system_mtk_mobile_log_prop) + +# purpose: allow mobile_log_d to read persist.vendor.mtk.aee +get_prop(mobile_log_d, system_mtk_persist_mtk_aee_prop) diff --git a/plat_private/mtkbootanimation.te b/plat_private/mtkbootanimation.te index 857b86d..a5e39be 100644 --- a/plat_private/mtkbootanimation.te +++ b/plat_private/mtkbootanimation.te @@ -1,6 +1,6 @@ # ============================================== # MTK Policy Rule -# ============ +# ============================================== typeattribute mtkbootanimation coredomain; @@ -8,6 +8,11 @@ init_daemon_domain(mtkbootanimation) type mtkbootanimation_exec, system_file_type, exec_type, file_type; +# Date : WK14.37 +# Operation : Migration +# Purpose : for opetator +set_prop(mtkbootanimation, system_mtk_bootani_prop) + # Date W17.39 # Operation Migration # Purpose : for mtk bootanimation @@ -59,9 +64,7 @@ allow mtkbootanimation audioserver_service:service_manager find; # Date : WK14.37 # Operation : Migration # Purpose : for opetator -allow mtkbootanimation property_socket:sock_file write; -allow mtkbootanimation init:unix_stream_socket connectto; -allow mtkbootanimation debug_prop:property_service set; +set_prop(mtkbootanimation, debug_prop) # Date : WK14.46 # Operation : Migration diff --git a/plat_private/netdiag.te b/plat_private/netdiag.te index c2499bb..e8fbb17 100644 --- a/plat_private/netdiag.te +++ b/plat_private/netdiag.te @@ -41,7 +41,6 @@ allow netdiag fwmarkd_socket:sock_file write; allow netdiag netd:unix_stream_socket connectto; allow netdiag self:udp_socket connect; - # Purpose : for service permission typeattribute netdiag mlstrustedsubject; allow netdiag connectivity_service:service_manager find; @@ -58,10 +57,10 @@ allow netdiag network_management_service:service_manager find; allow netdiag settings_service:service_manager find; # Purpose : for acess /system/bin/toybox, mmc_prop,proc_net and safemode_prop -allow netdiag device_logging_prop:file { getattr open }; -allow netdiag mmc_prop:file { getattr open }; +get_prop(netdiag, device_logging_prop) +get_prop(netdiag, mmc_prop) allow netdiag proc_net:dir { read open }; -allow netdiag safemode_prop:file { getattr open }; +get_prop(netdiag, safemode_prop) allow netdiag toolbox_exec:file rx_file_perms; # purpose: allow netdiag to access storage in new version @@ -75,6 +74,7 @@ allow netdiag self:netlink_xfrm_socket { write getattr setopt read bind create n allow netdiag self:packet_socket { read getopt create setopt }; allowxperm netdiag self:packet_socket ioctl {SIOCGIFINDEX SIOCGSTAMP}; allow netdiag self:packet_socket { write ioctl map }; +allow netdiag proc_net_tcp_udp:file r_file_perms; # Purpose: for ip allow netdiag self:netlink_route_socket { write getattr setopt read bind create nlmsg_read }; @@ -84,14 +84,20 @@ allow netdiag kernel:system module_request; allow netdiag self:rawip_socket { getopt create }; allow netdiag self:udp_socket { ioctl create }; +#Purpose : for network log property +set_prop(netdiag, system_mtk_debug_netlog_prop) +set_prop(netdiag, system_mtk_persist_mtklog_prop) +set_prop(netdiag, system_mtk_debug_mtklog_prop) + +# Purpose : for acess /system/bin/toybox, mmc_prop,proc_net and safemode_prop +get_prop(netdiag, device_logging_prop) +get_prop(netdiag, mmc_prop) + ## Android P migration -#avc: denied { open } for path="/dev/__properties__/u:object_r:atm_ipaddr_prop:s0" -#avc: denied { getattr } for path="/dev/__properties__/u:object_r:atm_ipaddr_prop:s0" -#avc: denied { open } for path="/dev/__properties__/u:object_r:atm_mdmode_prop:s0" allow netdiag proc_qtaguid_stat:dir { read open search }; allow netdiag proc_qtaguid_stat:file { read getattr open }; -#allow netdiag vendor_default_prop:file { read getattr open map }; -get_prop(netdiag, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(netdiag, vendor_default_prop) allow netdiag proc_net_tcp_udp:file getattr; allow netdiag netd:binder call; get_prop(netdiag, apexd_prop) @@ -99,3 +105,4 @@ get_prop(netdiag, apexd_prop) # Q save log into /data/debuglogger allow netdiag debuglog_data_file:dir {relabelto create_dir_perms}; allow netdiag debuglog_data_file:file create_file_perms; + diff --git a/plat_private/platform_app.te b/plat_private/platform_app.te index fbf84a9..e417156 100644 --- a/plat_private/platform_app.te +++ b/plat_private/platform_app.te @@ -1,17 +1,28 @@ # ============================================== -# MTK Policy Rule +# MTK Policy Rule # ============================================== # SEPolicy Split allow platform_app system_app_service:service_manager find; -allow platform_app init:unix_stream_socket connectto; # Date : WK17.29 # Stage: O Migration, SQC # Purpose: Allow to use selinux for hal_power hal_client_domain(platform_app, hal_power) +# Date: 2018/06/08 +# Operation : Migration +# Purpose : MTKLogger need get netlog/mdlog/mobilelog property for property change +# Package: com.mediatek.mtklogger +get_prop(platform_app, system_mtk_debug_mdlogger_prop) +get_prop(platform_app, system_mtk_debug_mtklog_prop) +get_prop(platform_app, system_mtk_vendor_bluetooth_prop) +get_prop(platform_app, system_mtk_mobile_log_prop) + +get_prop(platform_app, system_mtk_connsysfw_prop) + + # Date: 2019/07/18 # Operation : Migration # Purpose : DebugLoggerUI access data/debuglogger/ folder diff --git a/plat_private/property.te b/plat_private/property.te new file mode 100644 index 0000000..8a54ffa --- /dev/null +++ b/plat_private/property.te @@ -0,0 +1,70 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +# system_internal_prop -- Properties used only in /system +# system_restricted_prop -- Properties which can't be written outside system +# system_public_prop -- Properties with no restrictions +# system_vendor_config_prop -- Properties which can be written only by vendor_init +# vendor_internal_prop -- Properties used only in /vendor +# vendor_restricted_prop -- Properties which can't be written outside vendor +# vendor_public_prop -- Properties with no restrictions + +# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties +#typeattribute vendor_default_prop vendor_property_type; +#neverallow domain { +# property_type +# -system_property_type +# -product_property_type +# -vendor_property_type +#}:file no_rw_file_perms; + +# Properties used only in /system +system_internal_prop(system_mtk_bgdata_disabled_prop) +system_internal_prop(system_mtk_bootani_prop) +system_internal_prop(system_mtk_connsysfw_prop) +system_internal_prop(system_mtk_debug_bq_dump_prop) +system_internal_prop(system_mtk_debug_mdlogger_prop) +system_internal_prop(system_mtk_debug_mtk_aee_prop) +system_internal_prop(system_mtk_debug_mtklog_prop) +system_internal_prop(system_mtk_debug_netlog_prop) +system_internal_prop(system_mtk_gprs_attach_type_prop) +system_internal_prop(system_mtk_mdl_prop) +system_internal_prop(system_mtk_mdl_pulllog_prop) +system_internal_prop(system_mtk_mdl_start_prop) +system_internal_prop(system_mtk_mobile_log_post_prop) +system_internal_prop(system_mtk_mobile_log_prop) +system_internal_prop(system_mtk_persist_aee_prop) +system_internal_prop(system_mtk_persist_mdlog_prop) +system_internal_prop(system_mtk_persist_mtklog_prop) +system_internal_prop(system_mtk_persist_xcap_rawurl_prop) +system_internal_prop(system_mtk_power_off_md_prop) +system_internal_prop(system_mtk_sim_system_prop) +system_internal_prop(system_mtk_vendor_bluetooth_prop) + +# Properties which can't be written outside system +system_restricted_prop(system_mtk_amslog_prop) + +# Properties with can't be accessed by device-sepcific domains +typeattribute system_mtk_amslog_prop extended_core_property_type; +typeattribute system_mtk_bgdata_disabled_prop extended_core_property_type; +typeattribute system_mtk_bootani_prop extended_core_property_type; +typeattribute system_mtk_connsysfw_prop extended_core_property_type; +typeattribute system_mtk_debug_bq_dump_prop extended_core_property_type; +typeattribute system_mtk_debug_mdlogger_prop extended_core_property_type; +typeattribute system_mtk_debug_mtk_aee_prop extended_core_property_type; +typeattribute system_mtk_debug_mtklog_prop extended_core_property_type; +typeattribute system_mtk_debug_netlog_prop extended_core_property_type; +typeattribute system_mtk_gprs_attach_type_prop extended_core_property_type; +typeattribute system_mtk_mdl_prop extended_core_property_type; +typeattribute system_mtk_mdl_pulllog_prop extended_core_property_type; +typeattribute system_mtk_mdl_start_prop extended_core_property_type; +typeattribute system_mtk_mobile_log_prop extended_core_property_type; +typeattribute system_mtk_persist_aee_prop extended_core_property_type; +typeattribute system_mtk_persist_mdlog_prop extended_core_property_type; +typeattribute system_mtk_persist_mtk_aee_prop extended_core_property_type; +typeattribute system_mtk_persist_mtklog_prop extended_core_property_type; +typeattribute system_mtk_persist_xcap_rawurl_prop extended_core_property_type; +typeattribute system_mtk_power_off_md_prop extended_core_property_type; +typeattribute system_mtk_sim_system_prop extended_core_property_type; +typeattribute system_mtk_vendor_bluetooth_prop extended_core_property_type; diff --git a/plat_private/property_contexts b/plat_private/property_contexts index e5bb3c3..cd58add 100644 --- a/plat_private/property_contexts +++ b/plat_private/property_contexts @@ -9,4 +9,75 @@ ro.audio.usb.period_us u:object_r:exported_default_prop:s0 exact int persist.adb.nonblocking_ffs u:object_r:exported_default_prop:s0 exact int #============system fingerprint property=========== -ro.system.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string +# exported_fingerprint_prop is removed in Android S +#ro.system.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string + +vendor.MB.logpost u:object_r:system_mtk_mobile_log_post_prop:s0 +vendor.MB.logpost. u:object_r:system_mtk_mobile_log_post_prop:s0 +persist.vendor.MB.logpost u:object_r:system_mtk_mobile_log_post_prop:s0 + +#=============allow vendor-init/system process access ro.telephony property============== +# exported3_default_prop is removed in Android S +#ro.telephony.sim.count u:object_r:exported3_default_prop:s0 exact int + +#=============allow netlog============== +vendor.mtklog u:object_r:system_mtk_debug_mtklog_prop:s0 +persist.vendor.mtklog u:object_r:system_mtk_persist_mtklog_prop:s0 +vendor.netlog u:object_r:system_mtk_debug_netlog_prop:s0 + +#=============allow mdlogger============== +vendor.mdlogger u:object_r:system_mtk_debug_mdlogger_prop:s0 +vendor.mdl u:object_r:system_mtk_mdl_prop:s0 +vendor.starting.mode u:object_r:system_mtk_mdl_start_prop:s0 +persist.vendor.mdl u:object_r:system_mtk_persist_mdlog_prop:s0 +vendor.pullmdlog u:object_r:system_mtk_mdl_pulllog_prop:s0 + +#=============allow AEE============== +# persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal +persist.vendor.mtk.aee. u:object_r:system_mtk_persist_mtk_aee_prop:s0 + +# persist.vendor.aee.core.dump && persist.vendor.aee.core.direct +persist.vendor.aee. u:object_r:system_mtk_persist_aee_prop:s0 + +# vendor.debug.mtk.aee.db +vendor.debug.mtk.aee. u:object_r:system_mtk_debug_mtk_aee_prop:s0 + +#=============allow AEE_Dumpstate============== +vendor.debug.bq.dump u:object_r:system_mtk_debug_bq_dump_prop:s0 + +#=============allow bootanim============== +persist.vendor.bootanim. u:object_r:system_mtk_bootani_prop:s0 + +#=============allow mobile log property================ +vendor.MB. u:object_r:system_mtk_mobile_log_prop:s0 + +#=============allow em to set bgdata disabled property================ +persist.vendor.radio.bgdata.disabled u:object_r:system_mtk_bgdata_disabled_prop:s0 + +#=============allow em to set gprs attach type property================ +persist.vendor.radio.gprs.attach.type u:object_r:system_mtk_gprs_attach_type_prop:s0 + +#=============allow em to set poweroffmd property================ +vendor.ril.test.poweroffmd u:object_r:system_mtk_power_off_md_prop:s0 +vendor.ril.testmode u:object_r:system_mtk_power_off_md_prop:s0 + +#=============allow sim config property============== +vendor.gsm.sim.operator.default-name u:object_r:system_mtk_sim_system_prop:s0 + +#=============allow consyslogger============== +vendor.connsysfw u:object_r:system_mtk_connsysfw_prop:s0 + +#=============allow bluetooth============== +vendor.bthcisnoop u:object_r:system_mtk_vendor_bluetooth_prop:s0 + +#=============allow radio to set/get xcap rawurl config================ +persist.vendor.mtk.xcap.rawurl u:object_r:system_mtk_persist_xcap_rawurl_prop:s0 + +#=============allow ccci_mdinit to ctl. mdlogger============== +ctl.mdlogger u:object_r:system_mtk_ctl_mdlogger_prop:s0 +ctl.emdlogger1 u:object_r:system_mtk_ctl_emdlogger1_prop:s0 +ctl.emdlogger2 u:object_r:system_mtk_ctl_emdlogger2_prop:s0 +ctl.emdlogger3 u:object_r:system_mtk_ctl_emdlogger3_prop:s0 + +init.svc.emdlogger1 u:object_r:system_mtk_init_svc_emdlogger1_prop:s0 +init.svc.aee_aedv u:object_r:system_mtk_init_svc_aee_aedv_prop:s0 diff --git a/plat_private/radio.te b/plat_private/radio.te new file mode 100644 index 0000000..8bcb736 --- /dev/null +++ b/plat_private/radio.te @@ -0,0 +1,28 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +allow radio proc_ccci_lp_mem:file r_file_perms; + +# Date : 2018/07/03 +# Purpose : Allow sim system to set prop +set_prop(radio, system_mtk_sim_system_prop) + +# Date : 2018/07/03 +# Purpose : Allow Mwi to get vendor default properties (ro.vendor.*) +# GOOGLE: Commented out for b/169606103 +#get_prop(radio, vendor_default_prop) + +# Operation : DEBUG +# Purpose : Allow to use system_mtk_bgdata_disabled_prop +set_prop(radio, system_mtk_bgdata_disabled_prop) + +# Date : 2018/07/03 +# Operation : DEBUG +# Purpose : Allow to use system_mtk_gprs_attach_type_prop +set_prop(radio, system_mtk_gprs_attach_type_prop) + +#Date : 2018/11/02 +# Operation : Allow radio set system_mtk_persist_xcap_rawurl_prop +# Purpose : for set telephony xcap use raw url property in IMS SS +set_prop(radio, system_mtk_persist_xcap_rawurl_prop) diff --git a/plat_private/recovery.te b/plat_private/recovery.te index 6f11e60..412b452 100644 --- a/plat_private/recovery.te +++ b/plat_private/recovery.te @@ -2,4 +2,4 @@ allow recovery mtd_device:dir search; allow recovery mtd_device:chr_file { read write open ioctl getattr }; allow recovery self:capability sys_resource; - +set_prop(recovery, boottime_prop) diff --git a/non_plat/shared_relro.te b/plat_private/shared_relro.te index 88430ee..23f38fa 100644 --- a/non_plat/shared_relro.te +++ b/plat_private/shared_relro.te @@ -1,7 +1,7 @@ # ============================================== # MTK Policy Rule -# ============ +# ============================================== # Date: 2019/06/14 # Operation : Migration -get_prop(shared_relro, mtk_amslog_prop) +get_prop(shared_relro, system_mtk_amslog_prop) diff --git a/plat_private/shell.te b/plat_private/shell.te index ea00964..b855800 100644 --- a/plat_private/shell.te +++ b/plat_private/shell.te @@ -1,2 +1,11 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + allow shell debuglog_data_file:dir r_dir_perms; allow shell debuglog_data_file:file r_file_perms; + +get_prop(shell, system_mtk_mobile_log_prop) +get_prop(shell, system_mtk_persist_mtk_aee_prop) +get_prop(shell, system_mtk_persist_aee_prop) +get_prop(shell, system_mtk_debug_mtk_aee_prop) diff --git a/plat_private/surfaceflinger.te b/plat_private/surfaceflinger.te new file mode 100644 index 0000000..8578b27 --- /dev/null +++ b/plat_private/surfaceflinger.te @@ -0,0 +1,13 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +# Data : WK14.42 +# Operation : Migration +# Purpose : Video playback +set_prop(surfaceflinger, debug_prop) + +# Date : WK18.36 +# Operation : Debug +# Purpose: Allow to dump buffer queue +get_prop(surfaceflinger, system_mtk_debug_bq_dump_prop) diff --git a/plat_private/system_server.te b/plat_private/system_server.te index d9b7134..de131d7 100644 --- a/plat_private/system_server.te +++ b/plat_private/system_server.te @@ -1,13 +1,45 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + # Date: W18.32 # Operation : dontaudit writing to timerslack_ns dontaudit system_server appdomain:file w_file_perms; allow system_server ota_package_file:dir getattr; allow uncrypt uncrypt:capability fowner; +# Date : WK18.33 +# Purpose : type=1400 audit(0.0:1592): avc: denied { read } +# for comm=4572726F722064756D703A20646174 name= +# "u:object_r:system_mtk_persist_mtk_aee_prop:s0" dev="tmpfs" +# ino=10312 scontext=u:r:system_server:s0 tcontext= +# u:object_r:system_mtk_persist_mtk_aee_prop:s0 tclass=file permissive=0 +get_prop(system_server, system_mtk_persist_mtk_aee_prop) + # Purpose: receive dropbox message allow system_server crash_dump:fifo_file w_file_perms; allow system_server crash_dump:fd use; +# Property service. +set_prop(system_server, ctl_bootanim_prop) + +# Date : WK16.36 +# Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW +set_prop(system_server, log_tag_prop) + +# Fix bootup violation +get_prop(system_server, wifi_prop) + +# Date: 2019/06/14 +# Operation : Migration +# GOOGLE: Commented out for b/169606103 +#get_prop(system_server, vendor_default_prop) + +#Date:2019/10/09 +#Operation:Q Migration +get_prop(system_server, system_mtk_debug_mtk_aee_prop) +get_prop(system_server, system_mtk_debug_bq_dump_prop) + #Date:2019/10/10 #Operation:Q Migration allow system_server mddb_filter_data_file:dir getattr; diff --git a/plat_private/tombstoned.te b/plat_private/tombstoned.te new file mode 100644 index 0000000..10db055 --- /dev/null +++ b/plat_private/tombstoned.te @@ -0,0 +1,7 @@ +# Date : 20200520 +# Operation : failed to create tombstone in /data/anr because permissive denied +# Purpose : type=1400 audit(0.0:14838): avc: denied { write } for +# name=".temporary0" dev="mmcblk0p43" ino=3478 scontext=u:r:tombstoned:s0 +# tcontext=u:object_r:anr_data_file:s0 tclass=file permissive=0 + +allow tombstoned anr_data_file:file write; diff --git a/plat_public/attributes b/plat_public/attributes index bc8b764..c9c3780 100644 --- a/plat_public/attributes +++ b/plat_public/attributes @@ -2,25 +2,106 @@ # MTK Attribute declarations # ============================================== -# Date: 2019/05/27 -# GPU HIDL -attribute hal_gpu; -attribute hal_gpu_client; -attribute hal_gpu_server; - # Date: 2017/06/12 # LBS HIDL attribute mtk_hal_lbs; attribute mtk_hal_lbs_client; attribute mtk_hal_lbs_server; +# Date: 2017/06/12 +# LBS HIDL +#attribute mtk_hal_lbs; +#attribute mtk_hal_lbs_client; +#attribute mtk_hal_lbs_server; + +# Date: 2017/06/27 +# IMSA HIDL +attribute hal_imsa; +attribute hal_imsa_client; +attribute hal_imsa_server; + +# Date: 2017/07/13 +# NVRAM AGENT HIDL +attribute hal_nvramagent; +attribute hal_nvramagent_client; +attribute hal_nvramagent_server; + +# Date: 2017/07/19 +# PQ HIDL +attribute hal_pq; +attribute hal_pq_client; +attribute hal_pq_server; + +# Date: 2017/07/28 +# KEY ATTESTATION HIDL +attribute mtk_hal_keyattestation; +attribute mtk_hal_keyattestation_client; +attribute mtk_hal_keyattestation_server; + +# Date: 2018/03/23 +# log hidl +attribute mtk_hal_log; +attribute mtk_hal_log_client; +attribute mtk_hal_log_server; + +# Date: 2018/05/25 +# FM HIDL +attribute mtk_hal_fm; +attribute mtk_hal_fm_client; +attribute mtk_hal_fm_server; + +# Date: 2018/07/02 +# MDP HIDL +attribute hal_mms; +attribute hal_mms_client; +attribute hal_mms_server; + +# Date: 2019/05/27 +# GPU HIDL +attribute hal_gpu; +attribute hal_gpu_client; +attribute hal_gpu_server; + # Date: 2019/06/12 # modem db filter hidl attribute mtk_hal_md_dbfilter; attribute mtk_hal_md_dbfilter_client; +# Date: 2019/06/12 +# modem db filter hidl +attribute mtk_hal_md_dbfilter_server; + +# Date: 2019/07/16 +# HDMI HIDL +attribute hal_hdmi; +attribute hal_hdmi_client; +attribute hal_hdmi_server; + +# Date: 2019/09/06 +# BGService HIDL +attribute mtk_hal_bgs; +attribute mtk_hal_bgs_client; +attribute mtk_hal_bgs_server; + # Date: 2019/11/18 # em hidl attribute mtk_hal_em; attribute mtk_hal_em_client; attribute mtk_hal_em_server; + +attribute hal_mtkcodecservice_server; +attribute hal_mtkcodecservice; + +attribute hal_atci; +attribute hal_atci_client; +attribute hal_atci_server; + +attribute mtk_hal_aee; +attribute mtk_hal_aee_client; +attribute mtk_hal_aee_server; + +# All types used for mtk's safe hwservice +attribute mtk_safe_hwservice_manager_type; + +# All types used for mtk's safe halserver +attribute mtk_safe_halserverdomain_type; diff --git a/plat_public/file.te b/plat_public/file.te index fcf55c9..3201b9f 100644 --- a/plat_public/file.te +++ b/plat_public/file.te @@ -6,3 +6,12 @@ type lbs_dbg_data_file, file_type, data_file_type, core_data_file_type; type sysfs_boot_info, fs_type, sysfs_type; + +# Date : 2020/03/25 +# Purpose : mtk Audio headset detect +type sysfs_headset, fs_type, sysfs_type; + +# Date : WK20.20 +# Operation: R migration +# Purpose : read vbus voltage +type sysfs_vbus, fs_type, sysfs_type; diff --git a/plat_public/property.te b/plat_public/property.te index 03e0d0e..8a44c46 100644 --- a/plat_public/property.te +++ b/plat_public/property.te @@ -18,3 +18,12 @@ # -product_property_type # -vendor_property_type #}:file no_rw_file_perms; + +# Properties with no restrictions +system_public_prop(system_mtk_ctl_emdlogger1_prop) +system_public_prop(system_mtk_ctl_emdlogger2_prop) +system_public_prop(system_mtk_ctl_emdlogger3_prop) +system_public_prop(system_mtk_ctl_mdlogger_prop) +system_public_prop(system_mtk_init_svc_aee_aedv_prop) +system_public_prop(system_mtk_init_svc_emdlogger1_prop) +system_public_prop(system_mtk_persist_mtk_aee_prop) diff --git a/prebuilts/api/26.0/nonplat_sepolicy.cil b/prebuilts/api/26.0/nonplat_sepolicy.cil deleted file mode 100755 index 0d3102f..0000000 --- a/prebuilts/api/26.0/nonplat_sepolicy.cil +++ /dev/null @@ -1,10961 +0,0 @@ -(genfscon debugfs /tracing/instances (u object_r debugfs_tracing_instances ((s0) (s0)))) -(genfscon fuseblk / (u object_r fuseblk ((s0) (s0)))) -(genfscon iso9660 / (u object_r iso9660 ((s0) (s0)))) -(genfscon proc /driver/storage_logger (u object_r proc_slogger ((s0) (s0)))) -(genfscon proc /mtk_battery_cmd (u object_r proc_battery_cmd ((s0) (s0)))) -(genfscon proc /driver/thermal (u object_r proc_thermal ((s0) (s0)))) -(genfscon proc /battery_status (u object_r proc_thermal ((s0) (s0)))) -(genfscon proc /driver/icusb (u object_r proc_icusb ((s0) (s0)))) -(genfscon proc /mrdump_rst (u object_r proc_mrdump_rst ((s0) (s0)))) -(genfscon proc /mobile_tm (u object_r proc_thermal ((s0) (s0)))) -(genfscon proc /mtkcooler (u object_r proc_mtkcooler ((s0) (s0)))) -(genfscon proc /thermlmt (u object_r proc_thermal ((s0) (s0)))) -(genfscon proc /bcctlmt (u object_r proc_thermal ((s0) (s0)))) -(genfscon proc /fps_tm (u object_r proc_thermal ((s0) (s0)))) -(genfscon proc /wmt_tm (u object_r proc_thermal ((s0) (s0)))) -(genfscon proc /lk_env (u object_r proc_lk_env ((s0) (s0)))) -(genfscon proc /mtktz (u object_r proc_mtktz ((s0) (s0)))) -(genfscon proc /ged (u object_r proc_ged ((s0) (s0)))) -(genfscon rawfs / (u object_r rawfs ((s0) (s0)))) -(roletype r domain) -(typeattributeset dev_type (device_26_0 alarm_device_26_0 ashmem_device_26_0 audio_device_26_0 audio_timer_device_26_0 audio_seq_device_26_0 binder_device_26_0 hwbinder_device_26_0 vndbinder_device_26_0 block_device_26_0 camera_device_26_0 dm_device_26_0 keychord_device_26_0 loop_control_device_26_0 loop_device_26_0 pmsg_device_26_0 radio_device_26_0 ram_device_26_0 rtc_device_26_0 vold_device_26_0 console_device_26_0 cpuctl_device_26_0 fscklogs_26_0 full_device_26_0 gpu_device_26_0 graphics_device_26_0 hw_random_device_26_0 input_device_26_0 kmem_device_26_0 port_device_26_0 log_device_26_0 mtd_device_26_0 mtp_device_26_0 nfc_device_26_0 ptmx_device_26_0 kmsg_device_26_0 null_device_26_0 random_device_26_0 sensors_device_26_0 serial_device_26_0 socket_device_26_0 owntty_device_26_0 tty_device_26_0 video_device_26_0 vcs_device_26_0 zero_device_26_0 fuse_device_26_0 iio_device_26_0 ion_device_26_0 qtaguid_device_26_0 watchdog_device_26_0 uhid_device_26_0 uio_device_26_0 tun_device_26_0 usbaccessory_device_26_0 usb_device_26_0 properties_device_26_0 properties_serial_26_0 i2c_device_26_0 hci_attach_dev_26_0 rpmsg_device_26_0 root_block_device_26_0 frp_block_device_26_0 system_block_device_26_0 recovery_block_device_26_0 boot_block_device_26_0 userdata_block_device_26_0 cache_block_device_26_0 swap_block_device_26_0 metadata_block_device_26_0 misc_block_device_26_0 ppp_device_26_0 tee_device_26_0 kb_block_device_26_0 dkb_block_device_26_0 devmap_device ttyMT_device ttySDIO_device vmodem_device stpwmt_device wmtdetect_device wmtWifi_device stpbt_device stpant_device fm_device stpgps_device pmem_multimedia_device mt6516_isp_device mt6516_IDP_device mt9p012_device mt6516_jpeg_device FM50AF_device DW9714AF_device DW9814AF_device AK7345AF_device DW9714A_device LC898122AF_device LC898212AF_device BU6429AF_device AD5820AF_device DW9718AF_device BU64745GWZAF_device MAINAF_device MAIN2AF_device SUBAF_device M4U_device_device Vcodec_device MJC_device smartpa_device smartpa1_device uio0_device xt_qtaguid_device rfkill_device sw_sync_device sec_device hid_keyboard_device btn_device uinput_device TV_out_device camera_sysram_device camera_isp_device camera_dpe_device camera_tsf_device camera_fdvt_device camera_rsc_device camera_gepf_device camera_wpe_device camera_owe_device camera_pipemgr_device ccu_device vpu_device mtk_jpeg_device kd_camera_hw_device kd_camera_flashlight_device flashlight_device kd_camera_hw_bus2_device MATV_device mt_otg_test_device mt_mdp_device mtkg2d_device misc_sd_device mtk_sched_device ampc0_device mmp_device ttyGS_device CAM_CAL_DRV_device CAM_CAL_DRV1_device CAM_CAL_DRV2_device MTK_SMI_device mtk_cmdq_device mtk_mdp_device mtk_rrc_device ebc_device vow_device MT6516_H264_DEC_device MT6516_Int_SRAM_device MT6516_MM_QUEUE_device MT6516_MP4_DEC_device MT6516_MP4_ENC_device sensor_device aed_device ccci_device ccci_monitor_device gsm0710muxd_device eemcs_device emd_device mt6605_device st21nfc_device exm0_device mmcblk_device BOOT_device MT_pmic_device aal_als_device accdet_device android_device bmtpool_device bootimg_device btif_device cache_device cpu_dma_latency_device dummy_cam_cal_device ebr_device expdb_device fat_device logo_device loop-control_device mbr_device misc_device misc2_device mtfreqhopping_device mtgpio_device mtk_kpd_device network_device nvram_device pmt_device preloader_device pro_info_device protect_f_device protect_s_device psaux_device ptyp_device recovery_device sec_ro_device seccfg_device tee_part_device snapshot_device tgt_device touch_device tpd_em_log_device ttyp_device uboot_device uibc_device usrdata_device zram0_device hwzram0_device RT_Monitor_device kick_powerkey_device agps_device mnld_device geo_device mdlog_device md32_device scp_device sspm_device etb_device MT_pmic_adc_cali_device mtk-adc-cali_device MT_pmic_cali_device otp_device otp_part_block_device qemu_pipe_device icusb_device irtx_device pmic_ftm_device charger_ftm_device shf_device keyblock_device offloadservice_device ttyACM_device hrm_device lens_device nvdata_device nvcfg_device expdb_block_device misc2_block_device logo_block_device para_block_device tee_block_device seccfg_block_device secro_block_device preloader_block_device lk_block_device protect1_block_device protect2_block_device keystore_block_device oemkeystore_block_device sec1_block_device md1img_block_device md1dsp_block_device md1arm7_block_device md3img_block_device mmcblk1_block_device mmcblk1p1_block_device bootdevice_block_device odm_block_device oem_block_device vendor_block_device dtbo_block_device spm_device persist_block_device md_block_device spmfw_block_device dsp_block_device ppl_block_device nvcfg_block_device ancservice_device mbim_device audio_ipi_device cam_vpu_block_device boot_para_block_device mtk_dfrc_device hwmsensor_device msensor_device gsensor_device als_ps_device gyroscope_device barometer_device humidity_device biometric_device m_batch_misc_device m_als_misc_device m_ps_misc_device m_baro_misc_device m_hmdy_misc_device m_acc_misc_device m_mag_misc_device m_gyro_misc_device m_act_misc_device m_pedo_misc_device m_situ_misc_device m_step_c_misc_device m_fusion_misc_device m_bio_misc_device)) -(typeattributeset domain (adbd_26_0 audioserver_26_0 blkid_26_0 blkid_untrusted_26_0 bluetooth_26_0 bootanim_26_0 bootstat_26_0 bufferhubd_26_0 cameraserver_26_0 charger_26_0 clatd_26_0 cppreopts_26_0 crash_dump_26_0 dex2oat_26_0 dhcp_26_0 dnsmasq_26_0 drmserver_26_0 dumpstate_26_0 ephemeral_app_26_0 fingerprintd_26_0 fsck_26_0 fsck_untrusted_26_0 gatekeeperd_26_0 healthd_26_0 hwservicemanager_26_0 idmap_26_0 incident_26_0 incidentd_26_0 init_26_0 inputflinger_26_0 install_recovery_26_0 installd_26_0 isolated_app_26_0 kernel_26_0 keystore_26_0 lmkd_26_0 logd_26_0 logpersist_26_0 mdnsd_26_0 mediacodec_26_0 mediadrmserver_26_0 mediaextractor_26_0 mediametrics_26_0 mediaserver_26_0 modprobe_26_0 mtp_26_0 netd_26_0 netutils_wrapper_26_0 nfc_26_0 otapreopt_chroot_26_0 otapreopt_slot_26_0 performanced_26_0 perfprofd_26_0 platform_app_26_0 postinstall_26_0 postinstall_dexopt_26_0 ppp_26_0 preopt2cachename_26_0 priv_app_26_0 profman_26_0 racoon_26_0 radio_26_0 recovery_26_0 recovery_persist_26_0 recovery_refresh_26_0 rild_26_0 runas_26_0 sdcardd_26_0 servicemanager_26_0 sgdisk_26_0 shared_relro_26_0 shell_26_0 slideshow_26_0 su_26_0 surfaceflinger_26_0 system_app_26_0 system_server_26_0 tee_26_0 tombstoned_26_0 toolbox_26_0 tzdatacheck_26_0 ueventd_26_0 uncrypt_26_0 untrusted_app_26_0 untrusted_app_25_26_0 untrusted_v2_app_26_0 update_engine_26_0 update_verifier_26_0 vdc_26_0 virtual_touchpad_26_0 vndservicemanager_26_0 vold_26_0 vr_hwc_26_0 watchdogd_26_0 webview_zygote_26_0 wificond_26_0 zygote_26_0 aee_aed_26_0 aee_aedv_26_0 audiocmdservice_atci_26_0 boot_logo_updater_26_0 cmddumper_26_0 em_svr_26_0 emdlogger_26_0 factory_26_0 fuelgauged_static_26_0 kisd_26_0 mdlogger_26_0 meta_tst_26_0 mobile_log_d_26_0 netdiag_26_0 pre_meta_26_0 thermalindicator_26_0 hal_audio_default hal_bluetooth_default hal_bootctl_default hal_camera_default hal_configstore_default hal_contexthub_default hal_drm_default hal_dumpstate_default hal_fingerprint_default hal_gatekeeper_default hal_gnss_default hal_graphics_allocator_default hal_graphics_composer_default hal_health_default hal_ir_default hal_keymaster_default hal_light_default hal_memtrack_default hal_nfc_default hal_power_default hal_sensors_default hal_thermal_default hal_tv_cec_default hal_tv_input_default hal_usb_default hal_vibrator_default hal_vr_default hal_wifi_default hal_wifi_offload_default hal_wifi_supplicant_default hostapd vendor_modprobe MtkCodecService aee_core_forwarder biosensord_nvram ccci_fsd ccci_mdinit fuelgauged fuelgauged_nvram gsm0710muxd hal_drm_widevine hal_keymaster_attestation lbs_hidl_service md_ctrl mmc_ffu mnld MPED mtk_agpsd mtk_hal_audio mtk_hal_bluetooth mtk_hal_camera mtk_hal_gnss mtk_hal_imsa mtk_hal_light mtk_hal_power mtk_hal_pq mtk_hal_sensors mtk_wmt_launcher mtkrild muxreport nvram_agent_binder nvram_daemon slpd spm_loader stp_dump3 sysenv_daemon thermal_manager thermalloadalgod vendor_app wifi2agps wmt_loader epdg_wod ipsec mtkmal volte_imcb volte_imsm_md volte_stack volte_ua wfca)) -(typeattributeset fs_type (device_26_0 labeledfs_26_0 pipefs_26_0 sockfs_26_0 rootfs_26_0 proc_26_0 proc_security_26_0 proc_drop_caches_26_0 proc_overcommit_memory_26_0 usermodehelper_26_0 qtaguid_proc_26_0 proc_bluetooth_writable_26_0 proc_cpuinfo_26_0 proc_interrupts_26_0 proc_iomem_26_0 proc_meminfo_26_0 proc_misc_26_0 proc_modules_26_0 proc_net_26_0 proc_perf_26_0 proc_stat_26_0 proc_sysrq_26_0 proc_timer_26_0 proc_tty_drivers_26_0 proc_uid_cputime_showstat_26_0 proc_uid_cputime_removeuid_26_0 proc_uid_io_stats_26_0 proc_uid_procstat_set_26_0 proc_zoneinfo_26_0 selinuxfs_26_0 cgroup_26_0 sysfs_26_0 sysfs_uio_26_0 sysfs_batteryinfo_26_0 sysfs_bluetooth_writable_26_0 sysfs_leds_26_0 sysfs_hwrandom_26_0 sysfs_nfc_power_writable_26_0 sysfs_wake_lock_26_0 sysfs_mac_address_26_0 configfs_26_0 sysfs_devices_system_cpu_26_0 sysfs_lowmemorykiller_26_0 sysfs_wlan_fwpath_26_0 sysfs_vibrator_26_0 sysfs_thermal_26_0 sysfs_zram_26_0 sysfs_zram_uevent_26_0 inotify_26_0 devpts_26_0 tmpfs_26_0 shm_26_0 mqueue_26_0 fuse_26_0 sdcardfs_26_0 vfat_26_0 debugfs_26_0 debugfs_mmc_26_0 debugfs_trace_marker_26_0 debugfs_tracing_26_0 debugfs_tracing_instances_26_0 debugfs_wifi_tracing_26_0 tracing_shell_writable_26_0 tracing_shell_writable_debug_26_0 pstorefs_26_0 functionfs_26_0 oemfs_26_0 usbfs_26_0 binfmt_miscfs_26_0 app_fusefs_26_0 proc_thermal proc_mtkcooler proc_mtktz proc_slogger proc_lk_env proc_ged sysfs_therm sysfs_power_supply sysfs_fps sysfs_ccci sysfs_mmc1 sysfs_ssw sysfs_vcorefs_pwrctrl sysfs_md32 sysfs_scp sysfs_sspm sysfs_devinfo sysfs_dcm sysfs_dcs proc_icusb iso9660 rawfs fuseblk proc_mrdump_rst proc_battery_cmd debugfs_binder debugfs_blockio debugfs_fuseio debugfs_usb debugfs_fb debugfs_cpuhvfs debugfs_usb20_phy debugfs_dynamic_debug debugfs_wakeup_sources debugfs_shrinker_debug debugfs_dmlog_debug debugfs_page_owner_slim_debug debugfs_rcu debugfs_ged debugfs_gpu_mali_midgard debugfs_gpu_mali_utgard debugfs_gpu_img debugfs_ion debugfs_ion_mm_heap)) -(typeattributeset contextmount_type (oemfs_26_0 app_fusefs_26_0)) -#(typeattributeset file_type (bootanim_exec_26_0 bootstat_exec_26_0 bufferhubd_exec_26_0 cameraserver_exec_26_0 clatd_exec_26_0 cppreopts_exec_26_0 crash_dump_exec_26_0 dex2oat_exec_26_0 dhcp_exec_26_0 dnsmasq_exec_26_0 drmserver_exec_26_0 drmserver_socket_26_0 dumpstate_exec_26_0 sysfs_usb_26_0 unlabeled_26_0 system_file_26_0 vendor_hal_file_26_0 vendor_file_26_0 vendor_app_file_26_0 vendor_configs_file_26_0 same_process_hal_file_26_0 vndk_sp_file_26_0 vendor_framework_file_26_0 vendor_overlay_file_26_0 runtime_event_log_tags_file_26_0 logcat_exec_26_0 coredump_file_26_0 system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 mnt_media_rw_file_26_0 mnt_user_file_26_0 mnt_expand_file_26_0 storage_file_26_0 mnt_media_rw_stub_file_26_0 storage_stub_file_26_0 postinstall_mnt_dir_26_0 postinstall_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 tee_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 cache_file_26_0 cache_backup_file_26_0 cache_private_backup_file_26_0 cache_recovery_file_26_0 efs_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 bluetooth_efs_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 adbd_socket_26_0 bluetooth_socket_26_0 dnsproxyd_socket_26_0 dumpstate_socket_26_0 fwmarkd_socket_26_0 lmkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdns_socket_26_0 mdnsd_socket_26_0 misc_logd_file_26_0 mtpd_socket_26_0 netd_socket_26_0 property_socket_26_0 racoon_socket_26_0 rild_socket_26_0 rild_debug_socket_26_0 system_wpa_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 tombstoned_intercept_socket_26_0 uncrypt_socket_26_0 vold_socket_26_0 webview_zygote_socket_26_0 wpa_socket_26_0 zygote_socket_26_0 gps_control_26_0 pdx_display_dir_26_0 pdx_performance_dir_26_0 pdx_bufferhub_dir_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 file_contexts_file_26_0 mac_perms_file_26_0 property_contexts_file_26_0 seapp_contexts_file_26_0 sepolicy_file_26_0 service_contexts_file_26_0 hwservice_contexts_file_26_0 vndservice_contexts_file_26_0 fingerprintd_exec_26_0 fsck_exec_26_0 gatekeeperd_exec_26_0 healthd_exec_26_0 hwservicemanager_exec_26_0 idmap_exec_26_0 init_exec_26_0 inputflinger_exec_26_0 install_recovery_exec_26_0 installd_exec_26_0 keystore_exec_26_0 lmkd_exec_26_0 logd_exec_26_0 mediacodec_exec_26_0 mediadrmserver_exec_26_0 mediaextractor_exec_26_0 mediametrics_exec_26_0 mediaserver_exec_26_0 mtp_exec_26_0 netd_exec_26_0 netutils_wrapper_exec_26_0 otapreopt_chroot_exec_26_0 otapreopt_slot_exec_26_0 performanced_exec_26_0 perfprofd_exec_26_0 ppp_exec_26_0 preopt2cachename_exec_26_0 profman_exec_26_0 racoon_exec_26_0 recovery_persist_exec_26_0 recovery_refresh_exec_26_0 runas_exec_26_0 sdcardd_exec_26_0 servicemanager_exec_26_0 sgdisk_exec_26_0 shell_exec_26_0 su_exec_26_0 tombstoned_exec_26_0 toolbox_exec_26_0 tzdatacheck_exec_26_0 uncrypt_exec_26_0 update_engine_exec_26_0 update_verifier_exec_26_0 vdc_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 virtual_touchpad_exec_26_0 vold_exec_26_0 vr_hwc_exec_26_0 webview_zygote_exec_26_0 wificond_exec_26_0 zygote_exec_26_0 provision_file_26_0 key_install_data_file_26_0 hostapd_socket hal_audio_default_exec hal_audio_default_tmpfs hal_bluetooth_default_exec hal_bluetooth_default_tmpfs hal_bootctl_default_exec hal_bootctl_default_tmpfs hal_camera_default_exec hal_camera_default_tmpfs hal_configstore_default_exec hal_configstore_default_tmpfs hal_contexthub_default_exec hal_contexthub_default_tmpfs hal_drm_default_exec hal_drm_default_tmpfs hal_dumpstate_default_exec hal_dumpstate_default_tmpfs hal_fingerprint_default_exec hal_fingerprint_default_tmpfs hal_gatekeeper_default_exec hal_gatekeeper_default_tmpfs hal_gnss_default_exec hal_gnss_default_tmpfs hal_graphics_allocator_default_exec hal_graphics_allocator_default_tmpfs hal_graphics_composer_default_exec hal_graphics_composer_default_tmpfs hal_health_default_exec hal_health_default_tmpfs hal_ir_default_exec hal_ir_default_tmpfs hal_keymaster_default_exec hal_keymaster_default_tmpfs hal_light_default_exec hal_light_default_tmpfs hal_memtrack_default_exec hal_memtrack_default_tmpfs hal_nfc_default_exec hal_nfc_default_tmpfs mediacodec_tmpfs hal_power_default_exec hal_power_default_tmpfs hal_sensors_default_exec hal_sensors_default_tmpfs hal_thermal_default_exec hal_thermal_default_tmpfs hal_tv_cec_default_exec hal_tv_cec_default_tmpfs hal_tv_input_default_exec hal_tv_input_default_tmpfs hal_usb_default_exec hal_usb_default_tmpfs hal_vibrator_default_exec hal_vibrator_default_tmpfs hal_vr_default_exec hal_vr_default_tmpfs hal_wifi_default_exec hal_wifi_default_tmpfs hal_wifi_offload_default_exec hal_wifi_offload_default_tmpfs hal_wifi_supplicant_default_exec hal_wifi_supplicant_default_tmpfs hostapd_exec hostapd_tmpfs rild_exec rild_tmpfs tee_exec tee_tmpfs vndservicemanager_exec vndservicemanager_tmpfs MtkCodecService_exec aee_core_forwarder_exec aee_core_forwarder_tmpfs biosensord_nvram_exec biosensord_nvram_file biosensord_nvram_tmpfs ccci_fsd_exec ccci_fsd_tmpfs ccci_mdinit_exec ccci_mdinit_tmpfs custom_file lost_found_data_file dontpanic_data_file resource_cache_data_file http_proxy_cfg_data_file acdapi_data_file ppp_data_file wide_dhcpv6_data_file wpa_supplicant_data_file radvd_data_file volte_vt_socket dfo_socket rild2_socket rild3_socket rild4_socket rild_mal_socket rild_mal_at_socket rild_mal_md2_socket rild_mal_at_md2_socket rild_ims_socket rild_imsm_socket rild_oem_socket rild_mtk_ut_socket rild_mtk_ut_2_socket rild_mtk_modem_socket rild_md2_socket rild2_md2_socket rild_debug_md2_socket rild_oem_md2_socket rild_mtk_ut_md2_socket rild_mtk_ut_2_md2_socket rild_mtk_modem_md2_socket rild_vsim_socket rild_vsim_md2_socket mal_mfi_socket mal_data_file netdiag_socket wpa_wlan0_socket soc_vt_imcb_socket soc_vt_tcv_socket soc_vt_stk_socket soc_vt_svc_socket dbus_bluetooth_socket bt_int_adp_socket bt_a2dp_stream_socket bt_data_file agpsd_socket agpsd_data_file mnld_socket mnld_data_file gps_data_file MPED_socket MPED_data_file sysctl_socket backuprestore_socket protect_f_data_file protect_s_data_file persist_data_file nvram_data_file nvdata_file nvcfg_file cct_data_file mediaserver_data_file mediacodec_data_file logmisc_data_file logtemp_data_file aee_core_data_file aee_tombstone_data_file aee_exp_data_file aee_dumpsys_data_file sf_rtt_file rild-dongle_socket ccci_cfg_file c2k_file sensor_data_file stp_dump_data_file sysfs_keypad_file rild_via_socket rpc_socket rild_ctclient_socket data_tmpfs_log_file fon_image_data_file ims_ipsec_data_file thermal_manager_data_file adbd_data_file autokd_data_file sf_bqdump_data_file nfc_socket factory_data_file mdlog_data_file mtk_audiohal_data_file fuelgauged_exec fuelgauged_file fuelgauged_tmpfs fuelgauged_nvram_exec fuelgauged_nvram_file fuelgauged_nvram_tmpfs gsm0710muxd_exec gsm0710muxd_tmpfs hal_drm_widevine_exec hal_drm_widevine_tmpfs hal_keymaster_attestation_exec hal_keymaster_attestation_tmpfs lbs_hidl_service_exec lbs_hidl_service_tmpfs md_ctrl_exec md_ctrl_tmpfs mmc_ffu_exec mmc_ffu_tmpfs mnld_exec mnld_tmpfs MPED_exec MPED_tmpfs mtk_agpsd_exec mtk_agpsd_tmpfs mtk_hal_audio_exec mtk_hal_audio_tmpfs mtk_hal_bluetooth_exec mtk_hal_bluetooth_tmpfs mtk_hal_camera_exec mtk_hal_camera_tmpfs mtk_hal_gnss_exec mtk_hal_gnss_tmpfs mtk_hal_imsa_exec mtk_hal_imsa_tmpfs mtk_hal_light_exec mtk_hal_light_tmpfs mtk_hal_power_exec mtk_hal_power_tmpfs mtk_hal_pq_exec mtk_hal_pq_tmpfs mtk_hal_sensors_exec mtk_hal_sensors_tmpfs mtk_wmt_launcher_exec mtk_wmt_launcher_tmpfs mtkrild_exec mtkrild_tmpfs muxreport_exec muxreport_tmpfs nvram_agent_binder_exec nvram_agent_binder_tmpfs nvram_daemon_exec nvram_daemon_tmpfs slpd_exec slpd_tmpfs spm_loader_exec spm_loader_tmpfs stp_dump3_exec stp_dump3_tmpfs sysenv_daemon_exec sysenv_daemon_tmpfs thermal_manager_exec thermal_manager_tmpfs thermalloadalgod_exec thermalloadalgod_tmpfs vendor_app_tmpfs wifi2agps_exec wifi2agps_tmpfs wmt_loader_exec wmt_loader_tmpfs epdg_wod_exec wod_ipsec_conf_file wod_apn_conf_file wod_action_socket wod_sim_socket wod_ipsec_socket wod_dns_socket epdg_wod_tmpfs volte_imcb_socket volte_ua_socket volte_stack_socket starter_exec charon_exec ipsec_exec stroke_exec mtkmal_exec mtkmal_tmpfs volte_imcb_exec volte_imsa1_socket volte_imsvt1_socket volte_imcb_tmpfs volte_imsm_md_exec volte_imsm_md_tmpfs volte_stack_exec volte_stack_tmpfs volte_ua_exec volte_ua_tmpfs wfca_exec wfca_tmpfs)) -(typeattributeset exec_type (bootanim_exec_26_0 bootstat_exec_26_0 bufferhubd_exec_26_0 cameraserver_exec_26_0 clatd_exec_26_0 cppreopts_exec_26_0 crash_dump_exec_26_0 dex2oat_exec_26_0 dhcp_exec_26_0 dnsmasq_exec_26_0 drmserver_exec_26_0 dumpstate_exec_26_0 logcat_exec_26_0 fingerprintd_exec_26_0 fsck_exec_26_0 gatekeeperd_exec_26_0 healthd_exec_26_0 hwservicemanager_exec_26_0 idmap_exec_26_0 init_exec_26_0 inputflinger_exec_26_0 install_recovery_exec_26_0 installd_exec_26_0 keystore_exec_26_0 lmkd_exec_26_0 logd_exec_26_0 mediacodec_exec_26_0 mediadrmserver_exec_26_0 mediaextractor_exec_26_0 mediametrics_exec_26_0 mediaserver_exec_26_0 mtp_exec_26_0 netd_exec_26_0 netutils_wrapper_exec_26_0 otapreopt_chroot_exec_26_0 otapreopt_slot_exec_26_0 performanced_exec_26_0 perfprofd_exec_26_0 ppp_exec_26_0 preopt2cachename_exec_26_0 profman_exec_26_0 racoon_exec_26_0 recovery_persist_exec_26_0 recovery_refresh_exec_26_0 runas_exec_26_0 sdcardd_exec_26_0 servicemanager_exec_26_0 sgdisk_exec_26_0 shell_exec_26_0 su_exec_26_0 tombstoned_exec_26_0 toolbox_exec_26_0 tzdatacheck_exec_26_0 uncrypt_exec_26_0 update_engine_exec_26_0 update_verifier_exec_26_0 vdc_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 virtual_touchpad_exec_26_0 vold_exec_26_0 vr_hwc_exec_26_0 webview_zygote_exec_26_0 wificond_exec_26_0 zygote_exec_26_0 hal_audio_default_exec hal_bluetooth_default_exec hal_bootctl_default_exec hal_camera_default_exec hal_configstore_default_exec hal_contexthub_default_exec hal_drm_default_exec hal_dumpstate_default_exec hal_fingerprint_default_exec hal_gatekeeper_default_exec hal_gnss_default_exec hal_graphics_allocator_default_exec hal_graphics_composer_default_exec hal_health_default_exec hal_ir_default_exec hal_keymaster_default_exec hal_light_default_exec hal_memtrack_default_exec hal_nfc_default_exec hal_power_default_exec hal_sensors_default_exec hal_thermal_default_exec hal_tv_cec_default_exec hal_tv_input_default_exec hal_usb_default_exec hal_vibrator_default_exec hal_vr_default_exec hal_wifi_default_exec hal_wifi_offload_default_exec hal_wifi_supplicant_default_exec hostapd_exec rild_exec tee_exec vndservicemanager_exec MtkCodecService_exec aee_core_forwarder_exec biosensord_nvram_exec ccci_fsd_exec ccci_mdinit_exec fuelgauged_exec fuelgauged_nvram_exec gsm0710muxd_exec hal_drm_widevine_exec hal_keymaster_attestation_exec lbs_hidl_service_exec md_ctrl_exec mmc_ffu_exec mnld_exec MPED_exec mtk_agpsd_exec mtk_hal_audio_exec mtk_hal_bluetooth_exec mtk_hal_camera_exec mtk_hal_gnss_exec mtk_hal_imsa_exec mtk_hal_light_exec mtk_hal_power_exec mtk_hal_pq_exec mtk_hal_sensors_exec mtk_wmt_launcher_exec mtkrild_exec muxreport_exec nvram_agent_binder_exec nvram_daemon_exec slpd_exec spm_loader_exec stp_dump3_exec sysenv_daemon_exec thermal_manager_exec thermalloadalgod_exec wifi2agps_exec wmt_loader_exec epdg_wod_exec starter_exec charon_exec ipsec_exec stroke_exec mtkmal_exec volte_imcb_exec volte_imsm_md_exec volte_stack_exec volte_ua_exec wfca_exec)) -(typeattributeset data_file_type (system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 tee_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 provision_file_26_0 key_install_data_file_26_0 biosensord_nvram_file custom_file lost_found_data_file dontpanic_data_file resource_cache_data_file http_proxy_cfg_data_file acdapi_data_file ppp_data_file wide_dhcpv6_data_file wpa_supplicant_data_file radvd_data_file mal_data_file bt_data_file agpsd_data_file mnld_data_file gps_data_file MPED_data_file protect_f_data_file protect_s_data_file persist_data_file nvram_data_file nvdata_file nvcfg_file cct_data_file mediaserver_data_file mediacodec_data_file logmisc_data_file logtemp_data_file aee_core_data_file aee_tombstone_data_file aee_exp_data_file aee_dumpsys_data_file sf_rtt_file ccci_cfg_file c2k_file sensor_data_file stp_dump_data_file data_tmpfs_log_file fon_image_data_file ims_ipsec_data_file thermal_manager_data_file adbd_data_file autokd_data_file sf_bqdump_data_file nfc_socket factory_data_file mdlog_data_file mtk_audiohal_data_file fuelgauged_file fuelgauged_nvram_file metlog_data_file wod_ipsec_conf_file wod_apn_conf_file)) -(typeattributeset core_data_file_type (system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 adbd_data_file sf_bqdump_data_file nfc_socket factory_data_file mdlog_data_file)) -(typeattributeset vendor_file_type (vendor_hal_file_26_0 vendor_file_26_0 vendor_app_file_26_0 vendor_configs_file_26_0 same_process_hal_file_26_0 vndk_sp_file_26_0 vendor_framework_file_26_0 vendor_overlay_file_26_0 mediacodec_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 hal_audio_default_exec hal_bluetooth_default_exec hal_bootctl_default_exec hal_camera_default_exec hal_configstore_default_exec hal_contexthub_default_exec hal_drm_default_exec hal_dumpstate_default_exec hal_fingerprint_default_exec hal_gatekeeper_default_exec hal_gnss_default_exec hal_graphics_allocator_default_exec hal_graphics_composer_default_exec hal_health_default_exec hal_ir_default_exec hal_keymaster_default_exec hal_light_default_exec hal_memtrack_default_exec hal_nfc_default_exec hal_power_default_exec hal_sensors_default_exec hal_thermal_default_exec hal_tv_cec_default_exec hal_tv_input_default_exec hal_usb_default_exec hal_vibrator_default_exec hal_vr_default_exec hal_wifi_default_exec hal_wifi_offload_default_exec hal_wifi_supplicant_default_exec hostapd_exec rild_exec tee_exec vndservicemanager_exec MtkCodecService_exec aee_core_forwarder_exec biosensord_nvram_exec ccci_fsd_exec ccci_mdinit_exec fuelgauged_exec fuelgauged_nvram_exec gsm0710muxd_exec hal_drm_widevine_exec hal_keymaster_attestation_exec lbs_hidl_service_exec md_ctrl_exec mmc_ffu_exec mnld_exec MPED_exec mtk_agpsd_exec mtk_hal_audio_exec mtk_hal_bluetooth_exec mtk_hal_camera_exec mtk_hal_gnss_exec mtk_hal_imsa_exec mtk_hal_light_exec mtk_hal_power_exec mtk_hal_pq_exec mtk_hal_sensors_exec mtk_wmt_launcher_exec mtkrild_exec muxreport_exec nvram_agent_binder_exec nvram_daemon_exec slpd_exec spm_loader_exec stp_dump3_exec sysenv_daemon_exec thermal_manager_exec thermalloadalgod_exec wifi2agps_exec wmt_loader_exec epdg_wod_exec starter_exec charon_exec ipsec_exec stroke_exec mtkmal_exec volte_imcb_exec volte_imsm_md_exec volte_stack_exec volte_ua_exec wfca_exec)) -(typeattributeset sysfs_type (usermodehelper_26_0 sysfs_26_0 sysfs_uio_26_0 sysfs_batteryinfo_26_0 sysfs_bluetooth_writable_26_0 sysfs_leds_26_0 sysfs_hwrandom_26_0 sysfs_nfc_power_writable_26_0 sysfs_wake_lock_26_0 sysfs_mac_address_26_0 sysfs_usb_26_0 sysfs_devices_system_cpu_26_0 sysfs_lowmemorykiller_26_0 sysfs_wlan_fwpath_26_0 sysfs_vibrator_26_0 sysfs_thermal_26_0 sysfs_zram_26_0 sysfs_zram_uevent_26_0 sysfs_therm sysfs_power_supply sysfs_fps sysfs_ccci sysfs_mmc1 sysfs_ssw sysfs_vcorefs_pwrctrl sysfs_md32 sysfs_scp sysfs_sspm sysfs_devinfo sysfs_dcm sysfs_dcs sysfs_keypad_file sysfs_met)) -(typeattributeset debugfs_type (debugfs_mmc_26_0 debugfs_trace_marker_26_0 debugfs_tracing_26_0 debugfs_tracing_instances_26_0 debugfs_wifi_tracing_26_0 tracing_shell_writable_26_0 tracing_shell_writable_debug_26_0 debugfs_binder debugfs_blockio debugfs_fuseio debugfs_usb debugfs_fb debugfs_cpuhvfs debugfs_usb20_phy debugfs_dynamic_debug debugfs_wakeup_sources debugfs_shrinker_debug debugfs_dmlog_debug debugfs_page_owner_slim_debug debugfs_rcu debugfs_ged debugfs_gpu_mali_midgard debugfs_gpu_mali_utgard debugfs_gpu_img debugfs_ion debugfs_ion_mm_heap)) -(typeattributeset sdcard_type (fuse_26_0 sdcardfs_26_0 vfat_26_0 fuseblk)) -(typeattributeset node_type (node_26_0)) -(typeattributeset netif_type (netif_26_0)) -(typeattributeset port_type (port_26_0)) -(typeattributeset property_type (asan_reboot_prop_26_0 audio_prop_26_0 boottime_prop_26_0 bluetooth_prop_26_0 config_prop_26_0 cppreopt_prop_26_0 ctl_bootanim_prop_26_0 ctl_bugreport_prop_26_0 ctl_console_prop_26_0 ctl_default_prop_26_0 ctl_dumpstate_prop_26_0 ctl_fuse_prop_26_0 ctl_mdnsd_prop_26_0 ctl_rildaemon_prop_26_0 dalvik_prop_26_0 debuggerd_prop_26_0 debug_prop_26_0 default_prop_26_0 device_logging_prop_26_0 dhcp_prop_26_0 dumpstate_options_prop_26_0 dumpstate_prop_26_0 ffs_prop_26_0 fingerprint_prop_26_0 firstboot_prop_26_0 hwservicemanager_prop_26_0 logd_prop_26_0 logpersistd_logging_prop_26_0 log_prop_26_0 log_tag_prop_26_0 mmc_prop_26_0 net_dns_prop_26_0 net_radio_prop_26_0 nfc_prop_26_0 overlay_prop_26_0 pan_result_prop_26_0 persist_debug_prop_26_0 persistent_properties_ready_prop_26_0 powerctl_prop_26_0 radio_prop_26_0 restorecon_prop_26_0 safemode_prop_26_0 serialno_prop_26_0 shell_prop_26_0 system_prop_26_0 system_radio_prop_26_0 vold_prop_26_0 wifi_log_prop_26_0 wifi_prop_26_0 mtk_default_prop ctl_gsm0710muxd_prop ctl_gsm0710muxd-s_prop ctl_gsm0710muxd-d_prop ctl_mdlogger_prop ctl_emdlogger1_prop ctl_emdlogger2_prop ctl_emdlogger3_prop ctl_dualmdlogger_prop ctl_viarild_prop persist_ril_prop gsm0710muxd_prop debug_mtklog_prop persist_mtklog_prop debug_netlog_prop mtk_wifi_prop debug_mdlogger_prop persist_mtk_aee_prop persist_aee_prop debug_mtk_aee_prop debug_bq_dump_prop ctl_ril-daemon-mtk_prop ctl_fusion_ril_mtk_prop ctl_ril-daemon-s_prop ctl_ril-daemon-d_prop ctl_ril-proxy_prop ctl_ccci_fsd_prop ctl_ccci2_fsd_prop ctl_ccci3_fsd_prop ril_active_md_prop ril_mux_report_case_prop ril_cdma_report_prop mtk_md_prop ctl_muxreport-daemon_prop pppoe_ppp0_prop bootani_prop mnld_prop audiohal_prop wmt_prop ctl_emcsmdlogger_prop ctl_eemcs_fsd_prop net_cdma_mdmstat bt_prop persist_bt_prop vendor_factory_idle_state_prop ftrace_log_prop service_nvram_init_prop wifi_5g_prop mtk_em_prop mediatek_prop mtk_em_pdn_prop mtk_em_ims_simulate_prop mtk_em_auto_answer_prop mtk_em_bt_sspdebug_prop mtk_em_ril_apnchange_prop mtk_em_net_auto_tethering_prop ctl_mobile_log_d_prop ctl_mnld_prop ctl_mobicore_prop meta_connecttype_prop mtk_telephony_sensitive_prop mtk_thermal_config_prop graphics_config_prop mtkcam_prop atm_mdmode_prop mtk_wod_prop persist_wod_prop persist_mal_prop ctl_volte_imcb_prop ctl_volte_stack_prop ctl_volte_ua_prop volte_prop)) -(typeattributeset core_property_type (audio_prop_26_0 config_prop_26_0 cppreopt_prop_26_0 dalvik_prop_26_0 debuggerd_prop_26_0 debug_prop_26_0 default_prop_26_0 dhcp_prop_26_0 dumpstate_prop_26_0 ffs_prop_26_0 fingerprint_prop_26_0 logd_prop_26_0 net_radio_prop_26_0 nfc_prop_26_0 pan_result_prop_26_0 persist_debug_prop_26_0 powerctl_prop_26_0 radio_prop_26_0 restorecon_prop_26_0 shell_prop_26_0 system_prop_26_0 system_radio_prop_26_0 vold_prop_26_0)) -(typeattributeset log_property_type (log_prop_26_0 log_tag_prop_26_0 wifi_log_prop_26_0)) -(typeattributeset system_server_service (accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 battery_service_26_0 bluetooth_manager_service_26_0 cameraproxy_service_26_0 clipboard_service_26_0 contexthub_service_26_0 IProxyService_service_26_0 commontime_management_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 coverage_service_26_0 cpuinfo_service_26_0 dbinfo_service_26_0 device_policy_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 devicestoragemonitor_service_26_0 diskstats_service_26_0 display_service_26_0 font_service_26_0 netd_listener_service_26_0 DockObserver_service_26_0 dreams_service_26_0 dropbox_service_26_0 ethernet_service_26_0 fingerprint_service_26_0 gfxinfo_service_26_0 graphicsstats_service_26_0 hardware_service_26_0 hardware_properties_service_26_0 hdmi_control_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 lock_settings_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 meminfo_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 network_score_service_26_0 network_time_update_service_26_0 notification_service_26_0 oem_lock_service_26_0 otadexopt_service_26_0 overlay_service_26_0 package_service_26_0 permission_service_26_0 persistent_data_block_service_26_0 pinner_service_26_0 power_service_26_0 print_service_26_0 processinfo_service_26_0 procstats_service_26_0 recovery_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 samplingprofiler_service_26_0 scheduling_policy_service_26_0 search_service_26_0 sec_key_att_app_id_provider_service_26_0 sensorservice_service_26_0 serial_service_26_0 servicediscovery_service_26_0 settings_service_26_0 shortcut_service_26_0 statusbar_service_26_0 storagestats_service_26_0 task_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 trust_service_26_0 tv_input_service_26_0 uimode_service_26_0 updatelock_service_26_0 usagestats_service_26_0 usb_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 vr_manager_service_26_0 wallpaper_service_26_0 webviewupdate_service_26_0 wifip2p_service_26_0 wifiscanner_service_26_0 wifi_service_26_0 wifiaware_service_26_0 window_service_26_0)) -(typeattributeset app_api_service (batteryproperties_service_26_0 gatekeeper_service_26_0 accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 bluetooth_manager_service_26_0 clipboard_service_26_0 contexthub_service_26_0 IProxyService_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 device_policy_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 display_service_26_0 font_service_26_0 dreams_service_26_0 dropbox_service_26_0 ethernet_service_26_0 fingerprint_service_26_0 graphicsstats_service_26_0 hardware_properties_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 notification_service_26_0 package_service_26_0 permission_service_26_0 power_service_26_0 print_service_26_0 procstats_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 search_service_26_0 sec_key_att_app_id_provider_service_26_0 sensorservice_service_26_0 servicediscovery_service_26_0 settings_service_26_0 shortcut_service_26_0 statusbar_service_26_0 storagestats_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 trust_service_26_0 tv_input_service_26_0 uimode_service_26_0 usagestats_service_26_0 usb_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 wallpaper_service_26_0 webviewupdate_service_26_0 wifip2p_service_26_0 wifi_service_26_0 wifiaware_service_26_0)) -(typeattributeset ephemeral_app_api_service (batteryproperties_service_26_0 accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 bluetooth_manager_service_26_0 clipboard_service_26_0 IProxyService_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 display_service_26_0 font_service_26_0 dreams_service_26_0 dropbox_service_26_0 graphicsstats_service_26_0 hardware_properties_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 notification_service_26_0 package_service_26_0 permission_service_26_0 power_service_26_0 print_service_26_0 procstats_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 search_service_26_0 sensorservice_service_26_0 servicediscovery_service_26_0 settings_service_26_0 statusbar_service_26_0 storagestats_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 tv_input_service_26_0 uimode_service_26_0 usagestats_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 webviewupdate_service_26_0)) -(typeattributeset system_api_service (cpuinfo_service_26_0 dbinfo_service_26_0 diskstats_service_26_0 gfxinfo_service_26_0 hdmi_control_service_26_0 lock_settings_service_26_0 meminfo_service_26_0 network_score_service_26_0 oem_lock_service_26_0 persistent_data_block_service_26_0 serial_service_26_0 updatelock_service_26_0 wifiscanner_service_26_0 window_service_26_0)) -(typeattributeset service_manager_type (audioserver_service_26_0 batteryproperties_service_26_0 bluetooth_service_26_0 cameraserver_service_26_0 default_android_service_26_0 drmserver_service_26_0 dumpstate_service_26_0 fingerprintd_service_26_0 hal_fingerprint_service_26_0 gatekeeper_service_26_0 gpu_service_26_0 inputflinger_service_26_0 incident_service_26_0 installd_service_26_0 keystore_service_26_0 mediaserver_service_26_0 mediametrics_service_26_0 mediaextractor_service_26_0 mediacodec_service_26_0 mediadrmserver_service_26_0 mediacasserver_service_26_0 netd_service_26_0 nfc_service_26_0 radio_service_26_0 storaged_service_26_0 surfaceflinger_service_26_0 system_app_service_26_0 update_engine_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0 accessibility_service_26_0 account_service_26_0 activity_service_26_0 alarm_service_26_0 appops_service_26_0 appwidget_service_26_0 assetatlas_service_26_0 audio_service_26_0 autofill_service_26_0 backup_service_26_0 batterystats_service_26_0 battery_service_26_0 bluetooth_manager_service_26_0 cameraproxy_service_26_0 clipboard_service_26_0 contexthub_service_26_0 IProxyService_service_26_0 commontime_management_service_26_0 companion_device_service_26_0 connectivity_service_26_0 connmetrics_service_26_0 consumer_ir_service_26_0 content_service_26_0 country_detector_service_26_0 coverage_service_26_0 cpuinfo_service_26_0 dbinfo_service_26_0 device_policy_service_26_0 deviceidle_service_26_0 device_identifiers_service_26_0 devicestoragemonitor_service_26_0 diskstats_service_26_0 display_service_26_0 font_service_26_0 netd_listener_service_26_0 DockObserver_service_26_0 dreams_service_26_0 dropbox_service_26_0 ethernet_service_26_0 fingerprint_service_26_0 gfxinfo_service_26_0 graphicsstats_service_26_0 hardware_service_26_0 hardware_properties_service_26_0 hdmi_control_service_26_0 input_method_service_26_0 input_service_26_0 imms_service_26_0 ipsec_service_26_0 jobscheduler_service_26_0 launcherapps_service_26_0 location_service_26_0 lock_settings_service_26_0 media_projection_service_26_0 media_router_service_26_0 media_session_service_26_0 meminfo_service_26_0 midi_service_26_0 mount_service_26_0 netpolicy_service_26_0 netstats_service_26_0 network_management_service_26_0 network_score_service_26_0 network_time_update_service_26_0 notification_service_26_0 oem_lock_service_26_0 otadexopt_service_26_0 overlay_service_26_0 package_service_26_0 permission_service_26_0 persistent_data_block_service_26_0 pinner_service_26_0 power_service_26_0 print_service_26_0 processinfo_service_26_0 procstats_service_26_0 recovery_service_26_0 registry_service_26_0 restrictions_service_26_0 rttmanager_service_26_0 samplingprofiler_service_26_0 scheduling_policy_service_26_0 search_service_26_0 sec_key_att_app_id_provider_service_26_0 sensorservice_service_26_0 serial_service_26_0 servicediscovery_service_26_0 settings_service_26_0 shortcut_service_26_0 statusbar_service_26_0 storagestats_service_26_0 task_service_26_0 textclassification_service_26_0 textservices_service_26_0 telecom_service_26_0 trust_service_26_0 tv_input_service_26_0 uimode_service_26_0 updatelock_service_26_0 usagestats_service_26_0 usb_service_26_0 user_service_26_0 vibrator_service_26_0 voiceinteraction_service_26_0 vr_manager_service_26_0 wallpaper_service_26_0 webviewupdate_service_26_0 wifip2p_service_26_0 wifiscanner_service_26_0 wifi_service_26_0 wificond_service_26_0 wifiaware_service_26_0 window_service_26_0 nvram_agent_service_26_0 mtk_codec_service_service)) -(typeattributeset hwservice_manager_type (default_android_hwservice_26_0 fwk_display_hwservice_26_0 fwk_scheduler_hwservice_26_0 fwk_sensor_hwservice_26_0 hal_audio_hwservice_26_0 hal_bluetooth_hwservice_26_0 hal_bootctl_hwservice_26_0 hal_camera_hwservice_26_0 hal_configstore_ISurfaceFlingerConfigs_26_0 hal_contexthub_hwservice_26_0 hal_drm_hwservice_26_0 hal_dumpstate_hwservice_26_0 hal_fingerprint_hwservice_26_0 hal_gatekeeper_hwservice_26_0 hal_gnss_hwservice_26_0 hal_graphics_allocator_hwservice_26_0 hal_graphics_composer_hwservice_26_0 hal_graphics_mapper_hwservice_26_0 hal_health_hwservice_26_0 hal_ir_hwservice_26_0 hal_keymaster_hwservice_26_0 hal_light_hwservice_26_0 hal_memtrack_hwservice_26_0 hal_nfc_hwservice_26_0 hal_oemlock_hwservice_26_0 hal_omx_hwservice_26_0 hal_power_hwservice_26_0 hal_renderscript_hwservice_26_0 hal_sensors_hwservice_26_0 hal_telephony_hwservice_26_0 hal_thermal_hwservice_26_0 hal_tv_cec_hwservice_26_0 hal_tv_input_hwservice_26_0 hal_usb_hwservice_26_0 hal_vibrator_hwservice_26_0 hal_vr_hwservice_26_0 hal_weaver_hwservice_26_0 hal_wifi_hwservice_26_0 hal_wifi_supplicant_hwservice_26_0 hidl_allocator_hwservice_26_0 hidl_base_hwservice_26_0 hidl_manager_hwservice_26_0 hidl_memory_hwservice_26_0 hidl_token_hwservice_26_0 system_wifi_keystore_hwservice_26_0 mtk_hal_bluetooth_hwservice mtk_hal_rild_hwservice mtk_hal_power_hwservice mtk_hal_lbs_hwservice mtk_hal_wifi_hostapd_hwservice mtk_hal_imsa_hwservice nvram_agent_binder_hwservice mtk_hal_pq_hwservice mtk_hal_keyattestation_hwservice)) -(typeattributeset same_process_hwservice (hal_graphics_mapper_hwservice_26_0 hal_renderscript_hwservice_26_0)) -(typeattributeset coredomain_hwservice (fwk_display_hwservice_26_0 fwk_scheduler_hwservice_26_0 fwk_sensor_hwservice_26_0 hidl_allocator_hwservice_26_0 hidl_manager_hwservice_26_0 hidl_memory_hwservice_26_0 hidl_token_hwservice_26_0 system_wifi_keystore_hwservice_26_0)) -(typeattributeset vndservice_manager_type (default_android_vndservice_26_0)) -(typeattributeset mlstrustedsubject (bufferhubd_26_0 cppreopts_26_0 drmserver_26_0 dumpstate_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 hwservicemanager_26_0 init_26_0 installd_26_0 kernel_26_0 keystore_26_0 lmkd_26_0 logd_26_0 mediacodec_26_0 mediadrmserver_26_0 mediaextractor_26_0 mediaserver_26_0 netd_26_0 otapreopt_slot_26_0 performanced_26_0 perfprofd_26_0 platform_app_26_0 racoon_26_0 radio_26_0 runas_26_0 servicemanager_26_0 shell_26_0 su_26_0 system_app_26_0 tombstoned_26_0 uncrypt_26_0 vold_26_0 mnld thermalloadalgod)) -(typeattributeset mlstrustedobject (alarm_device_26_0 ashmem_device_26_0 binder_device_26_0 hwbinder_device_26_0 pmsg_device_26_0 gpu_device_26_0 log_device_26_0 mtp_device_26_0 ptmx_device_26_0 null_device_26_0 random_device_26_0 owntty_device_26_0 zero_device_26_0 fuse_device_26_0 ion_device_26_0 tun_device_26_0 usbaccessory_device_26_0 usb_device_26_0 qtaguid_proc_26_0 selinuxfs_26_0 cgroup_26_0 sysfs_26_0 sysfs_bluetooth_writable_26_0 sysfs_nfc_power_writable_26_0 sysfs_usb_26_0 inotify_26_0 devpts_26_0 fuse_26_0 sdcardfs_26_0 vfat_26_0 debugfs_trace_marker_26_0 functionfs_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_tmp_file_26_0 apk_private_tmp_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 shell_data_file_26_0 heapdump_data_file_26_0 ringtone_file_26_0 media_rw_data_file_26_0 radio_data_file_26_0 perfprofd_data_file_26_0 method_trace_data_file_26_0 system_app_data_file_26_0 cache_file_26_0 cache_backup_file_26_0 cache_recovery_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 asec_apk_file_26_0 backup_data_file_26_0 app_fuse_file_26_0 dnsproxyd_socket_26_0 fwmarkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdnsd_socket_26_0 property_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 sw_sync_device sysfs_devinfo rawfs fuseblk)) -(typeattributeset appdomain (vendor_app)) -(typeattributeset netdomain (clatd_26_0 dhcp_26_0 dnsmasq_26_0 drmserver_26_0 dumpstate_26_0 mediadrmserver_26_0 mediaserver_26_0 mtp_26_0 netd_26_0 ppp_26_0 racoon_26_0 radio_26_0 rild_26_0 shell_26_0 su_26_0 update_engine_26_0 hal_wifi_supplicant_default hostapd mnld MPED mtk_agpsd mtkrild slpd epdg_wod ipsec volte_imcb volte_stack volte_ua wfca)) -(typeattributeset bluetoothdomain (radio_26_0)) -(typeattributeset binderservicedomain (cameraserver_26_0 drmserver_26_0 gatekeeperd_26_0 healthd_26_0 inputflinger_26_0 keystore_26_0 mediadrmserver_26_0 mediaextractor_26_0 mediametrics_26_0 mediaserver_26_0 radio_26_0 virtual_touchpad_26_0 vr_hwc_26_0)) -(typeattributeset update_engine_common (update_engine_26_0)) -(typeattributeset coredomain (perfprofd_26_0)) -(typeattributeset coredomain_socket (adbd_socket_26_0 bluetooth_socket_26_0 dnsproxyd_socket_26_0 dumpstate_socket_26_0 fwmarkd_socket_26_0 lmkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdns_socket_26_0 mdnsd_socket_26_0 misc_logd_file_26_0 mtpd_socket_26_0 netd_socket_26_0 property_socket_26_0 racoon_socket_26_0 system_wpa_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 tombstoned_intercept_socket_26_0 uncrypt_socket_26_0 vold_socket_26_0 webview_zygote_socket_26_0 zygote_socket_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_client_channel_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_manager_channel_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_screenshot_channel_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_display_vsync_channel_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_performance_client_channel_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 pdx_bufferhub_client_channel_socket_26_0)) -(typeattributeset pdx_endpoint_dir_type (pdx_display_dir_26_0 pdx_performance_dir_26_0 pdx_bufferhub_dir_26_0)) -(typeattributeset pdx_endpoint_socket_type (pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0)) -(typeattributeset pdx_channel_socket_type (pdx_display_client_channel_socket_26_0 pdx_display_manager_channel_socket_26_0 pdx_display_screenshot_channel_socket_26_0 pdx_display_vsync_channel_socket_26_0 pdx_performance_client_channel_socket_26_0 pdx_bufferhub_client_channel_socket_26_0)) -(typeattributeset pdx_display_client_endpoint_dir_type (pdx_display_dir_26_0)) -(typeattributeset pdx_display_client_endpoint_socket_type (pdx_display_client_endpoint_socket_26_0)) -(typeattributeset pdx_display_client_channel_socket_type (pdx_display_client_channel_socket_26_0)) -(typeattributeset pdx_display_manager_endpoint_dir_type (pdx_display_dir_26_0)) -(typeattributeset pdx_display_manager_endpoint_socket_type (pdx_display_manager_endpoint_socket_26_0)) -(typeattributeset pdx_display_manager_channel_socket_type (pdx_display_manager_channel_socket_26_0)) -(typeattributeset pdx_display_screenshot_endpoint_dir_type (pdx_display_dir_26_0)) -(typeattributeset pdx_display_screenshot_endpoint_socket_type (pdx_display_screenshot_endpoint_socket_26_0)) -(typeattributeset pdx_display_screenshot_channel_socket_type (pdx_display_screenshot_channel_socket_26_0)) -(typeattributeset pdx_display_vsync_endpoint_dir_type (pdx_display_dir_26_0)) -(typeattributeset pdx_display_vsync_endpoint_socket_type (pdx_display_vsync_endpoint_socket_26_0)) -(typeattributeset pdx_display_vsync_channel_socket_type (pdx_display_vsync_channel_socket_26_0)) -(typeattributeset pdx_performance_client_endpoint_dir_type (pdx_performance_dir_26_0)) -(typeattributeset pdx_performance_client_endpoint_socket_type (pdx_performance_client_endpoint_socket_26_0)) -(typeattributeset pdx_performance_client_channel_socket_type (pdx_performance_client_channel_socket_26_0)) -(typeattributeset pdx_performance_client_server_type (performanced_26_0)) -(typeattributeset pdx_bufferhub_client_endpoint_dir_type (pdx_bufferhub_dir_26_0)) -(typeattributeset pdx_bufferhub_client_endpoint_socket_type (pdx_bufferhub_client_endpoint_socket_26_0)) -(typeattributeset pdx_bufferhub_client_channel_socket_type (pdx_bufferhub_client_channel_socket_26_0)) -(typeattributeset pdx_bufferhub_client_server_type (bufferhubd_26_0)) -(typeattributeset halserverdomain (rild_26_0 hal_audio_default hal_bluetooth_default hal_bootctl_default hal_camera_default hal_configstore_default hal_contexthub_default hal_drm_default hal_dumpstate_default hal_fingerprint_default hal_gatekeeper_default hal_gnss_default hal_graphics_allocator_default hal_graphics_composer_default hal_health_default hal_ir_default hal_keymaster_default hal_light_default hal_memtrack_default hal_nfc_default hal_power_default hal_sensors_default hal_thermal_default hal_tv_cec_default hal_tv_input_default hal_usb_default hal_vibrator_default hal_vr_default hal_wifi_default hal_wifi_offload_default hal_wifi_supplicant_default hostapd hal_drm_widevine hal_keymaster_attestation lbs_hidl_service mtk_hal_audio mtk_hal_bluetooth mtk_hal_camera mtk_hal_gnss mtk_hal_imsa mtk_hal_light mtk_hal_power mtk_hal_pq mtk_hal_sensors nvram_agent_binder)) -(typeattributeset halclientdomain (bootanim_26_0 bufferhubd_26_0 cameraserver_26_0 dumpstate_26_0 gatekeeperd_26_0 healthd_26_0 mediacodec_26_0 mediadrmserver_26_0 mediaserver_26_0 platform_app_26_0 radio_26_0 shell_26_0 system_app_26_0 system_server_26_0 update_engine_26_0 update_verifier_26_0 vold_26_0 vr_hwc_26_0 factory_26_0 meta_tst_26_0 hal_audio_default mtk_hal_audio mtk_hal_pq)) -(typeattributeset hal_allocator_client (mediacodec_26_0 mediaserver_26_0 hal_audio_default mtk_hal_audio mtk_hal_pq)) -(typeattributeset hal_audio (hal_audio_default mtk_hal_audio)) -(typeattributeset hal_audio_server (hal_audio_default mtk_hal_audio)) -(typeattributeset hal_bluetooth (hal_bluetooth_default mtk_hal_bluetooth)) -(typeattributeset hal_bluetooth_server (hal_bluetooth_default mtk_hal_bluetooth)) -(typeattributeset hal_bootctl (hal_bootctl_default)) -(typeattributeset hal_bootctl_client (update_engine_26_0 update_verifier_26_0)) -(typeattributeset hal_bootctl_server (hal_bootctl_default)) -(typeattributeset hal_camera (hal_camera_default mtk_hal_camera)) -(typeattributeset hal_camera_client (cameraserver_26_0)) -(typeattributeset hal_camera_server (hal_camera_default mtk_hal_camera)) -(typeattributeset hal_configstore (hal_configstore_default)) -(typeattributeset hal_configstore_server (hal_configstore_default)) -(typeattributeset hal_contexthub (hal_contexthub_default)) -(typeattributeset hal_contexthub_server (hal_contexthub_default)) -(typeattributeset hal_drm (hal_drm_default hal_drm_widevine)) -(typeattributeset hal_drm_client (mediadrmserver_26_0)) -(typeattributeset hal_drm_server (hal_drm_default hal_drm_widevine)) -(typeattributeset hal_dumpstate (hal_dumpstate_default)) -(typeattributeset hal_dumpstate_client (dumpstate_26_0)) -(typeattributeset hal_dumpstate_server (hal_dumpstate_default)) -(typeattributeset hal_fingerprint (hal_fingerprint_default)) -(typeattributeset hal_fingerprint_server (hal_fingerprint_default)) -(typeattributeset hal_gatekeeper (hal_gatekeeper_default)) -(typeattributeset hal_gatekeeper_client (gatekeeperd_26_0)) -(typeattributeset hal_gatekeeper_server (hal_gatekeeper_default)) -(typeattributeset hal_gnss (hal_gnss_default mtk_hal_gnss)) -(typeattributeset hal_gnss_client (system_server_26_0)) -(typeattributeset hal_gnss_server (hal_gnss_default mtk_hal_gnss)) -(typeattributeset hal_graphics_allocator (hal_graphics_allocator_default)) -(typeattributeset hal_graphics_allocator_client (bootanim_26_0 bufferhubd_26_0 cameraserver_26_0 dumpstate_26_0 mediacodec_26_0 vr_hwc_26_0)) -(typeattributeset hal_graphics_allocator_server (hal_graphics_allocator_default)) -(typeattributeset hal_graphics_composer (hal_graphics_composer_default)) -(typeattributeset hal_graphics_composer_client (bootanim_26_0)) -(typeattributeset hal_graphics_composer_server (hal_graphics_composer_default)) -(typeattributeset hal_health (hal_health_default)) -(typeattributeset hal_health_client (healthd_26_0)) -(typeattributeset hal_health_server (hal_health_default)) -(typeattributeset hal_ir (hal_ir_default)) -(typeattributeset hal_ir_server (hal_ir_default)) -(typeattributeset hal_keymaster (hal_keymaster_default)) -(typeattributeset hal_keymaster_client (vold_26_0)) -(typeattributeset hal_keymaster_server (hal_keymaster_default)) -(typeattributeset hal_light (hal_light_default mtk_hal_light)) -(typeattributeset hal_light_server (hal_light_default mtk_hal_light)) -(typeattributeset hal_memtrack (hal_memtrack_default)) -(typeattributeset hal_memtrack_server (hal_memtrack_default)) -(typeattributeset hal_nfc (hal_nfc_default)) -(typeattributeset hal_nfc_client (radio_26_0 factory_26_0 meta_tst_26_0)) -(typeattributeset hal_nfc_server (hal_nfc_default)) -(typeattributeset hal_power (hal_power_default mtk_hal_power)) -(typeattributeset hal_power_client (shell_26_0)) -(typeattributeset hal_power_server (hal_power_default mtk_hal_power)) -(typeattributeset hal_sensors (hal_sensors_default mtk_hal_sensors)) -(typeattributeset hal_sensors_server (hal_sensors_default mtk_hal_sensors)) -(typeattributeset hal_telephony (rild_26_0)) -(typeattributeset hal_telephony_client (radio_26_0)) -(typeattributeset hal_telephony_server (rild_26_0)) -(typeattributeset hal_thermal (hal_thermal_default)) -(typeattributeset hal_thermal_server (hal_thermal_default)) -(typeattributeset hal_tv_cec (hal_tv_cec_default)) -(typeattributeset hal_tv_cec_server (hal_tv_cec_default)) -(typeattributeset hal_tv_input (hal_tv_input_default)) -(typeattributeset hal_tv_input_server (hal_tv_input_default)) -(typeattributeset hal_usb (hal_usb_default)) -(typeattributeset hal_usb_server (hal_usb_default)) -(typeattributeset hal_vibrator (hal_vibrator_default)) -(typeattributeset hal_vibrator_client (dumpstate_26_0)) -(typeattributeset hal_vibrator_server (hal_vibrator_default)) -(typeattributeset hal_vr (hal_vr_default)) -(typeattributeset hal_vr_server (hal_vr_default)) -(typeattributeset hal_wifi (hal_wifi_default)) -(typeattributeset hal_wifi_server (hal_wifi_default)) -(typeattributeset hal_wifi_offload (hal_wifi_offload_default)) -(typeattributeset hal_wifi_offload_server (hal_wifi_offload_default)) -(typeattributeset hal_wifi_supplicant (hal_wifi_supplicant_default hostapd)) -(typeattributeset hal_wifi_supplicant_server (hal_wifi_supplicant_default hostapd)) -(typeattribute mtk_core_property_type) -(typeattributeset mtk_core_property_type (persist_ril_prop gsm0710muxd_prop debug_mtklog_prop persist_mtklog_prop debug_netlog_prop mtk_wifi_prop debug_mdlogger_prop persist_mtk_aee_prop persist_aee_prop debug_mtk_aee_prop debug_bq_dump_prop ril_active_md_prop ril_mux_report_case_prop ril_cdma_report_prop mtk_md_prop pppoe_ppp0_prop bootani_prop mnld_prop audiohal_prop wmt_prop net_cdma_mdmstat bt_prop persist_bt_prop vendor_factory_idle_state_prop ftrace_log_prop service_nvram_init_prop wifi_5g_prop mtk_em_prop mediatek_prop mtk_em_pdn_prop mtk_em_ims_simulate_prop mtk_em_auto_answer_prop mtk_em_bt_sspdebug_prop mtk_em_net_auto_tethering_prop mtk_wod_prop persist_wod_prop persist_mal_prop volte_prop)) -(typeattribute mtk_hal_lbs) -(typeattributeset mtk_hal_lbs (lbs_hidl_service)) -(typeattribute mtk_hal_lbs_client) -(typeattributeset mtk_hal_lbs_client (platform_app_26_0 system_app_26_0 system_server_26_0)) -(typeattribute mtk_hal_lbs_server) -(typeattributeset mtk_hal_lbs_server (lbs_hidl_service)) -(typeattribute mtk_hal_wifi_hostapd) -(typeattributeset mtk_hal_wifi_hostapd (hostapd)) -(typeattribute mtk_hal_wifi_hostapd_client) -(typeattributeset mtk_hal_wifi_hostapd_client (system_server_26_0)) -(typeattribute mtk_hal_wifi_hostapd_server) -(typeattributeset mtk_hal_wifi_hostapd_server (hostapd)) -(typeattribute hal_imsa) -(typeattributeset hal_imsa (mtk_hal_imsa)) -(typeattribute hal_imsa_client) -(typeattributeset hal_imsa_client (radio_26_0)) -(typeattribute hal_imsa_server) -(typeattributeset hal_imsa_server (mtk_hal_imsa)) -(typeattribute mtkimsapdomain) -(typeattributeset mtkimsapdomain (mtk_hal_imsa)) -(typeattribute mtkimsmddomain) -(typeattributeset mtkimsmddomain (epdg_wod mtkmal volte_imcb volte_imsm_md volte_stack volte_ua wfca)) -(typeattribute hal_pq) -(typeattributeset hal_pq (mtk_hal_pq)) -(typeattribute hal_pq_client) -(typeattribute hal_pq_server) -(typeattributeset hal_pq_server (mtk_hal_pq)) -(typeattribute hal_nvramagent) -(typeattributeset hal_nvramagent (nvram_agent_binder)) -(typeattribute hal_nvramagent_client) -(typeattributeset hal_nvramagent_client (system_app_26_0)) -(typeattribute hal_nvramagent_server) -(typeattributeset hal_nvramagent_server (nvram_agent_binder)) -(typeattribute mtk_hal_keyattestation) -(typeattributeset mtk_hal_keyattestation (hal_keymaster_attestation)) -(typeattribute mtk_hal_keyattestation_client) -(typeattributeset mtk_hal_keyattestation_client (meta_tst_26_0)) -(typeattribute mtk_hal_keyattestation_server) -(typeattributeset mtk_hal_keyattestation_server (hal_keymaster_attestation)) -(typeattribute adbd_26_0) -(roletype object_r adbd_26_0) -(typeattribute audioserver_26_0) -(roletype object_r audioserver_26_0) -(typeattribute blkid_26_0) -(roletype object_r blkid_26_0) -(typeattribute blkid_untrusted_26_0) -(roletype object_r blkid_untrusted_26_0) -(typeattribute bluetooth_26_0) -(roletype object_r bluetooth_26_0) -(typeattribute bootanim_26_0) -(roletype object_r bootanim_26_0) -(typeattribute bootanim_exec_26_0) -(roletype object_r bootanim_exec_26_0) -(typeattribute bootstat_26_0) -(roletype object_r bootstat_26_0) -(typeattribute bootstat_exec_26_0) -(roletype object_r bootstat_exec_26_0) -(typeattribute bufferhubd_26_0) -(roletype object_r bufferhubd_26_0) -(typeattribute bufferhubd_exec_26_0) -(roletype object_r bufferhubd_exec_26_0) -(typeattribute cameraserver_26_0) -(roletype object_r cameraserver_26_0) -(typeattribute cameraserver_exec_26_0) -(roletype object_r cameraserver_exec_26_0) -(typeattribute charger_26_0) -(roletype object_r charger_26_0) -(typeattribute clatd_26_0) -(roletype object_r clatd_26_0) -(typeattribute clatd_exec_26_0) -(roletype object_r clatd_exec_26_0) -(typeattribute cppreopts_26_0) -(roletype object_r cppreopts_26_0) -(typeattribute cppreopts_exec_26_0) -(roletype object_r cppreopts_exec_26_0) -(typeattribute crash_dump_26_0) -(roletype object_r crash_dump_26_0) -(typeattribute crash_dump_exec_26_0) -(roletype object_r crash_dump_exec_26_0) -(typeattribute device_26_0) -(roletype object_r device_26_0) -(typeattribute alarm_device_26_0) -(roletype object_r alarm_device_26_0) -(typeattribute ashmem_device_26_0) -(roletype object_r ashmem_device_26_0) -(typeattribute audio_device_26_0) -(roletype object_r audio_device_26_0) -(typeattribute audio_timer_device_26_0) -(roletype object_r audio_timer_device_26_0) -(typeattribute audio_seq_device_26_0) -(roletype object_r audio_seq_device_26_0) -(typeattribute binder_device_26_0) -(roletype object_r binder_device_26_0) -(typeattribute hwbinder_device_26_0) -(roletype object_r hwbinder_device_26_0) -(typeattribute vndbinder_device_26_0) -(roletype object_r vndbinder_device_26_0) -(typeattribute block_device_26_0) -(roletype object_r block_device_26_0) -(typeattribute camera_device_26_0) -(roletype object_r camera_device_26_0) -(typeattribute dm_device_26_0) -(roletype object_r dm_device_26_0) -(typeattribute keychord_device_26_0) -(roletype object_r keychord_device_26_0) -(typeattribute loop_control_device_26_0) -(roletype object_r loop_control_device_26_0) -(typeattribute loop_device_26_0) -(roletype object_r loop_device_26_0) -(typeattribute pmsg_device_26_0) -(roletype object_r pmsg_device_26_0) -(typeattribute radio_device_26_0) -(roletype object_r radio_device_26_0) -(typeattribute ram_device_26_0) -(roletype object_r ram_device_26_0) -(typeattribute rtc_device_26_0) -(roletype object_r rtc_device_26_0) -(typeattribute vold_device_26_0) -(roletype object_r vold_device_26_0) -(typeattribute console_device_26_0) -(roletype object_r console_device_26_0) -(typeattribute cpuctl_device_26_0) -(roletype object_r cpuctl_device_26_0) -(typeattribute fscklogs_26_0) -(roletype object_r fscklogs_26_0) -(typeattribute full_device_26_0) -(roletype object_r full_device_26_0) -(typeattribute gpu_device_26_0) -(roletype object_r gpu_device_26_0) -(typeattribute graphics_device_26_0) -(roletype object_r graphics_device_26_0) -(typeattribute hw_random_device_26_0) -(roletype object_r hw_random_device_26_0) -(typeattribute input_device_26_0) -(roletype object_r input_device_26_0) -(typeattribute kmem_device_26_0) -(roletype object_r kmem_device_26_0) -(typeattribute port_device_26_0) -(roletype object_r port_device_26_0) -(typeattribute log_device_26_0) -(roletype object_r log_device_26_0) -(typeattribute mtd_device_26_0) -(roletype object_r mtd_device_26_0) -(typeattribute mtp_device_26_0) -(roletype object_r mtp_device_26_0) -(typeattribute nfc_device_26_0) -(roletype object_r nfc_device_26_0) -(typeattribute ptmx_device_26_0) -(roletype object_r ptmx_device_26_0) -(typeattribute kmsg_device_26_0) -(roletype object_r kmsg_device_26_0) -(typeattribute null_device_26_0) -(roletype object_r null_device_26_0) -(typeattribute random_device_26_0) -(roletype object_r random_device_26_0) -(typeattribute sensors_device_26_0) -(roletype object_r sensors_device_26_0) -(typeattribute serial_device_26_0) -(roletype object_r serial_device_26_0) -(typeattribute socket_device_26_0) -(roletype object_r socket_device_26_0) -(typeattribute owntty_device_26_0) -(roletype object_r owntty_device_26_0) -(typeattribute tty_device_26_0) -(roletype object_r tty_device_26_0) -(typeattribute video_device_26_0) -(roletype object_r video_device_26_0) -(typeattribute vcs_device_26_0) -(roletype object_r vcs_device_26_0) -(typeattribute zero_device_26_0) -(roletype object_r zero_device_26_0) -(typeattribute fuse_device_26_0) -(roletype object_r fuse_device_26_0) -(typeattribute iio_device_26_0) -(roletype object_r iio_device_26_0) -(typeattribute ion_device_26_0) -(roletype object_r ion_device_26_0) -(typeattribute qtaguid_device_26_0) -(roletype object_r qtaguid_device_26_0) -(typeattribute watchdog_device_26_0) -(roletype object_r watchdog_device_26_0) -(typeattribute uhid_device_26_0) -(roletype object_r uhid_device_26_0) -(typeattribute uio_device_26_0) -(roletype object_r uio_device_26_0) -(typeattribute tun_device_26_0) -(roletype object_r tun_device_26_0) -(typeattribute usbaccessory_device_26_0) -(roletype object_r usbaccessory_device_26_0) -(typeattribute usb_device_26_0) -(roletype object_r usb_device_26_0) -(typeattribute properties_device_26_0) -(roletype object_r properties_device_26_0) -(typeattribute properties_serial_26_0) -(roletype object_r properties_serial_26_0) -(typeattribute i2c_device_26_0) -(roletype object_r i2c_device_26_0) -(typeattribute hci_attach_dev_26_0) -(roletype object_r hci_attach_dev_26_0) -(typeattribute rpmsg_device_26_0) -(roletype object_r rpmsg_device_26_0) -(typeattribute root_block_device_26_0) -(roletype object_r root_block_device_26_0) -(typeattribute frp_block_device_26_0) -(roletype object_r frp_block_device_26_0) -(typeattribute system_block_device_26_0) -(roletype object_r system_block_device_26_0) -(typeattribute recovery_block_device_26_0) -(roletype object_r recovery_block_device_26_0) -(typeattribute boot_block_device_26_0) -(roletype object_r boot_block_device_26_0) -(typeattribute userdata_block_device_26_0) -(roletype object_r userdata_block_device_26_0) -(typeattribute cache_block_device_26_0) -(roletype object_r cache_block_device_26_0) -(typeattribute swap_block_device_26_0) -(roletype object_r swap_block_device_26_0) -(typeattribute metadata_block_device_26_0) -(roletype object_r metadata_block_device_26_0) -(typeattribute misc_block_device_26_0) -(roletype object_r misc_block_device_26_0) -(typeattribute dex2oat_26_0) -(roletype object_r dex2oat_26_0) -(typeattribute dex2oat_exec_26_0) -(roletype object_r dex2oat_exec_26_0) -(typeattribute dhcp_26_0) -(roletype object_r dhcp_26_0) -(typeattribute dhcp_exec_26_0) -(roletype object_r dhcp_exec_26_0) -(typeattribute dnsmasq_26_0) -(roletype object_r dnsmasq_26_0) -(typeattribute dnsmasq_exec_26_0) -(roletype object_r dnsmasq_exec_26_0) -(typeattribute drmserver_26_0) -(roletype object_r drmserver_26_0) -(typeattribute drmserver_exec_26_0) -(roletype object_r drmserver_exec_26_0) -(typeattribute drmserver_socket_26_0) -(roletype object_r drmserver_socket_26_0) -(typeattribute dumpstate_26_0) -(roletype object_r dumpstate_26_0) -(typeattribute dumpstate_exec_26_0) -(roletype object_r dumpstate_exec_26_0) -(typeattribute ephemeral_app_26_0) -(roletype object_r ephemeral_app_26_0) -(typeattribute labeledfs_26_0) -(roletype object_r labeledfs_26_0) -(typeattribute pipefs_26_0) -(roletype object_r pipefs_26_0) -(typeattribute sockfs_26_0) -(roletype object_r sockfs_26_0) -(typeattribute rootfs_26_0) -(roletype object_r rootfs_26_0) -(typeattribute proc_26_0) -(roletype object_r proc_26_0) -(typeattribute proc_security_26_0) -(roletype object_r proc_security_26_0) -(typeattribute proc_drop_caches_26_0) -(roletype object_r proc_drop_caches_26_0) -(typeattribute proc_overcommit_memory_26_0) -(roletype object_r proc_overcommit_memory_26_0) -(typeattribute usermodehelper_26_0) -(roletype object_r usermodehelper_26_0) -(typeattribute qtaguid_proc_26_0) -(roletype object_r qtaguid_proc_26_0) -(typeattribute proc_bluetooth_writable_26_0) -(roletype object_r proc_bluetooth_writable_26_0) -(typeattribute proc_cpuinfo_26_0) -(roletype object_r proc_cpuinfo_26_0) -(typeattribute proc_interrupts_26_0) -(roletype object_r proc_interrupts_26_0) -(typeattribute proc_iomem_26_0) -(roletype object_r proc_iomem_26_0) -(typeattribute proc_meminfo_26_0) -(roletype object_r proc_meminfo_26_0) -(typeattribute proc_misc_26_0) -(roletype object_r proc_misc_26_0) -(typeattribute proc_modules_26_0) -(roletype object_r proc_modules_26_0) -(typeattribute proc_net_26_0) -(roletype object_r proc_net_26_0) -(typeattribute proc_perf_26_0) -(roletype object_r proc_perf_26_0) -(typeattribute proc_stat_26_0) -(roletype object_r proc_stat_26_0) -(typeattribute proc_sysrq_26_0) -(roletype object_r proc_sysrq_26_0) -(typeattribute proc_timer_26_0) -(roletype object_r proc_timer_26_0) -(typeattribute proc_tty_drivers_26_0) -(roletype object_r proc_tty_drivers_26_0) -(typeattribute proc_uid_cputime_showstat_26_0) -(roletype object_r proc_uid_cputime_showstat_26_0) -(typeattribute proc_uid_cputime_removeuid_26_0) -(roletype object_r proc_uid_cputime_removeuid_26_0) -(typeattribute proc_uid_io_stats_26_0) -(roletype object_r proc_uid_io_stats_26_0) -(typeattribute proc_uid_procstat_set_26_0) -(roletype object_r proc_uid_procstat_set_26_0) -(typeattribute proc_zoneinfo_26_0) -(roletype object_r proc_zoneinfo_26_0) -(typeattribute selinuxfs_26_0) -(roletype object_r selinuxfs_26_0) -(typeattribute cgroup_26_0) -(roletype object_r cgroup_26_0) -(typeattribute sysfs_26_0) -(roletype object_r sysfs_26_0) -(typeattribute sysfs_uio_26_0) -(roletype object_r sysfs_uio_26_0) -(typeattribute sysfs_batteryinfo_26_0) -(roletype object_r sysfs_batteryinfo_26_0) -(typeattribute sysfs_bluetooth_writable_26_0) -(roletype object_r sysfs_bluetooth_writable_26_0) -(typeattribute sysfs_leds_26_0) -(roletype object_r sysfs_leds_26_0) -(typeattribute sysfs_hwrandom_26_0) -(roletype object_r sysfs_hwrandom_26_0) -(typeattribute sysfs_nfc_power_writable_26_0) -(roletype object_r sysfs_nfc_power_writable_26_0) -(typeattribute sysfs_wake_lock_26_0) -(roletype object_r sysfs_wake_lock_26_0) -(typeattribute sysfs_mac_address_26_0) -(roletype object_r sysfs_mac_address_26_0) -(typeattribute sysfs_usb_26_0) -(roletype object_r sysfs_usb_26_0) -(typeattribute configfs_26_0) -(roletype object_r configfs_26_0) -(typeattribute sysfs_devices_system_cpu_26_0) -(roletype object_r sysfs_devices_system_cpu_26_0) -(typeattribute sysfs_lowmemorykiller_26_0) -(roletype object_r sysfs_lowmemorykiller_26_0) -(typeattribute sysfs_wlan_fwpath_26_0) -(roletype object_r sysfs_wlan_fwpath_26_0) -(typeattribute sysfs_vibrator_26_0) -(roletype object_r sysfs_vibrator_26_0) -(typeattribute sysfs_thermal_26_0) -(roletype object_r sysfs_thermal_26_0) -(typeattribute sysfs_zram_26_0) -(roletype object_r sysfs_zram_26_0) -(typeattribute sysfs_zram_uevent_26_0) -(roletype object_r sysfs_zram_uevent_26_0) -(typeattribute inotify_26_0) -(roletype object_r inotify_26_0) -(typeattribute devpts_26_0) -(roletype object_r devpts_26_0) -(typeattribute tmpfs_26_0) -(roletype object_r tmpfs_26_0) -(typeattribute shm_26_0) -(roletype object_r shm_26_0) -(typeattribute mqueue_26_0) -(roletype object_r mqueue_26_0) -(typeattribute fuse_26_0) -(roletype object_r fuse_26_0) -(typeattribute sdcardfs_26_0) -(roletype object_r sdcardfs_26_0) -(typeattribute vfat_26_0) -(roletype object_r vfat_26_0) -(typeattribute debugfs_26_0) -(roletype object_r debugfs_26_0) -(typeattribute debugfs_mmc_26_0) -(roletype object_r debugfs_mmc_26_0) -(typeattribute debugfs_trace_marker_26_0) -(roletype object_r debugfs_trace_marker_26_0) -(typeattribute debugfs_tracing_26_0) -(roletype object_r debugfs_tracing_26_0) -(typeattribute debugfs_tracing_instances_26_0) -(roletype object_r debugfs_tracing_instances_26_0) -(typeattribute debugfs_wifi_tracing_26_0) -(roletype object_r debugfs_wifi_tracing_26_0) -(typeattribute tracing_shell_writable_26_0) -(roletype object_r tracing_shell_writable_26_0) -(typeattribute tracing_shell_writable_debug_26_0) -(roletype object_r tracing_shell_writable_debug_26_0) -(typeattribute pstorefs_26_0) -(roletype object_r pstorefs_26_0) -(typeattribute functionfs_26_0) -(roletype object_r functionfs_26_0) -(typeattribute oemfs_26_0) -(roletype object_r oemfs_26_0) -(typeattribute usbfs_26_0) -(roletype object_r usbfs_26_0) -(typeattribute binfmt_miscfs_26_0) -(roletype object_r binfmt_miscfs_26_0) -(typeattribute app_fusefs_26_0) -(roletype object_r app_fusefs_26_0) -(typeattribute unlabeled_26_0) -(roletype object_r unlabeled_26_0) -(typeattribute system_file_26_0) -(roletype object_r system_file_26_0) -(typeattribute vendor_hal_file_26_0) -(roletype object_r vendor_hal_file_26_0) -(typeattribute vendor_file_26_0) -(roletype object_r vendor_file_26_0) -(typeattribute vendor_app_file_26_0) -(roletype object_r vendor_app_file_26_0) -(typeattribute vendor_configs_file_26_0) -(roletype object_r vendor_configs_file_26_0) -(typeattribute same_process_hal_file_26_0) -(roletype object_r same_process_hal_file_26_0) -(typeattribute vndk_sp_file_26_0) -(roletype object_r vndk_sp_file_26_0) -(typeattribute vendor_framework_file_26_0) -(roletype object_r vendor_framework_file_26_0) -(typeattribute vendor_overlay_file_26_0) -(roletype object_r vendor_overlay_file_26_0) -(typeattribute runtime_event_log_tags_file_26_0) -(roletype object_r runtime_event_log_tags_file_26_0) -(typeattribute logcat_exec_26_0) -(roletype object_r logcat_exec_26_0) -(typeattribute coredump_file_26_0) -(roletype object_r coredump_file_26_0) -(typeattribute system_data_file_26_0) -(roletype object_r system_data_file_26_0) -(typeattribute unencrypted_data_file_26_0) -(roletype object_r unencrypted_data_file_26_0) -(typeattribute install_data_file_26_0) -(roletype object_r install_data_file_26_0) -(typeattribute drm_data_file_26_0) -(roletype object_r drm_data_file_26_0) -(typeattribute adb_data_file_26_0) -(roletype object_r adb_data_file_26_0) -(typeattribute anr_data_file_26_0) -(roletype object_r anr_data_file_26_0) -(typeattribute tombstone_data_file_26_0) -(roletype object_r tombstone_data_file_26_0) -(typeattribute apk_data_file_26_0) -(roletype object_r apk_data_file_26_0) -(typeattribute apk_tmp_file_26_0) -(roletype object_r apk_tmp_file_26_0) -(typeattribute apk_private_data_file_26_0) -(roletype object_r apk_private_data_file_26_0) -(typeattribute apk_private_tmp_file_26_0) -(roletype object_r apk_private_tmp_file_26_0) -(typeattribute dalvikcache_data_file_26_0) -(roletype object_r dalvikcache_data_file_26_0) -(typeattribute ota_data_file_26_0) -(roletype object_r ota_data_file_26_0) -(typeattribute ota_package_file_26_0) -(roletype object_r ota_package_file_26_0) -(typeattribute user_profile_data_file_26_0) -(roletype object_r user_profile_data_file_26_0) -(typeattribute profman_dump_data_file_26_0) -(roletype object_r profman_dump_data_file_26_0) -(typeattribute resourcecache_data_file_26_0) -(roletype object_r resourcecache_data_file_26_0) -(typeattribute shell_data_file_26_0) -(roletype object_r shell_data_file_26_0) -(typeattribute property_data_file_26_0) -(roletype object_r property_data_file_26_0) -(typeattribute bootchart_data_file_26_0) -(roletype object_r bootchart_data_file_26_0) -(typeattribute heapdump_data_file_26_0) -(roletype object_r heapdump_data_file_26_0) -(typeattribute nativetest_data_file_26_0) -(roletype object_r nativetest_data_file_26_0) -(typeattribute ringtone_file_26_0) -(roletype object_r ringtone_file_26_0) -(typeattribute preloads_data_file_26_0) -(roletype object_r preloads_data_file_26_0) -(typeattribute preloads_media_file_26_0) -(roletype object_r preloads_media_file_26_0) -(typeattribute dhcp_data_file_26_0) -(roletype object_r dhcp_data_file_26_0) -(typeattribute mnt_media_rw_file_26_0) -(roletype object_r mnt_media_rw_file_26_0) -(typeattribute mnt_user_file_26_0) -(roletype object_r mnt_user_file_26_0) -(typeattribute mnt_expand_file_26_0) -(roletype object_r mnt_expand_file_26_0) -(typeattribute storage_file_26_0) -(roletype object_r storage_file_26_0) -(typeattribute mnt_media_rw_stub_file_26_0) -(roletype object_r mnt_media_rw_stub_file_26_0) -(typeattribute storage_stub_file_26_0) -(roletype object_r storage_stub_file_26_0) -(typeattribute postinstall_mnt_dir_26_0) -(roletype object_r postinstall_mnt_dir_26_0) -(typeattribute postinstall_file_26_0) -(roletype object_r postinstall_file_26_0) -(typeattribute adb_keys_file_26_0) -(roletype object_r adb_keys_file_26_0) -(typeattribute audio_data_file_26_0) -(roletype object_r audio_data_file_26_0) -(typeattribute audiohal_data_file_26_0) -(roletype object_r audiohal_data_file_26_0) -(typeattribute audioserver_data_file_26_0) -(roletype object_r audioserver_data_file_26_0) -(typeattribute bluetooth_data_file_26_0) -(roletype object_r bluetooth_data_file_26_0) -(typeattribute bluetooth_logs_data_file_26_0) -(roletype object_r bluetooth_logs_data_file_26_0) -(typeattribute bootstat_data_file_26_0) -(roletype object_r bootstat_data_file_26_0) -(typeattribute boottrace_data_file_26_0) -(roletype object_r boottrace_data_file_26_0) -(typeattribute camera_data_file_26_0) -(roletype object_r camera_data_file_26_0) -(typeattribute gatekeeper_data_file_26_0) -(roletype object_r gatekeeper_data_file_26_0) -(typeattribute incident_data_file_26_0) -(roletype object_r incident_data_file_26_0) -(typeattribute keychain_data_file_26_0) -(roletype object_r keychain_data_file_26_0) -(typeattribute keystore_data_file_26_0) -(roletype object_r keystore_data_file_26_0) -(typeattribute media_data_file_26_0) -(roletype object_r media_data_file_26_0) -(typeattribute media_rw_data_file_26_0) -(roletype object_r media_rw_data_file_26_0) -(typeattribute misc_user_data_file_26_0) -(roletype object_r misc_user_data_file_26_0) -(typeattribute net_data_file_26_0) -(roletype object_r net_data_file_26_0) -(typeattribute nfc_data_file_26_0) -(roletype object_r nfc_data_file_26_0) -(typeattribute radio_data_file_26_0) -(roletype object_r radio_data_file_26_0) -(typeattribute reboot_data_file_26_0) -(roletype object_r reboot_data_file_26_0) -(typeattribute recovery_data_file_26_0) -(roletype object_r recovery_data_file_26_0) -(typeattribute shared_relro_file_26_0) -(roletype object_r shared_relro_file_26_0) -(typeattribute systemkeys_data_file_26_0) -(roletype object_r systemkeys_data_file_26_0) -(typeattribute textclassifier_data_file_26_0) -(roletype object_r textclassifier_data_file_26_0) -(typeattribute vpn_data_file_26_0) -(roletype object_r vpn_data_file_26_0) -(typeattribute wifi_data_file_26_0) -(roletype object_r wifi_data_file_26_0) -(typeattribute zoneinfo_data_file_26_0) -(roletype object_r zoneinfo_data_file_26_0) -(typeattribute vold_data_file_26_0) -(roletype object_r vold_data_file_26_0) -(typeattribute perfprofd_data_file_26_0) -(roletype object_r perfprofd_data_file_26_0) -(typeattribute tee_data_file_26_0) -(roletype object_r tee_data_file_26_0) -(typeattribute update_engine_data_file_26_0) -(roletype object_r update_engine_data_file_26_0) -(typeattribute method_trace_data_file_26_0) -(roletype object_r method_trace_data_file_26_0) -(typeattribute app_data_file_26_0) -(roletype object_r app_data_file_26_0) -(typeattribute system_app_data_file_26_0) -(roletype object_r system_app_data_file_26_0) -(typeattribute cache_file_26_0) -(roletype object_r cache_file_26_0) -(typeattribute cache_backup_file_26_0) -(roletype object_r cache_backup_file_26_0) -(typeattribute cache_private_backup_file_26_0) -(roletype object_r cache_private_backup_file_26_0) -(typeattribute cache_recovery_file_26_0) -(roletype object_r cache_recovery_file_26_0) -(typeattribute efs_file_26_0) -(roletype object_r efs_file_26_0) -(typeattribute wallpaper_file_26_0) -(roletype object_r wallpaper_file_26_0) -(typeattribute shortcut_manager_icons_26_0) -(roletype object_r shortcut_manager_icons_26_0) -(typeattribute icon_file_26_0) -(roletype object_r icon_file_26_0) -(typeattribute asec_apk_file_26_0) -(roletype object_r asec_apk_file_26_0) -(typeattribute asec_public_file_26_0) -(roletype object_r asec_public_file_26_0) -(typeattribute asec_image_file_26_0) -(roletype object_r asec_image_file_26_0) -(typeattribute backup_data_file_26_0) -(roletype object_r backup_data_file_26_0) -(typeattribute bluetooth_efs_file_26_0) -(roletype object_r bluetooth_efs_file_26_0) -(typeattribute fingerprintd_data_file_26_0) -(roletype object_r fingerprintd_data_file_26_0) -(typeattribute app_fuse_file_26_0) -(roletype object_r app_fuse_file_26_0) -(typeattribute adbd_socket_26_0) -(roletype object_r adbd_socket_26_0) -(typeattribute bluetooth_socket_26_0) -(roletype object_r bluetooth_socket_26_0) -(typeattribute dnsproxyd_socket_26_0) -(roletype object_r dnsproxyd_socket_26_0) -(typeattribute dumpstate_socket_26_0) -(roletype object_r dumpstate_socket_26_0) -(typeattribute fwmarkd_socket_26_0) -(roletype object_r fwmarkd_socket_26_0) -(typeattribute lmkd_socket_26_0) -(roletype object_r lmkd_socket_26_0) -(typeattribute logd_socket_26_0) -(roletype object_r logd_socket_26_0) -(typeattribute logdr_socket_26_0) -(roletype object_r logdr_socket_26_0) -(typeattribute logdw_socket_26_0) -(roletype object_r logdw_socket_26_0) -(typeattribute mdns_socket_26_0) -(roletype object_r mdns_socket_26_0) -(typeattribute mdnsd_socket_26_0) -(roletype object_r mdnsd_socket_26_0) -(typeattribute misc_logd_file_26_0) -(roletype object_r misc_logd_file_26_0) -(typeattribute mtpd_socket_26_0) -(roletype object_r mtpd_socket_26_0) -(typeattribute netd_socket_26_0) -(roletype object_r netd_socket_26_0) -(typeattribute property_socket_26_0) -(roletype object_r property_socket_26_0) -(typeattribute racoon_socket_26_0) -(roletype object_r racoon_socket_26_0) -(typeattribute rild_socket_26_0) -(roletype object_r rild_socket_26_0) -(typeattribute rild_debug_socket_26_0) -(roletype object_r rild_debug_socket_26_0) -(typeattribute system_wpa_socket_26_0) -(roletype object_r system_wpa_socket_26_0) -(typeattribute system_ndebug_socket_26_0) -(roletype object_r system_ndebug_socket_26_0) -(typeattribute tombstoned_crash_socket_26_0) -(roletype object_r tombstoned_crash_socket_26_0) -(typeattribute tombstoned_intercept_socket_26_0) -(roletype object_r tombstoned_intercept_socket_26_0) -(typeattribute uncrypt_socket_26_0) -(roletype object_r uncrypt_socket_26_0) -(typeattribute vold_socket_26_0) -(roletype object_r vold_socket_26_0) -(typeattribute webview_zygote_socket_26_0) -(roletype object_r webview_zygote_socket_26_0) -(typeattribute wpa_socket_26_0) -(roletype object_r wpa_socket_26_0) -(typeattribute zygote_socket_26_0) -(roletype object_r zygote_socket_26_0) -(typeattribute gps_control_26_0) -(roletype object_r gps_control_26_0) -(typeattribute pdx_display_dir_26_0) -(roletype object_r pdx_display_dir_26_0) -(typeattribute pdx_performance_dir_26_0) -(roletype object_r pdx_performance_dir_26_0) -(typeattribute pdx_bufferhub_dir_26_0) -(roletype object_r pdx_bufferhub_dir_26_0) -(typeattribute pdx_display_client_endpoint_socket_26_0) -(roletype object_r pdx_display_client_endpoint_socket_26_0) -(typeattribute pdx_display_client_channel_socket_26_0) -(roletype object_r pdx_display_client_channel_socket_26_0) -(typeattribute pdx_display_manager_endpoint_socket_26_0) -(roletype object_r pdx_display_manager_endpoint_socket_26_0) -(typeattribute pdx_display_manager_channel_socket_26_0) -(roletype object_r pdx_display_manager_channel_socket_26_0) -(typeattribute pdx_display_screenshot_endpoint_socket_26_0) -(roletype object_r pdx_display_screenshot_endpoint_socket_26_0) -(typeattribute pdx_display_screenshot_channel_socket_26_0) -(roletype object_r pdx_display_screenshot_channel_socket_26_0) -(typeattribute pdx_display_vsync_endpoint_socket_26_0) -(roletype object_r pdx_display_vsync_endpoint_socket_26_0) -(typeattribute pdx_display_vsync_channel_socket_26_0) -(roletype object_r pdx_display_vsync_channel_socket_26_0) -(typeattribute pdx_performance_client_endpoint_socket_26_0) -(roletype object_r pdx_performance_client_endpoint_socket_26_0) -(typeattribute pdx_performance_client_channel_socket_26_0) -(roletype object_r pdx_performance_client_channel_socket_26_0) -(typeattribute pdx_bufferhub_client_endpoint_socket_26_0) -(roletype object_r pdx_bufferhub_client_endpoint_socket_26_0) -(typeattribute pdx_bufferhub_client_channel_socket_26_0) -(roletype object_r pdx_bufferhub_client_channel_socket_26_0) -(typeattribute file_contexts_file_26_0) -(roletype object_r file_contexts_file_26_0) -(typeattribute mac_perms_file_26_0) -(roletype object_r mac_perms_file_26_0) -(typeattribute property_contexts_file_26_0) -(roletype object_r property_contexts_file_26_0) -(typeattribute seapp_contexts_file_26_0) -(roletype object_r seapp_contexts_file_26_0) -(typeattribute sepolicy_file_26_0) -(roletype object_r sepolicy_file_26_0) -(typeattribute service_contexts_file_26_0) -(roletype object_r service_contexts_file_26_0) -(typeattribute hwservice_contexts_file_26_0) -(roletype object_r hwservice_contexts_file_26_0) -(typeattribute vndservice_contexts_file_26_0) -(roletype object_r vndservice_contexts_file_26_0) -(typeattribute fingerprintd_26_0) -(roletype object_r fingerprintd_26_0) -(typeattribute fingerprintd_exec_26_0) -(roletype object_r fingerprintd_exec_26_0) -(typeattribute fsck_26_0) -(roletype object_r fsck_26_0) -(typeattribute fsck_exec_26_0) -(roletype object_r fsck_exec_26_0) -(typeattribute fsck_untrusted_26_0) -(roletype object_r fsck_untrusted_26_0) -(typeattribute gatekeeperd_26_0) -(roletype object_r gatekeeperd_26_0) -(typeattribute gatekeeperd_exec_26_0) -(roletype object_r gatekeeperd_exec_26_0) -(typeattribute healthd_26_0) -(roletype object_r healthd_26_0) -(typeattribute healthd_exec_26_0) -(roletype object_r healthd_exec_26_0) -(typeattribute default_android_hwservice_26_0) -(roletype object_r default_android_hwservice_26_0) -(typeattribute fwk_display_hwservice_26_0) -(roletype object_r fwk_display_hwservice_26_0) -(typeattribute fwk_scheduler_hwservice_26_0) -(roletype object_r fwk_scheduler_hwservice_26_0) -(typeattribute fwk_sensor_hwservice_26_0) -(roletype object_r fwk_sensor_hwservice_26_0) -(typeattribute hal_audio_hwservice_26_0) -(roletype object_r hal_audio_hwservice_26_0) -(typeattribute hal_bluetooth_hwservice_26_0) -(roletype object_r hal_bluetooth_hwservice_26_0) -(typeattribute hal_bootctl_hwservice_26_0) -(roletype object_r hal_bootctl_hwservice_26_0) -(typeattribute hal_camera_hwservice_26_0) -(roletype object_r hal_camera_hwservice_26_0) -(typeattribute hal_configstore_ISurfaceFlingerConfigs_26_0) -(roletype object_r hal_configstore_ISurfaceFlingerConfigs_26_0) -(typeattribute hal_contexthub_hwservice_26_0) -(roletype object_r hal_contexthub_hwservice_26_0) -(typeattribute hal_drm_hwservice_26_0) -(roletype object_r hal_drm_hwservice_26_0) -(typeattribute hal_dumpstate_hwservice_26_0) -(roletype object_r hal_dumpstate_hwservice_26_0) -(typeattribute hal_fingerprint_hwservice_26_0) -(roletype object_r hal_fingerprint_hwservice_26_0) -(typeattribute hal_gatekeeper_hwservice_26_0) -(roletype object_r hal_gatekeeper_hwservice_26_0) -(typeattribute hal_gnss_hwservice_26_0) -(roletype object_r hal_gnss_hwservice_26_0) -(typeattribute hal_graphics_allocator_hwservice_26_0) -(roletype object_r hal_graphics_allocator_hwservice_26_0) -(typeattribute hal_graphics_composer_hwservice_26_0) -(roletype object_r hal_graphics_composer_hwservice_26_0) -(typeattribute hal_graphics_mapper_hwservice_26_0) -(roletype object_r hal_graphics_mapper_hwservice_26_0) -(typeattribute hal_health_hwservice_26_0) -(roletype object_r hal_health_hwservice_26_0) -(typeattribute hal_ir_hwservice_26_0) -(roletype object_r hal_ir_hwservice_26_0) -(typeattribute hal_keymaster_hwservice_26_0) -(roletype object_r hal_keymaster_hwservice_26_0) -(typeattribute hal_light_hwservice_26_0) -(roletype object_r hal_light_hwservice_26_0) -(typeattribute hal_memtrack_hwservice_26_0) -(roletype object_r hal_memtrack_hwservice_26_0) -(typeattribute hal_nfc_hwservice_26_0) -(roletype object_r hal_nfc_hwservice_26_0) -(typeattribute hal_oemlock_hwservice_26_0) -(roletype object_r hal_oemlock_hwservice_26_0) -(typeattribute hal_omx_hwservice_26_0) -(roletype object_r hal_omx_hwservice_26_0) -(typeattribute hal_power_hwservice_26_0) -(roletype object_r hal_power_hwservice_26_0) -(typeattribute hal_renderscript_hwservice_26_0) -(roletype object_r hal_renderscript_hwservice_26_0) -(typeattribute hal_sensors_hwservice_26_0) -(roletype object_r hal_sensors_hwservice_26_0) -(typeattribute hal_telephony_hwservice_26_0) -(roletype object_r hal_telephony_hwservice_26_0) -(typeattribute hal_thermal_hwservice_26_0) -(roletype object_r hal_thermal_hwservice_26_0) -(typeattribute hal_tv_cec_hwservice_26_0) -(roletype object_r hal_tv_cec_hwservice_26_0) -(typeattribute hal_tv_input_hwservice_26_0) -(roletype object_r hal_tv_input_hwservice_26_0) -(typeattribute hal_usb_hwservice_26_0) -(roletype object_r hal_usb_hwservice_26_0) -(typeattribute hal_vibrator_hwservice_26_0) -(roletype object_r hal_vibrator_hwservice_26_0) -(typeattribute hal_vr_hwservice_26_0) -(roletype object_r hal_vr_hwservice_26_0) -(typeattribute hal_weaver_hwservice_26_0) -(roletype object_r hal_weaver_hwservice_26_0) -(typeattribute hal_wifi_hwservice_26_0) -(roletype object_r hal_wifi_hwservice_26_0) -(typeattribute hal_wifi_supplicant_hwservice_26_0) -(roletype object_r hal_wifi_supplicant_hwservice_26_0) -(typeattribute hidl_allocator_hwservice_26_0) -(roletype object_r hidl_allocator_hwservice_26_0) -(typeattribute hidl_base_hwservice_26_0) -(roletype object_r hidl_base_hwservice_26_0) -(typeattribute hidl_manager_hwservice_26_0) -(roletype object_r hidl_manager_hwservice_26_0) -(typeattribute hidl_memory_hwservice_26_0) -(roletype object_r hidl_memory_hwservice_26_0) -(typeattribute hidl_token_hwservice_26_0) -(roletype object_r hidl_token_hwservice_26_0) -(typeattribute system_wifi_keystore_hwservice_26_0) -(roletype object_r system_wifi_keystore_hwservice_26_0) -(typeattribute hwservicemanager_26_0) -(roletype object_r hwservicemanager_26_0) -(typeattribute hwservicemanager_exec_26_0) -(roletype object_r hwservicemanager_exec_26_0) -(typeattribute idmap_26_0) -(roletype object_r idmap_26_0) -(typeattribute idmap_exec_26_0) -(roletype object_r idmap_exec_26_0) -(typeattribute incident_26_0) -(roletype object_r incident_26_0) -(typeattribute incidentd_26_0) -(roletype object_r incidentd_26_0) -(typeattribute init_26_0) -(roletype object_r init_26_0) -(typeattribute init_exec_26_0) -(roletype object_r init_exec_26_0) -(typeattribute inputflinger_26_0) -(roletype object_r inputflinger_26_0) -(typeattribute inputflinger_exec_26_0) -(roletype object_r inputflinger_exec_26_0) -(typeattribute install_recovery_26_0) -(roletype object_r install_recovery_26_0) -(typeattribute install_recovery_exec_26_0) -(roletype object_r install_recovery_exec_26_0) -(typeattribute installd_26_0) -(roletype object_r installd_26_0) -(typeattribute installd_exec_26_0) -(roletype object_r installd_exec_26_0) -(typeattribute isolated_app_26_0) -(roletype object_r isolated_app_26_0) -(typeattribute kernel_26_0) -(roletype object_r kernel_26_0) -(typeattribute keystore_26_0) -(roletype object_r keystore_26_0) -(typeattribute keystore_exec_26_0) -(roletype object_r keystore_exec_26_0) -(typeattribute lmkd_26_0) -(roletype object_r lmkd_26_0) -(typeattribute lmkd_exec_26_0) -(roletype object_r lmkd_exec_26_0) -(typeattribute logd_26_0) -(roletype object_r logd_26_0) -(typeattribute logd_exec_26_0) -(roletype object_r logd_exec_26_0) -(typeattribute logpersist_26_0) -(roletype object_r logpersist_26_0) -(typeattribute mdnsd_26_0) -(roletype object_r mdnsd_26_0) -(typeattribute mediacodec_26_0) -(roletype object_r mediacodec_26_0) -(typeattribute mediacodec_exec_26_0) -(roletype object_r mediacodec_exec_26_0) -(typeattribute mediadrmserver_26_0) -(roletype object_r mediadrmserver_26_0) -(typeattribute mediadrmserver_exec_26_0) -(roletype object_r mediadrmserver_exec_26_0) -(typeattribute mediaextractor_26_0) -(roletype object_r mediaextractor_26_0) -(typeattribute mediaextractor_exec_26_0) -(roletype object_r mediaextractor_exec_26_0) -(typeattribute mediametrics_26_0) -(roletype object_r mediametrics_26_0) -(typeattribute mediametrics_exec_26_0) -(roletype object_r mediametrics_exec_26_0) -(typeattribute mediaserver_26_0) -(roletype object_r mediaserver_26_0) -(typeattribute mediaserver_exec_26_0) -(roletype object_r mediaserver_exec_26_0) -(typeattribute modprobe_26_0) -(roletype object_r modprobe_26_0) -(typeattribute mtp_26_0) -(roletype object_r mtp_26_0) -(typeattribute mtp_exec_26_0) -(roletype object_r mtp_exec_26_0) -(typeattribute node_26_0) -(roletype object_r node_26_0) -(typeattribute netif_26_0) -(roletype object_r netif_26_0) -(typeattribute port_26_0) -(roletype object_r port_26_0) -(typeattribute netd_26_0) -(roletype object_r netd_26_0) -(typeattribute netd_exec_26_0) -(roletype object_r netd_exec_26_0) -(typeattribute netutils_wrapper_26_0) -(roletype object_r netutils_wrapper_26_0) -(typeattribute netutils_wrapper_exec_26_0) -(roletype object_r netutils_wrapper_exec_26_0) -(typeattribute nfc_26_0) -(roletype object_r nfc_26_0) -(typeattribute otapreopt_chroot_26_0) -(roletype object_r otapreopt_chroot_26_0) -(typeattribute otapreopt_chroot_exec_26_0) -(roletype object_r otapreopt_chroot_exec_26_0) -(typeattribute otapreopt_slot_26_0) -(roletype object_r otapreopt_slot_26_0) -(typeattribute otapreopt_slot_exec_26_0) -(roletype object_r otapreopt_slot_exec_26_0) -(typeattribute performanced_26_0) -(roletype object_r performanced_26_0) -(typeattribute performanced_exec_26_0) -(roletype object_r performanced_exec_26_0) -(typeattribute perfprofd_26_0) -(roletype object_r perfprofd_26_0) -(typeattribute perfprofd_exec_26_0) -(roletype object_r perfprofd_exec_26_0) -(typeattribute platform_app_26_0) -(roletype object_r platform_app_26_0) -(typeattribute postinstall_26_0) -(roletype object_r postinstall_26_0) -(typeattribute postinstall_dexopt_26_0) -(roletype object_r postinstall_dexopt_26_0) -(typeattribute ppp_26_0) -(roletype object_r ppp_26_0) -(typeattribute ppp_device_26_0) -(roletype object_r ppp_device_26_0) -(typeattribute ppp_exec_26_0) -(roletype object_r ppp_exec_26_0) -(typeattribute preopt2cachename_26_0) -(roletype object_r preopt2cachename_26_0) -(typeattribute preopt2cachename_exec_26_0) -(roletype object_r preopt2cachename_exec_26_0) -(typeattribute priv_app_26_0) -(roletype object_r priv_app_26_0) -(typeattribute profman_26_0) -(roletype object_r profman_26_0) -(typeattribute profman_exec_26_0) -(roletype object_r profman_exec_26_0) -(typeattribute asan_reboot_prop_26_0) -(roletype object_r asan_reboot_prop_26_0) -(typeattribute audio_prop_26_0) -(roletype object_r audio_prop_26_0) -(typeattribute boottime_prop_26_0) -(roletype object_r boottime_prop_26_0) -(typeattribute bluetooth_prop_26_0) -(roletype object_r bluetooth_prop_26_0) -(typeattribute config_prop_26_0) -(roletype object_r config_prop_26_0) -(typeattribute cppreopt_prop_26_0) -(roletype object_r cppreopt_prop_26_0) -(typeattribute ctl_bootanim_prop_26_0) -(roletype object_r ctl_bootanim_prop_26_0) -(typeattribute ctl_bugreport_prop_26_0) -(roletype object_r ctl_bugreport_prop_26_0) -(typeattribute ctl_console_prop_26_0) -(roletype object_r ctl_console_prop_26_0) -(typeattribute ctl_default_prop_26_0) -(roletype object_r ctl_default_prop_26_0) -(typeattribute ctl_dumpstate_prop_26_0) -(roletype object_r ctl_dumpstate_prop_26_0) -(typeattribute ctl_fuse_prop_26_0) -(roletype object_r ctl_fuse_prop_26_0) -(typeattribute ctl_mdnsd_prop_26_0) -(roletype object_r ctl_mdnsd_prop_26_0) -(typeattribute ctl_rildaemon_prop_26_0) -(roletype object_r ctl_rildaemon_prop_26_0) -(typeattribute dalvik_prop_26_0) -(roletype object_r dalvik_prop_26_0) -(typeattribute debuggerd_prop_26_0) -(roletype object_r debuggerd_prop_26_0) -(typeattribute debug_prop_26_0) -(roletype object_r debug_prop_26_0) -(typeattribute default_prop_26_0) -(roletype object_r default_prop_26_0) -(typeattribute device_logging_prop_26_0) -(roletype object_r device_logging_prop_26_0) -(typeattribute dhcp_prop_26_0) -(roletype object_r dhcp_prop_26_0) -(typeattribute dumpstate_options_prop_26_0) -(roletype object_r dumpstate_options_prop_26_0) -(typeattribute dumpstate_prop_26_0) -(roletype object_r dumpstate_prop_26_0) -(typeattribute ffs_prop_26_0) -(roletype object_r ffs_prop_26_0) -(typeattribute fingerprint_prop_26_0) -(roletype object_r fingerprint_prop_26_0) -(typeattribute firstboot_prop_26_0) -(roletype object_r firstboot_prop_26_0) -(typeattribute hwservicemanager_prop_26_0) -(roletype object_r hwservicemanager_prop_26_0) -(typeattribute logd_prop_26_0) -(roletype object_r logd_prop_26_0) -(typeattribute logpersistd_logging_prop_26_0) -(roletype object_r logpersistd_logging_prop_26_0) -(typeattribute log_prop_26_0) -(roletype object_r log_prop_26_0) -(typeattribute log_tag_prop_26_0) -(roletype object_r log_tag_prop_26_0) -(typeattribute mmc_prop_26_0) -(roletype object_r mmc_prop_26_0) -(typeattribute net_dns_prop_26_0) -(roletype object_r net_dns_prop_26_0) -(typeattribute net_radio_prop_26_0) -(roletype object_r net_radio_prop_26_0) -(typeattribute nfc_prop_26_0) -(roletype object_r nfc_prop_26_0) -(typeattribute overlay_prop_26_0) -(roletype object_r overlay_prop_26_0) -(typeattribute pan_result_prop_26_0) -(roletype object_r pan_result_prop_26_0) -(typeattribute persist_debug_prop_26_0) -(roletype object_r persist_debug_prop_26_0) -(typeattribute persistent_properties_ready_prop_26_0) -(roletype object_r persistent_properties_ready_prop_26_0) -(typeattribute powerctl_prop_26_0) -(roletype object_r powerctl_prop_26_0) -(typeattribute radio_prop_26_0) -(roletype object_r radio_prop_26_0) -(typeattribute restorecon_prop_26_0) -(roletype object_r restorecon_prop_26_0) -(typeattribute safemode_prop_26_0) -(roletype object_r safemode_prop_26_0) -(typeattribute serialno_prop_26_0) -(roletype object_r serialno_prop_26_0) -(typeattribute shell_prop_26_0) -(roletype object_r shell_prop_26_0) -(typeattribute system_prop_26_0) -(roletype object_r system_prop_26_0) -(typeattribute system_radio_prop_26_0) -(roletype object_r system_radio_prop_26_0) -(typeattribute vold_prop_26_0) -(roletype object_r vold_prop_26_0) -(typeattribute wifi_log_prop_26_0) -(roletype object_r wifi_log_prop_26_0) -(typeattribute wifi_prop_26_0) -(roletype object_r wifi_prop_26_0) -(typeattribute racoon_26_0) -(roletype object_r racoon_26_0) -(typeattribute racoon_exec_26_0) -(roletype object_r racoon_exec_26_0) -(typeattribute radio_26_0) -(roletype object_r radio_26_0) -(typeattribute recovery_26_0) -(roletype object_r recovery_26_0) -(typeattribute recovery_persist_26_0) -(roletype object_r recovery_persist_26_0) -(typeattribute recovery_persist_exec_26_0) -(roletype object_r recovery_persist_exec_26_0) -(typeattribute recovery_refresh_26_0) -(roletype object_r recovery_refresh_26_0) -(typeattribute recovery_refresh_exec_26_0) -(roletype object_r recovery_refresh_exec_26_0) -(typeattribute rild_26_0) -(roletype object_r rild_26_0) -(typeattribute runas_26_0) -(roletype object_r runas_26_0) -(typeattribute runas_exec_26_0) -(roletype object_r runas_exec_26_0) -(typeattribute sdcardd_26_0) -(roletype object_r sdcardd_26_0) -(typeattribute sdcardd_exec_26_0) -(roletype object_r sdcardd_exec_26_0) -(typeattribute audioserver_service_26_0) -(roletype object_r audioserver_service_26_0) -(typeattribute batteryproperties_service_26_0) -(roletype object_r batteryproperties_service_26_0) -(typeattribute bluetooth_service_26_0) -(roletype object_r bluetooth_service_26_0) -(typeattribute cameraserver_service_26_0) -(roletype object_r cameraserver_service_26_0) -(typeattribute default_android_service_26_0) -(roletype object_r default_android_service_26_0) -(typeattribute drmserver_service_26_0) -(roletype object_r drmserver_service_26_0) -(typeattribute dumpstate_service_26_0) -(roletype object_r dumpstate_service_26_0) -(typeattribute fingerprintd_service_26_0) -(roletype object_r fingerprintd_service_26_0) -(typeattribute hal_fingerprint_service_26_0) -(roletype object_r hal_fingerprint_service_26_0) -(typeattribute gatekeeper_service_26_0) -(roletype object_r gatekeeper_service_26_0) -(typeattribute gpu_service_26_0) -(roletype object_r gpu_service_26_0) -(typeattribute inputflinger_service_26_0) -(roletype object_r inputflinger_service_26_0) -(typeattribute incident_service_26_0) -(roletype object_r incident_service_26_0) -(typeattribute installd_service_26_0) -(roletype object_r installd_service_26_0) -(typeattribute keystore_service_26_0) -(roletype object_r keystore_service_26_0) -(typeattribute mediaserver_service_26_0) -(roletype object_r mediaserver_service_26_0) -(typeattribute mediametrics_service_26_0) -(roletype object_r mediametrics_service_26_0) -(typeattribute mediaextractor_service_26_0) -(roletype object_r mediaextractor_service_26_0) -(typeattribute mediacodec_service_26_0) -(roletype object_r mediacodec_service_26_0) -(typeattribute mediadrmserver_service_26_0) -(roletype object_r mediadrmserver_service_26_0) -(typeattribute mediacasserver_service_26_0) -(roletype object_r mediacasserver_service_26_0) -(typeattribute netd_service_26_0) -(roletype object_r netd_service_26_0) -(typeattribute nfc_service_26_0) -(roletype object_r nfc_service_26_0) -(typeattribute radio_service_26_0) -(roletype object_r radio_service_26_0) -(typeattribute storaged_service_26_0) -(roletype object_r storaged_service_26_0) -(typeattribute surfaceflinger_service_26_0) -(roletype object_r surfaceflinger_service_26_0) -(typeattribute system_app_service_26_0) -(roletype object_r system_app_service_26_0) -(typeattribute update_engine_service_26_0) -(roletype object_r update_engine_service_26_0) -(typeattribute virtual_touchpad_service_26_0) -(roletype object_r virtual_touchpad_service_26_0) -(typeattribute vr_hwc_service_26_0) -(roletype object_r vr_hwc_service_26_0) -(typeattribute accessibility_service_26_0) -(roletype object_r accessibility_service_26_0) -(typeattribute account_service_26_0) -(roletype object_r account_service_26_0) -(typeattribute activity_service_26_0) -(roletype object_r activity_service_26_0) -(typeattribute alarm_service_26_0) -(roletype object_r alarm_service_26_0) -(typeattribute appops_service_26_0) -(roletype object_r appops_service_26_0) -(typeattribute appwidget_service_26_0) -(roletype object_r appwidget_service_26_0) -(typeattribute assetatlas_service_26_0) -(roletype object_r assetatlas_service_26_0) -(typeattribute audio_service_26_0) -(roletype object_r audio_service_26_0) -(typeattribute autofill_service_26_0) -(roletype object_r autofill_service_26_0) -(typeattribute backup_service_26_0) -(roletype object_r backup_service_26_0) -(typeattribute batterystats_service_26_0) -(roletype object_r batterystats_service_26_0) -(typeattribute battery_service_26_0) -(roletype object_r battery_service_26_0) -(typeattribute bluetooth_manager_service_26_0) -(roletype object_r bluetooth_manager_service_26_0) -(typeattribute cameraproxy_service_26_0) -(roletype object_r cameraproxy_service_26_0) -(typeattribute clipboard_service_26_0) -(roletype object_r clipboard_service_26_0) -(typeattribute contexthub_service_26_0) -(roletype object_r contexthub_service_26_0) -(typeattribute IProxyService_service_26_0) -(roletype object_r IProxyService_service_26_0) -(typeattribute commontime_management_service_26_0) -(roletype object_r commontime_management_service_26_0) -(typeattribute companion_device_service_26_0) -(roletype object_r companion_device_service_26_0) -(typeattribute connectivity_service_26_0) -(roletype object_r connectivity_service_26_0) -(typeattribute connmetrics_service_26_0) -(roletype object_r connmetrics_service_26_0) -(typeattribute consumer_ir_service_26_0) -(roletype object_r consumer_ir_service_26_0) -(typeattribute content_service_26_0) -(roletype object_r content_service_26_0) -(typeattribute country_detector_service_26_0) -(roletype object_r country_detector_service_26_0) -(typeattribute coverage_service_26_0) -(roletype object_r coverage_service_26_0) -(typeattribute cpuinfo_service_26_0) -(roletype object_r cpuinfo_service_26_0) -(typeattribute dbinfo_service_26_0) -(roletype object_r dbinfo_service_26_0) -(typeattribute device_policy_service_26_0) -(roletype object_r device_policy_service_26_0) -(typeattribute deviceidle_service_26_0) -(roletype object_r deviceidle_service_26_0) -(typeattribute device_identifiers_service_26_0) -(roletype object_r device_identifiers_service_26_0) -(typeattribute devicestoragemonitor_service_26_0) -(roletype object_r devicestoragemonitor_service_26_0) -(typeattribute diskstats_service_26_0) -(roletype object_r diskstats_service_26_0) -(typeattribute display_service_26_0) -(roletype object_r display_service_26_0) -(typeattribute font_service_26_0) -(roletype object_r font_service_26_0) -(typeattribute netd_listener_service_26_0) -(roletype object_r netd_listener_service_26_0) -(typeattribute DockObserver_service_26_0) -(roletype object_r DockObserver_service_26_0) -(typeattribute dreams_service_26_0) -(roletype object_r dreams_service_26_0) -(typeattribute dropbox_service_26_0) -(roletype object_r dropbox_service_26_0) -(typeattribute ethernet_service_26_0) -(roletype object_r ethernet_service_26_0) -(typeattribute fingerprint_service_26_0) -(roletype object_r fingerprint_service_26_0) -(typeattribute gfxinfo_service_26_0) -(roletype object_r gfxinfo_service_26_0) -(typeattribute graphicsstats_service_26_0) -(roletype object_r graphicsstats_service_26_0) -(typeattribute hardware_service_26_0) -(roletype object_r hardware_service_26_0) -(typeattribute hardware_properties_service_26_0) -(roletype object_r hardware_properties_service_26_0) -(typeattribute hdmi_control_service_26_0) -(roletype object_r hdmi_control_service_26_0) -(typeattribute input_method_service_26_0) -(roletype object_r input_method_service_26_0) -(typeattribute input_service_26_0) -(roletype object_r input_service_26_0) -(typeattribute imms_service_26_0) -(roletype object_r imms_service_26_0) -(typeattribute ipsec_service_26_0) -(roletype object_r ipsec_service_26_0) -(typeattribute jobscheduler_service_26_0) -(roletype object_r jobscheduler_service_26_0) -(typeattribute launcherapps_service_26_0) -(roletype object_r launcherapps_service_26_0) -(typeattribute location_service_26_0) -(roletype object_r location_service_26_0) -(typeattribute lock_settings_service_26_0) -(roletype object_r lock_settings_service_26_0) -(typeattribute media_projection_service_26_0) -(roletype object_r media_projection_service_26_0) -(typeattribute media_router_service_26_0) -(roletype object_r media_router_service_26_0) -(typeattribute media_session_service_26_0) -(roletype object_r media_session_service_26_0) -(typeattribute meminfo_service_26_0) -(roletype object_r meminfo_service_26_0) -(typeattribute midi_service_26_0) -(roletype object_r midi_service_26_0) -(typeattribute mount_service_26_0) -(roletype object_r mount_service_26_0) -(typeattribute netpolicy_service_26_0) -(roletype object_r netpolicy_service_26_0) -(typeattribute netstats_service_26_0) -(roletype object_r netstats_service_26_0) -(typeattribute network_management_service_26_0) -(roletype object_r network_management_service_26_0) -(typeattribute network_score_service_26_0) -(roletype object_r network_score_service_26_0) -(typeattribute network_time_update_service_26_0) -(roletype object_r network_time_update_service_26_0) -(typeattribute notification_service_26_0) -(roletype object_r notification_service_26_0) -(typeattribute oem_lock_service_26_0) -(roletype object_r oem_lock_service_26_0) -(typeattribute otadexopt_service_26_0) -(roletype object_r otadexopt_service_26_0) -(typeattribute overlay_service_26_0) -(roletype object_r overlay_service_26_0) -(typeattribute package_service_26_0) -(roletype object_r package_service_26_0) -(typeattribute permission_service_26_0) -(roletype object_r permission_service_26_0) -(typeattribute persistent_data_block_service_26_0) -(roletype object_r persistent_data_block_service_26_0) -(typeattribute pinner_service_26_0) -(roletype object_r pinner_service_26_0) -(typeattribute power_service_26_0) -(roletype object_r power_service_26_0) -(typeattribute print_service_26_0) -(roletype object_r print_service_26_0) -(typeattribute processinfo_service_26_0) -(roletype object_r processinfo_service_26_0) -(typeattribute procstats_service_26_0) -(roletype object_r procstats_service_26_0) -(typeattribute recovery_service_26_0) -(roletype object_r recovery_service_26_0) -(typeattribute registry_service_26_0) -(roletype object_r registry_service_26_0) -(typeattribute restrictions_service_26_0) -(roletype object_r restrictions_service_26_0) -(typeattribute rttmanager_service_26_0) -(roletype object_r rttmanager_service_26_0) -(typeattribute samplingprofiler_service_26_0) -(roletype object_r samplingprofiler_service_26_0) -(typeattribute scheduling_policy_service_26_0) -(roletype object_r scheduling_policy_service_26_0) -(typeattribute search_service_26_0) -(roletype object_r search_service_26_0) -(typeattribute sec_key_att_app_id_provider_service_26_0) -(roletype object_r sec_key_att_app_id_provider_service_26_0) -(typeattribute sensorservice_service_26_0) -(roletype object_r sensorservice_service_26_0) -(typeattribute serial_service_26_0) -(roletype object_r serial_service_26_0) -(typeattribute servicediscovery_service_26_0) -(roletype object_r servicediscovery_service_26_0) -(typeattribute settings_service_26_0) -(roletype object_r settings_service_26_0) -(typeattribute shortcut_service_26_0) -(roletype object_r shortcut_service_26_0) -(typeattribute statusbar_service_26_0) -(roletype object_r statusbar_service_26_0) -(typeattribute storagestats_service_26_0) -(roletype object_r storagestats_service_26_0) -(typeattribute task_service_26_0) -(roletype object_r task_service_26_0) -(typeattribute textclassification_service_26_0) -(roletype object_r textclassification_service_26_0) -(typeattribute textservices_service_26_0) -(roletype object_r textservices_service_26_0) -(typeattribute telecom_service_26_0) -(roletype object_r telecom_service_26_0) -(typeattribute trust_service_26_0) -(roletype object_r trust_service_26_0) -(typeattribute tv_input_service_26_0) -(roletype object_r tv_input_service_26_0) -(typeattribute uimode_service_26_0) -(roletype object_r uimode_service_26_0) -(typeattribute updatelock_service_26_0) -(roletype object_r updatelock_service_26_0) -(typeattribute usagestats_service_26_0) -(roletype object_r usagestats_service_26_0) -(typeattribute usb_service_26_0) -(roletype object_r usb_service_26_0) -(typeattribute user_service_26_0) -(roletype object_r user_service_26_0) -(typeattribute vibrator_service_26_0) -(roletype object_r vibrator_service_26_0) -(typeattribute voiceinteraction_service_26_0) -(roletype object_r voiceinteraction_service_26_0) -(typeattribute vr_manager_service_26_0) -(roletype object_r vr_manager_service_26_0) -(typeattribute wallpaper_service_26_0) -(roletype object_r wallpaper_service_26_0) -(typeattribute webviewupdate_service_26_0) -(roletype object_r webviewupdate_service_26_0) -(typeattribute wifip2p_service_26_0) -(roletype object_r wifip2p_service_26_0) -(typeattribute wifiscanner_service_26_0) -(roletype object_r wifiscanner_service_26_0) -(typeattribute wifi_service_26_0) -(roletype object_r wifi_service_26_0) -(typeattribute wificond_service_26_0) -(roletype object_r wificond_service_26_0) -(typeattribute wifiaware_service_26_0) -(roletype object_r wifiaware_service_26_0) -(typeattribute window_service_26_0) -(roletype object_r window_service_26_0) -(typeattribute servicemanager_26_0) -(roletype object_r servicemanager_26_0) -(typeattribute servicemanager_exec_26_0) -(roletype object_r servicemanager_exec_26_0) -(typeattribute sgdisk_26_0) -(roletype object_r sgdisk_26_0) -(typeattribute sgdisk_exec_26_0) -(roletype object_r sgdisk_exec_26_0) -(typeattribute shared_relro_26_0) -(roletype object_r shared_relro_26_0) -(typeattribute shell_26_0) -(roletype object_r shell_26_0) -(typeattribute shell_exec_26_0) -(roletype object_r shell_exec_26_0) -(typeattribute slideshow_26_0) -(roletype object_r slideshow_26_0) -(typeattribute su_26_0) -(roletype object_r su_26_0) -(typeattribute su_exec_26_0) -(roletype object_r su_exec_26_0) -(typeattribute surfaceflinger_26_0) -(roletype object_r surfaceflinger_26_0) -(typeattribute system_app_26_0) -(roletype object_r system_app_26_0) -(typeattribute system_server_26_0) -(roletype object_r system_server_26_0) -(typeattribute tee_26_0) -(roletype object_r tee_26_0) -(typeattribute tee_device_26_0) -(roletype object_r tee_device_26_0) -(typeattribute tombstoned_26_0) -(roletype object_r tombstoned_26_0) -(typeattribute tombstoned_exec_26_0) -(roletype object_r tombstoned_exec_26_0) -(typeattribute toolbox_26_0) -(roletype object_r toolbox_26_0) -(typeattribute toolbox_exec_26_0) -(roletype object_r toolbox_exec_26_0) -(typeattribute tzdatacheck_26_0) -(roletype object_r tzdatacheck_26_0) -(typeattribute tzdatacheck_exec_26_0) -(roletype object_r tzdatacheck_exec_26_0) -(typeattribute ueventd_26_0) -(roletype object_r ueventd_26_0) -(typeattribute uncrypt_26_0) -(roletype object_r uncrypt_26_0) -(typeattribute uncrypt_exec_26_0) -(roletype object_r uncrypt_exec_26_0) -(typeattribute untrusted_app_26_0) -(roletype object_r untrusted_app_26_0) -(typeattribute untrusted_app_25_26_0) -(roletype object_r untrusted_app_25_26_0) -(typeattribute untrusted_v2_app_26_0) -(roletype object_r untrusted_v2_app_26_0) -(typeattribute update_engine_26_0) -(roletype object_r update_engine_26_0) -(typeattribute update_engine_exec_26_0) -(roletype object_r update_engine_exec_26_0) -(typeattribute update_verifier_26_0) -(roletype object_r update_verifier_26_0) -(typeattribute update_verifier_exec_26_0) -(roletype object_r update_verifier_exec_26_0) -(typeattribute vdc_26_0) -(roletype object_r vdc_26_0) -(typeattribute vdc_exec_26_0) -(roletype object_r vdc_exec_26_0) -(typeattribute vendor_shell_exec_26_0) -(roletype object_r vendor_shell_exec_26_0) -(typeattribute vendor_toolbox_exec_26_0) -(roletype object_r vendor_toolbox_exec_26_0) -(typeattribute virtual_touchpad_26_0) -(roletype object_r virtual_touchpad_26_0) -(typeattribute virtual_touchpad_exec_26_0) -(roletype object_r virtual_touchpad_exec_26_0) -(typeattribute default_android_vndservice_26_0) -(roletype object_r default_android_vndservice_26_0) -(typeattribute vndservicemanager_26_0) -(roletype object_r vndservicemanager_26_0) -(typeattribute vold_26_0) -(roletype object_r vold_26_0) -(typeattribute vold_exec_26_0) -(roletype object_r vold_exec_26_0) -(typeattribute vr_hwc_26_0) -(roletype object_r vr_hwc_26_0) -(typeattribute vr_hwc_exec_26_0) -(roletype object_r vr_hwc_exec_26_0) -(typeattribute watchdogd_26_0) -(roletype object_r watchdogd_26_0) -(typeattribute webview_zygote_26_0) -(roletype object_r webview_zygote_26_0) -(typeattribute webview_zygote_exec_26_0) -(roletype object_r webview_zygote_exec_26_0) -(typeattribute wificond_26_0) -(roletype object_r wificond_26_0) -(typeattribute wificond_exec_26_0) -(roletype object_r wificond_exec_26_0) -(typeattribute zygote_26_0) -(roletype object_r zygote_26_0) -(typeattribute zygote_exec_26_0) -(roletype object_r zygote_exec_26_0) -(typeattribute aee_aed_26_0) -(roletype object_r aee_aed_26_0) -(typeattribute aee_aedv_26_0) -(roletype object_r aee_aedv_26_0) -(typeattribute audiocmdservice_atci_26_0) -(roletype object_r audiocmdservice_atci_26_0) -(typeattribute boot_logo_updater_26_0) -(roletype object_r boot_logo_updater_26_0) -(typeattribute cmddumper_26_0) -(roletype object_r cmddumper_26_0) -(typeattribute kb_block_device_26_0) -(roletype object_r kb_block_device_26_0) -(typeattribute dkb_block_device_26_0) -(roletype object_r dkb_block_device_26_0) -(typeattribute em_svr_26_0) -(roletype object_r em_svr_26_0) -(typeattribute emdlogger_26_0) -(roletype object_r emdlogger_26_0) -(typeattribute factory_26_0) -(roletype object_r factory_26_0) -(typeattribute provision_file_26_0) -(roletype object_r provision_file_26_0) -(typeattribute key_install_data_file_26_0) -(roletype object_r key_install_data_file_26_0) -(typeattribute fuelgauged_static_26_0) -(roletype object_r fuelgauged_static_26_0) -(typeattribute kisd_26_0) -(roletype object_r kisd_26_0) -(typeattribute mdlogger_26_0) -(roletype object_r mdlogger_26_0) -(typeattribute meta_tst_26_0) -(roletype object_r meta_tst_26_0) -(typeattribute mobile_log_d_26_0) -(roletype object_r mobile_log_d_26_0) -(typeattribute netdiag_26_0) -(roletype object_r netdiag_26_0) -(typeattribute pre_meta_26_0) -(roletype object_r pre_meta_26_0) -(typeattribute nvram_agent_service_26_0) -(roletype object_r nvram_agent_service_26_0) -(typeattribute thermalindicator_26_0) -(roletype object_r thermalindicator_26_0) -(type netd_socket) -(roletype object_r netd_socket) -(type hostapd_socket) -(roletype object_r hostapd_socket) -(type hal_audio_default) -(roletype object_r hal_audio_default) -(type hal_audio_default_exec) -(roletype object_r hal_audio_default_exec) -(type hal_audio_default_tmpfs) -(roletype object_r hal_audio_default_tmpfs) -(type hal_bluetooth_default) -(roletype object_r hal_bluetooth_default) -(type hal_bluetooth_default_exec) -(roletype object_r hal_bluetooth_default_exec) -(type hal_bluetooth_default_tmpfs) -(roletype object_r hal_bluetooth_default_tmpfs) -(type hal_bootctl_default) -(roletype object_r hal_bootctl_default) -(type hal_bootctl_default_exec) -(roletype object_r hal_bootctl_default_exec) -(type hal_bootctl_default_tmpfs) -(roletype object_r hal_bootctl_default_tmpfs) -(type hal_camera_default) -(roletype object_r hal_camera_default) -(type hal_camera_default_exec) -(roletype object_r hal_camera_default_exec) -(type hal_camera_default_tmpfs) -(roletype object_r hal_camera_default_tmpfs) -(type hal_configstore_default) -(roletype object_r hal_configstore_default) -(type hal_configstore_default_exec) -(roletype object_r hal_configstore_default_exec) -(type hal_configstore_default_tmpfs) -(roletype object_r hal_configstore_default_tmpfs) -(type hal_contexthub_default) -(roletype object_r hal_contexthub_default) -(type hal_contexthub_default_exec) -(roletype object_r hal_contexthub_default_exec) -(type hal_contexthub_default_tmpfs) -(roletype object_r hal_contexthub_default_tmpfs) -(type hal_drm_default) -(roletype object_r hal_drm_default) -(type hal_drm_default_exec) -(roletype object_r hal_drm_default_exec) -(type hal_drm_default_tmpfs) -(roletype object_r hal_drm_default_tmpfs) -(type hal_dumpstate_default) -(roletype object_r hal_dumpstate_default) -(type hal_dumpstate_default_exec) -(roletype object_r hal_dumpstate_default_exec) -(type hal_dumpstate_default_tmpfs) -(roletype object_r hal_dumpstate_default_tmpfs) -(type hal_fingerprint_default) -(roletype object_r hal_fingerprint_default) -(type hal_fingerprint_default_exec) -(roletype object_r hal_fingerprint_default_exec) -(type hal_fingerprint_default_tmpfs) -(roletype object_r hal_fingerprint_default_tmpfs) -(type hal_gatekeeper_default) -(roletype object_r hal_gatekeeper_default) -(type hal_gatekeeper_default_exec) -(roletype object_r hal_gatekeeper_default_exec) -(type hal_gatekeeper_default_tmpfs) -(roletype object_r hal_gatekeeper_default_tmpfs) -(type hal_gnss_default) -(roletype object_r hal_gnss_default) -(type hal_gnss_default_exec) -(roletype object_r hal_gnss_default_exec) -(type hal_gnss_default_tmpfs) -(roletype object_r hal_gnss_default_tmpfs) -(type hal_graphics_allocator_default) -(roletype object_r hal_graphics_allocator_default) -(type hal_graphics_allocator_default_exec) -(roletype object_r hal_graphics_allocator_default_exec) -(type hal_graphics_allocator_default_tmpfs) -(roletype object_r hal_graphics_allocator_default_tmpfs) -(type hal_graphics_composer_default) -(roletype object_r hal_graphics_composer_default) -(type hal_graphics_composer_default_exec) -(roletype object_r hal_graphics_composer_default_exec) -(type hal_graphics_composer_default_tmpfs) -(roletype object_r hal_graphics_composer_default_tmpfs) -(type hal_health_default) -(roletype object_r hal_health_default) -(type hal_health_default_exec) -(roletype object_r hal_health_default_exec) -(type hal_health_default_tmpfs) -(roletype object_r hal_health_default_tmpfs) -(type hal_ir_default) -(roletype object_r hal_ir_default) -(type hal_ir_default_exec) -(roletype object_r hal_ir_default_exec) -(type hal_ir_default_tmpfs) -(roletype object_r hal_ir_default_tmpfs) -(type hal_keymaster_default) -(roletype object_r hal_keymaster_default) -(type hal_keymaster_default_exec) -(roletype object_r hal_keymaster_default_exec) -(type hal_keymaster_default_tmpfs) -(roletype object_r hal_keymaster_default_tmpfs) -(type hal_light_default) -(roletype object_r hal_light_default) -(type hal_light_default_exec) -(roletype object_r hal_light_default_exec) -(type hal_light_default_tmpfs) -(roletype object_r hal_light_default_tmpfs) -(type hal_memtrack_default) -(roletype object_r hal_memtrack_default) -(type hal_memtrack_default_exec) -(roletype object_r hal_memtrack_default_exec) -(type hal_memtrack_default_tmpfs) -(roletype object_r hal_memtrack_default_tmpfs) -(type hal_nfc_default) -(roletype object_r hal_nfc_default) -(type hal_nfc_default_exec) -(roletype object_r hal_nfc_default_exec) -(type hal_nfc_default_tmpfs) -(roletype object_r hal_nfc_default_tmpfs) -(type mediacodec_tmpfs) -(roletype object_r mediacodec_tmpfs) -(type hal_power_default) -(roletype object_r hal_power_default) -(type hal_power_default_exec) -(roletype object_r hal_power_default_exec) -(type hal_power_default_tmpfs) -(roletype object_r hal_power_default_tmpfs) -(type hal_sensors_default) -(roletype object_r hal_sensors_default) -(type hal_sensors_default_exec) -(roletype object_r hal_sensors_default_exec) -(type hal_sensors_default_tmpfs) -(roletype object_r hal_sensors_default_tmpfs) -(type hal_thermal_default) -(roletype object_r hal_thermal_default) -(type hal_thermal_default_exec) -(roletype object_r hal_thermal_default_exec) -(type hal_thermal_default_tmpfs) -(roletype object_r hal_thermal_default_tmpfs) -(type hal_tv_cec_default) -(roletype object_r hal_tv_cec_default) -(type hal_tv_cec_default_exec) -(roletype object_r hal_tv_cec_default_exec) -(type hal_tv_cec_default_tmpfs) -(roletype object_r hal_tv_cec_default_tmpfs) -(type hal_tv_input_default) -(roletype object_r hal_tv_input_default) -(type hal_tv_input_default_exec) -(roletype object_r hal_tv_input_default_exec) -(type hal_tv_input_default_tmpfs) -(roletype object_r hal_tv_input_default_tmpfs) -(type hal_usb_default) -(roletype object_r hal_usb_default) -(type hal_usb_default_exec) -(roletype object_r hal_usb_default_exec) -(type hal_usb_default_tmpfs) -(roletype object_r hal_usb_default_tmpfs) -(type hal_vibrator_default) -(roletype object_r hal_vibrator_default) -(type hal_vibrator_default_exec) -(roletype object_r hal_vibrator_default_exec) -(type hal_vibrator_default_tmpfs) -(roletype object_r hal_vibrator_default_tmpfs) -(type hal_vr_default) -(roletype object_r hal_vr_default) -(type hal_vr_default_exec) -(roletype object_r hal_vr_default_exec) -(type hal_vr_default_tmpfs) -(roletype object_r hal_vr_default_tmpfs) -(type hal_wifi_default) -(roletype object_r hal_wifi_default) -(type hal_wifi_default_exec) -(roletype object_r hal_wifi_default_exec) -(type hal_wifi_default_tmpfs) -(roletype object_r hal_wifi_default_tmpfs) -(type hal_wifi_offload_default) -(roletype object_r hal_wifi_offload_default) -(type hal_wifi_offload_default_exec) -(roletype object_r hal_wifi_offload_default_exec) -(type hal_wifi_offload_default_tmpfs) -(roletype object_r hal_wifi_offload_default_tmpfs) -(type hal_wifi_supplicant_default) -(roletype object_r hal_wifi_supplicant_default) -(type hal_wifi_supplicant_default_exec) -(roletype object_r hal_wifi_supplicant_default_exec) -(type hal_wifi_supplicant_default_tmpfs) -(roletype object_r hal_wifi_supplicant_default_tmpfs) -(type hostapd) -(roletype object_r hostapd) -(type hostapd_exec) -(roletype object_r hostapd_exec) -(type hostapd_tmpfs) -(roletype object_r hostapd_tmpfs) -(type rild_exec) -(roletype object_r rild_exec) -(type rild_tmpfs) -(roletype object_r rild_tmpfs) -(type tee_exec) -(roletype object_r tee_exec) -(type tee_tmpfs) -(roletype object_r tee_tmpfs) -(type vendor_modprobe) -(roletype object_r vendor_modprobe) -(type vndservicemanager_exec) -(roletype object_r vndservicemanager_exec) -(type vndservicemanager_tmpfs) -(roletype object_r vndservicemanager_tmpfs) -(type MtkCodecService_exec) -(roletype object_r MtkCodecService_exec) -(type MtkCodecService) -(roletype object_r MtkCodecService) -(type aee_core_forwarder_exec) -(roletype object_r aee_core_forwarder_exec) -(type aee_core_forwarder) -(roletype object_r aee_core_forwarder) -(type aee_core_forwarder_tmpfs) -(roletype object_r aee_core_forwarder_tmpfs) -(type biosensord_nvram) -(roletype object_r biosensord_nvram) -(type biosensord_nvram_exec) -(roletype object_r biosensord_nvram_exec) -(type biosensord_nvram_file) -(roletype object_r biosensord_nvram_file) -(type biosensord_nvram_tmpfs) -(roletype object_r biosensord_nvram_tmpfs) -(type ccci_fsd_exec) -(roletype object_r ccci_fsd_exec) -(type ccci_fsd) -(roletype object_r ccci_fsd) -(type ccci_fsd_tmpfs) -(roletype object_r ccci_fsd_tmpfs) -(type ccci_mdinit_exec) -(roletype object_r ccci_mdinit_exec) -(type ccci_mdinit) -(roletype object_r ccci_mdinit) -(type ccci_mdinit_tmpfs) -(roletype object_r ccci_mdinit_tmpfs) -(type devmap_device) -(roletype object_r devmap_device) -(type ttyMT_device) -(roletype object_r ttyMT_device) -(type ttySDIO_device) -(roletype object_r ttySDIO_device) -(type vmodem_device) -(roletype object_r vmodem_device) -(type stpwmt_device) -(roletype object_r stpwmt_device) -(type wmtdetect_device) -(roletype object_r wmtdetect_device) -(type wmtWifi_device) -(roletype object_r wmtWifi_device) -(type stpbt_device) -(roletype object_r stpbt_device) -(type stpant_device) -(roletype object_r stpant_device) -(type fm_device) -(roletype object_r fm_device) -(type stpgps_device) -(roletype object_r stpgps_device) -(type pmem_multimedia_device) -(roletype object_r pmem_multimedia_device) -(type mt6516_isp_device) -(roletype object_r mt6516_isp_device) -(type mt6516_IDP_device) -(roletype object_r mt6516_IDP_device) -(type mt9p012_device) -(roletype object_r mt9p012_device) -(type mt6516_jpeg_device) -(roletype object_r mt6516_jpeg_device) -(type FM50AF_device) -(roletype object_r FM50AF_device) -(type DW9714AF_device) -(roletype object_r DW9714AF_device) -(type DW9814AF_device) -(roletype object_r DW9814AF_device) -(type AK7345AF_device) -(roletype object_r AK7345AF_device) -(type DW9714A_device) -(roletype object_r DW9714A_device) -(type LC898122AF_device) -(roletype object_r LC898122AF_device) -(type LC898212AF_device) -(roletype object_r LC898212AF_device) -(type BU6429AF_device) -(roletype object_r BU6429AF_device) -(type AD5820AF_device) -(roletype object_r AD5820AF_device) -(type DW9718AF_device) -(roletype object_r DW9718AF_device) -(type BU64745GWZAF_device) -(roletype object_r BU64745GWZAF_device) -(type MAINAF_device) -(roletype object_r MAINAF_device) -(type MAIN2AF_device) -(roletype object_r MAIN2AF_device) -(type SUBAF_device) -(roletype object_r SUBAF_device) -(type M4U_device_device) -(roletype object_r M4U_device_device) -(type Vcodec_device) -(roletype object_r Vcodec_device) -(type MJC_device) -(roletype object_r MJC_device) -(type smartpa_device) -(roletype object_r smartpa_device) -(type smartpa1_device) -(roletype object_r smartpa1_device) -(type uio0_device) -(roletype object_r uio0_device) -(type xt_qtaguid_device) -(roletype object_r xt_qtaguid_device) -(type rfkill_device) -(roletype object_r rfkill_device) -(type sw_sync_device) -(roletype object_r sw_sync_device) -(type sec_device) -(roletype object_r sec_device) -(type hid_keyboard_device) -(roletype object_r hid_keyboard_device) -(type btn_device) -(roletype object_r btn_device) -(type uinput_device) -(roletype object_r uinput_device) -(type TV_out_device) -(roletype object_r TV_out_device) -(type camera_sysram_device) -(roletype object_r camera_sysram_device) -(type camera_isp_device) -(roletype object_r camera_isp_device) -(type camera_dpe_device) -(roletype object_r camera_dpe_device) -(type camera_tsf_device) -(roletype object_r camera_tsf_device) -(type camera_fdvt_device) -(roletype object_r camera_fdvt_device) -(type camera_rsc_device) -(roletype object_r camera_rsc_device) -(type camera_gepf_device) -(roletype object_r camera_gepf_device) -(type camera_wpe_device) -(roletype object_r camera_wpe_device) -(type camera_owe_device) -(roletype object_r camera_owe_device) -(type camera_pipemgr_device) -(roletype object_r camera_pipemgr_device) -(type ccu_device) -(roletype object_r ccu_device) -(type vpu_device) -(roletype object_r vpu_device) -(type mtk_jpeg_device) -(roletype object_r mtk_jpeg_device) -(type kd_camera_hw_device) -(roletype object_r kd_camera_hw_device) -(type kd_camera_flashlight_device) -(roletype object_r kd_camera_flashlight_device) -(type flashlight_device) -(roletype object_r flashlight_device) -(type kd_camera_hw_bus2_device) -(roletype object_r kd_camera_hw_bus2_device) -(type MATV_device) -(roletype object_r MATV_device) -(type mt_otg_test_device) -(roletype object_r mt_otg_test_device) -(type mt_mdp_device) -(roletype object_r mt_mdp_device) -(type mtkg2d_device) -(roletype object_r mtkg2d_device) -(type misc_sd_device) -(roletype object_r misc_sd_device) -(type mtk_sched_device) -(roletype object_r mtk_sched_device) -(type ampc0_device) -(roletype object_r ampc0_device) -(type mmp_device) -(roletype object_r mmp_device) -(type ttyGS_device) -(roletype object_r ttyGS_device) -(type CAM_CAL_DRV_device) -(roletype object_r CAM_CAL_DRV_device) -(type CAM_CAL_DRV1_device) -(roletype object_r CAM_CAL_DRV1_device) -(type CAM_CAL_DRV2_device) -(roletype object_r CAM_CAL_DRV2_device) -(type MTK_SMI_device) -(roletype object_r MTK_SMI_device) -(type mtk_cmdq_device) -(roletype object_r mtk_cmdq_device) -(type mtk_mdp_device) -(roletype object_r mtk_mdp_device) -(type mtk_rrc_device) -(roletype object_r mtk_rrc_device) -(type ebc_device) -(roletype object_r ebc_device) -(type vow_device) -(roletype object_r vow_device) -(type MT6516_H264_DEC_device) -(roletype object_r MT6516_H264_DEC_device) -(type MT6516_Int_SRAM_device) -(roletype object_r MT6516_Int_SRAM_device) -(type MT6516_MM_QUEUE_device) -(roletype object_r MT6516_MM_QUEUE_device) -(type MT6516_MP4_DEC_device) -(roletype object_r MT6516_MP4_DEC_device) -(type MT6516_MP4_ENC_device) -(roletype object_r MT6516_MP4_ENC_device) -(type sensor_device) -(roletype object_r sensor_device) -(type aed_device) -(roletype object_r aed_device) -(type ccci_device) -(roletype object_r ccci_device) -(type ccci_monitor_device) -(roletype object_r ccci_monitor_device) -(type gsm0710muxd_device) -(roletype object_r gsm0710muxd_device) -(type eemcs_device) -(roletype object_r eemcs_device) -(type emd_device) -(roletype object_r emd_device) -(type mt6605_device) -(roletype object_r mt6605_device) -(type st21nfc_device) -(roletype object_r st21nfc_device) -(type exm0_device) -(roletype object_r exm0_device) -(type mmcblk_device) -(roletype object_r mmcblk_device) -(type BOOT_device) -(roletype object_r BOOT_device) -(type MT_pmic_device) -(roletype object_r MT_pmic_device) -(type aal_als_device) -(roletype object_r aal_als_device) -(type accdet_device) -(roletype object_r accdet_device) -(type android_device) -(roletype object_r android_device) -(type bmtpool_device) -(roletype object_r bmtpool_device) -(type bootimg_device) -(roletype object_r bootimg_device) -(type btif_device) -(roletype object_r btif_device) -(type cache_device) -(roletype object_r cache_device) -(type cpu_dma_latency_device) -(roletype object_r cpu_dma_latency_device) -(type dummy_cam_cal_device) -(roletype object_r dummy_cam_cal_device) -(type ebr_device) -(roletype object_r ebr_device) -(type expdb_device) -(roletype object_r expdb_device) -(type fat_device) -(roletype object_r fat_device) -(type logo_device) -(roletype object_r logo_device) -(type loop-control_device) -(roletype object_r loop-control_device) -(type mbr_device) -(roletype object_r mbr_device) -(type misc_device) -(roletype object_r misc_device) -(type misc2_device) -(roletype object_r misc2_device) -(type mtfreqhopping_device) -(roletype object_r mtfreqhopping_device) -(type mtgpio_device) -(roletype object_r mtgpio_device) -(type mtk_kpd_device) -(roletype object_r mtk_kpd_device) -(type network_device) -(roletype object_r network_device) -(type nvram_device) -(roletype object_r nvram_device) -(type pmt_device) -(roletype object_r pmt_device) -(type preloader_device) -(roletype object_r preloader_device) -(type pro_info_device) -(roletype object_r pro_info_device) -(type protect_f_device) -(roletype object_r protect_f_device) -(type protect_s_device) -(roletype object_r protect_s_device) -(type psaux_device) -(roletype object_r psaux_device) -(type ptyp_device) -(roletype object_r ptyp_device) -(type recovery_device) -(roletype object_r recovery_device) -(type sec_ro_device) -(roletype object_r sec_ro_device) -(type seccfg_device) -(roletype object_r seccfg_device) -(type tee_part_device) -(roletype object_r tee_part_device) -(type snapshot_device) -(roletype object_r snapshot_device) -(type tgt_device) -(roletype object_r tgt_device) -(type touch_device) -(roletype object_r touch_device) -(type tpd_em_log_device) -(roletype object_r tpd_em_log_device) -(type ttyp_device) -(roletype object_r ttyp_device) -(type uboot_device) -(roletype object_r uboot_device) -(type uibc_device) -(roletype object_r uibc_device) -(type usrdata_device) -(roletype object_r usrdata_device) -(type zram0_device) -(roletype object_r zram0_device) -(type hwzram0_device) -(roletype object_r hwzram0_device) -(type RT_Monitor_device) -(roletype object_r RT_Monitor_device) -(type kick_powerkey_device) -(roletype object_r kick_powerkey_device) -(type agps_device) -(roletype object_r agps_device) -(type mnld_device) -(roletype object_r mnld_device) -(type geo_device) -(roletype object_r geo_device) -(type mdlog_device) -(roletype object_r mdlog_device) -(type md32_device) -(roletype object_r md32_device) -(type scp_device) -(roletype object_r scp_device) -(type sspm_device) -(roletype object_r sspm_device) -(type etb_device) -(roletype object_r etb_device) -(type MT_pmic_adc_cali_device) -(roletype object_r MT_pmic_adc_cali_device) -(type mtk-adc-cali_device) -(roletype object_r mtk-adc-cali_device) -(type MT_pmic_cali_device) -(roletype object_r MT_pmic_cali_device) -(type otp_device) -(roletype object_r otp_device) -(type otp_part_block_device) -(roletype object_r otp_part_block_device) -(type qemu_pipe_device) -(roletype object_r qemu_pipe_device) -(type icusb_device) -(roletype object_r icusb_device) -(type irtx_device) -(roletype object_r irtx_device) -(type pmic_ftm_device) -(roletype object_r pmic_ftm_device) -(type charger_ftm_device) -(roletype object_r charger_ftm_device) -(type shf_device) -(roletype object_r shf_device) -(type keyblock_device) -(roletype object_r keyblock_device) -(type offloadservice_device) -(roletype object_r offloadservice_device) -(type ttyACM_device) -(roletype object_r ttyACM_device) -(type hrm_device) -(roletype object_r hrm_device) -(type lens_device) -(roletype object_r lens_device) -(type nvdata_device) -(roletype object_r nvdata_device) -(type nvcfg_device) -(roletype object_r nvcfg_device) -(type expdb_block_device) -(roletype object_r expdb_block_device) -(type misc2_block_device) -(roletype object_r misc2_block_device) -(type logo_block_device) -(roletype object_r logo_block_device) -(type para_block_device) -(roletype object_r para_block_device) -(type tee_block_device) -(roletype object_r tee_block_device) -(type seccfg_block_device) -(roletype object_r seccfg_block_device) -(type secro_block_device) -(roletype object_r secro_block_device) -(type preloader_block_device) -(roletype object_r preloader_block_device) -(type lk_block_device) -(roletype object_r lk_block_device) -(type protect1_block_device) -(roletype object_r protect1_block_device) -(type protect2_block_device) -(roletype object_r protect2_block_device) -(type keystore_block_device) -(roletype object_r keystore_block_device) -(type oemkeystore_block_device) -(roletype object_r oemkeystore_block_device) -(type sec1_block_device) -(roletype object_r sec1_block_device) -(type md1img_block_device) -(roletype object_r md1img_block_device) -(type md1dsp_block_device) -(roletype object_r md1dsp_block_device) -(type md1arm7_block_device) -(roletype object_r md1arm7_block_device) -(type md3img_block_device) -(roletype object_r md3img_block_device) -(type mmcblk1_block_device) -(roletype object_r mmcblk1_block_device) -(type mmcblk1p1_block_device) -(roletype object_r mmcblk1p1_block_device) -(type bootdevice_block_device) -(roletype object_r bootdevice_block_device) -(type odm_block_device) -(roletype object_r odm_block_device) -(type oem_block_device) -(roletype object_r oem_block_device) -(type vendor_block_device) -(roletype object_r vendor_block_device) -(type dtbo_block_device) -(roletype object_r dtbo_block_device) -(type spm_device) -(roletype object_r spm_device) -(type persist_block_device) -(roletype object_r persist_block_device) -(type md_block_device) -(roletype object_r md_block_device) -(type spmfw_block_device) -(roletype object_r spmfw_block_device) -(type dsp_block_device) -(roletype object_r dsp_block_device) -(type ppl_block_device) -(roletype object_r ppl_block_device) -(type nvcfg_block_device) -(roletype object_r nvcfg_block_device) -(type ancservice_device) -(roletype object_r ancservice_device) -(type mbim_device) -(roletype object_r mbim_device) -(type audio_ipi_device) -(roletype object_r audio_ipi_device) -(type cam_vpu_block_device) -(roletype object_r cam_vpu_block_device) -(type boot_para_block_device) -(roletype object_r boot_para_block_device) -(type mtk_dfrc_device) -(roletype object_r mtk_dfrc_device) -(type hwmsensor_device) -(roletype object_r hwmsensor_device) -(type msensor_device) -(roletype object_r msensor_device) -(type gsensor_device) -(roletype object_r gsensor_device) -(type als_ps_device) -(roletype object_r als_ps_device) -(type gyroscope_device) -(roletype object_r gyroscope_device) -(type barometer_device) -(roletype object_r barometer_device) -(type humidity_device) -(roletype object_r humidity_device) -(type biometric_device) -(roletype object_r biometric_device) -(type m_batch_misc_device) -(roletype object_r m_batch_misc_device) -(type m_als_misc_device) -(roletype object_r m_als_misc_device) -(type m_ps_misc_device) -(roletype object_r m_ps_misc_device) -(type m_baro_misc_device) -(roletype object_r m_baro_misc_device) -(type m_hmdy_misc_device) -(roletype object_r m_hmdy_misc_device) -(type m_acc_misc_device) -(roletype object_r m_acc_misc_device) -(type m_mag_misc_device) -(roletype object_r m_mag_misc_device) -(type m_gyro_misc_device) -(roletype object_r m_gyro_misc_device) -(type m_act_misc_device) -(roletype object_r m_act_misc_device) -(type m_pedo_misc_device) -(roletype object_r m_pedo_misc_device) -(type m_situ_misc_device) -(roletype object_r m_situ_misc_device) -(type m_step_c_misc_device) -(roletype object_r m_step_c_misc_device) -(type m_fusion_misc_device) -(roletype object_r m_fusion_misc_device) -(type m_bio_misc_device) -(roletype object_r m_bio_misc_device) -(type custom_file) -(roletype object_r custom_file) -(type lost_found_data_file) -(roletype object_r lost_found_data_file) -(type dontpanic_data_file) -(roletype object_r dontpanic_data_file) -(type resource_cache_data_file) -(roletype object_r resource_cache_data_file) -(type http_proxy_cfg_data_file) -(roletype object_r http_proxy_cfg_data_file) -(type acdapi_data_file) -(roletype object_r acdapi_data_file) -(type ppp_data_file) -(roletype object_r ppp_data_file) -(type wide_dhcpv6_data_file) -(roletype object_r wide_dhcpv6_data_file) -(type wpa_supplicant_data_file) -(roletype object_r wpa_supplicant_data_file) -(type radvd_data_file) -(roletype object_r radvd_data_file) -(type volte_vt_socket) -(roletype object_r volte_vt_socket) -(type dfo_socket) -(roletype object_r dfo_socket) -(type rild2_socket) -(roletype object_r rild2_socket) -(type rild3_socket) -(roletype object_r rild3_socket) -(type rild4_socket) -(roletype object_r rild4_socket) -(type rild_mal_socket) -(roletype object_r rild_mal_socket) -(type rild_mal_at_socket) -(roletype object_r rild_mal_at_socket) -(type rild_mal_md2_socket) -(roletype object_r rild_mal_md2_socket) -(type rild_mal_at_md2_socket) -(roletype object_r rild_mal_at_md2_socket) -(type rild_ims_socket) -(roletype object_r rild_ims_socket) -(type rild_imsm_socket) -(roletype object_r rild_imsm_socket) -(type rild_oem_socket) -(roletype object_r rild_oem_socket) -(type rild_mtk_ut_socket) -(roletype object_r rild_mtk_ut_socket) -(type rild_mtk_ut_2_socket) -(roletype object_r rild_mtk_ut_2_socket) -(type rild_mtk_modem_socket) -(roletype object_r rild_mtk_modem_socket) -(type rild_md2_socket) -(roletype object_r rild_md2_socket) -(type rild2_md2_socket) -(roletype object_r rild2_md2_socket) -(type rild_debug_md2_socket) -(roletype object_r rild_debug_md2_socket) -(type rild_oem_md2_socket) -(roletype object_r rild_oem_md2_socket) -(type rild_mtk_ut_md2_socket) -(roletype object_r rild_mtk_ut_md2_socket) -(type rild_mtk_ut_2_md2_socket) -(roletype object_r rild_mtk_ut_2_md2_socket) -(type rild_mtk_modem_md2_socket) -(roletype object_r rild_mtk_modem_md2_socket) -(type rild_vsim_socket) -(roletype object_r rild_vsim_socket) -(type rild_vsim_md2_socket) -(roletype object_r rild_vsim_md2_socket) -(type mal_mfi_socket) -(roletype object_r mal_mfi_socket) -(type mal_data_file) -(roletype object_r mal_data_file) -(type netdiag_socket) -(roletype object_r netdiag_socket) -(type wpa_wlan0_socket) -(roletype object_r wpa_wlan0_socket) -(type soc_vt_imcb_socket) -(roletype object_r soc_vt_imcb_socket) -(type soc_vt_tcv_socket) -(roletype object_r soc_vt_tcv_socket) -(type soc_vt_stk_socket) -(roletype object_r soc_vt_stk_socket) -(type soc_vt_svc_socket) -(roletype object_r soc_vt_svc_socket) -(type dbus_bluetooth_socket) -(roletype object_r dbus_bluetooth_socket) -(type bt_int_adp_socket) -(roletype object_r bt_int_adp_socket) -(type bt_a2dp_stream_socket) -(roletype object_r bt_a2dp_stream_socket) -(type bt_data_file) -(roletype object_r bt_data_file) -(type proc_thermal) -(roletype object_r proc_thermal) -(type proc_mtkcooler) -(roletype object_r proc_mtkcooler) -(type proc_mtktz) -(roletype object_r proc_mtktz) -(type proc_slogger) -(roletype object_r proc_slogger) -(type proc_lk_env) -(roletype object_r proc_lk_env) -(type proc_ged) -(roletype object_r proc_ged) -(type sysfs_therm) -(roletype object_r sysfs_therm) -(type sysfs_power_supply) -(roletype object_r sysfs_power_supply) -(type sysfs_fps) -(roletype object_r sysfs_fps) -(type sysfs_ccci) -(roletype object_r sysfs_ccci) -(type sysfs_mmc1) -(roletype object_r sysfs_mmc1) -(type sysfs_ssw) -(roletype object_r sysfs_ssw) -(type sysfs_vcorefs_pwrctrl) -(roletype object_r sysfs_vcorefs_pwrctrl) -(type sysfs_md32) -(roletype object_r sysfs_md32) -(type sysfs_scp) -(roletype object_r sysfs_scp) -(type sysfs_sspm) -(roletype object_r sysfs_sspm) -(type sysfs_devinfo) -(roletype object_r sysfs_devinfo) -(type sysfs_dcm) -(roletype object_r sysfs_dcm) -(type sysfs_dcs) -(roletype object_r sysfs_dcs) -(type agpsd_socket) -(roletype object_r agpsd_socket) -(type agpsd_data_file) -(roletype object_r agpsd_data_file) -(type mnld_socket) -(roletype object_r mnld_socket) -(type mnld_data_file) -(roletype object_r mnld_data_file) -(type gps_data_file) -(roletype object_r gps_data_file) -(type MPED_socket) -(roletype object_r MPED_socket) -(type MPED_data_file) -(roletype object_r MPED_data_file) -(type sysctl_socket) -(roletype object_r sysctl_socket) -(type backuprestore_socket) -(roletype object_r backuprestore_socket) -(type protect_f_data_file) -(roletype object_r protect_f_data_file) -(type protect_s_data_file) -(roletype object_r protect_s_data_file) -(type persist_data_file) -(roletype object_r persist_data_file) -(type nvram_data_file) -(roletype object_r nvram_data_file) -(type nvdata_file) -(roletype object_r nvdata_file) -(type nvcfg_file) -(roletype object_r nvcfg_file) -(type cct_data_file) -(roletype object_r cct_data_file) -(type mediaserver_data_file) -(roletype object_r mediaserver_data_file) -(type mediacodec_data_file) -(roletype object_r mediacodec_data_file) -(type logmisc_data_file) -(roletype object_r logmisc_data_file) -(type logtemp_data_file) -(roletype object_r logtemp_data_file) -(type aee_core_data_file) -(roletype object_r aee_core_data_file) -(type aee_tombstone_data_file) -(roletype object_r aee_tombstone_data_file) -(type aee_exp_data_file) -(roletype object_r aee_exp_data_file) -(type aee_dumpsys_data_file) -(roletype object_r aee_dumpsys_data_file) -(type sf_rtt_file) -(roletype object_r sf_rtt_file) -(type rild-dongle_socket) -(roletype object_r rild-dongle_socket) -(type ccci_cfg_file) -(roletype object_r ccci_cfg_file) -(type c2k_file) -(roletype object_r c2k_file) -(type sensor_data_file) -(roletype object_r sensor_data_file) -(type stp_dump_data_file) -(roletype object_r stp_dump_data_file) -(type sysfs_keypad_file) -(roletype object_r sysfs_keypad_file) -(type rild_via_socket) -(roletype object_r rild_via_socket) -(type rpc_socket) -(roletype object_r rpc_socket) -(type rild_ctclient_socket) -(roletype object_r rild_ctclient_socket) -(type proc_icusb) -(roletype object_r proc_icusb) -(type iso9660) -(roletype object_r iso9660) -(type data_tmpfs_log_file) -(roletype object_r data_tmpfs_log_file) -(type rawfs) -(roletype object_r rawfs) -(type fon_image_data_file) -(roletype object_r fon_image_data_file) -(type ims_ipsec_data_file) -(roletype object_r ims_ipsec_data_file) -(type thermal_manager_data_file) -(roletype object_r thermal_manager_data_file) -(type adbd_data_file) -(roletype object_r adbd_data_file) -(type autokd_data_file) -(roletype object_r autokd_data_file) -(type fuseblk) -(roletype object_r fuseblk) -(type proc_mrdump_rst) -(roletype object_r proc_mrdump_rst) -(type proc_battery_cmd) -(roletype object_r proc_battery_cmd) -(type debugfs_binder) -(roletype object_r debugfs_binder) -(type debugfs_blockio) -(roletype object_r debugfs_blockio) -(type debugfs_fuseio) -(roletype object_r debugfs_fuseio) -(type debugfs_usb) -(roletype object_r debugfs_usb) -(type debugfs_fb) -(roletype object_r debugfs_fb) -(type debugfs_cpuhvfs) -(roletype object_r debugfs_cpuhvfs) -(type debugfs_usb20_phy) -(roletype object_r debugfs_usb20_phy) -(type debugfs_dynamic_debug) -(roletype object_r debugfs_dynamic_debug) -(type debugfs_shrinker_debug) -(roletype object_r debugfs_shrinker_debug) -(type debugfs_dmlog_debug) -(roletype object_r debugfs_dmlog_debug) -(type debugfs_page_owner_slim_debug) -(roletype object_r debugfs_page_owner_slim_debug) -(type debugfs_rcu) -(roletype object_r debugfs_rcu) -(type debugfs_ged) -(roletype object_r debugfs_ged) -(type debugfs_gpu_mali_midgard) -(roletype object_r debugfs_gpu_mali_midgard) -(type debugfs_gpu_mali_utgard) -(roletype object_r debugfs_gpu_mali_utgard) -(type debugfs_gpu_img) -(roletype object_r debugfs_gpu_img) -(type debugfs_ion) -(roletype object_r debugfs_ion) -(type debugfs_ion_mm_heap) -(roletype object_r debugfs_ion_mm_heap) -(type sf_bqdump_data_file) -(roletype object_r sf_bqdump_data_file) -(type nfc_socket) -(roletype object_r nfc_socket) -(type factory_data_file) -(roletype object_r factory_data_file) -(type mdlog_data_file) -(roletype object_r mdlog_data_file) -(type mtk_audiohal_data_file) -(roletype object_r mtk_audiohal_data_file) -(type fuelgauged) -(roletype object_r fuelgauged) -(type fuelgauged_exec) -(roletype object_r fuelgauged_exec) -(type fuelgauged_file) -(roletype object_r fuelgauged_file) -(type fuelgauged_tmpfs) -(roletype object_r fuelgauged_tmpfs) -(type fuelgauged_nvram) -(roletype object_r fuelgauged_nvram) -(type fuelgauged_nvram_exec) -(roletype object_r fuelgauged_nvram_exec) -(type fuelgauged_nvram_file) -(roletype object_r fuelgauged_nvram_file) -(type fuelgauged_nvram_tmpfs) -(roletype object_r fuelgauged_nvram_tmpfs) -(type gsm0710muxd) -(roletype object_r gsm0710muxd) -(type gsm0710muxd_exec) -(roletype object_r gsm0710muxd_exec) -(type gsm0710muxd_tmpfs) -(roletype object_r gsm0710muxd_tmpfs) -(type hal_drm_widevine) -(roletype object_r hal_drm_widevine) -(type hal_drm_widevine_exec) -(roletype object_r hal_drm_widevine_exec) -(type hal_drm_widevine_tmpfs) -(roletype object_r hal_drm_widevine_tmpfs) -(type hal_keymaster_attestation) -(roletype object_r hal_keymaster_attestation) -(type hal_keymaster_attestation_exec) -(roletype object_r hal_keymaster_attestation_exec) -(type hal_keymaster_attestation_tmpfs) -(roletype object_r hal_keymaster_attestation_tmpfs) -(type mtk_hal_bluetooth_hwservice) -(roletype object_r mtk_hal_bluetooth_hwservice) -(type mtk_hal_rild_hwservice) -(roletype object_r mtk_hal_rild_hwservice) -(type mtk_hal_power_hwservice) -(roletype object_r mtk_hal_power_hwservice) -(type mtk_hal_lbs_hwservice) -(roletype object_r mtk_hal_lbs_hwservice) -(type mtk_hal_wifi_hostapd_hwservice) -(roletype object_r mtk_hal_wifi_hostapd_hwservice) -(type mtk_hal_imsa_hwservice) -(roletype object_r mtk_hal_imsa_hwservice) -(type nvram_agent_binder_hwservice) -(roletype object_r nvram_agent_binder_hwservice) -(type mtk_hal_pq_hwservice) -(roletype object_r mtk_hal_pq_hwservice) -(type mtk_hal_keyattestation_hwservice) -(roletype object_r mtk_hal_keyattestation_hwservice) -(type lbs_hidl_service) -(roletype object_r lbs_hidl_service) -(type lbs_hidl_service_exec) -(roletype object_r lbs_hidl_service_exec) -(type lbs_hidl_service_tmpfs) -(roletype object_r lbs_hidl_service_tmpfs) -(type md_ctrl) -(roletype object_r md_ctrl) -(type md_ctrl_exec) -(roletype object_r md_ctrl_exec) -(type md_ctrl_tmpfs) -(roletype object_r md_ctrl_tmpfs) -(type mmc_ffu) -(roletype object_r mmc_ffu) -(type mmc_ffu_exec) -(roletype object_r mmc_ffu_exec) -(type mmc_ffu_tmpfs) -(roletype object_r mmc_ffu_tmpfs) -(type mnld) -(roletype object_r mnld) -(type mnld_exec) -(roletype object_r mnld_exec) -(type mnld_tmpfs) -(roletype object_r mnld_tmpfs) -(type MPED) -(roletype object_r MPED) -(type MPED_exec) -(roletype object_r MPED_exec) -(type MPED_tmpfs) -(roletype object_r MPED_tmpfs) -(type mtk_agpsd_exec) -(roletype object_r mtk_agpsd_exec) -(type mtk_agpsd) -(roletype object_r mtk_agpsd) -(type mtk_agpsd_tmpfs) -(roletype object_r mtk_agpsd_tmpfs) -(type mtk_hal_audio) -(roletype object_r mtk_hal_audio) -(type mtk_hal_audio_exec) -(roletype object_r mtk_hal_audio_exec) -(type mtk_hal_audio_tmpfs) -(roletype object_r mtk_hal_audio_tmpfs) -(type mtk_hal_bluetooth) -(roletype object_r mtk_hal_bluetooth) -(type mtk_hal_bluetooth_exec) -(roletype object_r mtk_hal_bluetooth_exec) -(type mtk_hal_bluetooth_tmpfs) -(roletype object_r mtk_hal_bluetooth_tmpfs) -(type mtk_hal_camera) -(roletype object_r mtk_hal_camera) -(type mtk_hal_camera_exec) -(roletype object_r mtk_hal_camera_exec) -(type mtk_hal_camera_tmpfs) -(roletype object_r mtk_hal_camera_tmpfs) -(type mtk_hal_gnss) -(roletype object_r mtk_hal_gnss) -(type mtk_hal_gnss_exec) -(roletype object_r mtk_hal_gnss_exec) -(type mtk_hal_gnss_tmpfs) -(roletype object_r mtk_hal_gnss_tmpfs) -(type mtk_hal_imsa) -(roletype object_r mtk_hal_imsa) -(type mtk_hal_imsa_exec) -(roletype object_r mtk_hal_imsa_exec) -(type mtk_hal_imsa_tmpfs) -(roletype object_r mtk_hal_imsa_tmpfs) -(type mtk_hal_light) -(roletype object_r mtk_hal_light) -(type mtk_hal_light_exec) -(roletype object_r mtk_hal_light_exec) -(type mtk_hal_light_tmpfs) -(roletype object_r mtk_hal_light_tmpfs) -(type mtk_hal_power) -(roletype object_r mtk_hal_power) -(type mtk_hal_power_exec) -(roletype object_r mtk_hal_power_exec) -(type mtk_hal_power_tmpfs) -(roletype object_r mtk_hal_power_tmpfs) -(type mtk_hal_pq) -(roletype object_r mtk_hal_pq) -(type mtk_hal_pq_exec) -(roletype object_r mtk_hal_pq_exec) -(type mtk_hal_pq_tmpfs) -(roletype object_r mtk_hal_pq_tmpfs) -(type mtk_hal_sensors) -(roletype object_r mtk_hal_sensors) -(type mtk_hal_sensors_exec) -(roletype object_r mtk_hal_sensors_exec) -(type mtk_hal_sensors_tmpfs) -(roletype object_r mtk_hal_sensors_tmpfs) -(type mtk_wmt_launcher) -(roletype object_r mtk_wmt_launcher) -(type mtk_wmt_launcher_exec) -(roletype object_r mtk_wmt_launcher_exec) -(type mtk_wmt_launcher_tmpfs) -(roletype object_r mtk_wmt_launcher_tmpfs) -(type mtkrild_exec) -(roletype object_r mtkrild_exec) -(type mtkrild) -(roletype object_r mtkrild) -(type mtkrild_tmpfs) -(roletype object_r mtkrild_tmpfs) -(type muxreport_exec) -(roletype object_r muxreport_exec) -(type muxreport) -(roletype object_r muxreport) -(type muxreport_tmpfs) -(roletype object_r muxreport_tmpfs) -(type nvram_agent_binder_exec) -(roletype object_r nvram_agent_binder_exec) -(type nvram_agent_binder) -(roletype object_r nvram_agent_binder) -(type nvram_agent_binder_tmpfs) -(roletype object_r nvram_agent_binder_tmpfs) -(type nvram_daemon_exec) -(roletype object_r nvram_daemon_exec) -(type nvram_daemon) -(roletype object_r nvram_daemon) -(type nvram_daemon_tmpfs) -(roletype object_r nvram_daemon_tmpfs) -(type mtk_default_prop) -(roletype object_r mtk_default_prop) -(type ctl_gsm0710muxd_prop) -(roletype object_r ctl_gsm0710muxd_prop) -(type ctl_gsm0710muxd-s_prop) -(roletype object_r ctl_gsm0710muxd-s_prop) -(type ctl_gsm0710muxd-d_prop) -(roletype object_r ctl_gsm0710muxd-d_prop) -(type ctl_mdlogger_prop) -(roletype object_r ctl_mdlogger_prop) -(type ctl_emdlogger1_prop) -(roletype object_r ctl_emdlogger1_prop) -(type ctl_emdlogger2_prop) -(roletype object_r ctl_emdlogger2_prop) -(type ctl_emdlogger3_prop) -(roletype object_r ctl_emdlogger3_prop) -(type ctl_dualmdlogger_prop) -(roletype object_r ctl_dualmdlogger_prop) -(type ctl_viarild_prop) -(roletype object_r ctl_viarild_prop) -(type persist_ril_prop) -(roletype object_r persist_ril_prop) -(type gsm0710muxd_prop) -(roletype object_r gsm0710muxd_prop) -(type debug_mtklog_prop) -(roletype object_r debug_mtklog_prop) -(type persist_mtklog_prop) -(roletype object_r persist_mtklog_prop) -(type debug_netlog_prop) -(roletype object_r debug_netlog_prop) -(type mtk_wifi_prop) -(roletype object_r mtk_wifi_prop) -(type debug_mdlogger_prop) -(roletype object_r debug_mdlogger_prop) -(type persist_mtk_aee_prop) -(roletype object_r persist_mtk_aee_prop) -(type persist_aee_prop) -(roletype object_r persist_aee_prop) -(type debug_mtk_aee_prop) -(roletype object_r debug_mtk_aee_prop) -(type debug_bq_dump_prop) -(roletype object_r debug_bq_dump_prop) -(type ctl_ril-daemon-mtk_prop) -(roletype object_r ctl_ril-daemon-mtk_prop) -(type ctl_fusion_ril_mtk_prop) -(roletype object_r ctl_fusion_ril_mtk_prop) -(type ctl_ril-daemon-s_prop) -(roletype object_r ctl_ril-daemon-s_prop) -(type ctl_ril-daemon-d_prop) -(roletype object_r ctl_ril-daemon-d_prop) -(type ctl_ril-proxy_prop) -(roletype object_r ctl_ril-proxy_prop) -(type ctl_ccci_fsd_prop) -(roletype object_r ctl_ccci_fsd_prop) -(type ctl_ccci2_fsd_prop) -(roletype object_r ctl_ccci2_fsd_prop) -(type ctl_ccci3_fsd_prop) -(roletype object_r ctl_ccci3_fsd_prop) -(type ril_active_md_prop) -(roletype object_r ril_active_md_prop) -(type ril_mux_report_case_prop) -(roletype object_r ril_mux_report_case_prop) -(type ril_cdma_report_prop) -(roletype object_r ril_cdma_report_prop) -(type mtk_md_prop) -(roletype object_r mtk_md_prop) -(type ctl_muxreport-daemon_prop) -(roletype object_r ctl_muxreport-daemon_prop) -(type pppoe_ppp0_prop) -(roletype object_r pppoe_ppp0_prop) -(type bootani_prop) -(roletype object_r bootani_prop) -(type mnld_prop) -(roletype object_r mnld_prop) -(type audiohal_prop) -(roletype object_r audiohal_prop) -(type wmt_prop) -(roletype object_r wmt_prop) -(type ctl_emcsmdlogger_prop) -(roletype object_r ctl_emcsmdlogger_prop) -(type ctl_eemcs_fsd_prop) -(roletype object_r ctl_eemcs_fsd_prop) -(type net_cdma_mdmstat) -(roletype object_r net_cdma_mdmstat) -(type bt_prop) -(roletype object_r bt_prop) -(type persist_bt_prop) -(roletype object_r persist_bt_prop) -(type vendor_factory_idle_state_prop) -(roletype object_r vendor_factory_idle_state_prop) -(type ftrace_log_prop) -(roletype object_r ftrace_log_prop) -(type service_nvram_init_prop) -(roletype object_r service_nvram_init_prop) -(type wifi_5g_prop) -(roletype object_r wifi_5g_prop) -(type mtk_em_prop) -(roletype object_r mtk_em_prop) -(type mediatek_prop) -(roletype object_r mediatek_prop) -(type mtk_em_pdn_prop) -(roletype object_r mtk_em_pdn_prop) -(type mtk_em_ims_simulate_prop) -(roletype object_r mtk_em_ims_simulate_prop) -(type mtk_em_auto_answer_prop) -(roletype object_r mtk_em_auto_answer_prop) -(type mtk_em_bt_sspdebug_prop) -(roletype object_r mtk_em_bt_sspdebug_prop) -(type mtk_em_ril_apnchange_prop) -(roletype object_r mtk_em_ril_apnchange_prop) -(type mtk_em_net_auto_tethering_prop) -(roletype object_r mtk_em_net_auto_tethering_prop) -(type ctl_mobile_log_d_prop) -(roletype object_r ctl_mobile_log_d_prop) -(type ctl_mnld_prop) -(roletype object_r ctl_mnld_prop) -(type ctl_mobicore_prop) -(roletype object_r ctl_mobicore_prop) -(type meta_connecttype_prop) -(roletype object_r meta_connecttype_prop) -(type mtk_telephony_sensitive_prop) -(roletype object_r mtk_telephony_sensitive_prop) -(type mtk_thermal_config_prop) -(roletype object_r mtk_thermal_config_prop) -(type graphics_config_prop) -(roletype object_r graphics_config_prop) -(type mtkcam_prop) -(roletype object_r mtkcam_prop) -(type atm_mdmode_prop) -(roletype object_r atm_mdmode_prop) -(type mtk_codec_service_service) -(roletype object_r mtk_codec_service_service) -(type slpd_exec) -(roletype object_r slpd_exec) -(type slpd) -(roletype object_r slpd) -(type slpd_tmpfs) -(roletype object_r slpd_tmpfs) -(type spm_loader_exec) -(roletype object_r spm_loader_exec) -(type spm_loader) -(roletype object_r spm_loader) -(type spm_loader_tmpfs) -(roletype object_r spm_loader_tmpfs) -(type stp_dump3_exec) -(roletype object_r stp_dump3_exec) -(type stp_dump3) -(roletype object_r stp_dump3) -(type stp_dump3_tmpfs) -(roletype object_r stp_dump3_tmpfs) -(type sysenv_daemon_exec) -(roletype object_r sysenv_daemon_exec) -(type sysenv_daemon) -(roletype object_r sysenv_daemon) -(type sysenv_daemon_tmpfs) -(roletype object_r sysenv_daemon_tmpfs) -(type thermal_manager_exec) -(roletype object_r thermal_manager_exec) -(type thermal_manager) -(roletype object_r thermal_manager) -(type thermal_manager_tmpfs) -(roletype object_r thermal_manager_tmpfs) -(type thermalloadalgod) -(roletype object_r thermalloadalgod) -(type thermalloadalgod_exec) -(roletype object_r thermalloadalgod_exec) -(type thermalloadalgod_tmpfs) -(roletype object_r thermalloadalgod_tmpfs) -(type vendor_app) -(roletype object_r vendor_app) -(type vendor_app_tmpfs) -(roletype object_r vendor_app_tmpfs) -(type wifi2agps_exec) -(roletype object_r wifi2agps_exec) -(type wifi2agps) -(roletype object_r wifi2agps) -(type wifi2agps_tmpfs) -(roletype object_r wifi2agps_tmpfs) -(type wmt_loader) -(roletype object_r wmt_loader) -(type wmt_loader_exec) -(roletype object_r wmt_loader_exec) -(type wmt_loader_tmpfs) -(roletype object_r wmt_loader_tmpfs) -(type epdg_wod_exec) -(roletype object_r epdg_wod_exec) -(type epdg_wod) -(roletype object_r epdg_wod) -(type wod_ipsec_conf_file) -(roletype object_r wod_ipsec_conf_file) -(type wod_apn_conf_file) -(roletype object_r wod_apn_conf_file) -(type wod_action_socket) -(roletype object_r wod_action_socket) -(type wod_sim_socket) -(roletype object_r wod_sim_socket) -(type wod_ipsec_socket) -(roletype object_r wod_ipsec_socket) -(type wod_dns_socket) -(roletype object_r wod_dns_socket) -(type mtk_wod_prop) -(roletype object_r mtk_wod_prop) -(type persist_wod_prop) -(roletype object_r persist_wod_prop) -(type epdg_wod_tmpfs) -(roletype object_r epdg_wod_tmpfs) -(type volte_imcb_socket) -(roletype object_r volte_imcb_socket) -(type volte_ua_socket) -(roletype object_r volte_ua_socket) -(type volte_stack_socket) -(roletype object_r volte_stack_socket) -(type starter_exec) -(roletype object_r starter_exec) -(type charon_exec) -(roletype object_r charon_exec) -(type ipsec_exec) -(roletype object_r ipsec_exec) -(type stroke_exec) -(roletype object_r stroke_exec) -(type ipsec) -(roletype object_r ipsec) -(type mtkmal) -(roletype object_r mtkmal) -(type mtkmal_exec) -(roletype object_r mtkmal_exec) -(type mtkmal_tmpfs) -(roletype object_r mtkmal_tmpfs) -(type persist_mal_prop) -(roletype object_r persist_mal_prop) -(type ctl_volte_imcb_prop) -(roletype object_r ctl_volte_imcb_prop) -(type ctl_volte_stack_prop) -(roletype object_r ctl_volte_stack_prop) -(type ctl_volte_ua_prop) -(roletype object_r ctl_volte_ua_prop) -(type volte_prop) -(roletype object_r volte_prop) -(type volte_imcb) -(roletype object_r volte_imcb) -(type volte_imcb_exec) -(roletype object_r volte_imcb_exec) -(type volte_imsa1_socket) -(roletype object_r volte_imsa1_socket) -(type volte_imsvt1_socket) -(roletype object_r volte_imsvt1_socket) -(type volte_imcb_tmpfs) -(roletype object_r volte_imcb_tmpfs) -(type volte_imsm_md) -(roletype object_r volte_imsm_md) -(type volte_imsm_md_exec) -(roletype object_r volte_imsm_md_exec) -(type volte_imsm_md_tmpfs) -(roletype object_r volte_imsm_md_tmpfs) -(type volte_stack) -(roletype object_r volte_stack) -(type volte_stack_exec) -(roletype object_r volte_stack_exec) -(type volte_stack_tmpfs) -(roletype object_r volte_stack_tmpfs) -(type volte_ua) -(roletype object_r volte_ua) -(type volte_ua_exec) -(roletype object_r volte_ua_exec) -(type volte_ua_tmpfs) -(roletype object_r volte_ua_tmpfs) -(type wfca) -(roletype object_r wfca) -(type wfca_exec) -(roletype object_r wfca_exec) -(type wfca_tmpfs) -(roletype object_r wfca_tmpfs) -(allow bootanim_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 bootanim_26_0 (dir (search))) -(allow servicemanager_26_0 bootanim_26_0 (file (read open))) -(allow servicemanager_26_0 bootanim_26_0 (process (getattr))) -(allow bootanim_26_0 surfaceflinger_26_0 (binder (call transfer))) -(allow surfaceflinger_26_0 bootanim_26_0 (binder (transfer))) -(allow bootanim_26_0 surfaceflinger_26_0 (fd (use))) -(allow bootanim_26_0 audioserver_26_0 (binder (call transfer))) -(allow audioserver_26_0 bootanim_26_0 (binder (transfer))) -(allow bootanim_26_0 audioserver_26_0 (fd (use))) -(allow bootanim_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 bootanim_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 bootanim_26_0 (dir (search))) -(allow hwservicemanager_26_0 bootanim_26_0 (file (read open))) -(allow hwservicemanager_26_0 bootanim_26_0 (process (getattr))) -(allow bootanim_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow bootanim_26_0 oemfs_26_0 (dir (search))) -(allow bootanim_26_0 oemfs_26_0 (file (ioctl read getattr lock open))) -(allow bootanim_26_0 audio_device_26_0 (dir (ioctl read getattr lock search open))) -(allow bootanim_26_0 audio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow bootanim_26_0 audioserver_service_26_0 (service_manager (find))) -(allow bootanim_26_0 surfaceflinger_service_26_0 (service_manager (find))) -(allow bootanim_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow bootanim_26_0 hal_graphics_allocator (fd (use))) -(allow bootanim_26_0 hal_graphics_composer (fd (use))) -(allow bootanim_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow bootanim_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow bootanim_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow bootanim_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow bootanim_26_0 sysfs_26_0 (dir (ioctl read getattr lock search open))) -(allow bootanim_26_0 sysfs_26_0 (file (ioctl read getattr lock open))) -(allow bootanim_26_0 sysfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow bootanim_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow bootanim_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow bootanim_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow bootanim_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow bootstat_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read getattr lock open))) -(allow bootstat_26_0 bootstat_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow bootstat_26_0 bootstat_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow bootstat_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow bootstat_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow bootstat_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow bootstat_26_0 boottime_prop_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (create bind))) -(allow bufferhubd_26_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown))) -(allow bufferhubd_26_0 self (process (setsockcreate))) -(allow bufferhubd_26_0 pdx_bufferhub_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown))) -(neverallow base_typeattr_1_26_0 pdx_bufferhub_client_endpoint_socket_type (unix_stream_socket (listen accept))) -(allow bufferhubd_26_0 pdx_performance_client_endpoint_dir_type (dir (ioctl read getattr lock search open))) -(allow bufferhubd_26_0 pdx_performance_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append open))) -(allow bufferhubd_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto))) -(allow bufferhubd_26_0 pdx_performance_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown))) -(allow bufferhubd_26_0 pdx_performance_client_server_type (fd (use))) -(allow pdx_performance_client_server_type bufferhubd_26_0 (fd (use))) -(allow bufferhubd_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow bufferhubd_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow bufferhubd_26_0 mediacodec_26_0 (fd (use))) -(allow cameraserver_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 cameraserver_26_0 (dir (search))) -(allow servicemanager_26_0 cameraserver_26_0 (file (read open))) -(allow servicemanager_26_0 cameraserver_26_0 (process (getattr))) -(allow cameraserver_26_0 binderservicedomain (binder (call transfer))) -(allow binderservicedomain cameraserver_26_0 (binder (transfer))) -(allow cameraserver_26_0 binderservicedomain (fd (use))) -(allow cameraserver_26_0 appdomain (binder (call transfer))) -(allow appdomain cameraserver_26_0 (binder (transfer))) -(allow cameraserver_26_0 appdomain (fd (use))) -(allow cameraserver_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 hal_graphics_composer (fd (use))) -(allow cameraserver_26_0 cameraserver_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_2_26_0 cameraserver_service_26_0 (service_manager (add))) -(neverallow cameraserver_26_0 unlabeled_26_0 (service_manager (add))) -(allow cameraserver_26_0 appops_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 audioserver_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 batterystats_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 cameraproxy_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 mediaserver_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 processinfo_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 scheduling_policy_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 surfaceflinger_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 hidl_token_hwservice_26_0 (hwservice_manager (find))) -(neverallow cameraserver_26_0 fs_type (file (execute_no_trans))) -(neverallow cameraserver_26_0 file_type (file (execute_no_trans))) -(neverallow cameraserver_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow cameraserver_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow cameraserver_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(allow charger_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow charger_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow charger_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow charger_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow charger_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow charger_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow charger_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow charger_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow charger_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow charger_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow charger_26_0 self (capability (sys_tty_config))) -(allow charger_26_0 self (capability (sys_boot))) -(allow charger_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow charger_26_0 self (capability2 (block_suspend))) -(allow charger_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow charger_26_0 sysfs_26_0 (file (write))) -(allow charger_26_0 sysfs_batteryinfo_26_0 (file (ioctl read getattr lock open))) -(allow charger_26_0 pstorefs_26_0 (dir (ioctl read getattr lock search open))) -(allow charger_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(allow charger_26_0 graphics_device_26_0 (dir (ioctl read getattr lock search open))) -(allow charger_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow charger_26_0 input_device_26_0 (dir (ioctl read getattr lock search open))) -(allow charger_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow charger_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow charger_26_0 proc_sysrq_26_0 (file (ioctl read write getattr lock append open))) -(allow charger_26_0 property_socket_26_0 (sock_file (write))) -(allow charger_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow charger_26_0 system_prop_26_0 (property_service (set))) -(allow charger_26_0 system_prop_26_0 (file (ioctl read getattr lock open))) -(allow clatd_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow clatd_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow clatd_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow clatd_26_0 netd_26_0 (fd (use))) -(allow clatd_26_0 netd_26_0 (fifo_file (read write))) -(allow clatd_26_0 netd_26_0 (netlink_kobject_uevent_socket (read write))) -(allow clatd_26_0 netd_26_0 (netlink_nflog_socket (read write))) -(allow clatd_26_0 netd_26_0 (netlink_route_socket (read write))) -(allow clatd_26_0 netd_26_0 (udp_socket (read write))) -(allow clatd_26_0 netd_26_0 (unix_stream_socket (read write))) -(allow clatd_26_0 netd_26_0 (unix_dgram_socket (read write))) -(allow clatd_26_0 self (capability (setgid setuid net_admin net_raw))) -(allow clatd_26_0 self (capability (ipc_lock))) -(allow clatd_26_0 self (netlink_route_socket (nlmsg_write))) -(allow clatd_26_0 self (rawip_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow clatd_26_0 self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow clatd_26_0 self (tun_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow clatd_26_0 tun_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow cppreopts_26_0 dalvikcache_data_file_26_0 (dir (write add_name remove_name search))) -(allow cppreopts_26_0 dalvikcache_data_file_26_0 (file (read write create getattr rename open))) -(allow cppreopts_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow cppreopts_26_0 system_file_26_0 (dir (read open))) -(allow cppreopts_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow crash_dump_26_0 base_typeattr_3_26_0 (process (sigchld sigkill sigstop signal ptrace))) -(dontaudit crash_dump_26_0 self (capability (sys_ptrace))) -(allow crash_dump_26_0 logd_26_0 (process (sigchld sigkill sigstop signal ptrace))) -(allow crash_dump_26_0 domain (fd (use))) -(allow crash_dump_26_0 domain (fifo_file (write append))) -(allow crash_dump_26_0 domain (dir (ioctl read getattr lock search open))) -(allow crash_dump_26_0 domain (file (ioctl read getattr lock open))) -(allow crash_dump_26_0 domain (lnk_file (ioctl read getattr lock open))) -(allow crash_dump_26_0 exec_type (file (ioctl read getattr lock open))) -(allow crash_dump_26_0 dalvikcache_data_file_26_0 (dir (getattr search))) -(allow crash_dump_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock open))) -(allow crash_dump_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow crash_dump_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open))) -(allow crash_dump_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow crash_dump_26_0 vendor_file_26_0 (dir (ioctl read getattr lock search open))) -(allow crash_dump_26_0 same_process_hal_file_26_0 (dir (ioctl read getattr lock search open))) -(allow crash_dump_26_0 vendor_file_26_0 (file (ioctl read getattr lock open))) -(allow crash_dump_26_0 vendor_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow crash_dump_26_0 same_process_hal_file_26_0 (file (ioctl read getattr lock open))) -(allow crash_dump_26_0 same_process_hal_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow crash_dump_26_0 tombstoned_crash_socket_26_0 (sock_file (write))) -(allow crash_dump_26_0 tombstoned_26_0 (unix_stream_socket (connectto))) -(allow crash_dump_26_0 system_ndebug_socket_26_0 (sock_file (write))) -(allow crash_dump_26_0 system_server_26_0 (unix_stream_socket (connectto))) -(allow crash_dump_26_0 anr_data_file_26_0 (file (getattr append))) -(allow crash_dump_26_0 tombstone_data_file_26_0 (file (getattr append))) -(allow crash_dump_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow crash_dump_26_0 logdr_socket_26_0 (sock_file (write))) -(allow crash_dump_26_0 logd_26_0 (unix_stream_socket (connectto))) -(neverallow domain crash_dump_exec_26_0 (file (execute_no_trans))) -(allow dex2oat_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dex2oat_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dex2oat_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow dex2oat_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dex2oat_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open))) -(allow dex2oat_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow dex2oat_26_0 vendor_framework_file_26_0 (dir (getattr search))) -(allow dex2oat_26_0 vendor_framework_file_26_0 (file (read getattr open))) -(allow dex2oat_26_0 tmpfs_26_0 (file (read getattr))) -(allow dex2oat_26_0 dalvikcache_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dex2oat_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dex2oat_26_0 dalvikcache_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow dex2oat_26_0 dalvikcache_data_file_26_0 (file (write))) -(allow dex2oat_26_0 dalvikcache_data_file_26_0 (lnk_file (read))) -(allow dex2oat_26_0 installd_26_0 (fd (use))) -(allow dex2oat_26_0 system_file_26_0 (file (lock))) -(allow dex2oat_26_0 asec_apk_file_26_0 (file (read))) -(allow dex2oat_26_0 unlabeled_26_0 (file (read))) -(allow dex2oat_26_0 oemfs_26_0 (file (read))) -(allow dex2oat_26_0 apk_tmp_file_26_0 (dir (search))) -(allow dex2oat_26_0 apk_tmp_file_26_0 (file (ioctl read getattr lock open))) -(allow dex2oat_26_0 user_profile_data_file_26_0 (file (read getattr lock))) -(allow dex2oat_26_0 app_data_file_26_0 (file (read write getattr lock))) -(allow dex2oat_26_0 postinstall_dexopt_26_0 (fd (use))) -(allow dex2oat_26_0 postinstall_file_26_0 (dir (getattr search))) -(allow dex2oat_26_0 postinstall_file_26_0 (filesystem (getattr))) -(allow dex2oat_26_0 postinstall_file_26_0 (lnk_file (read))) -(allow dex2oat_26_0 ota_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow dex2oat_26_0 ota_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dex2oat_26_0 ota_data_file_26_0 (lnk_file (read create))) -(allow dex2oat_26_0 ota_data_file_26_0 (file (write create setattr lock append open))) -(neverallow dex2oat_26_0 app_data_file_26_0 (file (open))) -(neverallow dex2oat_26_0 app_data_file_26_0 (lnk_file (open))) -(neverallow dex2oat_26_0 app_data_file_26_0 (sock_file (open))) -(neverallow dex2oat_26_0 app_data_file_26_0 (fifo_file (open))) -(allow dhcp_26_0 cgroup_26_0 (dir (write create add_name))) -(allow dhcp_26_0 self (capability (setgid setuid net_bind_service net_admin net_raw))) -(allow dhcp_26_0 self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow dhcp_26_0 self (netlink_route_socket (nlmsg_write))) -(allow dhcp_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow dhcp_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow dhcp_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow dhcp_26_0 proc_net_26_0 (file (write))) -(allow dhcp_26_0 property_socket_26_0 (sock_file (write))) -(allow dhcp_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow dhcp_26_0 dhcp_prop_26_0 (property_service (set))) -(allow dhcp_26_0 dhcp_prop_26_0 (file (ioctl read getattr lock open))) -(allow dhcp_26_0 property_socket_26_0 (sock_file (write))) -(allow dhcp_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow dhcp_26_0 pan_result_prop_26_0 (property_service (set))) -(allow dhcp_26_0 pan_result_prop_26_0 (file (ioctl read getattr lock open))) -(allow dhcp_26_0 dhcp_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow dhcp_26_0 dhcp_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow dhcp_26_0 netd_26_0 (fd (use))) -(allow dhcp_26_0 netd_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow dhcp_26_0 netd_26_0 (udp_socket (read write))) -(allow dhcp_26_0 netd_26_0 (unix_stream_socket (read write))) -(allow dhcp_26_0 netd_26_0 (unix_dgram_socket (read write))) -(allow dhcp_26_0 netd_26_0 (netlink_route_socket (read write))) -(allow dhcp_26_0 netd_26_0 (netlink_nflog_socket (read write))) -(allow dhcp_26_0 netd_26_0 (netlink_kobject_uevent_socket (read write))) -(allow display_service_server fwk_display_hwservice_26_0 (hwservice_manager (add find))) -(allow display_service_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_4_26_0 fwk_display_hwservice_26_0 (hwservice_manager (add))) -(neverallow display_service_server unlabeled_26_0 (hwservice_manager (add))) -(allowx dnsmasq_26_0 self (ioctl udp_socket (0x6900 0x6902))) -(allowx dnsmasq_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx dnsmasq_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow dnsmasq_26_0 self (capability (dac_override))) -(allow dnsmasq_26_0 self (capability (setgid setuid net_bind_service net_admin net_raw))) -(allow dnsmasq_26_0 dhcp_data_file_26_0 (dir (write lock add_name remove_name search open))) -(allow dnsmasq_26_0 dhcp_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow dnsmasq_26_0 netd_26_0 (fd (use))) -(allow dnsmasq_26_0 netd_26_0 (fifo_file (read write))) -(allow dnsmasq_26_0 netd_26_0 (netlink_kobject_uevent_socket (read write))) -(allow dnsmasq_26_0 netd_26_0 (netlink_nflog_socket (read write))) -(allow dnsmasq_26_0 netd_26_0 (netlink_route_socket (read write))) -(allow dnsmasq_26_0 netd_26_0 (unix_stream_socket (read write))) -(allow dnsmasq_26_0 netd_26_0 (unix_dgram_socket (read write))) -(allow dnsmasq_26_0 netd_26_0 (udp_socket (read write))) -(allow domain init_26_0 (process (sigchld))) -(allow domain self (process (fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit))) -(allow domain self (fd (use))) -(allow domain proc_26_0 (dir (ioctl read getattr lock search open))) -(allow domain proc_net_26_0 (dir (search))) -(allow domain self (dir (ioctl read getattr lock search open))) -(allow domain self (file (ioctl read getattr lock open))) -(allow domain self (lnk_file (ioctl read getattr lock open))) -(allow domain self (file (ioctl read write getattr lock append open))) -(allow domain self (fifo_file (ioctl read write getattr lock append open))) -(allow domain self (unix_dgram_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto))) -(allow domain self (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto))) -(allow domain init_26_0 (fd (use))) -(allow domain su_26_0 (unix_stream_socket (connectto))) -(allow domain su_26_0 (fd (use))) -(allow domain su_26_0 (unix_stream_socket (read write getattr getopt shutdown))) -(allow base_typeattr_5_26_0 su_26_0 (binder (call transfer))) -(allow base_typeattr_5_26_0 su_26_0 (fd (use))) -(allow domain su_26_0 (fifo_file (write getattr))) -(allow domain su_26_0 (process (sigchld))) -(allow domain coredump_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow domain coredump_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow domain rootfs_26_0 (dir (search))) -(allow domain rootfs_26_0 (lnk_file (read getattr))) -(allow domain device_26_0 (dir (search))) -(allow domain dev_type (lnk_file (ioctl read getattr lock open))) -(allow domain devpts_26_0 (dir (search))) -(allow domain socket_device_26_0 (dir (ioctl read getattr lock search open))) -(allow domain owntty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow domain null_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow domain zero_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow domain ashmem_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow base_typeattr_6_26_0 binder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow base_typeattr_7_26_0 hwbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow domain ptmx_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow domain alarm_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow domain random_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow domain properties_device_26_0 (dir (getattr search))) -(allow domain properties_serial_26_0 (file (ioctl read getattr lock open))) -(allow domain core_property_type (file (ioctl read getattr lock open))) -(allow domain log_property_type (file (ioctl read getattr lock open))) -(dontaudit domain property_type (file (audit_access))) -(allow domain property_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow domain init_26_0 (key (search))) -(allow domain vold_26_0 (key (search))) -(allow domain logdw_socket_26_0 (sock_file (write))) -(allow domain logd_26_0 (unix_dgram_socket (sendto))) -(allow domain pmsg_device_26_0 (chr_file (write lock append open))) -(allow domain system_file_26_0 (dir (getattr search))) -(allow domain system_file_26_0 (file (read getattr execute open))) -(allow domain system_file_26_0 (lnk_file (read getattr))) -(allow domain vendor_hal_file_26_0 (dir (ioctl read getattr lock search open))) -(allow domain same_process_hal_file_26_0 (dir (ioctl read getattr lock search open))) -(allow domain same_process_hal_file_26_0 (file (read getattr execute open))) -(allow domain vndk_sp_file_26_0 (dir (ioctl read getattr lock search open))) -(allow domain vndk_sp_file_26_0 (file (read getattr execute open))) -(allow domain vendor_configs_file_26_0 (dir (ioctl read getattr lock search open))) -(allow domain vendor_configs_file_26_0 (file (read getattr open))) -(allow domain vendor_file_26_0 (lnk_file (read getattr open))) -(allow domain vendor_file_26_0 (dir (getattr search))) -(allow base_typeattr_8_26_0 vendor_file_type (dir (ioctl read getattr lock search open))) -(allow base_typeattr_8_26_0 vendor_file_type (file (read getattr execute open))) -(allow base_typeattr_8_26_0 vendor_file_type (lnk_file (read getattr))) -(allow domain sysfs_26_0 (lnk_file (read))) -(allow domain zoneinfo_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow domain zoneinfo_data_file_26_0 (file (ioctl read getattr lock open))) -(allow domain zoneinfo_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow domain sysfs_devices_system_cpu_26_0 (dir (ioctl read getattr lock search open))) -(allow domain sysfs_devices_system_cpu_26_0 (file (ioctl read getattr lock open))) -(allow domain sysfs_devices_system_cpu_26_0 (lnk_file (ioctl read getattr lock open))) -(allow domain sysfs_usb_26_0 (dir (ioctl read getattr lock search open))) -(allow domain sysfs_usb_26_0 (file (ioctl read getattr lock open))) -(allow domain sysfs_usb_26_0 (lnk_file (ioctl read getattr lock open))) -(allow appdomain system_data_file_26_0 (dir (getattr))) -(allow coredomain system_data_file_26_0 (dir (getattr))) -(allow domain system_data_file_26_0 (dir (search))) -(allow domain proc_26_0 (lnk_file (read getattr))) -(allow domain proc_cpuinfo_26_0 (file (ioctl read getattr lock open))) -(allow domain proc_overcommit_memory_26_0 (file (ioctl read getattr lock open))) -(allow domain proc_perf_26_0 (file (ioctl read getattr lock open))) -(allow domain selinuxfs_26_0 (dir (search))) -(allow domain selinuxfs_26_0 (file (getattr))) -(allow domain sysfs_26_0 (dir (search))) -(allow domain selinuxfs_26_0 (filesystem (getattr))) -(allow domain cgroup_26_0 (dir (write search))) -(allow domain cgroup_26_0 (file (write lock append open))) -(allow domain debugfs_26_0 (dir (search))) -(allow domain debugfs_tracing_26_0 (dir (search))) -(allow domain debugfs_trace_marker_26_0 (file (write lock append open))) -(allow domain fs_type (filesystem (getattr))) -(allow domain fs_type (dir (getattr))) -(allowx domain domain (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx domain domain (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx domain domain (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx domain domain (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx domain domain (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx domain domain (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx domain domain (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allowx domain domain (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allowx domain domain (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allowx domain domain (ioctl unix_stream_socket (0x5401 0x5411 ((range 0x5413 0x5414)) 0x541b 0x5451))) -(allowx domain domain (ioctl unix_dgram_socket (0x5401 0x5411 ((range 0x5413 0x5414)) 0x541b 0x5451))) -(allowx domain devpts_26_0 (ioctl chr_file (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allow base_typeattr_9_26_0 hwservice_manager_type (hwservice_manager (add find))) -(allow base_typeattr_9_26_0 vndservice_manager_type (service_manager (add find))) -(neverallowx domain domain (ioctl socket (0x0))) -(neverallowx domain domain (ioctl tcp_socket (0x0))) -(neverallowx domain domain (ioctl udp_socket (0x0))) -(neverallowx domain domain (ioctl rawip_socket (0x0))) -(neverallowx domain domain (ioctl netlink_socket (0x0))) -(neverallowx domain domain (ioctl packet_socket (0x0))) -(neverallowx domain domain (ioctl key_socket (0x0))) -(neverallowx domain domain (ioctl unix_stream_socket (0x0))) -(neverallowx domain domain (ioctl unix_dgram_socket (0x0))) -(neverallowx domain domain (ioctl netlink_route_socket (0x0))) -(neverallowx domain domain (ioctl netlink_tcpdiag_socket (0x0))) -(neverallowx domain domain (ioctl netlink_nflog_socket (0x0))) -(neverallowx domain domain (ioctl netlink_xfrm_socket (0x0))) -(neverallowx domain domain (ioctl netlink_selinux_socket (0x0))) -(neverallowx domain domain (ioctl netlink_audit_socket (0x0))) -(neverallowx domain domain (ioctl netlink_dnrt_socket (0x0))) -(neverallowx domain domain (ioctl netlink_kobject_uevent_socket (0x0))) -(neverallowx domain domain (ioctl appletalk_socket (0x0))) -(neverallowx domain domain (ioctl tun_socket (0x0))) -(neverallowx domain domain (ioctl netlink_iscsi_socket (0x0))) -(neverallowx domain domain (ioctl netlink_fib_lookup_socket (0x0))) -(neverallowx domain domain (ioctl netlink_connector_socket (0x0))) -(neverallowx domain domain (ioctl netlink_netfilter_socket (0x0))) -(neverallowx domain domain (ioctl netlink_generic_socket (0x0))) -(neverallowx domain domain (ioctl netlink_scsitransport_socket (0x0))) -(neverallowx domain domain (ioctl netlink_rdma_socket (0x0))) -(neverallowx domain domain (ioctl netlink_crypto_socket (0x0))) -(neverallowx domain domain (ioctl sctp_socket (0x0))) -(neverallowx domain domain (ioctl icmp_socket (0x0))) -(neverallowx domain domain (ioctl ax25_socket (0x0))) -(neverallowx domain domain (ioctl ipx_socket (0x0))) -(neverallowx domain domain (ioctl netrom_socket (0x0))) -(neverallowx domain domain (ioctl atmpvc_socket (0x0))) -(neverallowx domain domain (ioctl x25_socket (0x0))) -(neverallowx domain domain (ioctl rose_socket (0x0))) -(neverallowx domain domain (ioctl decnet_socket (0x0))) -(neverallowx domain domain (ioctl atmsvc_socket (0x0))) -(neverallowx domain domain (ioctl rds_socket (0x0))) -(neverallowx domain domain (ioctl irda_socket (0x0))) -(neverallowx domain domain (ioctl pppox_socket (0x0))) -(neverallowx domain domain (ioctl llc_socket (0x0))) -(neverallowx domain domain (ioctl can_socket (0x0))) -(neverallowx domain domain (ioctl tipc_socket (0x0))) -(neverallowx domain domain (ioctl bluetooth_socket (0x0))) -(neverallowx domain domain (ioctl iucv_socket (0x0))) -(neverallowx domain domain (ioctl rxrpc_socket (0x0))) -(neverallowx domain domain (ioctl isdn_socket (0x0))) -(neverallowx domain domain (ioctl phonet_socket (0x0))) -(neverallowx domain domain (ioctl ieee802154_socket (0x0))) -(neverallowx domain domain (ioctl caif_socket (0x0))) -(neverallowx domain domain (ioctl alg_socket (0x0))) -(neverallowx domain domain (ioctl nfc_socket (0x0))) -(neverallowx domain domain (ioctl vsock_socket (0x0))) -(neverallowx domain domain (ioctl kcm_socket (0x0))) -(neverallowx domain domain (ioctl qipcrtr_socket (0x0))) -(neverallowx base_typeattr_10_26_0 devpts_26_0 (ioctl chr_file (0x5412))) -(neverallow base_typeattr_11_26_0 unlabeled_26_0 (file (create))) -(neverallow base_typeattr_11_26_0 unlabeled_26_0 (dir (create))) -(neverallow base_typeattr_11_26_0 unlabeled_26_0 (lnk_file (create))) -(neverallow base_typeattr_11_26_0 unlabeled_26_0 (chr_file (create))) -(neverallow base_typeattr_11_26_0 unlabeled_26_0 (blk_file (create))) -(neverallow base_typeattr_11_26_0 unlabeled_26_0 (sock_file (create))) -(neverallow base_typeattr_11_26_0 unlabeled_26_0 (fifo_file (create))) -(neverallow base_typeattr_12_26_0 self (capability (mknod))) -(neverallow base_typeattr_13_26_0 self (capability (sys_rawio))) -(neverallow base_typeattr_10_26_0 self (memprotect (mmap_zero))) -(neverallow base_typeattr_10_26_0 self (capability2 (mac_override))) -(neverallow base_typeattr_14_26_0 self (capability2 (mac_admin))) -(neverallow base_typeattr_10_26_0 kernel_26_0 (security (load_policy))) -(neverallow base_typeattr_10_26_0 kernel_26_0 (security (setenforce))) -(neverallow base_typeattr_15_26_0 kernel_26_0 (security (setcheckreqprot))) -(neverallow base_typeattr_10_26_0 kernel_26_0 (security (setbool))) -(neverallow base_typeattr_5_26_0 kernel_26_0 (security (setsecparam))) -(neverallow base_typeattr_16_26_0 hw_random_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_10_26_0 base_typeattr_17_26_0 (file (entrypoint))) -(neverallow base_typeattr_18_26_0 kmem_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_10_26_0 kmem_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_18_26_0 port_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_10_26_0 port_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_5_26_0 usermodehelper_26_0 (file (write append))) -(neverallow base_typeattr_5_26_0 proc_security_26_0 (file (read write append open))) -(neverallow base_typeattr_10_26_0 init_26_0 (process (ptrace))) -(neverallow base_typeattr_10_26_0 init_26_0 (binder (impersonate call set_context_mgr transfer))) -(neverallow base_typeattr_19_26_0 block_device_26_0 (blk_file (read write open))) -(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (chr_file (rename))) -(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (blk_file (rename))) -(neverallow domain device_26_0 (chr_file (read write open))) -(neverallow base_typeattr_20_26_0 base_typeattr_21_26_0 (filesystem (mount remount relabelfrom relabelto))) -(neverallow base_typeattr_22_26_0 base_typeattr_23_26_0 (file (execute))) -(neverallow base_typeattr_24_26_0 base_typeattr_25_26_0 (file (execute))) -(neverallow domain cache_file_26_0 (file (execute))) -(neverallow domain cache_backup_file_26_0 (file (execute))) -(neverallow domain cache_private_backup_file_26_0 (file (execute))) -(neverallow domain cache_recovery_file_26_0 (file (execute))) -(neverallow base_typeattr_26_26_0 base_typeattr_27_26_0 (file (execute execute_no_trans))) -(neverallow base_typeattr_28_26_0 nativetest_data_file_26_0 (file (execute execute_no_trans))) -(neverallow base_typeattr_5_26_0 property_data_file_26_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir))) -(neverallow base_typeattr_5_26_0 property_data_file_26_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans))) -(neverallow base_typeattr_5_26_0 property_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans))) -(neverallow base_typeattr_5_26_0 properties_device_26_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans))) -(neverallow base_typeattr_5_26_0 properties_serial_26_0 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans))) -(neverallow base_typeattr_14_26_0 exec_type (file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 exec_type (dir (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 exec_type (lnk_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 exec_type (chr_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 exec_type (blk_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 exec_type (sock_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 exec_type (fifo_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 vendor_file_type (file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 vendor_file_type (dir (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 vendor_file_type (lnk_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 vendor_file_type (chr_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 vendor_file_type (blk_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 vendor_file_type (sock_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 vendor_file_type (fifo_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 system_file_26_0 (file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 system_file_26_0 (dir (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 system_file_26_0 (lnk_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 system_file_26_0 (chr_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 system_file_26_0 (blk_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 system_file_26_0 (sock_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_14_26_0 system_file_26_0 (fifo_file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_29_26_0 exec_type (file (relabelto))) -(neverallow base_typeattr_29_26_0 exec_type (dir (relabelto))) -(neverallow base_typeattr_29_26_0 exec_type (lnk_file (relabelto))) -(neverallow base_typeattr_29_26_0 exec_type (chr_file (relabelto))) -(neverallow base_typeattr_29_26_0 exec_type (blk_file (relabelto))) -(neverallow base_typeattr_29_26_0 exec_type (sock_file (relabelto))) -(neverallow base_typeattr_29_26_0 exec_type (fifo_file (relabelto))) -(neverallow base_typeattr_29_26_0 vendor_file_type (file (relabelto))) -(neverallow base_typeattr_29_26_0 vendor_file_type (dir (relabelto))) -(neverallow base_typeattr_29_26_0 vendor_file_type (lnk_file (relabelto))) -(neverallow base_typeattr_29_26_0 vendor_file_type (chr_file (relabelto))) -(neverallow base_typeattr_29_26_0 vendor_file_type (blk_file (relabelto))) -(neverallow base_typeattr_29_26_0 vendor_file_type (sock_file (relabelto))) -(neverallow base_typeattr_29_26_0 vendor_file_type (fifo_file (relabelto))) -(neverallow base_typeattr_29_26_0 system_file_26_0 (file (relabelto))) -(neverallow base_typeattr_29_26_0 system_file_26_0 (dir (relabelto))) -(neverallow base_typeattr_29_26_0 system_file_26_0 (lnk_file (relabelto))) -(neverallow base_typeattr_29_26_0 system_file_26_0 (chr_file (relabelto))) -(neverallow base_typeattr_29_26_0 system_file_26_0 (blk_file (relabelto))) -(neverallow base_typeattr_29_26_0 system_file_26_0 (sock_file (relabelto))) -(neverallow base_typeattr_29_26_0 system_file_26_0 (fifo_file (relabelto))) -(neverallow base_typeattr_10_26_0 exec_type (file (mounton))) -(neverallow base_typeattr_10_26_0 exec_type (dir (mounton))) -(neverallow base_typeattr_10_26_0 exec_type (lnk_file (mounton))) -(neverallow base_typeattr_10_26_0 exec_type (chr_file (mounton))) -(neverallow base_typeattr_10_26_0 exec_type (blk_file (mounton))) -(neverallow base_typeattr_10_26_0 exec_type (sock_file (mounton))) -(neverallow base_typeattr_10_26_0 exec_type (fifo_file (mounton))) -(neverallow base_typeattr_5_26_0 vendor_file_type (file (mounton))) -(neverallow base_typeattr_5_26_0 vendor_file_type (dir (mounton))) -(neverallow base_typeattr_5_26_0 vendor_file_type (lnk_file (mounton))) -(neverallow base_typeattr_5_26_0 vendor_file_type (chr_file (mounton))) -(neverallow base_typeattr_5_26_0 vendor_file_type (blk_file (mounton))) -(neverallow base_typeattr_5_26_0 vendor_file_type (sock_file (mounton))) -(neverallow base_typeattr_5_26_0 vendor_file_type (fifo_file (mounton))) -(neverallow base_typeattr_5_26_0 system_file_26_0 (file (mounton))) -(neverallow base_typeattr_5_26_0 system_file_26_0 (dir (mounton))) -(neverallow base_typeattr_5_26_0 system_file_26_0 (lnk_file (mounton))) -(neverallow base_typeattr_5_26_0 system_file_26_0 (chr_file (mounton))) -(neverallow base_typeattr_5_26_0 system_file_26_0 (blk_file (mounton))) -(neverallow base_typeattr_5_26_0 system_file_26_0 (sock_file (mounton))) -(neverallow base_typeattr_5_26_0 system_file_26_0 (fifo_file (mounton))) -(neverallow base_typeattr_10_26_0 rootfs_26_0 (file (write create setattr relabelto append unlink link rename))) -(neverallow base_typeattr_10_26_0 base_typeattr_30_26_0 (filesystem (relabelto))) -(neverallow base_typeattr_14_26_0 contextmount_type (file (write create setattr relabelfrom relabelto append unlink link rename))) -(neverallow base_typeattr_14_26_0 contextmount_type (dir (write create setattr relabelfrom relabelto append unlink link rename))) -(neverallow base_typeattr_14_26_0 contextmount_type (lnk_file (write create setattr relabelfrom relabelto append unlink link rename))) -(neverallow base_typeattr_14_26_0 contextmount_type (chr_file (write create setattr relabelfrom relabelto append unlink link rename))) -(neverallow base_typeattr_14_26_0 contextmount_type (blk_file (write create setattr relabelfrom relabelto append unlink link rename))) -(neverallow base_typeattr_14_26_0 contextmount_type (sock_file (write create setattr relabelfrom relabelto append unlink link rename))) -(neverallow base_typeattr_14_26_0 contextmount_type (fifo_file (write create setattr relabelfrom relabelto append unlink link rename))) -(neverallow base_typeattr_10_26_0 default_android_service_26_0 (service_manager (add))) -(neverallow base_typeattr_10_26_0 default_android_vndservice_26_0 (service_manager (add find))) -(neverallow base_typeattr_10_26_0 default_android_hwservice_26_0 (hwservice_manager (add find))) -(neverallow base_typeattr_10_26_0 hidl_base_hwservice_26_0 (hwservice_manager (find))) -(neverallow base_typeattr_5_26_0 default_prop_26_0 (property_service (set))) -(neverallow base_typeattr_5_26_0 mmc_prop_26_0 (property_service (set))) -(neverallow base_typeattr_31_26_0 serialno_prop_26_0 (file (ioctl read getattr lock open))) -(neverallow base_typeattr_32_26_0 firstboot_prop_26_0 (file (ioctl read getattr lock open))) -(neverallow base_typeattr_33_26_0 frp_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow base_typeattr_34_26_0 metadata_block_device_26_0 (blk_file (ioctl read write lock append link rename open))) -(neverallow base_typeattr_35_26_0 system_block_device_26_0 (blk_file (write))) -(neverallow base_typeattr_36_26_0 recovery_block_device_26_0 (blk_file (write))) -(neverallow base_typeattr_37_26_0 misc_block_device_26_0 (blk_file (ioctl read write lock relabelfrom append link rename open))) -(neverallow hal_bootctl unlabeled_26_0 (service_manager (list))) -(neverallow base_typeattr_38_26_0 base_typeattr_10_26_0 (binder (set_context_mgr))) -(neverallow servicemanager_26_0 hwbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow servicemanager_26_0 vndbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow hwservicemanager_26_0 binder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow hwservicemanager_26_0 vndbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow vndservicemanager_26_0 binder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow vndservicemanager_26_0 hwbinder_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow base_typeattr_39_26_0 binder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(neverallow base_typeattr_39_26_0 service_manager_type (service_manager (find))) -(neverallow base_typeattr_40_26_0 base_typeattr_41_26_0 (service_manager (find))) -(neverallow base_typeattr_39_26_0 servicemanager_26_0 (binder (call transfer))) -(neverallow binder_in_vendor_violators unlabeled_26_0 (service_manager (list))) -(neverallow base_typeattr_42_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(neverallow ueventd_26_0 vndbinder_device_26_0 (chr_file (ioctl read write append))) -(neverallow base_typeattr_43_26_0 vndservice_manager_type (service_manager (add find list))) -(neverallow base_typeattr_43_26_0 vndservicemanager_26_0 (binder (impersonate call set_context_mgr transfer))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (tcp_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (udp_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rawip_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (packet_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (key_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (unix_stream_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (unix_dgram_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_route_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_tcpdiag_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_nflog_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_xfrm_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_selinux_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_audit_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_dnrt_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_kobject_uevent_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (appletalk_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (tun_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_iscsi_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_fib_lookup_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_connector_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_netfilter_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_generic_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_scsitransport_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_rdma_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netlink_crypto_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (sctp_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (icmp_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (ax25_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (ipx_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (netrom_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (atmpvc_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (x25_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rose_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (decnet_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (atmsvc_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rds_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (irda_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (pppox_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (llc_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (can_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (tipc_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (bluetooth_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (iucv_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (rxrpc_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (isdn_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (phonet_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (ieee802154_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (caif_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (alg_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (nfc_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (vsock_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (kcm_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (qipcrtr_socket (connect sendto))) -(neverallow base_typeattr_44_26_0 base_typeattr_45_26_0 (unix_stream_socket (connectto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (tcp_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (udp_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rawip_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (packet_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (key_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (unix_stream_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (unix_dgram_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_route_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_tcpdiag_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_nflog_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_xfrm_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_selinux_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_audit_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_dnrt_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_kobject_uevent_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (appletalk_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (tun_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_iscsi_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_fib_lookup_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_connector_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_netfilter_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_generic_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_scsitransport_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_rdma_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netlink_crypto_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (sctp_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (icmp_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (ax25_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (ipx_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (netrom_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (atmpvc_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (x25_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rose_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (decnet_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (atmsvc_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rds_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (irda_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (pppox_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (llc_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (can_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (tipc_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (bluetooth_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (iucv_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (rxrpc_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (isdn_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (phonet_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (ieee802154_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (caif_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (alg_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (nfc_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (vsock_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (kcm_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (qipcrtr_socket (connect sendto))) -(neverallow base_typeattr_46_26_0 base_typeattr_47_26_0 (unix_stream_socket (connectto))) -(neverallow socket_between_core_and_vendor_violators unlabeled_26_0 (service_manager (list))) -(neverallow base_typeattr_48_26_0 netd_26_0 (socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (tcp_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (udp_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (rawip_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (packet_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (key_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (unix_stream_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (unix_dgram_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_route_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_tcpdiag_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_nflog_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_xfrm_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_selinux_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_audit_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_dnrt_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_kobject_uevent_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (appletalk_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (tun_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_iscsi_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_fib_lookup_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_connector_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_netfilter_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_generic_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_scsitransport_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_rdma_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netlink_crypto_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (sctp_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (icmp_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (ax25_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (ipx_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (netrom_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (atmpvc_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (x25_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (rose_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (decnet_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (atmsvc_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (rds_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (irda_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (pppox_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (llc_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (can_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (tipc_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (bluetooth_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (iucv_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (rxrpc_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (isdn_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (phonet_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (ieee802154_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (caif_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (alg_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (nfc_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (vsock_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (kcm_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (qipcrtr_socket (connect sendto))) -(neverallow base_typeattr_48_26_0 netd_26_0 (unix_stream_socket (connectto))) -(neverallow base_typeattr_46_26_0 core_data_file_type (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_46_26_0 coredomain_socket (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_46_26_0 unlabeled_26_0 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_40_26_0 base_typeattr_49_26_0 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow pdx_endpoint_socket_type unlabeled_26_0 (service_manager (list))) -(neverallow pdx_channel_socket_type unlabeled_26_0 (service_manager (list))) -(neverallow base_typeattr_50_26_0 base_typeattr_51_26_0 (sock_file (create setattr lock relabelfrom relabelto unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_52_26_0 vendor_app_file_26_0 (dir (read getattr search open))) -(neverallow base_typeattr_52_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open))) -(neverallow base_typeattr_52_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open))) -(neverallow base_typeattr_53_26_0 vendor_overlay_file_26_0 (dir (read getattr search open))) -(neverallow base_typeattr_53_26_0 vendor_overlay_file_26_0 (file (ioctl read getattr lock open))) -(neverallow base_typeattr_53_26_0 vendor_overlay_file_26_0 (lnk_file (ioctl read getattr lock open))) -(neverallow base_typeattr_54_26_0 vendor_shell_exec_26_0 (file (execute execute_no_trans))) -(neverallow base_typeattr_55_26_0 base_typeattr_56_26_0 (file (execute execute_no_trans entrypoint))) -(neverallow vendor_executes_system_violators unlabeled_26_0 (service_manager (list))) -(neverallow base_typeattr_57_26_0 dalvikcache_data_file_26_0 (file (write create setattr relabelfrom append unlink link rename))) -(neverallow base_typeattr_57_26_0 dalvikcache_data_file_26_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir))) -(neverallow base_typeattr_58_26_0 zygote_26_0 (unix_stream_socket (connectto))) -(neverallow base_typeattr_59_26_0 zygote_socket_26_0 (sock_file (write))) -(neverallow base_typeattr_60_26_0 webview_zygote_26_0 (unix_stream_socket (connectto))) -(neverallow base_typeattr_59_26_0 webview_zygote_socket_26_0 (sock_file (write))) -(neverallow base_typeattr_61_26_0 tombstoned_26_0 (unix_stream_socket (connectto))) -(neverallow base_typeattr_62_26_0 tombstoned_crash_socket_26_0 (sock_file (write))) -(neverallow base_typeattr_63_26_0 tombstoned_intercept_socket_26_0 (sock_file (write))) -(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (sem (create destroy getattr setattr read write associate unix_read unix_write))) -(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (msg (send receive))) -(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue))) -(neverallow base_typeattr_10_26_0 base_typeattr_10_26_0 (shm (create destroy getattr setattr read write associate unix_read unix_write lock))) -(neverallow base_typeattr_10_26_0 dev_type (lnk_file (mounton))) -(neverallow base_typeattr_10_26_0 dev_type (sock_file (mounton))) -(neverallow base_typeattr_10_26_0 dev_type (fifo_file (mounton))) -(neverallow base_typeattr_10_26_0 fs_type (lnk_file (mounton))) -(neverallow base_typeattr_10_26_0 fs_type (sock_file (mounton))) -(neverallow base_typeattr_10_26_0 fs_type (fifo_file (mounton))) -(neverallow base_typeattr_10_26_0 file_type (lnk_file (mounton))) -(neverallow base_typeattr_10_26_0 file_type (sock_file (mounton))) -(neverallow base_typeattr_10_26_0 file_type (fifo_file (mounton))) -(neverallow base_typeattr_64_26_0 su_exec_26_0 (file (execute execute_no_trans))) -(neverallow base_typeattr_10_26_0 base_typeattr_65_26_0 (file (execmod))) -(neverallow base_typeattr_10_26_0 self (process (execstack execheap))) -(neverallow base_typeattr_66_26_0 file_type (file (execmod))) -(neverallow base_typeattr_5_26_0 proc_26_0 (file (mounton))) -(neverallow base_typeattr_5_26_0 proc_26_0 (dir (mounton))) -(neverallow base_typeattr_67_26_0 domain (process (transition dyntransition))) -(neverallow base_typeattr_68_26_0 system_data_file_26_0 (file (write create setattr relabelfrom append unlink link rename))) -(neverallow installd_26_0 system_data_file_26_0 (file (write create setattr relabelto append link rename execute quotaon mounton execute_no_trans entrypoint execmod audit_access))) -(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (file (create unlink open))) -(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (dir (create unlink open))) -(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (lnk_file (create unlink open))) -(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (chr_file (create unlink open))) -(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (blk_file (create unlink open))) -(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (sock_file (create unlink open))) -(neverallow base_typeattr_69_26_0 system_app_data_file_26_0 (fifo_file (create unlink open))) -(neverallow untrusted_app_all system_app_data_file_26_0 (file (create unlink open))) -(neverallow untrusted_app_all system_app_data_file_26_0 (dir (create unlink open))) -(neverallow untrusted_app_all system_app_data_file_26_0 (lnk_file (create unlink open))) -(neverallow untrusted_app_all system_app_data_file_26_0 (chr_file (create unlink open))) -(neverallow untrusted_app_all system_app_data_file_26_0 (blk_file (create unlink open))) -(neverallow untrusted_app_all system_app_data_file_26_0 (sock_file (create unlink open))) -(neverallow untrusted_app_all system_app_data_file_26_0 (fifo_file (create unlink open))) -(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (file (create unlink open))) -(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (dir (create unlink open))) -(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (lnk_file (create unlink open))) -(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (chr_file (create unlink open))) -(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (blk_file (create unlink open))) -(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (sock_file (create unlink open))) -(neverallow ephemeral_app_26_0 system_app_data_file_26_0 (fifo_file (create unlink open))) -(neverallow isolated_app_26_0 system_app_data_file_26_0 (file (create unlink open))) -(neverallow isolated_app_26_0 system_app_data_file_26_0 (dir (create unlink open))) -(neverallow isolated_app_26_0 system_app_data_file_26_0 (lnk_file (create unlink open))) -(neverallow isolated_app_26_0 system_app_data_file_26_0 (chr_file (create unlink open))) -(neverallow isolated_app_26_0 system_app_data_file_26_0 (blk_file (create unlink open))) -(neverallow isolated_app_26_0 system_app_data_file_26_0 (sock_file (create unlink open))) -(neverallow isolated_app_26_0 system_app_data_file_26_0 (fifo_file (create unlink open))) -(neverallow priv_app_26_0 system_app_data_file_26_0 (file (create unlink open))) -(neverallow priv_app_26_0 system_app_data_file_26_0 (dir (create unlink open))) -(neverallow priv_app_26_0 system_app_data_file_26_0 (lnk_file (create unlink open))) -(neverallow priv_app_26_0 system_app_data_file_26_0 (chr_file (create unlink open))) -(neverallow priv_app_26_0 system_app_data_file_26_0 (blk_file (create unlink open))) -(neverallow priv_app_26_0 system_app_data_file_26_0 (sock_file (create unlink open))) -(neverallow priv_app_26_0 system_app_data_file_26_0 (fifo_file (create unlink open))) -(neverallow base_typeattr_70_26_0 app_data_file_26_0 (file (create unlink))) -(neverallow base_typeattr_70_26_0 app_data_file_26_0 (dir (create unlink))) -(neverallow base_typeattr_70_26_0 app_data_file_26_0 (lnk_file (create unlink))) -(neverallow base_typeattr_70_26_0 app_data_file_26_0 (chr_file (create unlink))) -(neverallow base_typeattr_70_26_0 app_data_file_26_0 (blk_file (create unlink))) -(neverallow base_typeattr_70_26_0 app_data_file_26_0 (sock_file (create unlink))) -(neverallow base_typeattr_70_26_0 app_data_file_26_0 (fifo_file (create unlink))) -(neverallow base_typeattr_71_26_0 shell_26_0 (process (transition dyntransition))) -(neverallow base_typeattr_72_26_0 base_typeattr_73_26_0 (process (transition dyntransition))) -(neverallow base_typeattr_74_26_0 app_data_file_26_0 (lnk_file (read))) -(neverallow base_typeattr_75_26_0 shell_data_file_26_0 (lnk_file (read))) -(neverallow base_typeattr_76_26_0 shell_data_file_26_0 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir))) -(neverallow base_typeattr_77_26_0 shell_data_file_26_0 (dir (search open))) -(neverallow base_typeattr_78_26_0 shell_data_file_26_0 (file (open))) -(neverallow base_typeattr_10_26_0 base_typeattr_79_26_0 (service_manager (list))) -(neverallow base_typeattr_10_26_0 base_typeattr_80_26_0 (hwservice_manager (list))) -(neverallow base_typeattr_10_26_0 domain (file (execute execute_no_trans entrypoint))) -(neverallow base_typeattr_81_26_0 debugfs_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow base_typeattr_82_26_0 profman_exec_26_0 (file (execute execute_no_trans))) -(neverallow base_typeattr_10_26_0 base_typeattr_83_26_0 (system (module_load))) -(neverallow base_typeattr_14_26_0 self (capability (setfcap))) -(neverallow domain crash_dump_26_0 (process (noatsecure))) -(neverallow base_typeattr_84_26_0 coredomain_hwservice (hwservice_manager (add))) -(neverallow base_typeattr_10_26_0 same_process_hwservice (hwservice_manager (add))) -(allow drmserver_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 drmserver_26_0 (dir (search))) -(allow servicemanager_26_0 drmserver_26_0 (file (read open))) -(allow servicemanager_26_0 drmserver_26_0 (process (getattr))) -(allow drmserver_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 drmserver_26_0 (binder (transfer))) -(allow drmserver_26_0 system_server_26_0 (fd (use))) -(allow drmserver_26_0 appdomain (binder (call transfer))) -(allow appdomain drmserver_26_0 (binder (transfer))) -(allow drmserver_26_0 appdomain (fd (use))) -(allow drmserver_26_0 system_server_26_0 (fd (use))) -(allow drmserver_26_0 mediaserver_26_0 (binder (call transfer))) -(allow mediaserver_26_0 drmserver_26_0 (binder (transfer))) -(allow drmserver_26_0 mediaserver_26_0 (fd (use))) -(allow drmserver_26_0 sdcard_type (dir (search))) -(allow drmserver_26_0 drm_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow drmserver_26_0 drm_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow drmserver_26_0 tee_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow drmserver_26_0 app_data_file_26_0 (file (read write getattr))) -(allow drmserver_26_0 sdcard_type (file (read write getattr))) -(allow drmserver_26_0 efs_file_26_0 (dir (ioctl read getattr lock search open))) -(allow drmserver_26_0 efs_file_26_0 (file (ioctl read getattr lock open))) -(allow drmserver_26_0 efs_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow drmserver_26_0 apk_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow drmserver_26_0 drmserver_socket_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow drmserver_26_0 apk_data_file_26_0 (sock_file (unlink))) -(allow drmserver_26_0 media_rw_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow drmserver_26_0 media_rw_data_file_26_0 (file (ioctl read getattr lock open))) -(allow drmserver_26_0 media_rw_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow drmserver_26_0 apk_data_file_26_0 (file (read getattr))) -(allow drmserver_26_0 asec_apk_file_26_0 (file (read getattr))) -(allow drmserver_26_0 ringtone_file_26_0 (file (read getattr))) -(allow drmserver_26_0 radio_data_file_26_0 (file (read getattr))) -(allow drmserver_26_0 oemfs_26_0 (dir (search))) -(allow drmserver_26_0 oemfs_26_0 (file (ioctl read getattr lock open))) -(allow drmserver_26_0 drmserver_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_85_26_0 drmserver_service_26_0 (service_manager (add))) -(neverallow drmserver_26_0 unlabeled_26_0 (service_manager (add))) -(allow drmserver_26_0 permission_service_26_0 (service_manager (find))) -(allow drmserver_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow drmserver_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow drmserver_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow drmserver_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow drmserver_26_0 kernel_26_0 (security (compute_av))) -(allow drmserver_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(allow drmserver_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow drmserver_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow drmserver_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow drmserver_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow drmserver_26_0 system_file_26_0 (file (ioctl read getattr lock open))) -(allow drmserver_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow dumpstate_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 dumpstate_26_0 (dir (search))) -(allow servicemanager_26_0 dumpstate_26_0 (file (read open))) -(allow servicemanager_26_0 dumpstate_26_0 (process (getattr))) -(allow dumpstate_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow dumpstate_26_0 self (capability2 (block_suspend))) -(allow dumpstate_26_0 self (capability (setgid setuid sys_resource))) -(allow dumpstate_26_0 domain (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 domain (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 domain (lnk_file (ioctl read getattr lock open))) -(allow dumpstate_26_0 self (capability (kill net_admin net_raw))) -(allow dumpstate_26_0 system_file_26_0 (file (execute_no_trans))) -(allow dumpstate_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow dumpstate_26_0 self (capability (chown dac_override fowner fsetid))) -(allow dumpstate_26_0 anr_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow dumpstate_26_0 anr_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow dumpstate_26_0 system_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 self (capability2 (syslog))) -(allow dumpstate_26_0 kernel_26_0 (system (syslog_read))) -(allow dumpstate_26_0 pstorefs_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 domain (process (getattr))) -(allow dumpstate_26_0 appdomain (process (signal))) -(allow dumpstate_26_0 system_server_26_0 (process (signal))) -(allow dumpstate_26_0 hal_audio_server (process (signal))) -(allow dumpstate_26_0 hal_bluetooth_server (process (signal))) -(allow dumpstate_26_0 hal_camera_server (process (signal))) -(allow dumpstate_26_0 hal_graphics_composer_server (process (signal))) -(allow dumpstate_26_0 hal_vr_server (process (signal))) -(allow dumpstate_26_0 audioserver_26_0 (process (signal))) -(allow dumpstate_26_0 cameraserver_26_0 (process (signal))) -(allow dumpstate_26_0 drmserver_26_0 (process (signal))) -(allow dumpstate_26_0 inputflinger_26_0 (process (signal))) -(allow dumpstate_26_0 mediacodec_26_0 (process (signal))) -(allow dumpstate_26_0 mediadrmserver_26_0 (process (signal))) -(allow dumpstate_26_0 mediaextractor_26_0 (process (signal))) -(allow dumpstate_26_0 mediaserver_26_0 (process (signal))) -(allow dumpstate_26_0 sdcardd_26_0 (process (signal))) -(allow dumpstate_26_0 surfaceflinger_26_0 (process (signal))) -(allow dumpstate_26_0 tombstoned_intercept_socket_26_0 (sock_file (write))) -(allow dumpstate_26_0 tombstoned_26_0 (unix_stream_socket (connectto))) -(allow dumpstate_26_0 sysfs_usb_26_0 (file (write lock append open))) -(allow dumpstate_26_0 qtaguid_proc_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 debugfs_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 block_device_26_0 (dir (getattr search))) -(allow dumpstate_26_0 storage_file_26_0 (dir (getattr search))) -(allow dumpstate_26_0 fuse_device_26_0 (chr_file (getattr))) -(allow dumpstate_26_0 dm_device_26_0 (blk_file (getattr))) -(allow dumpstate_26_0 cache_block_device_26_0 (blk_file (getattr))) -(allow dumpstate_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow dumpstate_26_0 binderservicedomain (binder (call transfer))) -(allow binderservicedomain dumpstate_26_0 (binder (transfer))) -(allow dumpstate_26_0 binderservicedomain (fd (use))) -(allow dumpstate_26_0 appdomain (binder (call transfer))) -(allow dumpstate_26_0 netd_26_0 (binder (call transfer))) -(allow dumpstate_26_0 wificond_26_0 (binder (call transfer))) -(allow appdomain dumpstate_26_0 (binder (transfer))) -(allow netd_26_0 dumpstate_26_0 (binder (transfer))) -(allow wificond_26_0 dumpstate_26_0 (binder (transfer))) -(allow dumpstate_26_0 appdomain (fd (use))) -(allow dumpstate_26_0 netd_26_0 (fd (use))) -(allow dumpstate_26_0 wificond_26_0 (fd (use))) -(allow dumpstate_26_0 sysfs_vibrator_26_0 (file (ioctl read write getattr lock append open))) -(allow dumpstate_26_0 self (capability (sys_ptrace))) -(allow dumpstate_26_0 shell_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow dumpstate_26_0 shell_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow dumpstate_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow dumpstate_26_0 zygote_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow dumpstate_26_0 ashmem_device_26_0 (chr_file (execute))) -(allow dumpstate_26_0 self (process (execmem))) -(allow dumpstate_26_0 dalvikcache_data_file_26_0 (dir (getattr search))) -(allow dumpstate_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock execute open))) -(allow dumpstate_26_0 dalvikcache_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow dumpstate_26_0 bluetooth_data_file_26_0 (dir (search))) -(allow dumpstate_26_0 bluetooth_logs_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 bluetooth_logs_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow dumpstate_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow dumpstate_26_0 logdr_socket_26_0 (sock_file (write))) -(allow dumpstate_26_0 logd_26_0 (unix_stream_socket (connectto))) -(allow dumpstate_26_0 logd_socket_26_0 (sock_file (write))) -(allow dumpstate_26_0 logd_26_0 (unix_stream_socket (connectto))) -(allow dumpstate_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 net_data_file_26_0 (dir (search))) -(allow dumpstate_26_0 net_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 self (netlink_tcpdiag_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read))) -(allow dumpstate_26_0 tombstone_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 tombstone_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 cache_recovery_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 cache_recovery_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 recovery_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 recovery_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 user_profile_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 user_profile_data_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 misc_logd_file_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 misc_logd_file_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 base_typeattr_86_26_0 (service_manager (find))) -(allow dumpstate_26_0 servicemanager_26_0 (service_manager (list))) -(allow dumpstate_26_0 hwservicemanager_26_0 (hwservice_manager (list))) -(allow dumpstate_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow dumpstate_26_0 property_socket_26_0 (sock_file (write))) -(allow dumpstate_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow dumpstate_26_0 dumpstate_prop_26_0 (property_service (set))) -(allow dumpstate_26_0 dumpstate_prop_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 property_socket_26_0 (sock_file (write))) -(allow dumpstate_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow dumpstate_26_0 dumpstate_options_prop_26_0 (property_service (set))) -(allow dumpstate_26_0 dumpstate_options_prop_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 serialno_prop_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 device_logging_prop_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 media_rw_data_file_26_0 (dir (getattr))) -(allow dumpstate_26_0 proc_interrupts_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 proc_zoneinfo_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 dumpstate_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_87_26_0 dumpstate_service_26_0 (service_manager (add))) -(neverallow dumpstate_26_0 unlabeled_26_0 (service_manager (add))) -(neverallow dumpstate_26_0 base_typeattr_10_26_0 (process (ptrace))) -(neverallow base_typeattr_88_26_0 dumpstate_service_26_0 (service_manager (find))) -(neverallow dumpstate_26_0 sysfs_26_0 (file (write create setattr relabelfrom append unlink link rename))) -(allow fs_type self (filesystem (associate))) -(allow sysfs_type sysfs_26_0 (filesystem (associate))) -(allow debugfs_type debugfs_26_0 (filesystem (associate))) -(allow debugfs_type debugfs_tracing_26_0 (filesystem (associate))) -(allow file_type labeledfs_26_0 (filesystem (associate))) -(allow file_type tmpfs_26_0 (filesystem (associate))) -(allow file_type rootfs_26_0 (filesystem (associate))) -(allow dev_type tmpfs_26_0 (filesystem (associate))) -(allow app_fuse_file_26_0 app_fusefs_26_0 (filesystem (associate))) -(allow postinstall_file_26_0 self (filesystem (associate))) -(neverallow fs_type file_type (filesystem (associate))) -(allow fingerprintd_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 fingerprintd_26_0 (dir (search))) -(allow servicemanager_26_0 fingerprintd_26_0 (file (read open))) -(allow servicemanager_26_0 fingerprintd_26_0 (process (getattr))) -(allow fingerprintd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow fingerprintd_26_0 fingerprintd_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_89_26_0 fingerprintd_service_26_0 (service_manager (add))) -(neverallow fingerprintd_26_0 unlabeled_26_0 (service_manager (add))) -(allow fingerprintd_26_0 fingerprintd_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fingerprintd_26_0 fingerprintd_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow keystore_26_0 fingerprintd_26_0 (dir (search))) -(allow keystore_26_0 fingerprintd_26_0 (file (read open))) -(allow keystore_26_0 fingerprintd_26_0 (process (getattr))) -(allow fingerprintd_26_0 keystore_service_26_0 (service_manager (find))) -(allow fingerprintd_26_0 keystore_26_0 (binder (call transfer))) -(allow keystore_26_0 fingerprintd_26_0 (binder (transfer))) -(allow fingerprintd_26_0 keystore_26_0 (fd (use))) -(allow fingerprintd_26_0 keystore_26_0 (keystore_key (add_auth))) -(allow fingerprintd_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 fingerprintd_26_0 (binder (transfer))) -(allow fingerprintd_26_0 system_server_26_0 (fd (use))) -(allow fingerprintd_26_0 permission_service_26_0 (service_manager (find))) -(allow fingerprintd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow fingerprintd_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow fingerprintd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow fingerprintd_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow fingerprintd_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow fingerprintd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow fingerprintd_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow fsck_26_0 tmpfs_26_0 (chr_file (ioctl read write))) -(allow fsck_26_0 devpts_26_0 (chr_file (ioctl read write getattr))) -(allow fsck_26_0 vold_26_0 (fd (use))) -(allow fsck_26_0 vold_26_0 (fifo_file (read write getattr))) -(allow fsck_26_0 block_device_26_0 (dir (search))) -(allow fsck_26_0 userdata_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 cache_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 dm_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 dev_type (blk_file (getattr))) -(allow fsck_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow fsck_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow fsck_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow fsck_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(neverallow fsck_26_0 vold_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_26_0 root_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_26_0 frp_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_26_0 system_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_26_0 recovery_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_26_0 boot_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_26_0 swap_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_26_0 metadata_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow base_typeattr_90_26_0 fsck_26_0 (process (transition))) -(neverallow base_typeattr_10_26_0 fsck_26_0 (process (dyntransition))) -(neverallow fsck_26_0 base_typeattr_91_26_0 (file (entrypoint))) -(allow fsck_untrusted_26_0 devpts_26_0 (chr_file (ioctl read write getattr))) -(allow fsck_untrusted_26_0 vold_26_0 (fd (use))) -(allow fsck_untrusted_26_0 vold_26_0 (fifo_file (read write getattr))) -(allow fsck_untrusted_26_0 block_device_26_0 (dir (search))) -(allow fsck_untrusted_26_0 vold_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow fsck_untrusted_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow fsck_untrusted_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow fsck_untrusted_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow fsck_untrusted_26_0 dev_type (blk_file (getattr))) -(neverallow fsck_untrusted_26_0 dm_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 root_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 frp_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 system_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 recovery_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 boot_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 userdata_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 cache_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 swap_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow fsck_untrusted_26_0 metadata_block_device_26_0 (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(neverallow base_typeattr_92_26_0 fsck_untrusted_26_0 (process (transition))) -(neverallow base_typeattr_10_26_0 fsck_untrusted_26_0 (process (dyntransition))) -(neverallow fsck_untrusted_26_0 base_typeattr_91_26_0 (file (entrypoint))) -(allow gatekeeperd_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 gatekeeperd_26_0 (dir (search))) -(allow servicemanager_26_0 gatekeeperd_26_0 (file (read open))) -(allow servicemanager_26_0 gatekeeperd_26_0 (process (getattr))) -(allow gatekeeperd_26_0 tee_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow gatekeeperd_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow gatekeeperd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow gatekeeperd_26_0 gatekeeper_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_93_26_0 gatekeeper_service_26_0 (service_manager (add))) -(neverallow gatekeeperd_26_0 unlabeled_26_0 (service_manager (add))) -(allow keystore_26_0 gatekeeperd_26_0 (dir (search))) -(allow keystore_26_0 gatekeeperd_26_0 (file (read open))) -(allow keystore_26_0 gatekeeperd_26_0 (process (getattr))) -(allow gatekeeperd_26_0 keystore_service_26_0 (service_manager (find))) -(allow gatekeeperd_26_0 keystore_26_0 (binder (call transfer))) -(allow keystore_26_0 gatekeeperd_26_0 (binder (transfer))) -(allow gatekeeperd_26_0 keystore_26_0 (fd (use))) -(allow gatekeeperd_26_0 keystore_26_0 (keystore_key (add_auth))) -(allow gatekeeperd_26_0 system_server_26_0 (binder (call))) -(allow gatekeeperd_26_0 permission_service_26_0 (service_manager (find))) -(allow gatekeeperd_26_0 user_service_26_0 (service_manager (find))) -(allow gatekeeperd_26_0 gatekeeper_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow gatekeeperd_26_0 gatekeeper_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow gatekeeperd_26_0 hardware_properties_service_26_0 (service_manager (find))) -(allow gatekeeperd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow gatekeeperd_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow gatekeeperd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_allocator_client hal_allocator_server (binder (call transfer))) -(allow hal_allocator_server hal_allocator_client (binder (transfer))) -(allow hal_allocator_client hal_allocator_server (fd (use))) -(allow hal_allocator_server hidl_allocator_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_allocator_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_94_26_0 hidl_allocator_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_allocator_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_allocator_client hidl_allocator_hwservice_26_0 (hwservice_manager (find))) -(allow hal_allocator_client hidl_memory_hwservice_26_0 (hwservice_manager (find))) -(allow hal_audio_client hal_audio_server (binder (call transfer))) -(allow hal_audio_server hal_audio_client (binder (transfer))) -(allow hal_audio_client hal_audio_server (fd (use))) -(allow hal_audio_server hal_audio_client (binder (call transfer))) -(allow hal_audio_client hal_audio_server (binder (transfer))) -(allow hal_audio_server hal_audio_client (fd (use))) -(allow hal_audio_server hal_audio_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_audio_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_95_26_0 hal_audio_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_audio_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_audio_client hal_audio_hwservice_26_0 (hwservice_manager (find))) -(allow hal_audio ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow hal_audio audiohal_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hal_audio audiohal_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_audio proc_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_audio proc_26_0 (file (ioctl read getattr lock open))) -(allow hal_audio proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_audio audio_device_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_audio audio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_audio shell_26_0 (fd (use))) -(allow hal_audio shell_26_0 (fifo_file (write))) -(allow hal_audio dumpstate_26_0 (fd (use))) -(allow hal_audio dumpstate_26_0 (fifo_file (write))) -(neverallow hal_audio fs_type (file (execute_no_trans))) -(neverallow hal_audio file_type (file (execute_no_trans))) -(neverallow hal_audio domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow hal_audio domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow hal_audio domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow base_typeattr_96_26_0 audio_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(allow hal_bluetooth_client hal_bluetooth_server (binder (call transfer))) -(allow hal_bluetooth_server hal_bluetooth_client (binder (transfer))) -(allow hal_bluetooth_client hal_bluetooth_server (fd (use))) -(allow hal_bluetooth_server hal_bluetooth_client (binder (call transfer))) -(allow hal_bluetooth_client hal_bluetooth_server (binder (transfer))) -(allow hal_bluetooth_server hal_bluetooth_client (fd (use))) -(allow hal_bluetooth_server hal_bluetooth_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_bluetooth_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_97_26_0 hal_bluetooth_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_bluetooth_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_bluetooth_client hal_bluetooth_hwservice_26_0 (hwservice_manager (find))) -(allow hal_bluetooth sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow hal_bluetooth self (capability2 (block_suspend))) -(allow hal_bluetooth self (capability (net_admin))) -(allow hal_bluetooth bluetooth_efs_file_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_bluetooth bluetooth_efs_file_26_0 (file (ioctl read getattr lock open))) -(allow hal_bluetooth bluetooth_efs_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_bluetooth uhid_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_bluetooth hci_attach_dev_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_bluetooth sysfs_type (dir (ioctl read getattr lock search open))) -(allow hal_bluetooth sysfs_type (file (ioctl read getattr lock open))) -(allow hal_bluetooth sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow hal_bluetooth sysfs_bluetooth_writable_26_0 (file (ioctl read write getattr lock append open))) -(allow hal_bluetooth self (capability2 (wake_alarm))) -(allow hal_bluetooth property_socket_26_0 (sock_file (write))) -(allow hal_bluetooth init_26_0 (unix_stream_socket (connectto))) -(allow hal_bluetooth bluetooth_prop_26_0 (property_service (set))) -(allow hal_bluetooth bluetooth_prop_26_0 (file (ioctl read getattr lock open))) -(allow hal_bluetooth proc_bluetooth_writable_26_0 (file (ioctl read write getattr lock append open))) -(allow hal_bluetooth self (capability (sys_nice))) -(allow hal_bootctl_client hal_bootctl_server (binder (call transfer))) -(allow hal_bootctl_server hal_bootctl_client (binder (transfer))) -(allow hal_bootctl_client hal_bootctl_server (fd (use))) -(allow hal_bootctl_server hal_bootctl_client (binder (call transfer))) -(allow hal_bootctl_client hal_bootctl_server (binder (transfer))) -(allow hal_bootctl_server hal_bootctl_client (fd (use))) -(allow hal_bootctl_server hal_bootctl_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_bootctl_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_98_26_0 hal_bootctl_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_bootctl_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_bootctl_client hal_bootctl_hwservice_26_0 (hwservice_manager (find))) -(allow hal_camera_client hal_camera_server (binder (call transfer))) -(allow hal_camera_server hal_camera_client (binder (transfer))) -(allow hal_camera_client hal_camera_server (fd (use))) -(allow hal_camera_server hal_camera_client (binder (call transfer))) -(allow hal_camera_client hal_camera_server (binder (transfer))) -(allow hal_camera_server hal_camera_client (fd (use))) -(allow hal_camera_server hal_camera_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_camera_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_99_26_0 hal_camera_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_camera_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_camera_client hal_camera_hwservice_26_0 (hwservice_manager (find))) -(allow hal_camera camera_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hal_camera camera_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_camera video_device_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_camera video_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_camera camera_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_camera ion_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_camera_client hal_graphics_allocator (fd (use))) -(allow hal_camera_server hal_graphics_allocator (fd (use))) -(allow hal_camera base_typeattr_100_26_0 (fd (use))) -(allow hal_camera surfaceflinger_26_0 (fd (use))) -(allow hal_camera hal_allocator_server (fd (use))) -(neverallow hal_camera fs_type (file (execute_no_trans))) -(neverallow hal_camera file_type (file (execute_no_trans))) -(neverallow hal_camera domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow hal_camera domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow hal_camera domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow base_typeattr_101_26_0 camera_device_26_0 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(allow hal_configstore_client hal_configstore_server (binder (call transfer))) -(allow hal_configstore_server hal_configstore_client (binder (transfer))) -(allow hal_configstore_client hal_configstore_server (fd (use))) -(allow hal_configstore_server hal_configstore_ISurfaceFlingerConfigs_26_0 (hwservice_manager (add find))) -(allow hal_configstore_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_102_26_0 hal_configstore_ISurfaceFlingerConfigs_26_0 (hwservice_manager (add))) -(neverallow hal_configstore_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_contexthub_client hal_contexthub_server (binder (call transfer))) -(allow hal_contexthub_server hal_contexthub_client (binder (transfer))) -(allow hal_contexthub_client hal_contexthub_server (fd (use))) -(allow hal_contexthub_server hal_contexthub_client (binder (call transfer))) -(allow hal_contexthub_client hal_contexthub_server (binder (transfer))) -(allow hal_contexthub_server hal_contexthub_client (fd (use))) -(allow hal_contexthub_server hal_contexthub_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_contexthub_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_103_26_0 hal_contexthub_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_contexthub_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_contexthub_client hal_contexthub_hwservice_26_0 (hwservice_manager (find))) -(allow hal_drm_client hal_drm_server (binder (call transfer))) -(allow hal_drm_server hal_drm_client (binder (transfer))) -(allow hal_drm_client hal_drm_server (fd (use))) -(allow hal_drm_server hal_drm_client (binder (call transfer))) -(allow hal_drm_client hal_drm_server (binder (transfer))) -(allow hal_drm_server hal_drm_client (fd (use))) -(allow hal_drm_server hal_drm_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_drm_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_104_26_0 hal_drm_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_drm_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_drm_client hal_drm_hwservice_26_0 (hwservice_manager (find))) -(allow hal_drm hidl_memory_hwservice_26_0 (hwservice_manager (find))) -(allow hal_drm self (process (execmem))) -(allow hal_drm serialno_prop_26_0 (file (ioctl read getattr lock open))) -(allow hal_drm system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_drm system_file_26_0 (file (ioctl read getattr lock open))) -(allow hal_drm system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_drm system_data_file_26_0 (dir (getattr search))) -(allow hal_drm system_data_file_26_0 (file (read getattr))) -(allow hal_drm system_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_drm cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_drm cgroup_26_0 (file (ioctl read getattr lock open))) -(allow hal_drm cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_drm cgroup_26_0 (dir (write search))) -(allow hal_drm cgroup_26_0 (file (write lock append open))) -(allow hal_drm ion_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_drm hal_graphics_allocator (fd (use))) -(allow hal_drm mediaserver_26_0 (fd (use))) -(allow hal_drm media_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hal_drm media_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_drm media_data_file_26_0 (file (read getattr))) -(allow hal_drm sysfs_26_0 (file (ioctl read getattr lock open))) -(allow hal_drm tee_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allowx hal_drm self (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx hal_drm self (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx hal_drm self (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx hal_drm self (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx hal_drm self (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx hal_drm self (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx hal_drm self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allowx hal_drm self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allowx hal_drm self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(neverallow hal_drm fs_type (file (execute_no_trans))) -(neverallow hal_drm file_type (file (execute_no_trans))) -(neverallowx hal_drm domain (ioctl tcp_socket (0x6900 0x6902))) -(neverallowx hal_drm domain (ioctl udp_socket (0x6900 0x6902))) -(neverallowx hal_drm domain (ioctl rawip_socket (0x6900 0x6902))) -(neverallowx hal_drm domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx hal_drm domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx hal_drm domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx hal_drm domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx hal_drm domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx hal_drm domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow hal_dumpstate_client hal_dumpstate_server (binder (call transfer))) -(allow hal_dumpstate_server hal_dumpstate_client (binder (transfer))) -(allow hal_dumpstate_client hal_dumpstate_server (fd (use))) -(allow hal_dumpstate_server hal_dumpstate_client (binder (call transfer))) -(allow hal_dumpstate_client hal_dumpstate_server (binder (transfer))) -(allow hal_dumpstate_server hal_dumpstate_client (fd (use))) -(allow hal_dumpstate_server hal_dumpstate_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_dumpstate_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_105_26_0 hal_dumpstate_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_dumpstate_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_dumpstate_client hal_dumpstate_hwservice_26_0 (hwservice_manager (find))) -(allow hal_dumpstate shell_data_file_26_0 (file (write))) -(allow hal_dumpstate proc_interrupts_26_0 (file (ioctl read getattr lock open))) -(allow hal_fingerprint_client hal_fingerprint_server (binder (call transfer))) -(allow hal_fingerprint_server hal_fingerprint_client (binder (transfer))) -(allow hal_fingerprint_client hal_fingerprint_server (fd (use))) -(allow hal_fingerprint_server hal_fingerprint_client (binder (call transfer))) -(allow hal_fingerprint_client hal_fingerprint_server (binder (transfer))) -(allow hal_fingerprint_server hal_fingerprint_client (fd (use))) -(allow hal_fingerprint_server hal_fingerprint_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_fingerprint_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_106_26_0 hal_fingerprint_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_fingerprint_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_fingerprint_client hal_fingerprint_hwservice_26_0 (hwservice_manager (find))) -(allow hal_fingerprint fingerprintd_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_fingerprint fingerprintd_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow hal_fingerprint ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow hal_fingerprint cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_fingerprint cgroup_26_0 (file (ioctl read getattr lock open))) -(allow hal_fingerprint cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_fingerprint sysfs_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_fingerprint sysfs_26_0 (file (ioctl read getattr lock open))) -(allow hal_fingerprint sysfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_gatekeeper_client hal_gatekeeper_server (binder (call transfer))) -(allow hal_gatekeeper_server hal_gatekeeper_client (binder (transfer))) -(allow hal_gatekeeper_client hal_gatekeeper_server (fd (use))) -(allow hal_gatekeeper_server hal_gatekeeper_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_gatekeeper_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_107_26_0 hal_gatekeeper_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_gatekeeper_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_gatekeeper_client hal_gatekeeper_hwservice_26_0 (hwservice_manager (find))) -(allow hal_gatekeeper tee_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_gatekeeper ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow hal_gnss_client hal_gnss_server (binder (call transfer))) -(allow hal_gnss_server hal_gnss_client (binder (transfer))) -(allow hal_gnss_client hal_gnss_server (fd (use))) -(allow hal_gnss_server hal_gnss_client (binder (call transfer))) -(allow hal_gnss_client hal_gnss_server (binder (transfer))) -(allow hal_gnss_server hal_gnss_client (fd (use))) -(allow hal_gnss_server hal_gnss_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_gnss_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_108_26_0 hal_gnss_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_gnss_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_gnss_client hal_gnss_hwservice_26_0 (hwservice_manager (find))) -(allow hal_graphics_allocator_client hal_graphics_allocator_server (binder (call transfer))) -(allow hal_graphics_allocator_server hal_graphics_allocator_client (binder (transfer))) -(allow hal_graphics_allocator_client hal_graphics_allocator_server (fd (use))) -(allow hal_graphics_allocator_server hal_graphics_allocator_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_graphics_allocator_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_109_26_0 hal_graphics_allocator_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_graphics_allocator_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_graphics_allocator_client hal_graphics_allocator_hwservice_26_0 (hwservice_manager (find))) -(allow hal_graphics_allocator_client hal_graphics_mapper_hwservice_26_0 (hwservice_manager (find))) -(allow hal_graphics_allocator gpu_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_graphics_allocator ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow hal_graphics_allocator self (capability (sys_nice))) -(allow hal_graphics_composer_client hal_graphics_composer_server (binder (call transfer))) -(allow hal_graphics_composer_server hal_graphics_composer_client (binder (transfer))) -(allow hal_graphics_composer_client hal_graphics_composer_server (fd (use))) -(allow hal_graphics_composer_server hal_graphics_composer_client (binder (call transfer))) -(allow hal_graphics_composer_client hal_graphics_composer_server (binder (transfer))) -(allow hal_graphics_composer_server hal_graphics_composer_client (fd (use))) -(allow hal_graphics_composer_server hal_graphics_composer_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_graphics_composer_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_110_26_0 hal_graphics_composer_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_graphics_composer_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_graphics_composer_client hal_graphics_composer_hwservice_26_0 (hwservice_manager (find))) -(allow hal_graphics_composer_server hal_graphics_mapper_hwservice_26_0 (hwservice_manager (find))) -(allow hal_graphics_composer gpu_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_graphics_composer ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow hal_graphics_composer hal_graphics_allocator (fd (use))) -(allow hal_graphics_composer graphics_device_26_0 (dir (search))) -(allow hal_graphics_composer graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_graphics_composer system_server_26_0 (fd (use))) -(allow hal_graphics_composer bootanim_26_0 (fd (use))) -(allow hal_graphics_composer appdomain (fd (use))) -(allow hal_graphics_composer self (capability (sys_nice))) -(allow hal_health_client hal_health_server (binder (call transfer))) -(allow hal_health_server hal_health_client (binder (transfer))) -(allow hal_health_client hal_health_server (fd (use))) -(allow hal_health_server hal_health_client (binder (call transfer))) -(allow hal_health_client hal_health_server (binder (transfer))) -(allow hal_health_server hal_health_client (fd (use))) -(allow hal_health_server hal_health_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_health_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_111_26_0 hal_health_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_health_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_health_client hal_health_hwservice_26_0 (hwservice_manager (find))) -(allow hal_health system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_health system_file_26_0 (file (ioctl read getattr lock open))) -(allow hal_health system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_ir_client hal_ir_server (binder (call transfer))) -(allow hal_ir_server hal_ir_client (binder (transfer))) -(allow hal_ir_client hal_ir_server (fd (use))) -(allow hal_ir_server hal_ir_client (binder (call transfer))) -(allow hal_ir_client hal_ir_server (binder (transfer))) -(allow hal_ir_server hal_ir_client (fd (use))) -(allow hal_ir_server hal_ir_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_ir_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_112_26_0 hal_ir_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_ir_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_ir_client hal_ir_hwservice_26_0 (hwservice_manager (find))) -(allow hal_keymaster_client hal_keymaster_server (binder (call transfer))) -(allow hal_keymaster_server hal_keymaster_client (binder (transfer))) -(allow hal_keymaster_client hal_keymaster_server (fd (use))) -(allow hal_keymaster_server hal_keymaster_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_keymaster_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_113_26_0 hal_keymaster_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_keymaster_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_keymaster_client hal_keymaster_hwservice_26_0 (hwservice_manager (find))) -(allow hal_keymaster tee_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_keymaster ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow hal_light_client hal_light_server (binder (call transfer))) -(allow hal_light_server hal_light_client (binder (transfer))) -(allow hal_light_client hal_light_server (fd (use))) -(allow hal_light_server hal_light_client (binder (call transfer))) -(allow hal_light_client hal_light_server (binder (transfer))) -(allow hal_light_server hal_light_client (fd (use))) -(allow hal_light_server hal_light_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_light_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_114_26_0 hal_light_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_light_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_light_client hal_light_hwservice_26_0 (hwservice_manager (find))) -(allow hal_light sysfs_leds_26_0 (lnk_file (read))) -(allow hal_light sysfs_leds_26_0 (file (ioctl read write getattr lock append open))) -(allow hal_light sysfs_leds_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_memtrack_client hal_memtrack_server (binder (call transfer))) -(allow hal_memtrack_server hal_memtrack_client (binder (transfer))) -(allow hal_memtrack_client hal_memtrack_server (fd (use))) -(allow hal_memtrack_server hal_memtrack_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_memtrack_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_115_26_0 hal_memtrack_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_memtrack_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_memtrack_client hal_memtrack_hwservice_26_0 (hwservice_manager (find))) -(neverallow base_typeattr_116_26_0 self (capability (net_admin net_raw))) -(neverallow base_typeattr_117_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow base_typeattr_117_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow base_typeattr_117_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow hal_tetheroffload_server unlabeled_26_0 (service_manager (list))) -(neverallow base_typeattr_118_26_0 fs_type (file (execute_no_trans))) -(neverallow base_typeattr_118_26_0 file_type (file (execute_no_trans))) -(neverallow base_typeattr_5_26_0 halserverdomain (process (transition))) -(neverallow base_typeattr_10_26_0 halserverdomain (process (dyntransition))) -(allow hal_nfc_client hal_nfc_server (binder (call transfer))) -(allow hal_nfc_server hal_nfc_client (binder (transfer))) -(allow hal_nfc_client hal_nfc_server (fd (use))) -(allow hal_nfc_server hal_nfc_client (binder (call transfer))) -(allow hal_nfc_client hal_nfc_server (binder (transfer))) -(allow hal_nfc_server hal_nfc_client (fd (use))) -(allow hal_nfc_server hal_nfc_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_nfc_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_119_26_0 hal_nfc_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_nfc_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_nfc_client hal_nfc_hwservice_26_0 (hwservice_manager (find))) -(allow hal_nfc property_socket_26_0 (sock_file (write))) -(allow hal_nfc init_26_0 (unix_stream_socket (connectto))) -(allow hal_nfc nfc_prop_26_0 (property_service (set))) -(allow hal_nfc nfc_prop_26_0 (file (ioctl read getattr lock open))) -(allow hal_nfc nfc_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_nfc nfc_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hal_nfc nfc_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_nfc nfc_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_nfc nfc_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_oemlock_client hal_oemlock_server (binder (call transfer))) -(allow hal_oemlock_server hal_oemlock_client (binder (transfer))) -(allow hal_oemlock_client hal_oemlock_server (fd (use))) -(allow hal_oemlock_server hal_oemlock_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_oemlock_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_120_26_0 hal_oemlock_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_oemlock_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_oemlock_client hal_oemlock_hwservice_26_0 (hwservice_manager (find))) -(allow hal_power_client hal_power_server (binder (call transfer))) -(allow hal_power_server hal_power_client (binder (transfer))) -(allow hal_power_client hal_power_server (fd (use))) -(allow hal_power_server hal_power_client (binder (call transfer))) -(allow hal_power_client hal_power_server (binder (transfer))) -(allow hal_power_server hal_power_client (fd (use))) -(allow hal_power_server hal_power_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_power_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_121_26_0 hal_power_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_power_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_power_client hal_power_hwservice_26_0 (hwservice_manager (find))) -(allow hal_sensors_client hal_sensors_server (binder (call transfer))) -(allow hal_sensors_server hal_sensors_client (binder (transfer))) -(allow hal_sensors_client hal_sensors_server (fd (use))) -(allow hal_sensors_server hal_sensors_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_sensors_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_122_26_0 hal_sensors_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_sensors_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_sensors_client hal_sensors_hwservice_26_0 (hwservice_manager (find))) -(allow hal_sensors base_typeattr_100_26_0 (fd (use))) -(allow hal_sensors hal_allocator (fd (use))) -(allow hal_sensors self (capability (sys_nice))) -(allow hal_telephony_client hal_telephony_server (binder (call transfer))) -(allow hal_telephony_server hal_telephony_client (binder (transfer))) -(allow hal_telephony_client hal_telephony_server (fd (use))) -(allow hal_telephony_server hal_telephony_client (binder (call transfer))) -(allow hal_telephony_client hal_telephony_server (binder (transfer))) -(allow hal_telephony_server hal_telephony_client (fd (use))) -(allow hal_telephony_server hal_telephony_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_telephony_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_123_26_0 hal_telephony_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_telephony_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_telephony_client hal_telephony_hwservice_26_0 (hwservice_manager (find))) -(allow hal_tetheroffload_client hal_tetheroffload_server (binder (call transfer))) -(allow hal_tetheroffload_server hal_tetheroffload_client (binder (transfer))) -(allow hal_tetheroffload_client hal_tetheroffload_server (fd (use))) -(allow hal_tetheroffload_server hal_tetheroffload_client (binder (call transfer))) -(allow hal_tetheroffload_client hal_tetheroffload_server (binder (transfer))) -(allow hal_tetheroffload_server hal_tetheroffload_client (fd (use))) -(allow hal_thermal_client hal_thermal_server (binder (call transfer))) -(allow hal_thermal_server hal_thermal_client (binder (transfer))) -(allow hal_thermal_client hal_thermal_server (fd (use))) -(allow hal_thermal_server hal_thermal_client (binder (call transfer))) -(allow hal_thermal_client hal_thermal_server (binder (transfer))) -(allow hal_thermal_server hal_thermal_client (fd (use))) -(allow hal_thermal_server hal_thermal_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_thermal_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_124_26_0 hal_thermal_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_thermal_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_thermal_client hal_thermal_hwservice_26_0 (hwservice_manager (find))) -(allow hal_tv_cec_client hal_tv_cec_server (binder (call transfer))) -(allow hal_tv_cec_server hal_tv_cec_client (binder (transfer))) -(allow hal_tv_cec_client hal_tv_cec_server (fd (use))) -(allow hal_tv_cec_server hal_tv_cec_client (binder (call transfer))) -(allow hal_tv_cec_client hal_tv_cec_server (binder (transfer))) -(allow hal_tv_cec_server hal_tv_cec_client (fd (use))) -(allow hal_tv_cec_server hal_tv_cec_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_tv_cec_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_125_26_0 hal_tv_cec_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_tv_cec_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_tv_cec_client hal_tv_cec_hwservice_26_0 (hwservice_manager (find))) -(allow hal_tv_input_client hal_tv_input_server (binder (call transfer))) -(allow hal_tv_input_server hal_tv_input_client (binder (transfer))) -(allow hal_tv_input_client hal_tv_input_server (fd (use))) -(allow hal_tv_input_server hal_tv_input_client (binder (call transfer))) -(allow hal_tv_input_client hal_tv_input_server (binder (transfer))) -(allow hal_tv_input_server hal_tv_input_client (fd (use))) -(allow hal_tv_input_server hal_tv_input_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_tv_input_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_126_26_0 hal_tv_input_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_tv_input_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_tv_input_client hal_tv_input_hwservice_26_0 (hwservice_manager (find))) -(allow hal_usb_client hal_usb_server (binder (call transfer))) -(allow hal_usb_server hal_usb_client (binder (transfer))) -(allow hal_usb_client hal_usb_server (fd (use))) -(allow hal_usb_server hal_usb_client (binder (call transfer))) -(allow hal_usb_client hal_usb_server (binder (transfer))) -(allow hal_usb_server hal_usb_client (fd (use))) -(allow hal_usb_server hal_usb_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_usb_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_127_26_0 hal_usb_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_usb_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_usb_client hal_usb_hwservice_26_0 (hwservice_manager (find))) -(allow hal_usb self (netlink_kobject_uevent_socket (create))) -(allow hal_usb self (netlink_kobject_uevent_socket (setopt))) -(allow hal_usb self (netlink_kobject_uevent_socket (bind))) -(allow hal_usb self (netlink_kobject_uevent_socket (read))) -(allow hal_usb sysfs_26_0 (dir (open))) -(allow hal_usb sysfs_26_0 (dir (read))) -(allow hal_usb sysfs_26_0 (file (read))) -(allow hal_usb sysfs_26_0 (file (open))) -(allow hal_usb sysfs_26_0 (file (write))) -(allow hal_usb sysfs_26_0 (file (getattr))) -(allow hal_vibrator_client hal_vibrator_server (binder (call transfer))) -(allow hal_vibrator_server hal_vibrator_client (binder (transfer))) -(allow hal_vibrator_client hal_vibrator_server (fd (use))) -(allow hal_vibrator_server hal_vibrator_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_vibrator_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_128_26_0 hal_vibrator_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_vibrator_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_vibrator_client hal_vibrator_hwservice_26_0 (hwservice_manager (find))) -(allow hal_vibrator sysfs_vibrator_26_0 (file (ioctl read write getattr lock append open))) -(allow hal_vr_client hal_vr_server (binder (call transfer))) -(allow hal_vr_server hal_vr_client (binder (transfer))) -(allow hal_vr_client hal_vr_server (fd (use))) -(allow hal_vr_server hal_vr_client (binder (call transfer))) -(allow hal_vr_client hal_vr_server (binder (transfer))) -(allow hal_vr_server hal_vr_client (fd (use))) -(allow hal_vr_server hal_vr_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_vr_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_129_26_0 hal_vr_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_vr_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_vr_client hal_vr_hwservice_26_0 (hwservice_manager (find))) -(allow hal_weaver_client hal_weaver_server (binder (call transfer))) -(allow hal_weaver_server hal_weaver_client (binder (transfer))) -(allow hal_weaver_client hal_weaver_server (fd (use))) -(allow hal_weaver_server hal_weaver_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_weaver_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_130_26_0 hal_weaver_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_weaver_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_weaver_client hal_weaver_hwservice_26_0 (hwservice_manager (find))) -(allow hal_wifi_client hal_wifi_server (binder (call transfer))) -(allow hal_wifi_server hal_wifi_client (binder (transfer))) -(allow hal_wifi_client hal_wifi_server (fd (use))) -(allow hal_wifi_server hal_wifi_client (binder (call transfer))) -(allow hal_wifi_client hal_wifi_server (binder (transfer))) -(allow hal_wifi_server hal_wifi_client (fd (use))) -(allow hal_wifi_server hal_wifi_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_wifi_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_131_26_0 hal_wifi_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_wifi_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_wifi_client hal_wifi_hwservice_26_0 (hwservice_manager (find))) -(allow hal_wifi proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_wifi proc_net_26_0 (file (ioctl read getattr lock open))) -(allow hal_wifi proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_wifi sysfs_type (dir (ioctl read getattr lock search open))) -(allow hal_wifi sysfs_type (file (ioctl read getattr lock open))) -(allow hal_wifi sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow hal_wifi property_socket_26_0 (sock_file (write))) -(allow hal_wifi init_26_0 (unix_stream_socket (connectto))) -(allow hal_wifi wifi_prop_26_0 (property_service (set))) -(allow hal_wifi wifi_prop_26_0 (file (ioctl read getattr lock open))) -(allow hal_wifi self (udp_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allowx hal_wifi self (ioctl udp_socket (0x8914))) -(allow hal_wifi self (capability (net_admin net_raw))) -(allow hal_wifi self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow hal_wifi self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow hal_wifi sysfs_wlan_fwpath_26_0 (file (write lock append open))) -(allow hal_wifi_offload_client hal_wifi_offload_server (binder (call transfer))) -(allow hal_wifi_offload_server hal_wifi_offload_client (binder (transfer))) -(allow hal_wifi_offload_client hal_wifi_offload_server (fd (use))) -(allow hal_wifi_offload_server hal_wifi_offload_client (binder (call transfer))) -(allow hal_wifi_offload_client hal_wifi_offload_server (binder (transfer))) -(allow hal_wifi_offload_server hal_wifi_offload_client (fd (use))) -(allow hal_wifi_offload proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_wifi_offload proc_net_26_0 (file (ioctl read getattr lock open))) -(allow hal_wifi_offload proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_wifi_offload sysfs_type (dir (ioctl read getattr lock search open))) -(allow hal_wifi_offload sysfs_type (file (ioctl read getattr lock open))) -(allow hal_wifi_offload sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (call transfer))) -(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (transfer))) -(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (fd (use))) -(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (binder (call transfer))) -(allow hal_wifi_supplicant_client hal_wifi_supplicant_server (binder (transfer))) -(allow hal_wifi_supplicant_server hal_wifi_supplicant_client (fd (use))) -(allow hal_wifi_supplicant_server hal_wifi_supplicant_hwservice_26_0 (hwservice_manager (add find))) -(allow hal_wifi_supplicant_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_132_26_0 hal_wifi_supplicant_hwservice_26_0 (hwservice_manager (add))) -(neverallow hal_wifi_supplicant_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice_26_0 (hwservice_manager (find))) -(allowx hal_wifi_supplicant self (ioctl udp_socket (0x6900 0x6902))) -(allowx hal_wifi_supplicant self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx hal_wifi_supplicant self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow hal_wifi_supplicant sysfs_type (dir (ioctl read getattr lock search open))) -(allow hal_wifi_supplicant sysfs_type (file (ioctl read getattr lock open))) -(allow hal_wifi_supplicant sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow hal_wifi_supplicant proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_wifi_supplicant proc_net_26_0 (file (ioctl read getattr lock open))) -(allow hal_wifi_supplicant proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hal_wifi_supplicant kernel_26_0 (system (module_request))) -(allow hal_wifi_supplicant self (capability (setgid setuid net_admin net_raw))) -(allow hal_wifi_supplicant cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hal_wifi_supplicant self (netlink_route_socket (nlmsg_write))) -(allow hal_wifi_supplicant self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow hal_wifi_supplicant self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow hal_wifi_supplicant self (packet_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx hal_wifi_supplicant self (ioctl packet_socket (0x6900 0x6902))) -(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x8906 0x8907)) ((range 0x890b 0x890d)) ((range 0x8910 0x8927)) 0x8929 ((range 0x8930 0x8939)) ((range 0x8940 0x8943)) ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx hal_wifi_supplicant self (ioctl packet_socket (((range 0x8b00 0x8b02)) ((range 0x8b04 0x8b1d)) ((range 0x8b20 0x8b2d)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow hal_wifi_supplicant wifi_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hal_wifi_supplicant wifi_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_wifi_supplicant wpa_socket_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hal_wifi_supplicant wpa_socket_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_wifi_supplicant wpa_socket_26_0 (sock_file (write))) -(allow hal_wifi_supplicant su_26_0 (unix_dgram_socket (sendto))) -(neverallow hal_wifi_supplicant_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(neverallow hal_wifi_supplicant_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(allow healthd_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow healthd_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow healthd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow healthd_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow healthd_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow healthd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow healthd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow healthd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 system_file_26_0 (file (ioctl read getattr lock open))) -(allow healthd_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow healthd_26_0 self (capability (sys_tty_config))) -(allow healthd_26_0 self (capability (sys_boot))) -(allow healthd_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow healthd_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow healthd_26_0 self (capability2 (block_suspend))) -(allow healthd_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 healthd_26_0 (dir (search))) -(allow servicemanager_26_0 healthd_26_0 (file (read open))) -(allow servicemanager_26_0 healthd_26_0 (process (getattr))) -(allow healthd_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 healthd_26_0 (binder (transfer))) -(allow healthd_26_0 system_server_26_0 (fd (use))) -(allow healthd_26_0 sysfs_26_0 (file (write))) -(allow healthd_26_0 sysfs_usb_26_0 (file (write))) -(allow healthd_26_0 sysfs_batteryinfo_26_0 (file (ioctl read getattr lock open))) -(allow healthd_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow healthd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow healthd_26_0 pstorefs_26_0 (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(allow healthd_26_0 graphics_device_26_0 (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow healthd_26_0 input_device_26_0 (dir (ioctl read getattr lock search open))) -(allow healthd_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow healthd_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow healthd_26_0 ashmem_device_26_0 (chr_file (execute))) -(allow healthd_26_0 self (process (execmem))) -(allow healthd_26_0 proc_sysrq_26_0 (file (ioctl read write getattr lock append open))) -(allow healthd_26_0 batteryproperties_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_133_26_0 batteryproperties_service_26_0 (service_manager (add))) -(neverallow healthd_26_0 unlabeled_26_0 (service_manager (add))) -(allow healthd_26_0 property_socket_26_0 (sock_file (write))) -(allow healthd_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow healthd_26_0 system_prop_26_0 (property_service (set))) -(allow healthd_26_0 system_prop_26_0 (file (ioctl read getattr lock open))) -(allow hwservicemanager_26_0 self (binder (set_context_mgr))) -(allow hwservicemanager_26_0 property_socket_26_0 (sock_file (write))) -(allow hwservicemanager_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow hwservicemanager_26_0 hwservicemanager_prop_26_0 (property_service (set))) -(allow hwservicemanager_26_0 hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow hwservicemanager_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow hwservicemanager_26_0 hwservice_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow hwservicemanager_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow hwservicemanager_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow hwservicemanager_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hwservicemanager_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow hwservicemanager_26_0 kernel_26_0 (security (compute_av))) -(allow hwservicemanager_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(allow idmap_26_0 installd_26_0 (fd (use))) -(allow idmap_26_0 resourcecache_data_file_26_0 (file (read write getattr))) -(allow idmap_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open))) -(allow idmap_26_0 apk_data_file_26_0 (dir (search))) -(allow idmap_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open))) -(allow idmap_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open))) -(allow idmap_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow idmap_26_0 vendor_overlay_file_26_0 (dir (ioctl read getattr lock search open))) -(allow idmap_26_0 vendor_overlay_file_26_0 (file (ioctl read getattr lock open))) -(allow idmap_26_0 vendor_overlay_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 tmpfs_26_0 (chr_file (ioctl read write create getattr setattr lock append unlink open))) -(allow init_26_0 tmpfs_26_0 (chr_file (relabelfrom))) -(allow init_26_0 kmsg_device_26_0 (chr_file (write relabelto))) -(allow init_26_0 properties_device_26_0 (dir (relabelto))) -(allow init_26_0 properties_serial_26_0 (file (write relabelto))) -(allow init_26_0 property_type (file (ioctl read write create getattr setattr lock relabelto append unlink rename open))) -(allow init_26_0 device_26_0 (file (relabelfrom))) -(allow init_26_0 runtime_event_log_tags_file_26_0 (file (write setattr relabelto open))) -(allow init_26_0 device_26_0 (dir (relabelto))) -(allow init_26_0 socket_device_26_0 (dir (relabelto))) -(allow init_26_0 random_device_26_0 (chr_file (relabelto))) -(allow init_26_0 tmpfs_26_0 (chr_file (relabelfrom))) -(allow init_26_0 tmpfs_26_0 (blk_file (relabelfrom))) -(allow init_26_0 tmpfs_26_0 (blk_file (getattr))) -(allow init_26_0 block_device_26_0 (dir (relabelto))) -(allow init_26_0 block_device_26_0 (lnk_file (relabelto))) -(allow init_26_0 block_device_26_0 (blk_file (relabelto))) -(allow init_26_0 dm_device_26_0 (chr_file (relabelto))) -(allow init_26_0 dm_device_26_0 (blk_file (relabelto))) -(allow init_26_0 kernel_26_0 (fd (use))) -(allow init_26_0 tmpfs_26_0 (lnk_file (read getattr relabelfrom))) -(allow init_26_0 system_block_device_26_0 (lnk_file (relabelto))) -(allow init_26_0 system_block_device_26_0 (blk_file (relabelto))) -(allow init_26_0 self (capability (sys_resource))) -(allow init_26_0 tmpfs_26_0 (file (unlink))) -(allow init_26_0 devpts_26_0 (chr_file (read write open))) -(allow init_26_0 fscklogs_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow init_26_0 tmpfs_26_0 (chr_file (write))) -(allow init_26_0 console_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow init_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow init_26_0 self (capability (sys_admin))) -(allow init_26_0 rootfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 rootfs_26_0 (dir (mounton))) -(allow init_26_0 cgroup_26_0 (dir (mounton))) -(allow init_26_0 system_file_26_0 (dir (mounton))) -(allow init_26_0 vendor_file_26_0 (dir (mounton))) -(allow init_26_0 system_data_file_26_0 (dir (mounton))) -(allow init_26_0 storage_file_26_0 (dir (mounton))) -(allow init_26_0 postinstall_mnt_dir_26_0 (dir (mounton))) -(allow init_26_0 cache_file_26_0 (dir (mounton))) -(allow init_26_0 device_26_0 (dir (mounton))) -(allow init_26_0 rootfs_26_0 (lnk_file (create unlink))) -(allow init_26_0 sysfs_26_0 (dir (mounton))) -(allow init_26_0 tmpfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 tmpfs_26_0 (dir (mounton))) -(allow init_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow init_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 cpuctl_device_26_0 (dir (create mounton))) -(allow init_26_0 configfs_26_0 (dir (mounton))) -(allow init_26_0 configfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 tmpfs_26_0 (dir (relabelfrom))) -(allow init_26_0 self (capability (dac_override))) -(allow init_26_0 self (capability (sys_time))) -(allow init_26_0 self (capability (sys_rawio mknod))) -(allow init_26_0 dev_type (blk_file (ioctl read getattr lock open))) -(allow init_26_0 fs_type (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget))) -(allow init_26_0 unlabeled_26_0 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget))) -(allow init_26_0 contextmount_type (filesystem (relabelto))) -(allow init_26_0 contextmount_type (dir (ioctl read getattr lock search open))) -(allow init_26_0 contextmount_type (file (ioctl read getattr lock open))) -(allow init_26_0 contextmount_type (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 contextmount_type (sock_file (ioctl read getattr lock open))) -(allow init_26_0 contextmount_type (fifo_file (ioctl read getattr lock open))) -(allow init_26_0 rootfs_26_0 (file (relabelfrom))) -(allow init_26_0 rootfs_26_0 (dir (relabelfrom))) -(allow init_26_0 self (capability (chown fowner fsetid))) -(allow init_26_0 base_typeattr_134_26_0 (dir (ioctl read create getattr setattr search open))) -(allow init_26_0 base_typeattr_135_26_0 (dir (write relabelfrom add_name remove_name rmdir))) -(allow init_26_0 base_typeattr_136_26_0 (file (read write create getattr setattr relabelfrom unlink open))) -(allow init_26_0 base_typeattr_135_26_0 (sock_file (read create getattr setattr relabelfrom unlink open))) -(allow init_26_0 base_typeattr_135_26_0 (fifo_file (read create getattr setattr relabelfrom unlink open))) -(allow init_26_0 base_typeattr_135_26_0 (lnk_file (create getattr setattr relabelfrom unlink))) -(allow init_26_0 cache_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 base_typeattr_137_26_0 (file (relabelto))) -(allow init_26_0 base_typeattr_137_26_0 (dir (relabelto))) -(allow init_26_0 base_typeattr_137_26_0 (lnk_file (relabelto))) -(allow init_26_0 base_typeattr_137_26_0 (chr_file (relabelto))) -(allow init_26_0 base_typeattr_137_26_0 (blk_file (relabelto))) -(allow init_26_0 base_typeattr_137_26_0 (sock_file (relabelto))) -(allow init_26_0 base_typeattr_137_26_0 (fifo_file (relabelto))) -(allow init_26_0 sysfs_26_0 (file (getattr relabelfrom))) -(allow init_26_0 sysfs_26_0 (dir (getattr relabelfrom))) -(allow init_26_0 sysfs_26_0 (lnk_file (getattr relabelfrom))) -(allow init_26_0 debugfs_26_0 (file (getattr relabelfrom))) -(allow init_26_0 debugfs_26_0 (dir (getattr relabelfrom))) -(allow init_26_0 debugfs_26_0 (lnk_file (getattr relabelfrom))) -(allow init_26_0 debugfs_tracing_26_0 (file (getattr relabelfrom))) -(allow init_26_0 debugfs_tracing_26_0 (dir (getattr relabelfrom))) -(allow init_26_0 debugfs_tracing_26_0 (lnk_file (getattr relabelfrom))) -(allow init_26_0 sysfs_type (file (getattr relabelto))) -(allow init_26_0 sysfs_type (dir (getattr relabelto))) -(allow init_26_0 sysfs_type (lnk_file (getattr relabelto))) -(allow init_26_0 debugfs_type (file (getattr relabelto))) -(allow init_26_0 debugfs_type (dir (getattr relabelto))) -(allow init_26_0 debugfs_type (lnk_file (getattr relabelto))) -(allow init_26_0 dev_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 dev_type (lnk_file (create))) -(allow init_26_0 tracing_shell_writable_26_0 (file (write lock append open))) -(allow init_26_0 debugfs_tracing_instances_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 debugfs_tracing_instances_26_0 (file (write lock append open))) -(allow init_26_0 debugfs_wifi_tracing_26_0 (file (write lock append open))) -(allow init_26_0 base_typeattr_138_26_0 (file (read setattr open))) -(allow init_26_0 base_typeattr_138_26_0 (dir (read setattr search open))) -(allow init_26_0 base_typeattr_139_26_0 (chr_file (read open))) -(auditallow init_26_0 base_typeattr_140_26_0 (chr_file (read open))) -(allow init_26_0 base_typeattr_141_26_0 (chr_file (setattr))) -(allow init_26_0 unlabeled_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 unlabeled_26_0 (file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open))) -(allow init_26_0 unlabeled_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open))) -(allow init_26_0 unlabeled_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open))) -(allow init_26_0 unlabeled_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom append unlink rename open))) -(allow init_26_0 kernel_26_0 (system (syslog_mod))) -(allow init_26_0 self (capability2 (syslog))) -(allow init_26_0 usermodehelper_26_0 (file (ioctl read write getattr lock append open))) -(allow init_26_0 proc_security_26_0 (file (ioctl read write getattr lock append open))) -(allow init_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow init_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 proc_26_0 (file (write lock append open))) -(allow init_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow init_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 proc_net_26_0 (file (write lock append open))) -(allow init_26_0 self (capability (net_admin))) -(allow init_26_0 proc_sysrq_26_0 (file (write lock append open))) -(allow init_26_0 proc_stat_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 self (capability (sys_boot))) -(allow init_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow init_26_0 sysfs_type (lnk_file (read))) -(allow init_26_0 sysfs_type (file (ioctl read write getattr lock append open))) -(allow init_26_0 misc_logd_file_26_0 (dir (read write create getattr setattr add_name search open))) -(allow init_26_0 misc_logd_file_26_0 (file (write create getattr setattr open))) -(allow init_26_0 self (capability (kill))) -(allow init_26_0 domain (process (sigkill signal))) -(allow init_26_0 keystore_data_file_26_0 (dir (read create getattr setattr search open))) -(allow init_26_0 keystore_data_file_26_0 (file (getattr))) -(allow init_26_0 vold_data_file_26_0 (dir (read create getattr setattr search open))) -(allow init_26_0 vold_data_file_26_0 (file (getattr))) -(allow init_26_0 shell_data_file_26_0 (dir (read create getattr setattr search open))) -(allow init_26_0 shell_data_file_26_0 (file (getattr))) -(allow init_26_0 self (capability (setgid setuid setpcap))) -(allow init_26_0 domain (dir (ioctl read getattr lock search open))) -(allow init_26_0 domain (file (ioctl read getattr lock open))) -(allow init_26_0 domain (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 self (process (setexec setfscreate setsockcreate))) -(allow init_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 sepolicy_file_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow init_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow init_26_0 kernel_26_0 (security (compute_av))) -(allow init_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(allow init_26_0 kernel_26_0 (security (compute_create))) -(allow init_26_0 domain (unix_stream_socket (create bind))) -(allow init_26_0 domain (unix_dgram_socket (create bind))) -(allow init_26_0 property_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 property_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow init_26_0 property_type (property_service (set))) -(allow init_26_0 self (netlink_audit_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_relay))) -(allow init_26_0 self (capability (audit_write))) -(allow init_26_0 self (udp_socket (ioctl create))) -(allowx init_26_0 self (ioctl udp_socket (0x8914))) -(allow init_26_0 self (capability (net_raw))) -(allow init_26_0 kernel_26_0 (process (setsched))) -(allow init_26_0 swap_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 hw_random_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow init_26_0 device_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow init_26_0 self (capability (sys_tty_config))) -(allow init_26_0 keychord_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow init_26_0 dm_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow init_26_0 dm_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 metadata_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 pstorefs_26_0 (dir (search))) -(allow init_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 kernel_26_0 (system (syslog_read))) -(allow init_26_0 init_26_0 (key (write search setattr))) -(allow init_26_0 unencrypted_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 proc_overcommit_memory_26_0 (file (write))) -(allow init_26_0 vold_socket_26_0 (sock_file (write))) -(allow init_26_0 vold_26_0 (unix_stream_socket (connectto))) -(allow init_26_0 misc_block_device_26_0 (blk_file (write lock append open))) -(allow init_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow init_26_0 system_file_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 vendor_file_type (dir (ioctl read getattr lock search open))) -(allow init_26_0 vendor_file_type (file (ioctl read getattr lock open))) -(allow init_26_0 vendor_file_type (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 system_data_file_26_0 (file (read getattr))) -(allow init_26_0 system_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 vendor_shell_exec_26_0 (file (execute))) -(neverallow domain init_26_0 (process (dyntransition))) -(neverallow base_typeattr_15_26_0 init_26_0 (process (transition))) -(neverallow init_26_0 base_typeattr_142_26_0 (file (entrypoint))) -(neverallow init_26_0 shell_data_file_26_0 (lnk_file (read))) -(neverallow init_26_0 app_data_file_26_0 (lnk_file (read))) -(neverallow init_26_0 fs_type (file (execute_no_trans))) -(neverallow init_26_0 file_type (file (execute_no_trans))) -(neverallow init_26_0 service_manager_type (service_manager (add find))) -(neverallow init_26_0 servicemanager_26_0 (service_manager (list))) -(neverallow init_26_0 shell_data_file_26_0 (dir (write add_name remove_name))) -(allow inputflinger_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 inputflinger_26_0 (dir (search))) -(allow servicemanager_26_0 inputflinger_26_0 (file (read open))) -(allow servicemanager_26_0 inputflinger_26_0 (process (getattr))) -(allow inputflinger_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 inputflinger_26_0 (binder (transfer))) -(allow inputflinger_26_0 system_server_26_0 (fd (use))) -(allow inputflinger_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow inputflinger_26_0 self (capability2 (block_suspend))) -(allow inputflinger_26_0 inputflinger_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_143_26_0 inputflinger_service_26_0 (service_manager (add))) -(neverallow inputflinger_26_0 unlabeled_26_0 (service_manager (add))) -(allow inputflinger_26_0 input_device_26_0 (dir (ioctl read getattr lock search open))) -(allow inputflinger_26_0 input_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow inputflinger_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow inputflinger_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow inputflinger_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow install_recovery_26_0 self (capability (dac_override))) -(allow install_recovery_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow install_recovery_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow install_recovery_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow install_recovery_26_0 block_device_26_0 (dir (search))) -(allow install_recovery_26_0 boot_block_device_26_0 (blk_file (ioctl read getattr lock open))) -(allow install_recovery_26_0 recovery_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow install_recovery_26_0 cache_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow install_recovery_26_0 cache_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow install_recovery_26_0 proc_drop_caches_26_0 (file (write lock append open))) -(allow installd_26_0 self (capability (chown dac_override fowner fsetid setgid setuid sys_admin))) -(allow installd_26_0 dalvikcache_data_file_26_0 (dir (relabelto))) -(allow installd_26_0 dalvikcache_data_file_26_0 (file (relabelto link))) -(allow installd_26_0 apk_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 apk_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom append unlink link rename open))) -(allow installd_26_0 apk_data_file_26_0 (lnk_file (ioctl read create getattr lock unlink open))) -(allow installd_26_0 asec_apk_file_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 apk_tmp_file_26_0 (file (ioctl read getattr lock unlink open))) -(allow installd_26_0 apk_tmp_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 oemfs_26_0 (dir (ioctl read getattr lock search open))) -(allow installd_26_0 oemfs_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 cgroup_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow installd_26_0 cgroup_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow installd_26_0 mnt_expand_file_26_0 (dir (getattr search))) -(allow installd_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow installd_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow installd_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow installd_26_0 kernel_26_0 (security (check_context))) -(allow installd_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow installd_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow installd_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow installd_26_0 system_file_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow installd_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open))) -(allow installd_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow installd_26_0 vendor_overlay_file_26_0 (dir (ioctl read getattr lock search open))) -(allow installd_26_0 vendor_overlay_file_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 vendor_overlay_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow installd_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 seapp_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 asec_image_file_26_0 (dir (search))) -(allow installd_26_0 asec_image_file_26_0 (file (getattr))) -(allow installd_26_0 system_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 system_data_file_26_0 (lnk_file (create setattr unlink))) -(allow installd_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 media_rw_data_file_26_0 (file (getattr unlink))) -(allow installd_26_0 system_data_file_26_0 (dir (relabelfrom))) -(allow installd_26_0 media_rw_data_file_26_0 (dir (relabelto))) -(allow installd_26_0 tmpfs_26_0 (dir (ioctl read getattr lock search open))) -(allow installd_26_0 storage_file_26_0 (dir (search))) -(allow installd_26_0 sdcardfs_26_0 (dir (read write getattr remove_name search rmdir open))) -(allow installd_26_0 sdcardfs_26_0 (file (getattr unlink))) -(allow installd_26_0 misc_user_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 misc_user_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow installd_26_0 keychain_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 keychain_data_file_26_0 (file (ioctl read getattr lock unlink open))) -(allow installd_26_0 install_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow installd_26_0 dalvikcache_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 dalvikcache_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow installd_26_0 dalvikcache_data_file_26_0 (lnk_file (getattr))) -(allow installd_26_0 resourcecache_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow installd_26_0 resourcecache_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow installd_26_0 unlabeled_26_0 (dir (ioctl read write getattr lock relabelfrom add_name remove_name search rmdir open))) -(allow installd_26_0 unlabeled_26_0 (file (getattr setattr relabelfrom unlink rename))) -(allow installd_26_0 unlabeled_26_0 (lnk_file (getattr setattr relabelfrom unlink rename))) -(allow installd_26_0 unlabeled_26_0 (sock_file (getattr setattr relabelfrom unlink rename))) -(allow installd_26_0 unlabeled_26_0 (fifo_file (getattr setattr relabelfrom unlink rename))) -(allow installd_26_0 unlabeled_26_0 (file (ioctl read getattr lock open))) -(allow installd_26_0 system_data_file_26_0 (file (getattr relabelfrom unlink))) -(allow installd_26_0 system_data_file_26_0 (lnk_file (getattr relabelfrom unlink))) -(allow installd_26_0 system_data_file_26_0 (sock_file (getattr relabelfrom unlink))) -(allow installd_26_0 system_data_file_26_0 (fifo_file (getattr relabelfrom unlink))) -(allow installd_26_0 shell_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 bluetooth_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 nfc_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 radio_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 app_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 system_app_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 shell_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 shell_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 shell_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 shell_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 bluetooth_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 bluetooth_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 bluetooth_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 bluetooth_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 nfc_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 nfc_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 nfc_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 nfc_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 radio_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 radio_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 radio_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 radio_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 app_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 app_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 app_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 app_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 system_app_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 system_app_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 system_app_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 system_app_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open))) -(allow installd_26_0 user_profile_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow installd_26_0 user_profile_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow installd_26_0 user_profile_data_file_26_0 (dir (rmdir))) -(allow installd_26_0 user_profile_data_file_26_0 (file (unlink))) -(allow installd_26_0 profman_dump_data_file_26_0 (dir (write add_name search))) -(allow installd_26_0 profman_dump_data_file_26_0 (file (write create setattr open))) -(allow installd_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow installd_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow installd_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 installd_26_0 (dir (search))) -(allow servicemanager_26_0 installd_26_0 (file (read open))) -(allow servicemanager_26_0 installd_26_0 (process (getattr))) -(allow installd_26_0 installd_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_144_26_0 installd_service_26_0 (service_manager (add))) -(neverallow installd_26_0 unlabeled_26_0 (service_manager (add))) -(allow installd_26_0 dumpstate_26_0 (fifo_file (write getattr))) -(allow installd_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 installd_26_0 (binder (transfer))) -(allow installd_26_0 system_server_26_0 (fd (use))) -(allow installd_26_0 permission_service_26_0 (service_manager (find))) -(allow installd_26_0 block_device_26_0 (dir (search))) -(allow installd_26_0 labeledfs_26_0 (filesystem (quotamod quotaget))) -(allow installd_26_0 preloads_data_file_26_0 (file (ioctl read getattr lock unlink open))) -(allow installd_26_0 preloads_data_file_26_0 (dir (ioctl read write getattr lock remove_name search rmdir open))) -(allow installd_26_0 preloads_media_file_26_0 (file (ioctl read getattr lock unlink open))) -(allow installd_26_0 preloads_media_file_26_0 (dir (ioctl read write getattr lock remove_name search rmdir open))) -(neverallow base_typeattr_145_26_0 installd_service_26_0 (service_manager (find))) -(neverallow base_typeattr_63_26_0 installd_26_0 (binder (call))) -(neverallow installd_26_0 base_typeattr_146_26_0 (binder (call))) -(allow kernel_26_0 self (capability (sys_nice))) -(allow kernel_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow kernel_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow kernel_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow kernel_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow kernel_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow kernel_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow kernel_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow kernel_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow kernel_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow kernel_26_0 rootfs_26_0 (file (relabelfrom))) -(allow kernel_26_0 init_exec_26_0 (file (relabelto))) -(allow kernel_26_0 init_26_0 (process (share))) -(allow kernel_26_0 unlabeled_26_0 (dir (search))) -(allow kernel_26_0 usbfs_26_0 (filesystem (mount))) -(allow kernel_26_0 usbfs_26_0 (dir (search))) -(dontaudit kernel_26_0 self (security (setenforce))) -(allow kernel_26_0 self (capability (sys_resource))) -(allow kernel_26_0 self (capability (sys_boot))) -(allow kernel_26_0 proc_sysrq_26_0 (file (write lock append open))) -(allow kernel_26_0 tmpfs_26_0 (chr_file (write))) -(allow kernel_26_0 selinuxfs_26_0 (file (write))) -(allow kernel_26_0 self (security (setcheckreqprot))) -(allow kernel_26_0 priv_app_26_0 (fd (use))) -(allow kernel_26_0 sdcard_type (file (read write))) -(allow kernel_26_0 vold_26_0 (fd (use))) -(allow kernel_26_0 app_data_file_26_0 (file (read))) -(allow kernel_26_0 asec_image_file_26_0 (file (read))) -(allow kernel_26_0 update_engine_data_file_26_0 (file (read))) -(allow kernel_26_0 nativetest_data_file_26_0 (file (read))) -(allow kernel_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow kernel_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow kernel_26_0 vold_data_file_26_0 (file (read))) -(neverallow base_typeattr_10_26_0 kernel_26_0 (process (transition dyntransition))) -(neverallow kernel_26_0 base_typeattr_10_26_0 (file (execute_no_trans entrypoint))) -(neverallow kernel_26_0 self (capability (dac_override dac_read_search))) -(allow keystore_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 keystore_26_0 (dir (search))) -(allow servicemanager_26_0 keystore_26_0 (file (read open))) -(allow servicemanager_26_0 keystore_26_0 (process (getattr))) -(allow keystore_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 keystore_26_0 (binder (transfer))) -(allow keystore_26_0 system_server_26_0 (fd (use))) -(allow keystore_26_0 keystore_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow keystore_26_0 keystore_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow keystore_26_0 keystore_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow keystore_26_0 keystore_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow keystore_26_0 keystore_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow keystore_26_0 keystore_exec_26_0 (file (getattr))) -(allow keystore_26_0 keystore_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_147_26_0 keystore_service_26_0 (service_manager (add))) -(neverallow keystore_26_0 unlabeled_26_0 (service_manager (add))) -(allow keystore_26_0 sec_key_att_app_id_provider_service_26_0 (service_manager (find))) -(allow keystore_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow keystore_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow keystore_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow keystore_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow keystore_26_0 kernel_26_0 (security (compute_av))) -(allow keystore_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(allow keystore_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow keystore_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow keystore_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (dir (write lock relabelfrom append unlink link rename execute quotaon mounton add_name remove_name reparent rmdir audit_access execmod))) -(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (lnk_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (sock_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_147_26_0 keystore_data_file_26_0 (fifo_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_148_26_0 keystore_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_10_26_0 keystore_26_0 (process (ptrace))) -(allow lmkd_26_0 self (capability (dac_override kill sys_resource))) -(allow lmkd_26_0 self (capability (ipc_lock))) -(allow lmkd_26_0 appdomain (dir (ioctl read getattr lock search open))) -(allow lmkd_26_0 appdomain (file (ioctl read getattr lock open))) -(allow lmkd_26_0 appdomain (lnk_file (ioctl read getattr lock open))) -(allow lmkd_26_0 appdomain (file (write))) -(allow lmkd_26_0 system_server_26_0 (dir (ioctl read getattr lock search open))) -(allow lmkd_26_0 system_server_26_0 (file (ioctl read getattr lock open))) -(allow lmkd_26_0 system_server_26_0 (lnk_file (ioctl read getattr lock open))) -(allow lmkd_26_0 system_server_26_0 (file (write))) -(allow lmkd_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow lmkd_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow lmkd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow lmkd_26_0 sysfs_lowmemorykiller_26_0 (file (write lock append open))) -(allow lmkd_26_0 appdomain (process (sigkill))) -(allow lmkd_26_0 cgroup_26_0 (dir (remove_name rmdir))) -(allow lmkd_26_0 self (capability (sys_nice))) -(allow lmkd_26_0 proc_zoneinfo_26_0 (file (ioctl read getattr lock open))) -(neverallow base_typeattr_10_26_0 lmkd_26_0 (process (noatsecure))) -(allow logd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow logd_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow logd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow logd_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow logd_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow logd_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow logd_26_0 proc_meminfo_26_0 (dir (ioctl read getattr lock search open))) -(allow logd_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow logd_26_0 proc_meminfo_26_0 (lnk_file (ioctl read getattr lock open))) -(allow logd_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow logd_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow logd_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow logd_26_0 self (capability (setgid setuid setpcap sys_nice audit_control))) -(allow logd_26_0 self (capability2 (syslog))) -(allow logd_26_0 self (netlink_audit_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_write))) -(allow logd_26_0 kernel_26_0 (system (syslog_read))) -(allow logd_26_0 kmsg_device_26_0 (chr_file (write lock append open))) -(allow logd_26_0 system_data_file_26_0 (file (ioctl read getattr lock open))) -(allow logd_26_0 system_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow logd_26_0 pstorefs_26_0 (dir (search))) -(allow logd_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(allow logd_26_0 misc_logd_file_26_0 (dir (ioctl read getattr lock search open))) -(allow logd_26_0 misc_logd_file_26_0 (file (ioctl read write getattr lock append open))) -(allow logd_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read write getattr lock append open))) -(allow logd_26_0 device_logging_prop_26_0 (file (ioctl read getattr lock open))) -(allow logd_26_0 domain (dir (ioctl read getattr lock search open))) -(allow logd_26_0 domain (file (ioctl read getattr lock open))) -(allow logd_26_0 domain (lnk_file (ioctl read getattr lock open))) -(allow logd_26_0 kernel_26_0 (system (syslog_mod))) -(allow logd_26_0 logd_socket_26_0 (sock_file (write))) -(allow logd_26_0 logd_26_0 (unix_stream_socket (connectto))) -(allow logd_26_0 runtime_event_log_tags_file_26_0 (file (ioctl read getattr lock open))) -(allow runtime_event_log_tags_file_26_0 tmpfs_26_0 (filesystem (associate))) -(dontaudit domain runtime_event_log_tags_file_26_0 (file (read open))) -(neverallow logd_26_0 dev_type (blk_file (read write))) -(neverallow logd_26_0 domain (process (ptrace))) -(neverallow base_typeattr_149_26_0 logd_26_0 (process (ptrace))) -(neverallow logd_26_0 system_file_26_0 (file (write))) -(neverallow logd_26_0 system_file_26_0 (dir (write))) -(neverallow logd_26_0 system_file_26_0 (lnk_file (write))) -(neverallow logd_26_0 system_file_26_0 (chr_file (write))) -(neverallow logd_26_0 system_file_26_0 (blk_file (write))) -(neverallow logd_26_0 system_file_26_0 (sock_file (write))) -(neverallow logd_26_0 system_file_26_0 (fifo_file (write))) -(neverallow logd_26_0 system_data_file_26_0 (file (write))) -(neverallow logd_26_0 system_data_file_26_0 (dir (write))) -(neverallow logd_26_0 system_data_file_26_0 (lnk_file (write))) -(neverallow logd_26_0 system_data_file_26_0 (chr_file (write))) -(neverallow logd_26_0 system_data_file_26_0 (blk_file (write))) -(neverallow logd_26_0 system_data_file_26_0 (sock_file (write))) -(neverallow logd_26_0 system_data_file_26_0 (fifo_file (write))) -(neverallow logd_26_0 app_data_file_26_0 (file (write))) -(neverallow logd_26_0 app_data_file_26_0 (dir (write))) -(neverallow logd_26_0 app_data_file_26_0 (lnk_file (write))) -(neverallow logd_26_0 app_data_file_26_0 (chr_file (write))) -(neverallow logd_26_0 app_data_file_26_0 (blk_file (write))) -(neverallow logd_26_0 app_data_file_26_0 (sock_file (write))) -(neverallow logd_26_0 app_data_file_26_0 (fifo_file (write))) -(neverallow base_typeattr_5_26_0 logd_26_0 (process (transition))) -(neverallow base_typeattr_10_26_0 logd_26_0 (process (dyntransition))) -(neverallow base_typeattr_150_26_0 runtime_event_log_tags_file_26_0 (file (write create setattr relabelfrom append unlink link rename))) -(neverallow logpersist_26_0 dev_type (blk_file (read write))) -(neverallow logpersist_26_0 domain (process (ptrace))) -(neverallow logpersist_26_0 system_data_file_26_0 (file (write))) -(neverallow logpersist_26_0 system_data_file_26_0 (dir (write))) -(neverallow logpersist_26_0 system_data_file_26_0 (lnk_file (write))) -(neverallow logpersist_26_0 system_data_file_26_0 (chr_file (write))) -(neverallow logpersist_26_0 system_data_file_26_0 (blk_file (write))) -(neverallow logpersist_26_0 system_data_file_26_0 (sock_file (write))) -(neverallow logpersist_26_0 system_data_file_26_0 (fifo_file (write))) -(neverallow logpersist_26_0 app_data_file_26_0 (file (write))) -(neverallow logpersist_26_0 app_data_file_26_0 (dir (write))) -(neverallow logpersist_26_0 app_data_file_26_0 (lnk_file (write))) -(neverallow logpersist_26_0 app_data_file_26_0 (chr_file (write))) -(neverallow logpersist_26_0 app_data_file_26_0 (blk_file (write))) -(neverallow logpersist_26_0 app_data_file_26_0 (sock_file (write))) -(neverallow logpersist_26_0 app_data_file_26_0 (fifo_file (write))) -(neverallow base_typeattr_10_26_0 logpersist_26_0 (process (dyntransition))) -(allow mediacodec_26_0 hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow mediacodec_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 mediacodec_26_0 (dir (search))) -(allow vndservicemanager_26_0 mediacodec_26_0 (file (read open))) -(allow vndservicemanager_26_0 mediacodec_26_0 (process (getattr))) -(allow mediacodec_26_0 binderservicedomain (binder (call transfer))) -(allow binderservicedomain mediacodec_26_0 (binder (transfer))) -(allow mediacodec_26_0 binderservicedomain (fd (use))) -(allow mediacodec_26_0 appdomain (binder (call transfer))) -(allow appdomain mediacodec_26_0 (binder (transfer))) -(allow mediacodec_26_0 appdomain (fd (use))) -(allow mediacodec_26_0 hal_graphics_composer (fd (use))) -(allow mediacodec_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 video_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 video_device_26_0 (dir (search))) -(allow mediacodec_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 hal_camera (fd (use))) -(allow mediacodec_26_0 su_26_0 (fifo_file (append))) -(allow mediacodec_26_0 anr_data_file_26_0 (file (append))) -(allow mediacodec_26_0 dumpstate_26_0 (fd (use))) -(allow mediacodec_26_0 dumpstate_26_0 (fifo_file (write append))) -(allow mediacodec_26_0 tombstoned_26_0 (unix_stream_socket (connectto))) -(allow mediacodec_26_0 tombstoned_26_0 (fd (use))) -(allow mediacodec_26_0 tombstoned_crash_socket_26_0 (sock_file (write))) -(allow mediacodec_26_0 tombstone_data_file_26_0 (file (append))) -(allow mediacodec_26_0 hal_omx_hwservice_26_0 (hwservice_manager (add find))) -(allow mediacodec_26_0 hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_151_26_0 hal_omx_hwservice_26_0 (hwservice_manager (add))) -(neverallow mediacodec_26_0 unlabeled_26_0 (hwservice_manager (add))) -(allow mediacodec_26_0 bufferhubd_26_0 (fd (use))) -(neverallow mediacodec_26_0 fs_type (file (execute_no_trans))) -(neverallow mediacodec_26_0 file_type (file (execute_no_trans))) -(neverallow mediacodec_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow mediacodec_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow mediacodec_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(allow mediadrmserver_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 mediadrmserver_26_0 (dir (search))) -(allow servicemanager_26_0 mediadrmserver_26_0 (file (read open))) -(allow servicemanager_26_0 mediadrmserver_26_0 (process (getattr))) -(allow mediadrmserver_26_0 binderservicedomain (binder (call transfer))) -(allow binderservicedomain mediadrmserver_26_0 (binder (transfer))) -(allow mediadrmserver_26_0 binderservicedomain (fd (use))) -(allow mediadrmserver_26_0 appdomain (binder (call transfer))) -(allow appdomain mediadrmserver_26_0 (binder (transfer))) -(allow mediadrmserver_26_0 appdomain (fd (use))) -(allow mediadrmserver_26_0 mediadrmserver_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_152_26_0 mediadrmserver_service_26_0 (service_manager (add))) -(neverallow mediadrmserver_26_0 unlabeled_26_0 (service_manager (add))) -(allow mediadrmserver_26_0 mediaserver_service_26_0 (service_manager (find))) -(allow mediadrmserver_26_0 mediametrics_service_26_0 (service_manager (find))) -(allow mediadrmserver_26_0 processinfo_service_26_0 (service_manager (find))) -(allow mediadrmserver_26_0 surfaceflinger_service_26_0 (service_manager (find))) -(allow mediadrmserver_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mediadrmserver_26_0 mediacasserver_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_152_26_0 mediacasserver_service_26_0 (service_manager (add))) -(neverallow mediadrmserver_26_0 unlabeled_26_0 (service_manager (add))) -(allow mediadrmserver_26_0 mediacodec_26_0 (binder (call transfer))) -(allow mediacodec_26_0 mediadrmserver_26_0 (binder (transfer))) -(allow mediadrmserver_26_0 mediacodec_26_0 (fd (use))) -(neverallow mediadrmserver_26_0 fs_type (file (execute_no_trans))) -(neverallow mediadrmserver_26_0 file_type (file (execute_no_trans))) -(neverallowx mediadrmserver_26_0 domain (ioctl tcp_socket (0x6900 0x6902))) -(neverallowx mediadrmserver_26_0 domain (ioctl udp_socket (0x6900 0x6902))) -(neverallowx mediadrmserver_26_0 domain (ioctl rawip_socket (0x6900 0x6902))) -(neverallowx mediadrmserver_26_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx mediadrmserver_26_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx mediadrmserver_26_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx mediadrmserver_26_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx mediadrmserver_26_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx mediadrmserver_26_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow mediaextractor_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 mediaextractor_26_0 (dir (search))) -(allow servicemanager_26_0 mediaextractor_26_0 (file (read open))) -(allow servicemanager_26_0 mediaextractor_26_0 (process (getattr))) -(allow mediaextractor_26_0 binderservicedomain (binder (call transfer))) -(allow binderservicedomain mediaextractor_26_0 (binder (transfer))) -(allow mediaextractor_26_0 binderservicedomain (fd (use))) -(allow mediaextractor_26_0 appdomain (binder (call transfer))) -(allow appdomain mediaextractor_26_0 (binder (transfer))) -(allow mediaextractor_26_0 appdomain (fd (use))) -(allow mediaextractor_26_0 mediaextractor_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_153_26_0 mediaextractor_service_26_0 (service_manager (add))) -(neverallow mediaextractor_26_0 unlabeled_26_0 (service_manager (add))) -(allow mediaextractor_26_0 mediametrics_service_26_0 (service_manager (find))) -(allow mediaextractor_26_0 mediacasserver_service_26_0 (service_manager (find))) -(allow mediaextractor_26_0 system_server_26_0 (fd (use))) -(allow mediaextractor_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow mediaextractor_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow mediaextractor_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mediaextractor_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow mediaextractor_26_0 su_26_0 (fifo_file (append))) -(allow mediaextractor_26_0 anr_data_file_26_0 (file (append))) -(allow mediaextractor_26_0 dumpstate_26_0 (fd (use))) -(allow mediaextractor_26_0 dumpstate_26_0 (fifo_file (write append))) -(allow mediaextractor_26_0 tombstoned_26_0 (unix_stream_socket (connectto))) -(allow mediaextractor_26_0 tombstoned_26_0 (fd (use))) -(allow mediaextractor_26_0 tombstoned_crash_socket_26_0 (sock_file (write))) -(allow mediaextractor_26_0 tombstone_data_file_26_0 (file (append))) -(allow mediaextractor_26_0 media_rw_data_file_26_0 (file (read getattr))) -(allow mediaextractor_26_0 app_data_file_26_0 (file (read getattr))) -(allow mediaextractor_26_0 apk_data_file_26_0 (file (read getattr))) -(allow mediaextractor_26_0 asec_apk_file_26_0 (file (read getattr))) -(allow mediaextractor_26_0 ringtone_file_26_0 (file (read getattr))) -(neverallow mediaextractor_26_0 fs_type (file (execute_no_trans))) -(neverallow mediaextractor_26_0 file_type (file (execute_no_trans))) -(neverallow mediaextractor_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow mediaextractor_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow mediaextractor_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(allow mediametrics_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 mediametrics_26_0 (dir (search))) -(allow servicemanager_26_0 mediametrics_26_0 (file (read open))) -(allow servicemanager_26_0 mediametrics_26_0 (process (getattr))) -(allow mediametrics_26_0 binderservicedomain (binder (call transfer))) -(allow binderservicedomain mediametrics_26_0 (binder (transfer))) -(allow mediametrics_26_0 binderservicedomain (fd (use))) -(allow mediametrics_26_0 mediametrics_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_154_26_0 mediametrics_service_26_0 (service_manager (add))) -(neverallow mediametrics_26_0 unlabeled_26_0 (service_manager (add))) -(allow mediametrics_26_0 system_server_26_0 (fd (use))) -(allow mediametrics_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow mediametrics_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow mediametrics_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mediametrics_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow mediametrics_26_0 app_data_file_26_0 (file (write))) -(neverallow mediametrics_26_0 fs_type (file (execute_no_trans))) -(neverallow mediametrics_26_0 file_type (file (execute_no_trans))) -(neverallow mediametrics_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow mediametrics_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow mediametrics_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(allow mediaserver_26_0 sdcard_type (dir (ioctl read getattr lock search open))) -(allow mediaserver_26_0 sdcard_type (file (ioctl read getattr lock open))) -(allow mediaserver_26_0 sdcard_type (lnk_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow mediaserver_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow mediaserver_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 proc_26_0 (lnk_file (getattr))) -(allow mediaserver_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mediaserver_26_0 self (process (ptrace))) -(allow mediaserver_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 mediaserver_26_0 (dir (search))) -(allow servicemanager_26_0 mediaserver_26_0 (file (read open))) -(allow servicemanager_26_0 mediaserver_26_0 (process (getattr))) -(allow mediaserver_26_0 binderservicedomain (binder (call transfer))) -(allow binderservicedomain mediaserver_26_0 (binder (transfer))) -(allow mediaserver_26_0 binderservicedomain (fd (use))) -(allow mediaserver_26_0 appdomain (binder (call transfer))) -(allow appdomain mediaserver_26_0 (binder (transfer))) -(allow mediaserver_26_0 appdomain (fd (use))) -(allow mediaserver_26_0 media_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mediaserver_26_0 media_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediaserver_26_0 app_data_file_26_0 (dir (search))) -(allow mediaserver_26_0 app_data_file_26_0 (file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 sdcard_type (file (write))) -(allow mediaserver_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 video_device_26_0 (dir (ioctl read getattr lock search open))) -(allow mediaserver_26_0 video_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 property_socket_26_0 (sock_file (write))) -(allow mediaserver_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow mediaserver_26_0 audio_prop_26_0 (property_service (set))) -(allow mediaserver_26_0 audio_prop_26_0 (file (ioctl read getattr lock open))) -(allow mediaserver_26_0 sysfs_26_0 (file (ioctl read getattr lock open))) -(allow mediaserver_26_0 apk_data_file_26_0 (file (read getattr))) -(allow mediaserver_26_0 asec_apk_file_26_0 (file (read getattr))) -(allow mediaserver_26_0 ringtone_file_26_0 (file (read getattr))) -(allow mediaserver_26_0 radio_data_file_26_0 (file (read getattr))) -(allow mediaserver_26_0 appdomain (fifo_file (read write getattr))) -(allow mediaserver_26_0 rpmsg_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 system_server_26_0 (fifo_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 media_rw_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mediaserver_26_0 media_rw_data_file_26_0 (file (ioctl read getattr lock open))) -(allow mediaserver_26_0 media_rw_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 app_fuse_file_26_0 (file (read getattr))) -(allow mediaserver_26_0 qtaguid_proc_26_0 (file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 qtaguid_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 drmserver_socket_26_0 (sock_file (write))) -(allow mediaserver_26_0 drmserver_26_0 (unix_stream_socket (connectto))) -(allow mediaserver_26_0 bluetooth_socket_26_0 (sock_file (write))) -(allow mediaserver_26_0 bluetooth_26_0 (unix_stream_socket (connectto))) -(allow mediaserver_26_0 mediaserver_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_155_26_0 mediaserver_service_26_0 (service_manager (add))) -(neverallow mediaserver_26_0 unlabeled_26_0 (service_manager (add))) -(allow mediaserver_26_0 activity_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 appops_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 audioserver_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 cameraserver_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 batterystats_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 drmserver_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 mediaextractor_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 mediacodec_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 mediametrics_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 media_session_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 permission_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 power_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 processinfo_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 scheduling_policy_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 surfaceflinger_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 mediadrmserver_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 hidl_token_hwservice_26_0 (hwservice_manager (find))) -(allow mediaserver_26_0 oemfs_26_0 (dir (search))) -(allow mediaserver_26_0 oemfs_26_0 (file (ioctl read getattr lock open))) -(allow drmserver_26_0 mediaserver_26_0 (dir (search))) -(allow drmserver_26_0 mediaserver_26_0 (file (read open))) -(allow drmserver_26_0 mediaserver_26_0 (process (getattr))) -(allow mediaserver_26_0 drmserver_26_0 (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread))) -(allowx mediaserver_26_0 self (ioctl tcp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx mediaserver_26_0 self (ioctl udp_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx mediaserver_26_0 self (ioctl rawip_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx mediaserver_26_0 self (ioctl tcp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx mediaserver_26_0 self (ioctl udp_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx mediaserver_26_0 self (ioctl rawip_socket (((range 0x8906 0x8907)) 0x8910 ((range 0x8912 0x8913)) 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942))) -(allowx mediaserver_26_0 self (ioctl tcp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allowx mediaserver_26_0 self (ioctl udp_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allowx mediaserver_26_0 self (ioctl rawip_socket (0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f ((range 0x8b11 0x8b13)) 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d))) -(allow mediaserver_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mediaserver_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediaserver_26_0 preloads_media_file_26_0 (file (ioctl read getattr))) -(allow mediaserver_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 hal_graphics_allocator (fd (use))) -(allow mediaserver_26_0 hal_graphics_composer (fd (use))) -(allow mediaserver_26_0 hal_camera (fd (use))) -(allow mediaserver_26_0 system_server_26_0 (fd (use))) -(allow mediaserver_26_0 mediacodec_26_0 (binder (call transfer))) -(allow mediacodec_26_0 mediaserver_26_0 (binder (transfer))) -(allow mediaserver_26_0 mediacodec_26_0 (fd (use))) -(neverallow mediaserver_26_0 fs_type (file (execute_no_trans))) -(neverallow mediaserver_26_0 file_type (file (execute_no_trans))) -(neverallowx mediaserver_26_0 domain (ioctl tcp_socket (0x6900 0x6902))) -(neverallowx mediaserver_26_0 domain (ioctl udp_socket (0x6900 0x6902))) -(neverallowx mediaserver_26_0 domain (ioctl rawip_socket (0x6900 0x6902))) -(neverallowx mediaserver_26_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx mediaserver_26_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx mediaserver_26_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx mediaserver_26_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx mediaserver_26_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx mediaserver_26_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow modprobe_26_0 proc_modules_26_0 (file (ioctl read getattr lock open))) -(allow modprobe_26_0 self (capability (sys_module))) -(allow modprobe_26_0 kernel_26_0 (key (search))) -(allow modprobe_26_0 system_file_26_0 (system (module_load))) -(allow modprobe_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow modprobe_26_0 system_file_26_0 (file (ioctl read getattr lock open))) -(allow modprobe_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtp_26_0 self (socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow mtp_26_0 self (capability (net_raw))) -(allow mtp_26_0 ppp_26_0 (process (signal))) -(allow mtp_26_0 vpn_data_file_26_0 (dir (search))) -(allowx netd_26_0 self (ioctl udp_socket (0x6900 0x6902))) -(allowx netd_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx netd_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow netd_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow netd_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow netd_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow netd_26_0 system_server_26_0 (fd (use))) -(allow netd_26_0 self (capability (kill net_admin net_raw))) -(dontaudit netd_26_0 self (capability (fsetid))) -(allow netd_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow netd_26_0 self (netlink_route_socket (nlmsg_write))) -(allow netd_26_0 self (netlink_nflog_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow netd_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow netd_26_0 self (netlink_tcpdiag_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write))) -(allow netd_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow netd_26_0 self (netlink_netfilter_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow netd_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow netd_26_0 system_file_26_0 (file (getattr execute execute_no_trans))) -(allow netd_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow netd_26_0 system_file_26_0 (file (lock))) -(allow netd_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow netd_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow netd_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow netd_26_0 proc_net_26_0 (file (ioctl read write getattr lock append open))) -(allow netd_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow netd_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow netd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow netd_26_0 sysfs_26_0 (file (write))) -(allow netd_26_0 sysfs_usb_26_0 (file (write))) -(allow netd_26_0 self (capability (chown dac_override))) -(allow netd_26_0 net_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow netd_26_0 net_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow netd_26_0 self (capability (fowner))) -(allow netd_26_0 dnsmasq_26_0 (process (signal))) -(allow netd_26_0 clatd_26_0 (process (signal))) -(allow netd_26_0 property_socket_26_0 (sock_file (write))) -(allow netd_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow netd_26_0 ctl_mdnsd_prop_26_0 (property_service (set))) -(allow netd_26_0 ctl_mdnsd_prop_26_0 (file (ioctl read getattr lock open))) -(allow netd_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 netd_26_0 (dir (search))) -(allow servicemanager_26_0 netd_26_0 (file (read open))) -(allow servicemanager_26_0 netd_26_0 (process (getattr))) -(allow netd_26_0 netd_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_156_26_0 netd_service_26_0 (service_manager (add))) -(neverallow netd_26_0 unlabeled_26_0 (service_manager (add))) -(allow netd_26_0 dumpstate_26_0 (fifo_file (write getattr))) -(allow netd_26_0 system_server_26_0 (binder (call))) -(allow netd_26_0 permission_service_26_0 (service_manager (find))) -(allow netd_26_0 netd_listener_service_26_0 (service_manager (find))) -(allow netd_26_0 netdomain (tcp_socket (read write getattr setattr getopt setopt))) -(allow netd_26_0 netdomain (udp_socket (read write getattr setattr getopt setopt))) -(allow netd_26_0 netdomain (rawip_socket (read write getattr setattr getopt setopt))) -(allow netd_26_0 netdomain (tun_socket (read write getattr setattr getopt setopt))) -(allow netd_26_0 netdomain (fd (use))) -(allow netd_26_0 self (netlink_xfrm_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write))) -(neverallow netd_26_0 dev_type (blk_file (read write))) -(neverallow netd_26_0 domain (process (ptrace))) -(neverallow netd_26_0 system_file_26_0 (file (write))) -(neverallow netd_26_0 system_file_26_0 (dir (write))) -(neverallow netd_26_0 system_file_26_0 (lnk_file (write))) -(neverallow netd_26_0 system_file_26_0 (chr_file (write))) -(neverallow netd_26_0 system_file_26_0 (blk_file (write))) -(neverallow netd_26_0 system_file_26_0 (sock_file (write))) -(neverallow netd_26_0 system_file_26_0 (fifo_file (write))) -(neverallow netd_26_0 system_data_file_26_0 (file (write))) -(neverallow netd_26_0 system_data_file_26_0 (dir (write))) -(neverallow netd_26_0 system_data_file_26_0 (lnk_file (write))) -(neverallow netd_26_0 system_data_file_26_0 (chr_file (write))) -(neverallow netd_26_0 system_data_file_26_0 (blk_file (write))) -(neverallow netd_26_0 system_data_file_26_0 (sock_file (write))) -(neverallow netd_26_0 system_data_file_26_0 (fifo_file (write))) -(neverallow netd_26_0 app_data_file_26_0 (file (write))) -(neverallow netd_26_0 app_data_file_26_0 (dir (write))) -(neverallow netd_26_0 app_data_file_26_0 (lnk_file (write))) -(neverallow netd_26_0 app_data_file_26_0 (chr_file (write))) -(neverallow netd_26_0 app_data_file_26_0 (blk_file (write))) -(neverallow netd_26_0 app_data_file_26_0 (sock_file (write))) -(neverallow netd_26_0 app_data_file_26_0 (fifo_file (write))) -(neverallow base_typeattr_157_26_0 netd_service_26_0 (service_manager (find))) -(neverallow base_typeattr_63_26_0 netd_26_0 (binder (call))) -(neverallow netd_26_0 base_typeattr_146_26_0 (binder (call))) -(neverallow domain netutils_wrapper_exec_26_0 (file (execute_no_trans))) -(allow otapreopt_chroot_26_0 postinstall_file_26_0 (dir (mounton search))) -(allow otapreopt_chroot_26_0 self (capability (sys_chroot sys_admin))) -(allow otapreopt_chroot_26_0 block_device_26_0 (dir (search))) -(allow otapreopt_chroot_26_0 labeledfs_26_0 (filesystem (mount))) -(dontaudit otapreopt_chroot_26_0 kernel_26_0 (process (setsched))) -(allow otapreopt_chroot_26_0 postinstall_26_0 (fd (use))) -(allow otapreopt_chroot_26_0 update_engine_26_0 (fd (use))) -(allow otapreopt_chroot_26_0 update_engine_26_0 (fifo_file (write))) -(allow otapreopt_slot_26_0 ota_data_file_26_0 (dir (ioctl read write getattr lock rename add_name remove_name reparent search rmdir open))) -(allow otapreopt_slot_26_0 ota_data_file_26_0 (file (getattr))) -(allow otapreopt_slot_26_0 ota_data_file_26_0 (lnk_file (getattr))) -(allow otapreopt_slot_26_0 ota_data_file_26_0 (lnk_file (read))) -(allow otapreopt_slot_26_0 dalvikcache_data_file_26_0 (dir (read write getattr add_name remove_name search rmdir open))) -(allow otapreopt_slot_26_0 dalvikcache_data_file_26_0 (file (getattr unlink))) -(allow otapreopt_slot_26_0 dalvikcache_data_file_26_0 (lnk_file (read getattr unlink))) -(allow otapreopt_slot_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow otapreopt_slot_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow init_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (create bind))) -(allow performanced_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (read write getattr setattr lock append listen accept getopt setopt shutdown))) -(allow performanced_26_0 self (process (setsockcreate))) -(allow performanced_26_0 pdx_performance_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown))) -(neverallow base_typeattr_158_26_0 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept))) -(allow performanced_26_0 self (capability (setgid setuid sys_nice))) -(allow performanced_26_0 appdomain (dir (ioctl read getattr lock search open))) -(allow performanced_26_0 bufferhubd_26_0 (dir (ioctl read getattr lock search open))) -(allow performanced_26_0 kernel_26_0 (dir (ioctl read getattr lock search open))) -(allow performanced_26_0 surfaceflinger_26_0 (dir (ioctl read getattr lock search open))) -(allow performanced_26_0 appdomain (file (ioctl read getattr lock open))) -(allow performanced_26_0 appdomain (lnk_file (ioctl read getattr lock open))) -(allow performanced_26_0 bufferhubd_26_0 (file (ioctl read getattr lock open))) -(allow performanced_26_0 bufferhubd_26_0 (lnk_file (ioctl read getattr lock open))) -(allow performanced_26_0 kernel_26_0 (file (ioctl read getattr lock open))) -(allow performanced_26_0 kernel_26_0 (lnk_file (ioctl read getattr lock open))) -(allow performanced_26_0 surfaceflinger_26_0 (file (ioctl read getattr lock open))) -(allow performanced_26_0 surfaceflinger_26_0 (lnk_file (ioctl read getattr lock open))) -(dontaudit performanced_26_0 domain (dir (read))) -(allow performanced_26_0 appdomain (process (setsched))) -(allow performanced_26_0 bufferhubd_26_0 (process (setsched))) -(allow performanced_26_0 kernel_26_0 (process (setsched))) -(allow performanced_26_0 surfaceflinger_26_0 (process (setsched))) -(allow performanced_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow performanced_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow performanced_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow perfprofd_26_0 sysfs_devices_system_cpu_26_0 (file (ioctl read write getattr lock append open))) -(allow perfprofd_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow perfprofd_26_0 app_data_file_26_0 (file (ioctl read getattr lock open))) -(allow perfprofd_26_0 app_data_file_26_0 (dir (search))) -(allow perfprofd_26_0 self (capability (dac_override))) -(allow perfprofd_26_0 perfprofd_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow perfprofd_26_0 perfprofd_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow perfprofd_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow perfprofd_26_0 logdr_socket_26_0 (sock_file (write))) -(allow perfprofd_26_0 logd_26_0 (unix_stream_socket (connectto))) -(allow perfprofd_26_0 logdw_socket_26_0 (sock_file (write))) -(allow perfprofd_26_0 logd_26_0 (unix_dgram_socket (sendto))) -(allow perfprofd_26_0 pmsg_device_26_0 (chr_file (write lock append open))) -(allow perfprofd_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow perfprofd_26_0 self (capability2 (block_suspend))) -(allow perfprofd_26_0 self (capability (sys_admin))) -(allow perfprofd_26_0 domain (dir (ioctl read getattr lock search open))) -(allow perfprofd_26_0 domain (file (ioctl read getattr lock open))) -(allow perfprofd_26_0 domain (lnk_file (ioctl read getattr lock open))) -(allow perfprofd_26_0 self (capability (sys_ptrace sys_resource))) -(neverallow perfprofd_26_0 domain (process (ptrace))) -(allow perfprofd_26_0 exec_type (file (ioctl read getattr lock open))) -(allow perfprofd_26_0 debugfs_tracing_26_0 (file (ioctl read getattr lock open))) -(allow perfprofd_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow perfprofd_26_0 self (capability (ipc_lock))) -(allow postinstall_26_0 update_engine_common (fd (use))) -(allow postinstall_26_0 update_engine_common (fifo_file (ioctl read write getattr lock append open))) -(allow postinstall_26_0 postinstall_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow postinstall_26_0 postinstall_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow postinstall_26_0 postinstall_file_26_0 (dir (ioctl read getattr lock search open))) -(allow postinstall_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow postinstall_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow postinstall_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow postinstall_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 postinstall_26_0 (dir (search))) -(allow servicemanager_26_0 postinstall_26_0 (file (read open))) -(allow servicemanager_26_0 postinstall_26_0 (process (getattr))) -(allow postinstall_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 postinstall_26_0 (binder (transfer))) -(allow postinstall_26_0 system_server_26_0 (fd (use))) -(allow postinstall_26_0 otadexopt_service_26_0 (service_manager (find))) -(neverallow base_typeattr_35_26_0 postinstall_26_0 (process (transition dyntransition))) -(allow postinstall_dexopt_26_0 self (capability (chown dac_override fowner setgid setuid))) -(allow postinstall_dexopt_26_0 postinstall_file_26_0 (filesystem (getattr))) -(allow postinstall_dexopt_26_0 postinstall_file_26_0 (dir (getattr search))) -(allow postinstall_dexopt_26_0 postinstall_file_26_0 (lnk_file (read))) -(allow postinstall_dexopt_26_0 proc_26_0 (file (read getattr open))) -(allow postinstall_dexopt_26_0 tmpfs_26_0 (file (read))) -(allow postinstall_dexopt_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow postinstall_dexopt_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 vendor_app_file_26_0 (dir (ioctl read getattr lock search open))) -(allow postinstall_dexopt_26_0 vendor_app_file_26_0 (file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 vendor_app_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 user_profile_data_file_26_0 (dir (getattr search))) -(allow postinstall_dexopt_26_0 user_profile_data_file_26_0 (file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 ota_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow postinstall_dexopt_26_0 ota_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow postinstall_dexopt_26_0 ota_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (dir (relabelto))) -(allow postinstall_dexopt_26_0 dalvikcache_data_file_26_0 (file (relabelto link))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow postinstall_dexopt_26_0 kernel_26_0 (security (check_context))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow postinstall_dexopt_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow postinstall_dexopt_26_0 kernel_26_0 (security (compute_av))) -(allow postinstall_dexopt_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(allow postinstall_dexopt_26_0 postinstall_26_0 (process (sigchld))) -(allow postinstall_dexopt_26_0 otapreopt_chroot_26_0 (fd (use))) -(allow postinstall_dexopt_26_0 cpuctl_device_26_0 (dir (search))) -(allow ppp_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow ppp_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow ppp_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow ppp_26_0 mtp_26_0 (socket (ioctl read write getattr setattr lock append bind connect getopt setopt shutdown))) -(allowx ppp_26_0 self (ioctl udp_socket (0x6900 0x6902))) -(allowx ppp_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx ppp_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allowx ppp_26_0 mtp_26_0 (ioctl socket (((range 0x7436 0x7441)) ((range 0x7446 0x7447)) ((range 0x744b 0x745a)) ((range 0x7480 0x7488))))) -(allow ppp_26_0 mtp_26_0 (unix_dgram_socket (ioctl read write getattr setattr lock append bind connect getopt setopt shutdown))) -(allow ppp_26_0 ppp_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow ppp_26_0 self (capability (net_admin))) -(allow ppp_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow ppp_26_0 vpn_data_file_26_0 (dir (write lock add_name remove_name search open))) -(allow ppp_26_0 vpn_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ppp_26_0 mtp_26_0 (fd (use))) -(allow preopt2cachename_26_0 cppreopts_26_0 (fd (use))) -(allow preopt2cachename_26_0 cppreopts_26_0 (fifo_file (read write getattr))) -(allow preopt2cachename_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow profman_26_0 user_profile_data_file_26_0 (file (read write getattr lock))) -(allow profman_26_0 asec_apk_file_26_0 (file (read))) -(allow profman_26_0 apk_data_file_26_0 (file (read))) -(allow profman_26_0 oemfs_26_0 (file (read))) -(allow profman_26_0 tmpfs_26_0 (file (read))) -(allow profman_26_0 profman_dump_data_file_26_0 (file (write))) -(allow profman_26_0 installd_26_0 (fd (use))) -(allow profman_26_0 app_data_file_26_0 (file (read write getattr lock))) -(neverallow profman_26_0 app_data_file_26_0 (file (open))) -(neverallow profman_26_0 app_data_file_26_0 (lnk_file (open))) -(neverallow profman_26_0 app_data_file_26_0 (sock_file (open))) -(neverallow profman_26_0 app_data_file_26_0 (fifo_file (open))) -(allow property_type tmpfs_26_0 (filesystem (associate))) -(neverallow base_typeattr_10_26_0 base_typeattr_159_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open))) -(allowx racoon_26_0 self (ioctl udp_socket (0x8914 0x8916 0x891c))) -(allow racoon_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 racoon_26_0 (dir (search))) -(allow servicemanager_26_0 racoon_26_0 (file (read open))) -(allow servicemanager_26_0 racoon_26_0 (process (getattr))) -(allow racoon_26_0 tun_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow racoon_26_0 cgroup_26_0 (dir (create add_name))) -(allow racoon_26_0 kernel_26_0 (system (module_request))) -(allow racoon_26_0 self (key_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow racoon_26_0 self (tun_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow racoon_26_0 self (capability (net_bind_service net_admin net_raw))) -(allow racoon_26_0 system_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow racoon_26_0 vpn_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow racoon_26_0 vpn_data_file_26_0 (dir (write lock add_name remove_name search open))) -(allow keystore_26_0 racoon_26_0 (dir (search))) -(allow keystore_26_0 racoon_26_0 (file (read open))) -(allow keystore_26_0 racoon_26_0 (process (getattr))) -(allow racoon_26_0 keystore_service_26_0 (service_manager (find))) -(allow racoon_26_0 keystore_26_0 (binder (call transfer))) -(allow keystore_26_0 racoon_26_0 (binder (transfer))) -(allow racoon_26_0 keystore_26_0 (fd (use))) -(allow racoon_26_0 keystore_26_0 (keystore_key (get sign verify))) -(allow radio_26_0 radio_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow radio_26_0 radio_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow radio_26_0 radio_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow radio_26_0 radio_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow radio_26_0 radio_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow radio_26_0 alarm_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow radio_26_0 net_data_file_26_0 (dir (search))) -(allow radio_26_0 net_data_file_26_0 (file (ioctl read getattr lock open))) -(allow radio_26_0 property_socket_26_0 (sock_file (write))) -(allow radio_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow radio_26_0 radio_prop_26_0 (property_service (set))) -(allow radio_26_0 radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow radio_26_0 property_socket_26_0 (sock_file (write))) -(allow radio_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow radio_26_0 net_radio_prop_26_0 (property_service (set))) -(allow radio_26_0 net_radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow radio_26_0 property_socket_26_0 (sock_file (write))) -(allow radio_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow radio_26_0 ctl_rildaemon_prop_26_0 (property_service (set))) -(allow radio_26_0 ctl_rildaemon_prop_26_0 (file (ioctl read getattr lock open))) -(allow radio_26_0 radio_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_160_26_0 radio_service_26_0 (service_manager (add))) -(neverallow radio_26_0 unlabeled_26_0 (service_manager (add))) -(allow radio_26_0 audioserver_service_26_0 (service_manager (find))) -(allow radio_26_0 cameraserver_service_26_0 (service_manager (find))) -(allow radio_26_0 drmserver_service_26_0 (service_manager (find))) -(allow radio_26_0 mediaserver_service_26_0 (service_manager (find))) -(allow radio_26_0 nfc_service_26_0 (service_manager (find))) -(allow radio_26_0 surfaceflinger_service_26_0 (service_manager (find))) -(allow radio_26_0 app_api_service (service_manager (find))) -(allow radio_26_0 system_api_service (service_manager (find))) -(allow radio_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 radio_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 radio_26_0 (dir (search))) -(allow hwservicemanager_26_0 radio_26_0 (file (read open))) -(allow hwservicemanager_26_0 radio_26_0 (process (getattr))) -(neverallow recovery_26_0 data_file_type (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans))) -(neverallow recovery_26_0 data_file_type (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir))) -(allow recovery_persist_26_0 pstorefs_26_0 (dir (search))) -(allow recovery_persist_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(allow recovery_persist_26_0 recovery_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow recovery_persist_26_0 recovery_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(neverallow recovery_persist_26_0 dev_type (blk_file (read write))) -(neverallow recovery_persist_26_0 domain (process (ptrace))) -(neverallow recovery_persist_26_0 system_file_26_0 (file (write))) -(neverallow recovery_persist_26_0 system_file_26_0 (dir (write))) -(neverallow recovery_persist_26_0 system_file_26_0 (lnk_file (write))) -(neverallow recovery_persist_26_0 system_file_26_0 (chr_file (write))) -(neverallow recovery_persist_26_0 system_file_26_0 (blk_file (write))) -(neverallow recovery_persist_26_0 system_file_26_0 (sock_file (write))) -(neverallow recovery_persist_26_0 system_file_26_0 (fifo_file (write))) -(neverallow recovery_persist_26_0 system_data_file_26_0 (file (write))) -(neverallow recovery_persist_26_0 system_data_file_26_0 (dir (write))) -(neverallow recovery_persist_26_0 system_data_file_26_0 (lnk_file (write))) -(neverallow recovery_persist_26_0 system_data_file_26_0 (chr_file (write))) -(neverallow recovery_persist_26_0 system_data_file_26_0 (blk_file (write))) -(neverallow recovery_persist_26_0 system_data_file_26_0 (sock_file (write))) -(neverallow recovery_persist_26_0 system_data_file_26_0 (fifo_file (write))) -(neverallow recovery_persist_26_0 app_data_file_26_0 (file (write))) -(neverallow recovery_persist_26_0 app_data_file_26_0 (dir (write))) -(neverallow recovery_persist_26_0 app_data_file_26_0 (lnk_file (write))) -(neverallow recovery_persist_26_0 app_data_file_26_0 (chr_file (write))) -(neverallow recovery_persist_26_0 app_data_file_26_0 (blk_file (write))) -(neverallow recovery_persist_26_0 app_data_file_26_0 (sock_file (write))) -(neverallow recovery_persist_26_0 app_data_file_26_0 (fifo_file (write))) -(allow recovery_refresh_26_0 pstorefs_26_0 (dir (search))) -(allow recovery_refresh_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(neverallow recovery_refresh_26_0 dev_type (blk_file (read write))) -(neverallow recovery_refresh_26_0 domain (process (ptrace))) -(neverallow recovery_refresh_26_0 system_file_26_0 (file (write))) -(neverallow recovery_refresh_26_0 system_file_26_0 (dir (write))) -(neverallow recovery_refresh_26_0 system_file_26_0 (lnk_file (write))) -(neverallow recovery_refresh_26_0 system_file_26_0 (chr_file (write))) -(neverallow recovery_refresh_26_0 system_file_26_0 (blk_file (write))) -(neverallow recovery_refresh_26_0 system_file_26_0 (sock_file (write))) -(neverallow recovery_refresh_26_0 system_file_26_0 (fifo_file (write))) -(neverallow recovery_refresh_26_0 system_data_file_26_0 (file (write))) -(neverallow recovery_refresh_26_0 system_data_file_26_0 (dir (write))) -(neverallow recovery_refresh_26_0 system_data_file_26_0 (lnk_file (write))) -(neverallow recovery_refresh_26_0 system_data_file_26_0 (chr_file (write))) -(neverallow recovery_refresh_26_0 system_data_file_26_0 (blk_file (write))) -(neverallow recovery_refresh_26_0 system_data_file_26_0 (sock_file (write))) -(neverallow recovery_refresh_26_0 system_data_file_26_0 (fifo_file (write))) -(neverallow recovery_refresh_26_0 app_data_file_26_0 (file (write))) -(neverallow recovery_refresh_26_0 app_data_file_26_0 (dir (write))) -(neverallow recovery_refresh_26_0 app_data_file_26_0 (lnk_file (write))) -(neverallow recovery_refresh_26_0 app_data_file_26_0 (chr_file (write))) -(neverallow recovery_refresh_26_0 app_data_file_26_0 (blk_file (write))) -(neverallow recovery_refresh_26_0 app_data_file_26_0 (sock_file (write))) -(neverallow recovery_refresh_26_0 app_data_file_26_0 (fifo_file (write))) -(allowx rild_26_0 self (ioctl udp_socket (0x6900 0x6902))) -(allowx rild_26_0 self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx rild_26_0 self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow rild_26_0 self (netlink_route_socket (nlmsg_write))) -(allow rild_26_0 kernel_26_0 (system (module_request))) -(allow rild_26_0 self (capability (setgid setuid setpcap net_admin net_raw))) -(allow rild_26_0 alarm_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow rild_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow rild_26_0 radio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 radio_device_26_0 (blk_file (ioctl read getattr lock open))) -(allow rild_26_0 mtd_device_26_0 (dir (search))) -(allow rild_26_0 efs_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow rild_26_0 efs_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow rild_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow rild_26_0 bluetooth_efs_file_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 bluetooth_efs_file_26_0 (dir (ioctl read getattr lock search open))) -(allow rild_26_0 radio_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow rild_26_0 radio_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow rild_26_0 sdcard_type (dir (ioctl read getattr lock search open))) -(allow rild_26_0 system_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow rild_26_0 system_data_file_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 system_file_26_0 (file (getattr execute execute_no_trans))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 radio_prop_26_0 (property_service (set))) -(allow rild_26_0 radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow rild_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow rild_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow rild_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow rild_26_0 self (capability2 (block_suspend))) -(allow rild_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow rild_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow rild_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow rild_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow rild_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow rild_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow rild_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow rild_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow rild_26_0 system_file_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow rild_26_0 self (socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow runas_26_0 adbd_26_0 (process (sigchld))) -(allow runas_26_0 adbd_26_0 (unix_stream_socket (read write))) -(allow runas_26_0 shell_26_0 (fd (use))) -(allow runas_26_0 shell_26_0 (fifo_file (read write))) -(allow runas_26_0 shell_26_0 (unix_stream_socket (read write))) -(allow runas_26_0 devpts_26_0 (chr_file (ioctl read write))) -(allow runas_26_0 shell_data_file_26_0 (file (read write))) -(allow runas_26_0 system_data_file_26_0 (file (ioctl read getattr lock open))) -(dontaudit runas_26_0 self (capability (dac_override))) -(allow runas_26_0 app_data_file_26_0 (dir (getattr search))) -(allow runas_26_0 self (capability (setgid setuid))) -(allow runas_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow runas_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow runas_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow runas_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow runas_26_0 kernel_26_0 (security (check_context))) -(allow runas_26_0 self (process (setcurrent))) -(allow runas_26_0 base_typeattr_161_26_0 (process (dyntransition))) -(allow runas_26_0 seapp_contexts_file_26_0 (file (ioctl read getattr lock open))) -(neverallow runas_26_0 self (capability (chown dac_override dac_read_search fowner fsetid kill setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap))) -(neverallow runas_26_0 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read))) -(allow sdcardd_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow sdcardd_26_0 fuse_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow sdcardd_26_0 rootfs_26_0 (dir (mounton))) -(allow sdcardd_26_0 sdcardfs_26_0 (filesystem (remount))) -(allow sdcardd_26_0 tmpfs_26_0 (dir (ioctl read getattr lock search open))) -(allow sdcardd_26_0 mnt_media_rw_file_26_0 (dir (ioctl read getattr lock search open))) -(allow sdcardd_26_0 storage_file_26_0 (dir (search))) -(allow sdcardd_26_0 storage_stub_file_26_0 (dir (mounton search))) -(allow sdcardd_26_0 sdcard_type (filesystem (mount unmount))) -(allow sdcardd_26_0 self (capability (dac_override setgid setuid sys_admin sys_resource))) -(allow sdcardd_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow sdcardd_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow sdcardd_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow sdcardd_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow sdcardd_26_0 system_data_file_26_0 (file (ioctl read getattr lock open))) -(allow sdcardd_26_0 install_data_file_26_0 (file (ioctl read getattr lock open))) -(allow sdcardd_26_0 vold_26_0 (fd (use))) -(allow sdcardd_26_0 vold_26_0 (fifo_file (read write getattr))) -(allow sdcardd_26_0 mnt_expand_file_26_0 (dir (search))) -(allow sdcardd_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(neverallow init_26_0 sdcardd_exec_26_0 (file (execute))) -(neverallow init_26_0 sdcardd_26_0 (process (transition dyntransition))) -(allow servicemanager_26_0 self (binder (set_context_mgr))) -(allow servicemanager_26_0 base_typeattr_162_26_0 (binder (transfer))) -(allow servicemanager_26_0 service_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow servicemanager_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow servicemanager_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow servicemanager_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow servicemanager_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow servicemanager_26_0 kernel_26_0 (security (compute_av))) -(allow servicemanager_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(allow sgdisk_26_0 block_device_26_0 (dir (search))) -(allow sgdisk_26_0 vold_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow sgdisk_26_0 devpts_26_0 (chr_file (ioctl read write getattr))) -(allow sgdisk_26_0 vold_26_0 (fd (use))) -(allow sgdisk_26_0 vold_26_0 (fifo_file (read write getattr))) -(allow sgdisk_26_0 self (capability (sys_admin))) -(neverallow base_typeattr_92_26_0 sgdisk_26_0 (process (transition))) -(neverallow base_typeattr_10_26_0 sgdisk_26_0 (process (dyntransition))) -(neverallow sgdisk_26_0 base_typeattr_163_26_0 (file (entrypoint))) -(allow shared_relro_26_0 shared_relro_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow shared_relro_26_0 shared_relro_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow shared_relro_26_0 webviewupdate_service_26_0 (service_manager (find))) -(allow shell_26_0 logcat_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow shell_26_0 logdr_socket_26_0 (sock_file (write))) -(allow shell_26_0 logd_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 logd_socket_26_0 (sock_file (write))) -(allow shell_26_0 logd_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 pstorefs_26_0 (dir (search))) -(allow shell_26_0 pstorefs_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 anr_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 anr_data_file_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 shell_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow shell_26_0 shell_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow shell_26_0 shell_data_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow shell_26_0 shell_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow shell_26_0 profman_dump_data_file_26_0 (dir (write getattr remove_name search))) -(allow shell_26_0 profman_dump_data_file_26_0 (file (getattr unlink))) -(allow shell_26_0 nativetest_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 nativetest_data_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow shell_26_0 dumpstate_socket_26_0 (sock_file (write))) -(allow shell_26_0 dumpstate_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow shell_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow shell_26_0 console_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow shell_26_0 input_device_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 input_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow shell_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 system_file_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow shell_26_0 system_file_26_0 (file (getattr execute execute_no_trans))) -(allow shell_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow shell_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow shell_26_0 zygote_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow shell_26_0 apk_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 apk_data_file_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 apk_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 shell_prop_26_0 (property_service (set))) -(allow shell_26_0 shell_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 ctl_bugreport_prop_26_0 (property_service (set))) -(allow shell_26_0 ctl_bugreport_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 ctl_dumpstate_prop_26_0 (property_service (set))) -(allow shell_26_0 ctl_dumpstate_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 dumpstate_prop_26_0 (property_service (set))) -(allow shell_26_0 dumpstate_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 debug_prop_26_0 (property_service (set))) -(allow shell_26_0 debug_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 powerctl_prop_26_0 (property_service (set))) -(allow shell_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 log_tag_prop_26_0 (property_service (set))) -(allow shell_26_0 log_tag_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 wifi_log_prop_26_0 (property_service (set))) -(allow shell_26_0 wifi_log_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 log_prop_26_0 (property_service (set))) -(allow shell_26_0 log_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 logpersistd_logging_prop_26_0 (property_service (set))) -(allow shell_26_0 logpersistd_logging_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 boottrace_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow shell_26_0 boottrace_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 persist_debug_prop_26_0 (property_service (set))) -(allow shell_26_0 persist_debug_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 serialno_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 device_logging_prop_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 servicemanager_26_0 (service_manager (list))) -(allow shell_26_0 base_typeattr_164_26_0 (service_manager (find))) -(allow shell_26_0 dumpstate_26_0 (binder (call))) -(allow shell_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 shell_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 shell_26_0 (dir (search))) -(allow hwservicemanager_26_0 shell_26_0 (file (read open))) -(allow hwservicemanager_26_0 shell_26_0 (process (getattr))) -(allow shell_26_0 hwservicemanager_26_0 (hwservice_manager (list))) -(allow shell_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow shell_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow shell_26_0 proc_interrupts_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 proc_stat_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 proc_timer_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 proc_zoneinfo_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 cgroup_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 cgroup_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 cgroup_26_0 (lnk_file (ioctl read getattr lock open))) -(allow shell_26_0 domain (dir (read getattr search open))) -(allow shell_26_0 domain (file (read getattr open))) -(allow shell_26_0 domain (lnk_file (read getattr open))) -(allow shell_26_0 labeledfs_26_0 (filesystem (getattr))) -(allow shell_26_0 proc_26_0 (filesystem (getattr))) -(allow shell_26_0 device_26_0 (dir (getattr))) -(allow shell_26_0 domain (process (getattr))) -(allow shell_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 bootchart_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow shell_26_0 bootchart_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow shell_26_0 self (process (ptrace))) -(allow shell_26_0 sysfs_batteryinfo_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 sysfs_26_0 (dir (ioctl read getattr lock search open))) -(allow shell_26_0 ion_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow shell_26_0 dev_type (dir (ioctl read getattr lock search open))) -(allow shell_26_0 dev_type (chr_file (getattr))) -(allow shell_26_0 proc_26_0 (lnk_file (getattr))) -(allow shell_26_0 dev_type (blk_file (getattr))) -(allow shell_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 property_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 seapp_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 service_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow shell_26_0 sepolicy_file_26_0 (file (ioctl read getattr lock open))) -(neverallow shell_26_0 file_type (file (link))) -(neverallowx shell_26_0 domain (ioctl tcp_socket (0x6900 0x6902))) -(neverallowx shell_26_0 domain (ioctl udp_socket (0x6900 0x6902))) -(neverallowx shell_26_0 domain (ioctl rawip_socket (0x6900 0x6902))) -(neverallowx shell_26_0 domain (ioctl tcp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx shell_26_0 domain (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx shell_26_0 domain (ioctl rawip_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(neverallowx shell_26_0 domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx shell_26_0 domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallowx shell_26_0 domain (ioctl rawip_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(neverallow shell_26_0 hw_random_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow shell_26_0 kmem_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow shell_26_0 port_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow shell_26_0 fuse_device_26_0 (chr_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow shell_26_0 dev_type (blk_file (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(allow slideshow_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow slideshow_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow slideshow_26_0 self (capability2 (block_suspend))) -(allow slideshow_26_0 device_26_0 (dir (ioctl read getattr lock search open))) -(allow slideshow_26_0 self (capability (sys_tty_config))) -(allow slideshow_26_0 graphics_device_26_0 (dir (ioctl read getattr lock search open))) -(allow slideshow_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow slideshow_26_0 input_device_26_0 (dir (ioctl read getattr lock search open))) -(allow slideshow_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow slideshow_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow su_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow su_26_0 vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 su_26_0 (dir (search))) -(allow vndservicemanager_26_0 su_26_0 (file (read open))) -(allow vndservicemanager_26_0 su_26_0 (process (getattr))) -(dontaudit su_26_0 self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap))) -(dontaudit su_26_0 self (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read))) -(dontaudit su_26_0 kernel_26_0 (security (compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy))) -(dontaudit su_26_0 kernel_26_0 (system (ipc_info syslog_read syslog_mod syslog_console module_request module_load))) -(dontaudit su_26_0 self (memprotect (mmap_zero))) -(dontaudit su_26_0 domain (process (fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate))) -(dontaudit su_26_0 domain (fd (use))) -(dontaudit su_26_0 domain (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(dontaudit su_26_0 domain (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 domain (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 domain (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(dontaudit su_26_0 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto))) -(dontaudit su_26_0 domain (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))) -(dontaudit su_26_0 domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))) -(dontaudit su_26_0 domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))) -(dontaudit su_26_0 domain (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit))) -(dontaudit su_26_0 domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue))) -(dontaudit su_26_0 domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 domain (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 domain (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 domain (sem (create destroy getattr setattr read write associate unix_read unix_write))) -(dontaudit su_26_0 domain (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue))) -(dontaudit su_26_0 domain (shm (create destroy getattr setattr read write associate unix_read unix_write lock))) -(dontaudit su_26_0 domain (ipc (create destroy getattr setattr read write associate unix_read unix_write))) -(dontaudit su_26_0 domain (key (view read write search link setattr create))) -(dontaudit su_26_0 fs_type (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget))) -(dontaudit su_26_0 dev_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 dev_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(dontaudit su_26_0 dev_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 dev_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 dev_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 dev_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 dev_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 fs_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 fs_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(dontaudit su_26_0 fs_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 fs_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 fs_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 fs_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 fs_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 file_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 file_type (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(dontaudit su_26_0 file_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 file_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 file_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 file_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 file_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(dontaudit su_26_0 node_type (node (recvfrom sendto))) -(dontaudit su_26_0 node_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(dontaudit su_26_0 node_type (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 node_type (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 netif_type (netif (ingress egress))) -(dontaudit su_26_0 port_type (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(dontaudit su_26_0 port_type (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 port_type (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 port_type (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto))) -(dontaudit su_26_0 port_type (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))) -(dontaudit su_26_0 port_type (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))) -(dontaudit su_26_0 port_type (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write))) -(dontaudit su_26_0 port_type (netlink_selinux_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit))) -(dontaudit su_26_0 port_type (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue))) -(dontaudit su_26_0 port_type (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 port_type (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(dontaudit su_26_0 port_type (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(dontaudit su_26_0 port_type (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(dontaudit su_26_0 port_type (dccp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(dontaudit su_26_0 domain (peer (recv))) -(dontaudit su_26_0 domain (binder (impersonate call set_context_mgr transfer))) -(dontaudit su_26_0 property_type (property_service (set))) -(dontaudit su_26_0 property_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(dontaudit su_26_0 service_manager_type (service_manager (add find list))) -(dontaudit su_26_0 hwservice_manager_type (hwservice_manager (add find list))) -(dontaudit su_26_0 vndservice_manager_type (service_manager (add find list))) -(dontaudit su_26_0 servicemanager_26_0 (service_manager (list))) -(dontaudit su_26_0 hwservicemanager_26_0 (hwservice_manager (list))) -(dontaudit su_26_0 vndservicemanager_26_0 (service_manager (list))) -(dontaudit su_26_0 keystore_26_0 (keystore_key (get_state get insert delete exist list reset password lock unlock is_empty sign verify grant duplicate clear_uid add_auth user_changed gen_unique_id))) -(dontaudit su_26_0 domain (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread))) -(dontaudit su_26_0 unlabeled_26_0 (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget))) -(dontaudit su_26_0 postinstall_file_26_0 (filesystem (mount remount unmount getattr relabelfrom relabelto associate quotamod quotaget))) -(allow tombstoned_26_0 domain (fd (use))) -(allow tombstoned_26_0 domain (fifo_file (write))) -(allow tombstoned_26_0 domain (dir (ioctl read getattr lock search open))) -(allow tombstoned_26_0 domain (file (ioctl read getattr lock open))) -(allow tombstoned_26_0 tombstone_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow tombstoned_26_0 tombstone_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow tombstoned_26_0 anr_data_file_26_0 (file (getattr append))) -(allow tombstoned_26_0 anr_data_file_26_0 (file (write))) -(auditallow tombstoned_26_0 anr_data_file_26_0 (file (write))) -(allow toolbox_26_0 tmpfs_26_0 (chr_file (ioctl read write))) -(allow toolbox_26_0 devpts_26_0 (chr_file (ioctl read write getattr))) -(allow toolbox_26_0 block_device_26_0 (dir (search))) -(allow toolbox_26_0 swap_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(neverallow base_typeattr_5_26_0 toolbox_26_0 (process (transition))) -(neverallow base_typeattr_10_26_0 toolbox_26_0 (process (dyntransition))) -(neverallow toolbox_26_0 base_typeattr_165_26_0 (file (entrypoint))) -(allow tzdatacheck_26_0 zoneinfo_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow tzdatacheck_26_0 zoneinfo_data_file_26_0 (file (unlink))) -(allow ueventd_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow ueventd_26_0 self (capability (chown dac_override fowner fsetid setgid net_admin sys_rawio mknod))) -(allow ueventd_26_0 device_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ueventd_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow ueventd_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow ueventd_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow ueventd_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow ueventd_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow ueventd_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow ueventd_26_0 sysfs_26_0 (file (write lock append open))) -(allow ueventd_26_0 sysfs_usb_26_0 (file (write lock append open))) -(allow ueventd_26_0 sysfs_hwrandom_26_0 (file (write lock append open))) -(allow ueventd_26_0 sysfs_zram_uevent_26_0 (file (write lock append open))) -(allow ueventd_26_0 sysfs_type (file (getattr setattr relabelfrom relabelto))) -(allow ueventd_26_0 sysfs_type (lnk_file (getattr setattr relabelfrom relabelto))) -(allow ueventd_26_0 sysfs_type (dir (ioctl read getattr setattr lock relabelfrom relabelto search open))) -(allow ueventd_26_0 sysfs_devices_system_cpu_26_0 (file (ioctl read write getattr lock append open))) -(allow ueventd_26_0 tmpfs_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow ueventd_26_0 dev_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ueventd_26_0 dev_type (lnk_file (create unlink))) -(allow ueventd_26_0 dev_type (chr_file (create getattr setattr unlink))) -(allow ueventd_26_0 dev_type (blk_file (create getattr setattr relabelfrom relabelto unlink))) -(allow ueventd_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow ueventd_26_0 efs_file_26_0 (dir (search))) -(allow ueventd_26_0 efs_file_26_0 (file (ioctl read getattr lock open))) -(allow ueventd_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow ueventd_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow ueventd_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow ueventd_26_0 vendor_file_26_0 (dir (ioctl read getattr lock search open))) -(allow ueventd_26_0 vendor_file_26_0 (file (ioctl read getattr lock open))) -(allow ueventd_26_0 vendor_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow ueventd_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow ueventd_26_0 self (process (setfscreate))) -(neverallow ueventd_26_0 property_socket_26_0 (sock_file (write))) -(neverallow ueventd_26_0 init_26_0 (unix_stream_socket (connectto))) -(neverallow ueventd_26_0 property_type (property_service (set))) -(neverallow ueventd_26_0 dev_type (blk_file (ioctl read write lock append link rename execute quotaon mounton open audit_access execmod))) -(neverallow ueventd_26_0 kmem_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow ueventd_26_0 port_device_26_0 (chr_file (ioctl read write lock relabelfrom append link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(allow uncrypt_26_0 self (capability (dac_override))) -(allow uncrypt_26_0 app_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow uncrypt_26_0 app_data_file_26_0 (file (ioctl read getattr lock open))) -(allow uncrypt_26_0 app_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow uncrypt_26_0 shell_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow uncrypt_26_0 shell_data_file_26_0 (file (ioctl read getattr lock open))) -(allow uncrypt_26_0 shell_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow uncrypt_26_0 cache_recovery_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow uncrypt_26_0 cache_recovery_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow uncrypt_26_0 ota_package_file_26_0 (dir (ioctl read getattr lock search open))) -(allow uncrypt_26_0 ota_package_file_26_0 (file (ioctl read getattr lock open))) -(allow uncrypt_26_0 uncrypt_socket_26_0 (sock_file (write))) -(allow uncrypt_26_0 uncrypt_26_0 (unix_stream_socket (connectto))) -(allow uncrypt_26_0 property_socket_26_0 (sock_file (write))) -(allow uncrypt_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow uncrypt_26_0 powerctl_prop_26_0 (property_service (set))) -(allow uncrypt_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open))) -(allow uncrypt_26_0 self (capability (sys_rawio))) -(allow uncrypt_26_0 misc_block_device_26_0 (blk_file (write lock append open))) -(allow uncrypt_26_0 block_device_26_0 (dir (ioctl read getattr lock search open))) -(allow uncrypt_26_0 userdata_block_device_26_0 (blk_file (write lock append open))) -(allow uncrypt_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow uncrypt_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow uncrypt_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow update_engine_26_0 qtaguid_proc_26_0 (file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 qtaguid_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow update_engine_26_0 self (process (setsched))) -(allow update_engine_26_0 self (capability (fowner sys_admin))) -(allow update_engine_26_0 kmsg_device_26_0 (chr_file (write lock append open))) -(allow update_engine_26_0 update_engine_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow update_engine_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 self (capability2 (block_suspend))) -(dontaudit update_engine_26_0 kernel_26_0 (process (setsched))) -(allow update_engine_26_0 update_engine_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow update_engine_26_0 update_engine_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(dontaudit update_engine_26_0 kernel_26_0 (system (module_request))) -(allow update_engine_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 update_engine_26_0 (dir (search))) -(allow servicemanager_26_0 update_engine_26_0 (file (read open))) -(allow servicemanager_26_0 update_engine_26_0 (process (getattr))) -(allow update_engine_26_0 update_engine_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_166_26_0 update_engine_service_26_0 (service_manager (add))) -(neverallow update_engine_26_0 unlabeled_26_0 (service_manager (add))) -(allow update_engine_26_0 priv_app_26_0 (binder (call transfer))) -(allow priv_app_26_0 update_engine_26_0 (binder (transfer))) -(allow update_engine_26_0 priv_app_26_0 (fd (use))) -(allow update_engine_26_0 ota_package_file_26_0 (file (ioctl read getattr lock open))) -(allow update_engine_26_0 ota_package_file_26_0 (dir (ioctl read getattr lock search open))) -(allow update_engine_common block_device_26_0 (dir (search))) -(allow update_engine_common boot_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_common system_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_common misc_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_common postinstall_mnt_dir_26_0 (dir (mounton))) -(allow update_engine_common postinstall_file_26_0 (filesystem (mount unmount relabelfrom relabelto))) -(allow update_engine_common labeledfs_26_0 (filesystem (relabelfrom))) -(allow update_engine_common postinstall_file_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow update_engine_common postinstall_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow update_engine_common postinstall_file_26_0 (dir (ioctl read getattr lock search open))) -(allow update_engine_common shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow update_engine_common postinstall_26_0 (process (sigkill sigstop signal))) -(allow update_engine_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow update_engine_26_0 proc_misc_26_0 (file (ioctl read getattr lock open))) -(allow update_engine_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow update_verifier_26_0 block_device_26_0 (dir (search))) -(allow update_verifier_26_0 ota_package_file_26_0 (dir (ioctl read getattr lock search open))) -(allow update_verifier_26_0 ota_package_file_26_0 (file (ioctl read getattr lock open))) -(allow update_verifier_26_0 dm_device_26_0 (blk_file (ioctl read getattr lock open))) -(allow update_verifier_26_0 property_socket_26_0 (sock_file (write))) -(allow update_verifier_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow update_verifier_26_0 powerctl_prop_26_0 (property_service (set))) -(allow update_verifier_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open))) -(allow vdc_26_0 vold_socket_26_0 (sock_file (write))) -(allow vdc_26_0 vold_26_0 (unix_stream_socket (connectto))) -(allow vdc_26_0 dumpstate_26_0 (fd (use))) -(allow vdc_26_0 dumpstate_26_0 (unix_stream_socket (read write getattr))) -(allow vdc_26_0 shell_data_file_26_0 (file (write getattr))) -(allow vdc_26_0 dumpstate_26_0 (unix_dgram_socket (read write))) -(allow vdc_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow vdc_26_0 kmsg_device_26_0 (chr_file (write lock append open))) -(neverallow base_typeattr_167_26_0 vendor_toolbox_exec_26_0 (file (execute execute_no_trans entrypoint))) -(allow virtual_touchpad_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 virtual_touchpad_26_0 (dir (search))) -(allow servicemanager_26_0 virtual_touchpad_26_0 (file (read open))) -(allow servicemanager_26_0 virtual_touchpad_26_0 (process (getattr))) -(allow virtual_touchpad_26_0 virtual_touchpad_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_168_26_0 virtual_touchpad_service_26_0 (service_manager (add))) -(neverallow virtual_touchpad_26_0 unlabeled_26_0 (service_manager (add))) -(allow virtual_touchpad_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 virtual_touchpad_26_0 (binder (transfer))) -(allow virtual_touchpad_26_0 system_server_26_0 (fd (use))) -(allow virtual_touchpad_26_0 uhid_device_26_0 (chr_file (ioctl write lock append open))) -(allow virtual_touchpad_26_0 permission_service_26_0 (service_manager (find))) -(allow vold_26_0 cache_file_26_0 (dir (ioctl read getattr lock search open))) -(allow vold_26_0 cache_file_26_0 (file (read getattr))) -(allow vold_26_0 cache_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow vold_26_0 proc_26_0 (dir (ioctl read getattr lock search open))) -(allow vold_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow vold_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow vold_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow vold_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow vold_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow vold_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow vold_26_0 sysfs_26_0 (file (write lock append open))) -(allow vold_26_0 sysfs_usb_26_0 (file (write lock append open))) -(allow vold_26_0 sysfs_zram_uevent_26_0 (file (write lock append open))) -(allow vold_26_0 rootfs_26_0 (dir (ioctl read getattr lock search open))) -(allow vold_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 rootfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow vold_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 file_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 self (process (setexec))) -(allow vold_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow vold_26_0 self (process (setfscreate))) -(allow vold_26_0 system_file_26_0 (file (getattr execute execute_no_trans))) -(allow vold_26_0 block_device_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 device_26_0 (dir (write))) -(allow vold_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow vold_26_0 rootfs_26_0 (dir (mounton))) -(allow vold_26_0 sdcard_type (dir (mounton))) -(allow vold_26_0 sdcard_type (filesystem (mount remount unmount))) -(allow vold_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 mnt_media_rw_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 storage_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 mnt_media_rw_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 storage_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 mnt_media_rw_stub_file_26_0 (dir (create getattr setattr mounton rmdir))) -(allow vold_26_0 storage_stub_file_26_0 (dir (create getattr setattr mounton rmdir))) -(allow vold_26_0 mnt_user_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 mnt_user_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 mnt_expand_file_26_0 (dir (ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open))) -(allow vold_26_0 apk_data_file_26_0 (dir (create getattr setattr))) -(allow vold_26_0 shell_data_file_26_0 (dir (create getattr setattr))) -(allow vold_26_0 tmpfs_26_0 (filesystem (mount unmount))) -(allow vold_26_0 tmpfs_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 tmpfs_26_0 (dir (mounton))) -(allow vold_26_0 self (capability (chown dac_override fowner fsetid net_admin sys_admin mknod))) -(allow vold_26_0 self (netlink_kobject_uevent_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow vold_26_0 app_data_file_26_0 (dir (search))) -(allow vold_26_0 app_data_file_26_0 (file (ioctl read write getattr lock append open))) -(allow vold_26_0 loop_control_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow vold_26_0 loop_device_26_0 (blk_file (ioctl read write create getattr setattr lock append unlink open))) -(allow vold_26_0 vold_device_26_0 (blk_file (ioctl read write create getattr setattr lock append unlink open))) -(allow vold_26_0 dm_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow vold_26_0 dm_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow vold_26_0 domain (dir (ioctl read getattr lock search open))) -(allow vold_26_0 domain (file (ioctl read getattr lock open))) -(allow vold_26_0 domain (lnk_file (ioctl read getattr lock open))) -(allow vold_26_0 domain (process (sigkill signal))) -(allow vold_26_0 self (capability (kill sys_ptrace))) -(allow vold_26_0 sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow vold_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow vold_26_0 fsck_exec_26_0 (file (ioctl read getattr lock execute open))) -(allow vold_26_0 fscklogs_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow vold_26_0 fscklogs_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 labeledfs_26_0 (filesystem (mount unmount))) -(allow vold_26_0 efs_file_26_0 (file (ioctl read write getattr lock append open))) -(allow vold_26_0 system_data_file_26_0 (dir (ioctl read write create getattr setattr lock mounton add_name remove_name search rmdir open))) -(allow vold_26_0 kernel_26_0 (process (setsched))) -(allow vold_26_0 property_socket_26_0 (sock_file (write))) -(allow vold_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow vold_26_0 vold_prop_26_0 (property_service (set))) -(allow vold_26_0 vold_prop_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 property_socket_26_0 (sock_file (write))) -(allow vold_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow vold_26_0 powerctl_prop_26_0 (property_service (set))) -(allow vold_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 property_socket_26_0 (sock_file (write))) -(allow vold_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow vold_26_0 ctl_fuse_prop_26_0 (property_service (set))) -(allow vold_26_0 ctl_fuse_prop_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 property_socket_26_0 (sock_file (write))) -(allow vold_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow vold_26_0 restorecon_prop_26_0 (property_service (set))) -(allow vold_26_0 restorecon_prop_26_0 (file (ioctl read getattr lock open))) -(allow vold_26_0 asec_image_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 asec_image_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow vold_26_0 asec_apk_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto rename mounton add_name remove_name reparent search rmdir open))) -(allow vold_26_0 asec_public_file_26_0 (dir (setattr relabelto))) -(allow vold_26_0 asec_apk_file_26_0 (file (ioctl read getattr setattr lock relabelfrom relabelto open))) -(allow vold_26_0 asec_public_file_26_0 (file (setattr relabelto))) -(allow vold_26_0 unlabeled_26_0 (dir (ioctl read getattr setattr lock relabelfrom search open))) -(allow vold_26_0 unlabeled_26_0 (file (ioctl read getattr setattr lock relabelfrom open))) -(allow vold_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow vold_26_0 self (capability2 (block_suspend))) -(allow vold_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 vold_26_0 (dir (search))) -(allow servicemanager_26_0 vold_26_0 (file (read open))) -(allow servicemanager_26_0 vold_26_0 (process (getattr))) -(allow vold_26_0 healthd_26_0 (binder (call transfer))) -(allow healthd_26_0 vold_26_0 (binder (transfer))) -(allow vold_26_0 healthd_26_0 (fd (use))) -(allow vold_26_0 userdata_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow vold_26_0 metadata_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow vold_26_0 unencrypted_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 unencrypted_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 proc_drop_caches_26_0 (file (write lock append open))) -(allow vold_26_0 vold_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 vold_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow vold_26_0 init_26_0 (key (write search setattr))) -(allow vold_26_0 vold_26_0 (key (write search setattr))) -(allow vold_26_0 self (capability (sys_nice))) -(allow vold_26_0 self (capability (sys_chroot))) -(allow vold_26_0 storage_file_26_0 (dir (mounton))) -(allow vold_26_0 fuse_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow vold_26_0 fuse_26_0 (filesystem (relabelfrom))) -(allow vold_26_0 app_fusefs_26_0 (filesystem (relabelfrom relabelto))) -(allow vold_26_0 app_fusefs_26_0 (filesystem (mount unmount))) -(allow vold_26_0 toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow vold_26_0 user_profile_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow vold_26_0 misc_block_device_26_0 (blk_file (write lock append open))) -(neverallow base_typeattr_92_26_0 vold_data_file_26_0 (dir (write lock relabelfrom append unlink link rename execute quotaon mounton add_name remove_name reparent rmdir audit_access execmod))) -(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (lnk_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (sock_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_169_26_0 vold_data_file_26_0 (fifo_file (ioctl read write create setattr lock relabelfrom append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_90_26_0 vold_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_170_26_0 vold_data_file_26_0 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton open audit_access execmod))) -(neverallow base_typeattr_90_26_0 restorecon_prop_26_0 (property_service (set))) -(neverallow vold_26_0 fsck_exec_26_0 (file (execute_no_trans))) -(allow vr_hwc_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 vr_hwc_26_0 (dir (search))) -(allow servicemanager_26_0 vr_hwc_26_0 (file (read open))) -(allow servicemanager_26_0 vr_hwc_26_0 (process (getattr))) -(allow vr_hwc_26_0 surfaceflinger_26_0 (binder (call transfer))) -(allow surfaceflinger_26_0 vr_hwc_26_0 (binder (transfer))) -(allow vr_hwc_26_0 surfaceflinger_26_0 (fd (use))) -(allow vr_hwc_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 vr_hwc_26_0 (binder (transfer))) -(allow vr_hwc_26_0 system_server_26_0 (fd (use))) -(allow vr_hwc_26_0 vr_hwc_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_171_26_0 vr_hwc_service_26_0 (service_manager (add))) -(neverallow vr_hwc_26_0 unlabeled_26_0 (service_manager (add))) -(allow vr_hwc_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 vr_hwc_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 vr_hwc_26_0 (dir (search))) -(allow hwservicemanager_26_0 vr_hwc_26_0 (file (read open))) -(allow hwservicemanager_26_0 vr_hwc_26_0 (process (getattr))) -(allow vr_hwc_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow vr_hwc_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow vr_hwc_26_0 pdx_display_client_endpoint_dir_type (dir (ioctl read getattr lock search open))) -(allow vr_hwc_26_0 pdx_display_client_endpoint_socket_type (sock_file (ioctl read write getattr lock append open))) -(allow vr_hwc_26_0 pdx_display_client_endpoint_socket_type (unix_stream_socket (read write shutdown connectto))) -(allow vr_hwc_26_0 pdx_display_client_channel_socket_type (unix_stream_socket (read write getattr setattr lock append getopt setopt shutdown))) -(allow vr_hwc_26_0 pdx_display_client_server_type (fd (use))) -(allow pdx_display_client_server_type vr_hwc_26_0 (fd (use))) -(allow vr_hwc_26_0 permission_service_26_0 (service_manager (find))) -(allow watchdogd_26_0 watchdog_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow watchdogd_26_0 kmsg_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow wificond_26_0 servicemanager_26_0 (binder (call transfer))) -(allow servicemanager_26_0 wificond_26_0 (dir (search))) -(allow servicemanager_26_0 wificond_26_0 (file (read open))) -(allow servicemanager_26_0 wificond_26_0 (process (getattr))) -(allow wificond_26_0 system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 wificond_26_0 (binder (transfer))) -(allow wificond_26_0 system_server_26_0 (fd (use))) -(allow wificond_26_0 wificond_service_26_0 (service_manager (add find))) -(neverallow base_typeattr_172_26_0 wificond_service_26_0 (service_manager (add))) -(neverallow wificond_26_0 unlabeled_26_0 (service_manager (add))) -(allow wificond_26_0 property_socket_26_0 (sock_file (write))) -(allow wificond_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow wificond_26_0 wifi_prop_26_0 (property_service (set))) -(allow wificond_26_0 wifi_prop_26_0 (file (ioctl read getattr lock open))) -(allow wificond_26_0 property_socket_26_0 (sock_file (write))) -(allow wificond_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow wificond_26_0 ctl_default_prop_26_0 (property_service (set))) -(allow wificond_26_0 ctl_default_prop_26_0 (file (ioctl read getattr lock open))) -(allow wificond_26_0 self (udp_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allowx wificond_26_0 self (ioctl udp_socket (0x8914))) -(allow wificond_26_0 self (capability (net_admin net_raw))) -(allow wificond_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow wificond_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow wificond_26_0 proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow wificond_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow wificond_26_0 proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow wificond_26_0 wifi_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow wificond_26_0 wifi_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow wificond_26_0 permission_service_26_0 (service_manager (find))) -(allow wificond_26_0 dumpstate_26_0 (fd (use))) -(allow wificond_26_0 dumpstate_26_0 (fifo_file (write))) -(allow init_26_0 hal_audio_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_audio_default (process (transition))) -(allow hal_audio_default hal_audio_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_audio_default (process (noatsecure))) -(allow init_26_0 hal_audio_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_audio_default_exec process hal_audio_default) -(typetransition hal_audio_default tmpfs_26_0 file hal_audio_default_tmpfs) -(allow hal_audio_default hal_audio_default_tmpfs (file (read write getattr))) -(allow hal_audio_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_bluetooth_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_bluetooth_default (process (transition))) -(allow hal_bluetooth_default hal_bluetooth_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_bluetooth_default (process (noatsecure))) -(allow init_26_0 hal_bluetooth_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_bluetooth_default_exec process hal_bluetooth_default) -(typetransition hal_bluetooth_default tmpfs_26_0 file hal_bluetooth_default_tmpfs) -(allow hal_bluetooth_default hal_bluetooth_default_tmpfs (file (read write getattr))) -(allow hal_bluetooth_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_bootctl_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_bootctl_default (process (transition))) -(allow hal_bootctl_default hal_bootctl_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_bootctl_default (process (noatsecure))) -(allow init_26_0 hal_bootctl_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_bootctl_default_exec process hal_bootctl_default) -(typetransition hal_bootctl_default tmpfs_26_0 file hal_bootctl_default_tmpfs) -(allow hal_bootctl_default hal_bootctl_default_tmpfs (file (read write getattr))) -(allow hal_bootctl_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_camera_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_camera_default (process (transition))) -(allow hal_camera_default hal_camera_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_camera_default (process (noatsecure))) -(allow init_26_0 hal_camera_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_camera_default_exec process hal_camera_default) -(typetransition hal_camera_default tmpfs_26_0 file hal_camera_default_tmpfs) -(allow hal_camera_default hal_camera_default_tmpfs (file (read write getattr))) -(allow hal_camera_default tmpfs_26_0 (dir (getattr search))) -(allow hal_camera_default fwk_sensor_hwservice_26_0 (hwservice_manager (find))) -(allow init_26_0 hal_configstore_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_configstore_default (process (transition))) -(allow hal_configstore_default hal_configstore_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_configstore_default (process (noatsecure))) -(allow init_26_0 hal_configstore_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_configstore_default_exec process hal_configstore_default) -(typetransition hal_configstore_default tmpfs_26_0 file hal_configstore_default_tmpfs) -(allow hal_configstore_default hal_configstore_default_tmpfs (file (read write getattr))) -(allow hal_configstore_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_contexthub_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_contexthub_default (process (transition))) -(allow hal_contexthub_default hal_contexthub_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_contexthub_default (process (noatsecure))) -(allow init_26_0 hal_contexthub_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_contexthub_default_exec process hal_contexthub_default) -(typetransition hal_contexthub_default tmpfs_26_0 file hal_contexthub_default_tmpfs) -(allow hal_contexthub_default hal_contexthub_default_tmpfs (file (read write getattr))) -(allow hal_contexthub_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_drm_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_drm_default (process (transition))) -(allow hal_drm_default hal_drm_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_drm_default (process (noatsecure))) -(allow init_26_0 hal_drm_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_drm_default_exec process hal_drm_default) -(typetransition hal_drm_default tmpfs_26_0 file hal_drm_default_tmpfs) -(allow hal_drm_default hal_drm_default_tmpfs (file (read write getattr))) -(allow hal_drm_default tmpfs_26_0 (dir (getattr search))) -(allow hal_drm_default mediacodec_26_0 (fd (use))) -(allow hal_drm_default base_typeattr_100_26_0 (fd (use))) -(allow init_26_0 hal_dumpstate_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_dumpstate_default (process (transition))) -(allow hal_dumpstate_default hal_dumpstate_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_dumpstate_default (process (noatsecure))) -(allow init_26_0 hal_dumpstate_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_dumpstate_default_exec process hal_dumpstate_default) -(typetransition hal_dumpstate_default tmpfs_26_0 file hal_dumpstate_default_tmpfs) -(allow hal_dumpstate_default hal_dumpstate_default_tmpfs (file (read write getattr))) -(allow hal_dumpstate_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_fingerprint_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_fingerprint_default (process (transition))) -(allow hal_fingerprint_default hal_fingerprint_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_fingerprint_default (process (noatsecure))) -(allow init_26_0 hal_fingerprint_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_fingerprint_default_exec process hal_fingerprint_default) -(typetransition hal_fingerprint_default tmpfs_26_0 file hal_fingerprint_default_tmpfs) -(allow hal_fingerprint_default hal_fingerprint_default_tmpfs (file (read write getattr))) -(allow hal_fingerprint_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_gatekeeper_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_gatekeeper_default (process (transition))) -(allow hal_gatekeeper_default hal_gatekeeper_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_gatekeeper_default (process (noatsecure))) -(allow init_26_0 hal_gatekeeper_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_gatekeeper_default_exec process hal_gatekeeper_default) -(typetransition hal_gatekeeper_default tmpfs_26_0 file hal_gatekeeper_default_tmpfs) -(allow hal_gatekeeper_default hal_gatekeeper_default_tmpfs (file (read write getattr))) -(allow hal_gatekeeper_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_gnss_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_gnss_default (process (transition))) -(allow hal_gnss_default hal_gnss_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_gnss_default (process (noatsecure))) -(allow init_26_0 hal_gnss_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_gnss_default_exec process hal_gnss_default) -(typetransition hal_gnss_default tmpfs_26_0 file hal_gnss_default_tmpfs) -(allow hal_gnss_default hal_gnss_default_tmpfs (file (read write getattr))) -(allow hal_gnss_default tmpfs_26_0 (dir (getattr search))) -(allow hal_gnss system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow hal_gnss system_file_26_0 (file (ioctl read getattr lock open))) -(allow hal_gnss system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 hal_graphics_allocator_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_graphics_allocator_default (process (transition))) -(allow hal_graphics_allocator_default hal_graphics_allocator_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_graphics_allocator_default (process (noatsecure))) -(allow init_26_0 hal_graphics_allocator_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_graphics_allocator_default_exec process hal_graphics_allocator_default) -(typetransition hal_graphics_allocator_default tmpfs_26_0 file hal_graphics_allocator_default_tmpfs) -(allow hal_graphics_allocator_default hal_graphics_allocator_default_tmpfs (file (read write getattr))) -(allow hal_graphics_allocator_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_graphics_composer_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_graphics_composer_default (process (transition))) -(allow hal_graphics_composer_default hal_graphics_composer_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_graphics_composer_default (process (noatsecure))) -(allow init_26_0 hal_graphics_composer_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_graphics_composer_default_exec process hal_graphics_composer_default) -(typetransition hal_graphics_composer_default tmpfs_26_0 file hal_graphics_composer_default_tmpfs) -(allow hal_graphics_composer_default hal_graphics_composer_default_tmpfs (file (read write getattr))) -(allow hal_graphics_composer_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_health_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_health_default (process (transition))) -(allow hal_health_default hal_health_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_health_default (process (noatsecure))) -(allow init_26_0 hal_health_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_health_default_exec process hal_health_default) -(typetransition hal_health_default tmpfs_26_0 file hal_health_default_tmpfs) -(allow hal_health_default hal_health_default_tmpfs (file (read write getattr))) -(allow hal_health_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_ir_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_ir_default (process (transition))) -(allow hal_ir_default hal_ir_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_ir_default (process (noatsecure))) -(allow init_26_0 hal_ir_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_ir_default_exec process hal_ir_default) -(typetransition hal_ir_default tmpfs_26_0 file hal_ir_default_tmpfs) -(allow hal_ir_default hal_ir_default_tmpfs (file (read write getattr))) -(allow hal_ir_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_keymaster_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_keymaster_default (process (transition))) -(allow hal_keymaster_default hal_keymaster_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_keymaster_default (process (noatsecure))) -(allow init_26_0 hal_keymaster_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_keymaster_default_exec process hal_keymaster_default) -(typetransition hal_keymaster_default tmpfs_26_0 file hal_keymaster_default_tmpfs) -(allow hal_keymaster_default hal_keymaster_default_tmpfs (file (read write getattr))) -(allow hal_keymaster_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_light_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_light_default (process (transition))) -(allow hal_light_default hal_light_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_light_default (process (noatsecure))) -(allow init_26_0 hal_light_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_light_default_exec process hal_light_default) -(typetransition hal_light_default tmpfs_26_0 file hal_light_default_tmpfs) -(allow hal_light_default hal_light_default_tmpfs (file (read write getattr))) -(allow hal_light_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_memtrack_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_memtrack_default (process (transition))) -(allow hal_memtrack_default hal_memtrack_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_memtrack_default (process (noatsecure))) -(allow init_26_0 hal_memtrack_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_memtrack_default_exec process hal_memtrack_default) -(typetransition hal_memtrack_default tmpfs_26_0 file hal_memtrack_default_tmpfs) -(allow hal_memtrack_default hal_memtrack_default_tmpfs (file (read write getattr))) -(allow hal_memtrack_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_nfc_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_nfc_default (process (transition))) -(allow hal_nfc_default hal_nfc_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_nfc_default (process (noatsecure))) -(allow init_26_0 hal_nfc_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_nfc_default_exec process hal_nfc_default) -(typetransition hal_nfc_default tmpfs_26_0 file hal_nfc_default_tmpfs) -(allow hal_nfc_default hal_nfc_default_tmpfs (file (read write getattr))) -(allow hal_nfc_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 mediacodec_exec_26_0 (file (read getattr execute open))) -(allow init_26_0 mediacodec_26_0 (process (transition))) -(allow mediacodec_26_0 mediacodec_exec_26_0 (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mediacodec_26_0 (process (noatsecure))) -(allow init_26_0 mediacodec_26_0 (process (siginh rlimitinh))) -(typetransition init_26_0 mediacodec_exec_26_0 process mediacodec) -(typetransition mediacodec_26_0 tmpfs_26_0 file mediacodec_tmpfs) -(allow mediacodec_26_0 mediacodec_tmpfs (file (read write getattr))) -(allow mediacodec_26_0 tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_power_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_power_default (process (transition))) -(allow hal_power_default hal_power_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_power_default (process (noatsecure))) -(allow init_26_0 hal_power_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_power_default_exec process hal_power_default) -(typetransition hal_power_default tmpfs_26_0 file hal_power_default_tmpfs) -(allow hal_power_default hal_power_default_tmpfs (file (read write getattr))) -(allow hal_power_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_sensors_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_sensors_default (process (transition))) -(allow hal_sensors_default hal_sensors_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_sensors_default (process (noatsecure))) -(allow init_26_0 hal_sensors_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_sensors_default_exec process hal_sensors_default) -(typetransition hal_sensors_default tmpfs_26_0 file hal_sensors_default_tmpfs) -(allow hal_sensors_default hal_sensors_default_tmpfs (file (read write getattr))) -(allow hal_sensors_default tmpfs_26_0 (dir (getattr search))) -(allow hal_sensors_default fwk_scheduler_hwservice_26_0 (hwservice_manager (find))) -(allow init_26_0 hal_thermal_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_thermal_default (process (transition))) -(allow hal_thermal_default hal_thermal_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_thermal_default (process (noatsecure))) -(allow init_26_0 hal_thermal_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_thermal_default_exec process hal_thermal_default) -(typetransition hal_thermal_default tmpfs_26_0 file hal_thermal_default_tmpfs) -(allow hal_thermal_default hal_thermal_default_tmpfs (file (read write getattr))) -(allow hal_thermal_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_tv_cec_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_tv_cec_default (process (transition))) -(allow hal_tv_cec_default hal_tv_cec_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_tv_cec_default (process (noatsecure))) -(allow init_26_0 hal_tv_cec_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_tv_cec_default_exec process hal_tv_cec_default) -(typetransition hal_tv_cec_default tmpfs_26_0 file hal_tv_cec_default_tmpfs) -(allow hal_tv_cec_default hal_tv_cec_default_tmpfs (file (read write getattr))) -(allow hal_tv_cec_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_tv_input_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_tv_input_default (process (transition))) -(allow hal_tv_input_default hal_tv_input_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_tv_input_default (process (noatsecure))) -(allow init_26_0 hal_tv_input_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_tv_input_default_exec process hal_tv_input_default) -(typetransition hal_tv_input_default tmpfs_26_0 file hal_tv_input_default_tmpfs) -(allow hal_tv_input_default hal_tv_input_default_tmpfs (file (read write getattr))) -(allow hal_tv_input_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_usb_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_usb_default (process (transition))) -(allow hal_usb_default hal_usb_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_usb_default (process (noatsecure))) -(allow init_26_0 hal_usb_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_usb_default_exec process hal_usb_default) -(typetransition hal_usb_default tmpfs_26_0 file hal_usb_default_tmpfs) -(allow hal_usb_default hal_usb_default_tmpfs (file (read write getattr))) -(allow hal_usb_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_vibrator_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_vibrator_default (process (transition))) -(allow hal_vibrator_default hal_vibrator_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_vibrator_default (process (noatsecure))) -(allow init_26_0 hal_vibrator_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_vibrator_default_exec process hal_vibrator_default) -(typetransition hal_vibrator_default tmpfs_26_0 file hal_vibrator_default_tmpfs) -(allow hal_vibrator_default hal_vibrator_default_tmpfs (file (read write getattr))) -(allow hal_vibrator_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_vr_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_vr_default (process (transition))) -(allow hal_vr_default hal_vr_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_vr_default (process (noatsecure))) -(allow init_26_0 hal_vr_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_vr_default_exec process hal_vr_default) -(typetransition hal_vr_default tmpfs_26_0 file hal_vr_default_tmpfs) -(allow hal_vr_default hal_vr_default_tmpfs (file (read write getattr))) -(allow hal_vr_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_wifi_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_wifi_default (process (transition))) -(allow hal_wifi_default hal_wifi_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_wifi_default (process (noatsecure))) -(allow init_26_0 hal_wifi_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_wifi_default_exec process hal_wifi_default) -(typetransition hal_wifi_default tmpfs_26_0 file hal_wifi_default_tmpfs) -(allow hal_wifi_default hal_wifi_default_tmpfs (file (read write getattr))) -(allow hal_wifi_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_wifi_offload_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_wifi_offload_default (process (transition))) -(allow hal_wifi_offload_default hal_wifi_offload_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_wifi_offload_default (process (noatsecure))) -(allow init_26_0 hal_wifi_offload_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_wifi_offload_default_exec process hal_wifi_offload_default) -(typetransition hal_wifi_offload_default tmpfs_26_0 file hal_wifi_offload_default_tmpfs) -(allow hal_wifi_offload_default hal_wifi_offload_default_tmpfs (file (read write getattr))) -(allow hal_wifi_offload_default tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 hal_wifi_supplicant_default_exec (file (read getattr execute open))) -(allow init_26_0 hal_wifi_supplicant_default (process (transition))) -(allow hal_wifi_supplicant_default hal_wifi_supplicant_default_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_wifi_supplicant_default (process (noatsecure))) -(allow init_26_0 hal_wifi_supplicant_default (process (siginh rlimitinh))) -(typetransition init_26_0 hal_wifi_supplicant_default_exec process hal_wifi_supplicant_default) -(typetransition hal_wifi_supplicant_default tmpfs_26_0 file hal_wifi_supplicant_default_tmpfs) -(allow hal_wifi_supplicant_default hal_wifi_supplicant_default_tmpfs (file (read write getattr))) -(allow hal_wifi_supplicant_default tmpfs_26_0 (dir (getattr search))) -(allow hal_wifi_supplicant_default hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 hal_wifi_supplicant_default (binder (call transfer))) -(allow hwservicemanager_26_0 hal_wifi_supplicant_default (dir (search))) -(allow hwservicemanager_26_0 hal_wifi_supplicant_default (file (read open))) -(allow hwservicemanager_26_0 hal_wifi_supplicant_default (process (getattr))) -(allow hal_wifi_supplicant_default system_wifi_keystore_hwservice_26_0 (hwservice_manager (find))) -(allow hal_wifi_supplicant_default wifi_keystore_service_server (binder (call transfer))) -(allow wifi_keystore_service_server hal_wifi_supplicant_default (binder (transfer))) -(allow hal_wifi_supplicant_default wifi_keystore_service_server (fd (use))) -(allow init_26_0 hostapd_exec (file (read getattr execute open))) -(allow init_26_0 hostapd (process (transition))) -(allow hostapd hostapd_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hostapd (process (noatsecure))) -(allow init_26_0 hostapd (process (siginh rlimitinh))) -(typetransition init_26_0 hostapd_exec process hostapd) -(typetransition hostapd tmpfs_26_0 file hostapd_tmpfs) -(allow hostapd hostapd_tmpfs (file (read write getattr))) -(allow hostapd tmpfs_26_0 (dir (getattr search))) -(allow hostapd self (capability (net_admin net_raw))) -(allow hostapd sysfs_26_0 (file (ioctl read getattr lock open))) -(allow hostapd sysfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hostapd proc_net_26_0 (file (read getattr open))) -(allowx hostapd self (ioctl udp_socket (0x6900 0x6902))) -(allowx hostapd self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx hostapd self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow hostapd self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow hostapd self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow hostapd self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow hostapd self (netlink_route_socket (nlmsg_write))) -(allow hostapd wifi_data_file_26_0 (file (ioctl read write getattr lock append open))) -(allow hostapd wifi_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow hostapd wifi_data_file_26_0 (file (ioctl read getattr lock open))) -(allow hostapd wifi_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow hostapd hostapd_socket (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow hostapd hostapd_socket (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow init_26_0 rild_exec (file (read getattr execute open))) -(allow init_26_0 rild_26_0 (process (transition))) -(allow rild_26_0 rild_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 rild_26_0 (process (noatsecure))) -(allow init_26_0 rild_26_0 (process (siginh rlimitinh))) -(typetransition init_26_0 rild_exec process rild) -(typetransition rild_26_0 tmpfs_26_0 file rild_tmpfs) -(allow rild_26_0 rild_tmpfs (file (read write getattr))) -(allow rild_26_0 tmpfs_26_0 (dir (getattr search))) -(allow init_26_0 tee_exec (file (read getattr execute open))) -(allow init_26_0 tee_26_0 (process (transition))) -(allow tee_26_0 tee_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 tee_26_0 (process (noatsecure))) -(allow init_26_0 tee_26_0 (process (siginh rlimitinh))) -(typetransition init_26_0 tee_exec process tee) -(typetransition tee_26_0 tmpfs_26_0 file tee_tmpfs) -(allow tee_26_0 tee_tmpfs (file (read write getattr))) -(allow tee_26_0 tmpfs_26_0 (dir (getattr search))) -(allow tee_26_0 self (capability (dac_override))) -(allow tee_26_0 tee_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow tee_26_0 tee_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow tee_26_0 tee_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow tee_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow tee_26_0 self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow tee_26_0 ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow tee_26_0 sysfs_type (dir (ioctl read getattr lock search open))) -(allow tee_26_0 sysfs_type (file (ioctl read getattr lock open))) -(allow tee_26_0 sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow tee_26_0 system_data_file_26_0 (file (read getattr))) -(allow tee_26_0 system_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 vendor_toolbox_exec_26_0 (file (read getattr execute open))) -(allow init_26_0 vendor_modprobe (process (transition))) -(allow vendor_modprobe vendor_toolbox_exec_26_0 (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 vendor_modprobe (process (noatsecure))) -(allow init_26_0 vendor_modprobe (process (siginh rlimitinh))) -(allow vendor_modprobe proc_modules_26_0 (file (ioctl read getattr lock open))) -(allow vendor_modprobe self (capability (sys_module))) -(allow vendor_modprobe kernel_26_0 (key (search))) -(allow vendor_modprobe vendor_file_26_0 (system (module_load))) -(allow vendor_modprobe vendor_file_26_0 (dir (ioctl read getattr lock search open))) -(allow vendor_modprobe vendor_file_26_0 (file (ioctl read getattr lock open))) -(allow vendor_modprobe vendor_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 vndservicemanager_exec (file (read getattr execute open))) -(allow init_26_0 vndservicemanager_26_0 (process (transition))) -(allow vndservicemanager_26_0 vndservicemanager_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 vndservicemanager_26_0 (process (noatsecure))) -(allow init_26_0 vndservicemanager_26_0 (process (siginh rlimitinh))) -(typetransition init_26_0 vndservicemanager_exec process vndservicemanager) -(typetransition vndservicemanager_26_0 tmpfs_26_0 file vndservicemanager_tmpfs) -(allow vndservicemanager_26_0 vndservicemanager_tmpfs (file (read write getattr))) -(allow vndservicemanager_26_0 tmpfs_26_0 (dir (getattr search))) -(allow vndservicemanager_26_0 self (binder (set_context_mgr))) -(allow vndservicemanager_26_0 base_typeattr_173_26_0 (binder (transfer))) -(allow vndservicemanager_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow vndservicemanager_26_0 vndservice_contexts_file_26_0 (file (ioctl read getattr lock open))) -(allow vndservicemanager_26_0 selinuxfs_26_0 (dir (ioctl read getattr lock search open))) -(allow vndservicemanager_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow vndservicemanager_26_0 selinuxfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow vndservicemanager_26_0 selinuxfs_26_0 (file (write lock append open))) -(allow vndservicemanager_26_0 kernel_26_0 (security (compute_av))) -(allow vndservicemanager_26_0 self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind))) -(allow adbd_26_0 graphics_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow adbd_26_0 self (capability2 (syslog))) -(allow adbd_26_0 block_device_26_0 (dir (ioctl read getattr lock search open))) -(allow adbd_26_0 kernel_26_0 (process (setsched))) -(allow adbd_26_0 self (capability (dac_override net_raw ipc_lock))) -(allow adbd_26_0 system_data_file_26_0 (dir (write lock add_name remove_name search open))) -(allow adbd_26_0 system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow adbd_26_0 adbd_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow adbd_26_0 adbd_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow adbd_26_0 adbd_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow adbd_26_0 adbd_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow adbd_26_0 adbd_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition adbd_26_0 system_data_file_26_0 dir adbd_data_file) -(typetransition adbd_26_0 system_data_file_26_0 fifo_file adbd_data_file) -(typetransition adbd_26_0 system_data_file_26_0 sock_file adbd_data_file) -(typetransition adbd_26_0 system_data_file_26_0 lnk_file adbd_data_file) -(typetransition adbd_26_0 system_data_file_26_0 file adbd_data_file) -(allow adbd_26_0 adbd_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow adbd_26_0 qemu_pipe_device (chr_file (ioctl read write getattr lock append open))) -(allow adbd_26_0 aee_exp_data_file (dir (ioctl read getattr lock search open))) -(allow adbd_26_0 aee_exp_data_file (file (ioctl read getattr lock open))) -(allow adbd_26_0 surfaceflinger_26_0 (dir (search))) -(allow adbd_26_0 surfaceflinger_26_0 (file (ioctl read getattr lock open))) -(allow adbd_26_0 sf_rtt_file (dir (getattr))) -(allow adbd_26_0 surfaceflinger_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow adbd_26_0 proc_ged (file (ioctl read write getattr open))) -(allow adbd_26_0 surfaceflinger_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow adbd_26_0 gpu_device_26_0 (dir (search))) -(allow aee_aed_26_0 aed_device (chr_file (ioctl read write getattr lock append open))) -(allow aee_aed_26_0 expdb_device (chr_file (ioctl read write getattr lock append open))) -(allow aee_aed_26_0 expdb_block_device (blk_file (ioctl read write getattr lock append open))) -(allow aee_aed_26_0 bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow aee_aed_26_0 etb_device (chr_file (ioctl read write getattr lock append open))) -(allow aee_aed_26_0 mtd_device_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aed_26_0 mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow aee_aed_26_0 RT_Monitor_device (chr_file (ioctl read getattr lock open))) -(allow aee_aed_26_0 aee_exp_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aed_26_0 aee_exp_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aed_26_0 aee_dumpsys_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aed_26_0 aee_dumpsys_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aed_26_0 aee_core_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aed_26_0 aee_core_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aed_26_0 data_tmpfs_log_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aed_26_0 data_tmpfs_log_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aed_26_0 property_socket_26_0 (sock_file (write))) -(allow aee_aed_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow aee_aed_26_0 persist_mtk_aee_prop (property_service (set))) -(allow aee_aed_26_0 persist_mtk_aee_prop (file (ioctl read getattr lock open))) -(allow aee_aed_26_0 property_socket_26_0 (sock_file (write))) -(allow aee_aed_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow aee_aed_26_0 persist_aee_prop (property_service (set))) -(allow aee_aed_26_0 persist_aee_prop (file (ioctl read getattr lock open))) -(allow aee_aed_26_0 property_socket_26_0 (sock_file (write))) -(allow aee_aed_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow aee_aed_26_0 debug_mtk_aee_prop (property_service (set))) -(allow aee_aed_26_0 debug_mtk_aee_prop (file (ioctl read getattr lock open))) -(allow aee_aed_26_0 proc_lk_env (file (ioctl read write getattr lock append open))) -(allow aee_aed_26_0 exec_type (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 aed_device (chr_file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 expdb_device (chr_file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 expdb_block_device (blk_file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 etb_device (chr_file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 block_device_26_0 (dir (search))) -(allow aee_aedv_26_0 mtd_device_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 RT_Monitor_device (chr_file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 anr_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 anr_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 aee_exp_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 aee_exp_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 aee_dumpsys_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 aee_dumpsys_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 aee_core_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 aee_core_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 data_tmpfs_log_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 data_tmpfs_log_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 domain (process (sigkill getsched getattr))) -(allow aee_aedv_26_0 domain (lnk_file (getattr))) -(allow aee_aedv_26_0 usermodehelper_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow aee_aedv_26_0 property_socket_26_0 (sock_file (write))) -(allow aee_aedv_26_0 init_26_0 (process (getsched))) -(allow aee_aedv_26_0 kernel_26_0 (process (getsched))) -(allow aee_aedv_26_0 self (capability (sys_admin))) -(allow aee_aedv_26_0 system_data_file_26_0 (dir (write create add_name))) -(allow aee_aedv_26_0 property_socket_26_0 (sock_file (write))) -(allow aee_aedv_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow aee_aedv_26_0 persist_mtk_aee_prop (property_service (set))) -(allow aee_aedv_26_0 persist_mtk_aee_prop (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 property_socket_26_0 (sock_file (write))) -(allow aee_aedv_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow aee_aedv_26_0 persist_aee_prop (property_service (set))) -(allow aee_aedv_26_0 persist_aee_prop (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 property_socket_26_0 (sock_file (write))) -(allow aee_aedv_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow aee_aedv_26_0 debug_mtk_aee_prop (property_service (set))) -(allow aee_aedv_26_0 debug_mtk_aee_prop (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_aedv_26_0 mnt_user_file_26_0 (dir (search))) -(allow aee_aedv_26_0 mnt_user_file_26_0 (lnk_file (read))) -(allow aee_aedv_26_0 storage_file_26_0 (dir (search))) -(allow aee_aedv_26_0 storage_file_26_0 (lnk_file (read))) -(allow aee_aedv_26_0 su_26_0 (dir (read search open))) -(allow aee_aedv_26_0 su_26_0 (file (read getattr open))) -(allow aee_aedv_26_0 aee_tombstone_data_file (dir (write lock add_name remove_name search open))) -(allow aee_aedv_26_0 aee_tombstone_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_aedv_26_0 self (capability (chown dac_override fowner fsetid net_admin sys_module sys_nice sys_resource))) -(allow aee_aedv_26_0 dumpstate_26_0 (unix_stream_socket (ioctl read write))) -(allow aee_aedv_26_0 dumpstate_26_0 (dir (search))) -(allow aee_aedv_26_0 dumpstate_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 proc_26_0 (file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 logdr_socket_26_0 (sock_file (write))) -(allow aee_aedv_26_0 logd_26_0 (unix_stream_socket (connectto))) -(allow aee_aedv_26_0 sysfs_vibrator_26_0 (file (write lock append open))) -(allow aee_aedv_26_0 proc_lk_env (file (ioctl read write getattr lock append open))) -(allow aee_aedv_26_0 domain (dir (ioctl read getattr lock search open))) -(allow aee_aedv_26_0 domain (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 domain (lnk_file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 base_typeattr_174_26_0 (process (ptrace))) -(allow aee_aedv_26_0 dalvikcache_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow aee_aedv_26_0 zygote_exec_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 init_exec_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 crash_dump_26_0 (dir (search))) -(allow aee_aedv_26_0 crash_dump_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 vendor_file_26_0 (file (execute_no_trans))) -(allow aee_aedv_26_0 debugfs_26_0 (lnk_file (read))) -(allow aee_aedv_26_0 debugfs_binder (dir (read open))) -(allow aee_aedv_26_0 debugfs_binder (file (read open))) -(allow aee_aedv_26_0 debugfs_blockio (file (read open))) -(allow aee_aedv_26_0 debugfs_fb (dir (search))) -(allow aee_aedv_26_0 debugfs_fb (file (read open))) -(allow aee_aedv_26_0 debugfs_fuseio (dir (search))) -(allow aee_aedv_26_0 debugfs_fuseio (file (read open))) -(allow aee_aedv_26_0 debugfs_ged (dir (search))) -(allow aee_aedv_26_0 debugfs_ged (file (read open))) -(allow aee_aedv_26_0 debugfs_rcu (dir (search))) -(allow aee_aedv_26_0 debugfs_shrinker_debug (file (read open))) -(allow aee_aedv_26_0 debugfs_wakeup_sources (file (read open))) -(allow aee_aedv_26_0 debugfs_dmlog_debug (file (read open))) -(allow aee_aedv_26_0 debugfs_page_owner_slim_debug (file (read open))) -(allow aee_aedv_26_0 debugfs_ion_mm_heap (dir (search))) -(allow aee_aedv_26_0 debugfs_ion_mm_heap (file (read open))) -(allow aee_aedv_26_0 debugfs_ion_mm_heap (lnk_file (read))) -(allow aee_aedv_26_0 debugfs_ion_mm_heap (lnk_file (read))) -(allow aee_aedv_26_0 debugfs_cpuhvfs (dir (search))) -(allow aee_aedv_26_0 debugfs_cpuhvfs (file (read open))) -(allow aee_aedv_26_0 proc_interrupts_26_0 (file (read))) -(allow aee_aedv_26_0 debugfs_tracing_26_0 (file (read write open))) -(allow aee_aedv_26_0 tracing_shell_writable_26_0 (file (read write open))) -(allow aee_aedv_26_0 kmsg_device_26_0 (chr_file (read))) -(allow aee_aedv_26_0 platform_app_26_0 (dir (ioctl read getattr lock search open))) -(allow aee_aedv_26_0 platform_app_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 untrusted_app_25_26_0 (dir (getattr))) -(allow aee_aedv_26_0 untrusted_app_26_0 (dir (getattr))) -(allow aee_aedv_26_0 priv_app_26_0 (dir (getattr))) -(allow aee_aedv_26_0 proc_interrupts_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 proc_net_26_0 (file (read))) -(allow aee_aedv_26_0 proc_zoneinfo_26_0 (file (read))) -(allow aee_aedv_26_0 sysfs_leds_26_0 (dir (search))) -(allow aee_aedv_26_0 sysfs_leds_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 sysfs_ccci (dir (search))) -(allow aee_aedv_26_0 sysfs_ccci (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 system_data_file_26_0 (dir (getattr))) -(allow aee_aedv_26_0 system_data_file_26_0 (file (open))) -(allow aee_aedv_26_0 vendor_toolbox_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow aee_aedv_26_0 kmsg_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 kernel_26_0 (system (syslog_read))) -(allow aee_aedv_26_0 proc_meminfo_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 proc_zoneinfo_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 debugfs_dynamic_debug (dir (search))) -(allow aee_aedv_26_0 debugfs_dynamic_debug (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 sysfs_26_0 (file (ioctl read write getattr lock open))) -(allow aee_aedv_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 aee_aedv_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 aee_aedv_26_0 (dir (search))) -(allow hwservicemanager_26_0 aee_aedv_26_0 (file (read open))) -(allow hwservicemanager_26_0 aee_aedv_26_0 (process (getattr))) -(allow aee_aedv_26_0 hwservicemanager_prop_26_0 (file (read getattr open))) -(allow aee_aedv_26_0 hal_camera_hwservice_26_0 (hwservice_manager (find))) -(allow aee_aedv_26_0 mtk_hal_camera (binder (call transfer))) -(allow mtk_hal_camera aee_aedv_26_0 (binder (transfer))) -(allow aee_aedv_26_0 mtk_hal_camera (fd (use))) -(allow aee_aedv_26_0 selinuxfs_26_0 (file (ioctl read getattr lock open))) -(allow aee_aedv_26_0 exec_type (file (ioctl read getattr lock open))) -(allow init_26_0 aee_core_forwarder_exec (file (read getattr execute open))) -(allow init_26_0 aee_core_forwarder (process (transition))) -(allow aee_core_forwarder aee_core_forwarder_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 aee_core_forwarder (process (noatsecure))) -(allow init_26_0 aee_core_forwarder (process (siginh rlimitinh))) -(typetransition init_26_0 aee_core_forwarder_exec process aee_core_forwarder) -(typetransition aee_core_forwarder tmpfs_26_0 file aee_core_forwarder_tmpfs) -(allow aee_core_forwarder aee_core_forwarder_tmpfs (file (read write getattr))) -(allow aee_core_forwarder tmpfs_26_0 (dir (getattr search))) -(allow aee_core_forwarder aee_core_data_file (dir (relabelto))) -(allow aee_core_forwarder aee_core_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_core_forwarder aee_core_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_core_forwarder system_data_file_26_0 (dir (write create relabelfrom add_name))) -(allow aee_core_forwarder sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_core_forwarder sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_core_forwarder self (capability (fsetid))) -(allow aee_core_forwarder aee_exp_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow aee_core_forwarder aee_exp_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow aee_core_forwarder self (capability (dac_override))) -(allow aee_core_forwarder kernel_26_0 (fifo_file (read))) -(allow aee_core_forwarder domain (dir (ioctl read getattr lock search open))) -(allow aee_core_forwarder domain (file (ioctl read getattr lock open))) -(allow aee_core_forwarder sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow aee_core_forwarder self (capability2 (block_suspend))) -(allow aee_core_forwarder mnt_user_file_26_0 (dir (search))) -(allow aee_core_forwarder mnt_user_file_26_0 (lnk_file (read))) -(allow aee_core_forwarder storage_file_26_0 (dir (search))) -(allow aee_core_forwarder storage_file_26_0 (lnk_file (read))) -(dontaudit aee_core_forwarder untrusted_app_26_0 (dir (search))) -(allow aee_core_forwarder kernel_26_0 (fd (use))) -(allow aee_core_forwarder persist_aee_prop (file (ioctl read getattr lock open))) -(allow aee_core_forwarder tmpfs_26_0 (dir (search))) -(allow aee_core_forwarder rootfs_26_0 (file (ioctl read getattr lock open))) -(dontaudit aee_core_forwarder self (capability (sys_ptrace))) -(allow aee_core_forwarder media_rw_data_file_26_0 (dir (write lock add_name remove_name search open))) -(allow aee_core_forwarder media_rw_data_file_26_0 (file (write create open))) -(allow aee_core_forwarder aee_aedv_26_0 (unix_stream_socket (connectto))) -(allow aee_core_forwarder self (capability (sys_nice))) -(allow appdomain proc_ged (file (ioctl read write getattr open))) -(allow appdomain gpu_device_26_0 (dir (search))) -(allow appdomain mtk_cmdq_device (chr_file (ioctl read open))) -(allow appdomain surfaceflinger_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow audiocmdservice_atci_26_0 nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow audiocmdservice_atci_26_0 nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow audiocmdservice_atci_26_0 nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow audiocmdservice_atci_26_0 nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow audiocmdservice_atci_26_0 nvram_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow audiocmdservice_atci_26_0 nvdata_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow audiocmdservice_atci_26_0 nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow audiocmdservice_atci_26_0 device_26_0 (dir (write search))) -(allow audiocmdservice_atci_26_0 block_device_26_0 (dir (write search))) -(allow audiocmdservice_atci_26_0 mnt_user_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow audiocmdservice_atci_26_0 mnt_user_file_26_0 (lnk_file (ioctl read write getattr lock append open))) -(allow audiocmdservice_atci_26_0 storage_file_26_0 (lnk_file (ioctl read write getattr lock append open))) -(allow audiocmdservice_atci_26_0 bootdevice_block_device (blk_file (read write))) -(allow audiocmdservice_atci_26_0 hal_audio_hwservice_26_0 (hwservice_manager (find))) -(allow audiocmdservice_atci_26_0 mtk_hal_audio (binder (call transfer))) -(allow mtk_hal_audio audiocmdservice_atci_26_0 (binder (transfer))) -(allow audiocmdservice_atci_26_0 mtk_hal_audio (fd (use))) -(allow audiocmdservice_atci_26_0 mtk_audiohal_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow audioserver_26_0 audiohal_prop (property_service (set))) -(allow audioserver_26_0 rpc_socket (sock_file (write))) -(allow audioserver_26_0 ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow audioserver_26_0 sysfs_lowmemorykiller_26_0 (file (read open))) -(allow audioserver_26_0 proc_mtkcooler (dir (search))) -(allow audioserver_26_0 proc_mtktz (dir (search))) -(allow audioserver_26_0 proc_thermal (dir (search))) -(allow audioserver_26_0 thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow audioserver_26_0 thermal_manager_data_file (dir (ioctl read write getattr setattr lock add_name remove_name search open))) -(allow audioserver_26_0 offloadservice_device (chr_file (ioctl read write getattr lock append open))) -(allow audioserver_26_0 sysfs_ccci (file (ioctl read getattr lock open))) -(allow audioserver_26_0 tmpfs_26_0 (dir (search))) -(allow audioserver_26_0 sysfs_26_0 (file (read write open))) -(allow audioserver_26_0 sysfs_ccci (dir (search))) -(allow audioserver_26_0 debugfs_binder (dir (search))) -(allow audioserver_26_0 fuse_26_0 (file (write))) -(allow audioserver_26_0 proc_ged (file (ioctl read write getattr open))) -(allow audioserver_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow audioserver_26_0 debugfs_tracing_26_0 (file (write open))) -(allow audioserver_26_0 mtk_thermal_config_prop (file (read getattr open))) -(allow audioserver_26_0 mtk_thermal_config_prop (property_service (set))) -(allow init_26_0 biosensord_nvram_exec (file (read getattr execute open))) -(allow init_26_0 biosensord_nvram (process (transition))) -(allow biosensord_nvram biosensord_nvram_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 biosensord_nvram (process (noatsecure))) -(allow init_26_0 biosensord_nvram (process (siginh rlimitinh))) -(typetransition init_26_0 biosensord_nvram_exec process biosensord_nvram) -(typetransition biosensord_nvram tmpfs_26_0 file biosensord_nvram_tmpfs) -(allow biosensord_nvram biosensord_nvram_tmpfs (file (read write getattr))) -(allow biosensord_nvram tmpfs_26_0 (dir (getattr search))) -(allow biosensord_nvram nvdata_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow biosensord_nvram nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow biosensord_nvram nvram_data_file (lnk_file (ioctl read write getattr lock append open))) -(allow biosensord_nvram biometric_device (chr_file (ioctl read write open))) -(allow biosensord_nvram self (capability (chown dac_override dac_read_search fsetid))) -(allow biosensord_nvram system_data_file_26_0 (lnk_file (read))) -(allow bluetooth_26_0 mtk_hal_bluetooth (binder (call transfer))) -(allow mtk_hal_bluetooth bluetooth_26_0 (binder (transfer))) -(allow bluetooth_26_0 mtk_hal_bluetooth (fd (use))) -(allow bluetooth_26_0 storage_stub_file_26_0 (dir (getattr))) -(allow boot_logo_updater_26_0 logo_block_device (blk_file (ioctl read getattr lock open))) -(allow boot_logo_updater_26_0 bootdevice_block_device (blk_file (ioctl read getattr lock open))) -(allow boot_logo_updater_26_0 logo_device (chr_file (ioctl read getattr lock open))) -(allow boot_logo_updater_26_0 proc_lk_env (file (ioctl read write getattr lock append open))) -(allow boot_logo_updater_26_0 para_block_device (blk_file (ioctl read write getattr lock append open))) -(allow bootanim_26_0 custom_file (dir (search))) -(allow bootanim_26_0 custom_file (file (ioctl read getattr lock open))) -(allow bootanim_26_0 bootani_prop (property_service (set))) -(allow bootanim_26_0 qemu_pipe_device (chr_file (ioctl read write getattr lock append open))) -(allow bootanim_26_0 proc_ged (file (ioctl read write getattr open))) -(allow cameraserver_26_0 mtk_hal_camera (binder (call transfer))) -(allow mtk_hal_camera cameraserver_26_0 (binder (transfer))) -(allow cameraserver_26_0 mtk_hal_camera (fd (use))) -(allow cameraserver_26_0 hal_graphics_allocator (binder (call transfer))) -(allow hal_graphics_allocator cameraserver_26_0 (binder (transfer))) -(allow cameraserver_26_0 hal_graphics_allocator (fd (use))) -(allow cameraserver_26_0 self (process (ptrace))) -(allow cameraserver_26_0 mtkcam_prop (file (read getattr open))) -(allow cameraserver_26_0 camera_isp_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 ccu_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 vpu_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 kd_camera_hw_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 self (capability (setuid ipc_lock sys_nice))) -(allow cameraserver_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 MTK_SMI_device (chr_file (ioctl read getattr lock open))) -(allow cameraserver_26_0 camera_pipemgr_device (chr_file (ioctl read getattr lock open))) -(allow cameraserver_26_0 kd_camera_flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 lens_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 nvdata_file (dir (write add_name search))) -(allow cameraserver_26_0 nvdata_file (file (read write create getattr setattr open))) -(allow cameraserver_26_0 nvram_data_file (dir (search))) -(allow cameraserver_26_0 nvram_data_file (dir (write lock add_name remove_name search open))) -(allow cameraserver_26_0 nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cameraserver_26_0 nvram_data_file (lnk_file (read))) -(allow cameraserver_26_0 proc_26_0 (file (ioctl read open))) -(allow cameraserver_26_0 proc_meminfo_26_0 (file (read getattr open))) -(allow cameraserver_26_0 sysfs_26_0 (file (read write open))) -(allow cameraserver_26_0 nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 self (capability (net_admin))) -(allow cameraserver_26_0 devmap_device (chr_file (ioctl))) -(allow cameraserver_26_0 system_data_file_26_0 (file (open))) -(allow cameraserver_26_0 bluetooth_26_0 (unix_dgram_socket (sendto))) -(allow cameraserver_26_0 bt_a2dp_stream_socket (sock_file (write))) -(allow cameraserver_26_0 bt_int_adp_socket (sock_file (write))) -(allow cameraserver_26_0 camera_sysram_device (chr_file (ioctl read getattr lock open))) -(allow cameraserver_26_0 Vcodec_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 MtkCodecService (binder (call))) -(allow cameraserver_26_0 ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 devmap_device (chr_file (ioctl read getattr lock open))) -(allow cameraserver_26_0 ebc_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 mtk_sched_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 block_device_26_0 (dir (write search))) -(allow cameraserver_26_0 fm_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 block_device_26_0 (dir (search))) -(allow cameraserver_26_0 FM50AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 AD5820AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 DW9714AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 DW9814AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 AK7345AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 DW9714A_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 LC898122AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 LC898212AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 BU6429AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 DW9718AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 BU64745GWZAF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 MAINAF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 MAIN2AF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 SUBAF_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 bootanim_26_0 (binder (call transfer))) -(allow cameraserver_26_0 sdcard_type (file (append))) -(allow cameraserver_26_0 camera_fdvt_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 MtkCodecService (binder (call transfer))) -(allow MtkCodecService cameraserver_26_0 (binder (transfer))) -(allow cameraserver_26_0 MtkCodecService (fd (use))) -(allow cameraserver_26_0 mediaserver_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cameraserver_26_0 mediaserver_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow cameraserver_26_0 sec_device (chr_file (ioctl read getattr lock open))) -(allow cameraserver_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 smartpa_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 mtk_jpeg_device (chr_file (ioctl read getattr lock open))) -(allow cameraserver_26_0 uhid_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 CAM_CAL_DRV_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 CAM_CAL_DRV1_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 CAM_CAL_DRV2_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 vow_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 rpc_socket (sock_file (write))) -(allow cameraserver_26_0 ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 surfaceflinger_26_0 (file (getattr))) -(allow cameraserver_26_0 sysfs_lowmemorykiller_26_0 (file (read open))) -(allow cameraserver_26_0 proc_mtkcooler (dir (search))) -(allow cameraserver_26_0 proc_mtktz (dir (search))) -(allow cameraserver_26_0 proc_thermal (dir (search))) -(allow cameraserver_26_0 thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cameraserver_26_0 thermal_manager_data_file (dir (ioctl read write getattr setattr lock add_name remove_name search open))) -(allow cameraserver_26_0 qemu_pipe_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 system_server_26_0 (unix_stream_socket (read write))) -(allow cameraserver_26_0 radio_data_file_26_0 (dir (search))) -(allow cameraserver_26_0 radio_data_file_26_0 (file (open))) -(allow cameraserver_26_0 radio_data_file_26_0 (file (open))) -(allow cameraserver_26_0 untrusted_app_26_0 (dir (search))) -(allow cameraserver_26_0 offloadservice_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 sensorservice_service_26_0 (service_manager (find))) -(allow cameraserver_26_0 system_data_file_26_0 (dir (write))) -(allow cameraserver_26_0 storage_file_26_0 (lnk_file (read write))) -(allow cameraserver_26_0 mnt_user_file_26_0 (dir (read write search))) -(allow cameraserver_26_0 mnt_user_file_26_0 (lnk_file (read write))) -(allow cameraserver_26_0 surfaceflinger_26_0 (fifo_file (read write))) -(allow cameraserver_26_0 nvcfg_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow cameraserver_26_0 nvcfg_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cameraserver_26_0 camera_dpe_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 camera_tsf_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 tmpfs_26_0 (dir (search))) -(allow cameraserver_26_0 system_file_26_0 (dir (read open))) -(allow cameraserver_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr open))) -(allow cameraserver_26_0 gpu_device_26_0 (dir (search))) -(allow cameraserver_26_0 property_socket_26_0 (sock_file (write))) -(allow cameraserver_26_0 proc_26_0 (file (getattr))) -(allow cameraserver_26_0 shell_exec_26_0 (file (read getattr execute open))) -(allow cameraserver_26_0 thermal_manager_exec (file (read getattr execute open))) -(allow cameraserver_26_0 thermal_manager (process (transition))) -(allow thermal_manager thermal_manager_exec (file (read getattr execute entrypoint open))) -(allow thermal_manager cameraserver_26_0 (process (sigchld))) -(dontaudit cameraserver_26_0 thermal_manager (process (noatsecure))) -(allow cameraserver_26_0 thermal_manager (process (siginh rlimitinh))) -(typetransition cameraserver_26_0 thermal_manager_exec process thermal_manager) -(allow cameraserver_26_0 thermal_manager_exec (file (read getattr execute open))) -(allow cameraserver_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow cameraserver_26_0 camera_rsc_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 proc_ged (file (ioctl read write getattr open))) -(allow cameraserver_26_0 camera_gepf_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 surfaceflinger_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 camera_wpe_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow cameraserver_26_0 system_data_file_26_0 (lnk_file (read))) -(allow cameraserver_26_0 camera_owe_device (chr_file (ioctl read write getattr lock append open))) -(allow cameraserver_26_0 debugfs_tracing_26_0 (file (write open))) -(allow cameraserver_26_0 nvram_data_file (dir (write create add_name))) -(allow cameraserver_26_0 nvram_data_file (file (read write create getattr setattr open))) -(allow cameraserver_26_0 debugfs_ion (dir (search))) -(allow cameraserver_26_0 mtk_thermal_config_prop (file (read getattr open))) -(allow cameraserver_26_0 mtk_thermal_config_prop (property_service (set))) -(allow cameraserver_26_0 mtk_cmdq_device (chr_file (ioctl read open))) -(allow init_26_0 ccci_fsd_exec (file (read getattr execute open))) -(allow init_26_0 ccci_fsd (process (transition))) -(allow ccci_fsd ccci_fsd_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 ccci_fsd (process (noatsecure))) -(allow init_26_0 ccci_fsd (process (siginh rlimitinh))) -(typetransition init_26_0 ccci_fsd_exec process ccci_fsd) -(typetransition ccci_fsd tmpfs_26_0 file ccci_fsd_tmpfs) -(allow ccci_fsd ccci_fsd_tmpfs (file (read write getattr))) -(allow ccci_fsd tmpfs_26_0 (dir (getattr search))) -(allow ccci_fsd sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow ccci_fsd self (capability2 (block_suspend))) -(allow ccci_fsd nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_fsd nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_fsd nvram_data_file (lnk_file (read))) -(allow ccci_fsd nvdata_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_fsd nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_fsd nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow ccci_fsd system_data_file_26_0 (lnk_file (read))) -(allow ccci_fsd ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow ccci_fsd ccci_cfg_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_fsd ccci_cfg_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_fsd protect_f_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_fsd protect_f_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_fsd protect_s_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_fsd protect_s_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_fsd c2k_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_fsd c2k_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_fsd otp_part_block_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_fsd otp_device (chr_file (ioctl read write getattr lock append open))) -(allow ccci_fsd block_device_26_0 (dir (search))) -(allow ccci_fsd nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_fsd bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_fsd nvdata_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_fsd rawfs (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_fsd rawfs (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_fsd sysfs_ccci (dir (search))) -(allow ccci_fsd sysfs_ccci (file (ioctl read getattr lock open))) -(allow ccci_fsd kmsg_device_26_0 (chr_file (write lock append open))) -(allow ccci_fsd proc_lk_env (file (ioctl read write getattr lock append open))) -(allow init_26_0 ccci_mdinit_exec (file (read getattr execute open))) -(allow init_26_0 ccci_mdinit (process (transition))) -(allow ccci_mdinit ccci_mdinit_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 ccci_mdinit (process (noatsecure))) -(allow init_26_0 ccci_mdinit (process (siginh rlimitinh))) -(typetransition init_26_0 ccci_mdinit_exec process ccci_mdinit) -(typetransition ccci_mdinit tmpfs_26_0 file ccci_mdinit_tmpfs) -(allow ccci_mdinit ccci_mdinit_tmpfs (file (read write getattr))) -(allow ccci_mdinit tmpfs_26_0 (dir (getattr search))) -(allow ccci_mdinit sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow ccci_mdinit self (capability2 (block_suspend))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_gsm0710muxd_prop (property_service (set))) -(allow ccci_mdinit ctl_gsm0710muxd_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_mdlogger_prop (property_service (set))) -(allow ccci_mdinit ctl_mdlogger_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_viarild_prop (property_service (set))) -(allow ccci_mdinit ctl_viarild_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_mdlogger_prop (property_service (set))) -(allow ccci_mdinit ctl_mdlogger_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_emdlogger1_prop (property_service (set))) -(allow ccci_mdinit ctl_emdlogger1_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_emdlogger2_prop (property_service (set))) -(allow ccci_mdinit ctl_emdlogger2_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_emdlogger3_prop (property_service (set))) -(allow ccci_mdinit ctl_emdlogger3_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_dualmdlogger_prop (property_service (set))) -(allow ccci_mdinit ctl_dualmdlogger_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_gsm0710muxd_prop (property_service (set))) -(allow ccci_mdinit ctl_gsm0710muxd_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_gsm0710muxd-s_prop (property_service (set))) -(allow ccci_mdinit ctl_gsm0710muxd-s_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_gsm0710muxd-d_prop (property_service (set))) -(allow ccci_mdinit ctl_gsm0710muxd-d_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_rildaemon_prop_26_0 (property_service (set))) -(allow ccci_mdinit ctl_rildaemon_prop_26_0 (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_ril-daemon-mtk_prop (property_service (set))) -(allow ccci_mdinit ctl_ril-daemon-mtk_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_fusion_ril_mtk_prop (property_service (set))) -(allow ccci_mdinit ctl_fusion_ril_mtk_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_ril-daemon-s_prop (property_service (set))) -(allow ccci_mdinit ctl_ril-daemon-s_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_ril-daemon-d_prop (property_service (set))) -(allow ccci_mdinit ctl_ril-daemon-d_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_ril-proxy_prop (property_service (set))) -(allow ccci_mdinit ctl_ril-proxy_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ril_active_md_prop (property_service (set))) -(allow ccci_mdinit ril_active_md_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit mtk_md_prop (property_service (set))) -(allow ccci_mdinit mtk_md_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit radio_prop_26_0 (property_service (set))) -(allow ccci_mdinit radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit net_cdma_mdmstat (property_service (set))) -(allow ccci_mdinit net_cdma_mdmstat (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_ccci_fsd_prop (property_service (set))) -(allow ccci_mdinit ctl_ccci_fsd_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_ccci2_fsd_prop (property_service (set))) -(allow ccci_mdinit ctl_ccci2_fsd_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ctl_ccci3_fsd_prop (property_service (set))) -(allow ccci_mdinit ctl_ccci3_fsd_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit ccci_monitor_device (chr_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit nvram_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow ccci_mdinit nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_mdinit nvram_data_file (lnk_file (read))) -(allow ccci_mdinit nvdata_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow ccci_mdinit nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_mdinit nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit system_data_file_26_0 (lnk_file (read))) -(allow ccci_mdinit protect_f_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow ccci_mdinit protect_f_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_mdinit protect_s_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow ccci_mdinit protect_s_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_mdinit nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit nvdata_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit property_socket_26_0 (sock_file (write))) -(allow ccci_mdinit init_26_0 (unix_stream_socket (connectto))) -(allow ccci_mdinit ril_mux_report_case_prop (property_service (set))) -(allow ccci_mdinit ril_mux_report_case_prop (file (ioctl read getattr lock open))) -(allow ccci_mdinit mdlog_data_file (dir (search))) -(allow ccci_mdinit mdlog_data_file (file (ioctl read getattr lock open))) -(allow ccci_mdinit ccci_cfg_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow ccci_mdinit ccci_cfg_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow ccci_mdinit block_device_26_0 (dir (search))) -(allow ccci_mdinit preloader_block_device (blk_file (ioctl read getattr lock open))) -(allow ccci_mdinit secro_block_device (blk_file (ioctl read getattr lock open))) -(allow ccci_mdinit preloader_device (chr_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit misc_sd_device (chr_file (ioctl read getattr lock open))) -(allow ccci_mdinit sec_ro_device (chr_file (ioctl read getattr lock open))) -(allow ccci_mdinit custom_file (dir (ioctl read getattr lock search open))) -(allow ccci_mdinit custom_file (file (ioctl read getattr lock open))) -(allow ccci_mdinit mtd_device_26_0 (dir (search))) -(allow ccci_mdinit mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit devmap_device (chr_file (ioctl read getattr lock open))) -(allow ccci_mdinit proc_lk_env (file (ioctl read write getattr lock append open))) -(allow ccci_mdinit para_block_device (blk_file (ioctl read write getattr lock append open))) -(allow ccci_mdinit sysfs_ccci (dir (search))) -(allow ccci_mdinit sysfs_ccci (file (ioctl read write getattr lock append open))) -(allow ccci_mdinit sysfs_ssw (dir (search))) -(allow ccci_mdinit sysfs_ssw (file (ioctl read getattr lock open))) -(allow ccci_mdinit sysfs_26_0 (file (ioctl read getattr lock open))) -(allow cmddumper_26_0 ttySDIO_device (chr_file (ioctl read write open))) -(allow cmddumper_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow cmddumper_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cmddumper_26_0 mdlog_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cmddumper_26_0 mdlog_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cmddumper_26_0 mdlog_data_file (dir (ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open))) -(allow cmddumper_26_0 debug_mdlogger_prop (property_service (set))) -(allow cmddumper_26_0 debug_prop_26_0 (property_service (set))) -(allow cmddumper_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow cmddumper_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow cmddumper_26_0 file_contexts_file_26_0 (file (read getattr open))) -(allow cmddumper_26_0 sysfs_26_0 (file (read open))) -(allow domain mtk_core_property_type (file (ioctl read getattr lock open))) -(allow domain debugfs_binder (dir (search))) -(allow domain sysfs_devinfo (file (ioctl read getattr lock open))) -(allow coredomain vendor_file_26_0 (dir (ioctl read getattr lock search open))) -(allow coredomain vendor_file_26_0 (file (read getattr execute open))) -(allow coredomain vendor_file_26_0 (lnk_file (read getattr))) -(allow base_typeattr_175_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow base_typeattr_8_26_0 aee_aedv_26_0 (unix_stream_socket (connectto))) -(allow domain log_device_26_0 (dir (search))) -(allow domain log_device_26_0 (chr_file (write lock append open))) -(allow base_typeattr_176_26_0 debugfs_tracing_26_0 (file (ioctl read write getattr lock append open))) -(allow drmserver_26_0 proc_ged (file (ioctl read write getattr open))) -(allow dumpstate_26_0 property_socket_26_0 (sock_file (write))) -(allow dumpstate_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow dumpstate_26_0 debug_bq_dump_prop (property_service (set))) -(allow dumpstate_26_0 debug_bq_dump_prop (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 aed_device (chr_file (read getattr))) -(allow dumpstate_26_0 aee_dumpsys_data_file (dir (write lock add_name remove_name search open))) -(allow dumpstate_26_0 aee_dumpsys_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow dumpstate_26_0 aee_exp_data_file (dir (write lock add_name remove_name search open))) -(allow dumpstate_26_0 aee_exp_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow dumpstate_26_0 debugfs_26_0 (lnk_file (read))) -(allow dumpstate_26_0 debugfs_binder (dir (read open))) -(allow dumpstate_26_0 debugfs_binder (file (read open))) -(allow dumpstate_26_0 debugfs_blockio (file (read open))) -(allow dumpstate_26_0 debugfs_fb (dir (search))) -(allow dumpstate_26_0 debugfs_fb (file (read open))) -(allow dumpstate_26_0 debugfs_fuseio (dir (search))) -(allow dumpstate_26_0 debugfs_fuseio (file (read open))) -(allow dumpstate_26_0 debugfs_ged (dir (search))) -(allow dumpstate_26_0 debugfs_ged (file (read open))) -(allow dumpstate_26_0 debugfs_rcu (dir (search))) -(allow dumpstate_26_0 debugfs_shrinker_debug (file (read open))) -(allow dumpstate_26_0 debugfs_wakeup_sources (file (read open))) -(allow dumpstate_26_0 debugfs_dmlog_debug (file (read open))) -(allow dumpstate_26_0 debugfs_page_owner_slim_debug (file (read open))) -(allow dumpstate_26_0 debugfs_ion_mm_heap (dir (search))) -(allow dumpstate_26_0 debugfs_ion_mm_heap (file (read open))) -(allow dumpstate_26_0 debugfs_ion_mm_heap (lnk_file (read))) -(allow dumpstate_26_0 debugfs_ion_mm_heap (lnk_file (read))) -(allow dumpstate_26_0 debugfs_cpuhvfs (dir (search))) -(allow dumpstate_26_0 debugfs_cpuhvfs (file (read open))) -(allow dumpstate_26_0 sysfs_ccci (dir (search))) -(allow dumpstate_26_0 sysfs_ccci (file (read open))) -(allow dumpstate_26_0 sysfs_leds_26_0 (lnk_file (read))) -(allow dumpstate_26_0 sysfs_lowmemorykiller_26_0 (file (read open))) -(allow dumpstate_26_0 expdb_block_device (blk_file (ioctl read write open))) -(allow dumpstate_26_0 sf_rtt_file (dir (search))) -(allow dumpstate_26_0 sf_rtt_file (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 aee_aed_26_0 (fd (use))) -(allow dumpstate_26_0 aee_aed_26_0 (unix_stream_socket (ioctl read write))) -(allow dumpstate_26_0 sysfs_leds_26_0 (dir (ioctl read getattr lock search open))) -(allow dumpstate_26_0 sysfs_leds_26_0 (file (ioctl read getattr lock open))) -(allow dumpstate_26_0 sf_bqdump_data_file (dir (ioctl read write getattr lock remove_name search open))) -(allow dumpstate_26_0 sf_bqdump_data_file (file (ioctl read getattr lock unlink open))) -(allow dumpstate_26_0 mtk_hal_camera (binder (call))) -(allow em_svr_26_0 nvram_device (blk_file (read write open))) -(allow em_svr_26_0 nvdata_device (blk_file (read write open))) -(allow em_svr_26_0 bootdevice_block_device (blk_file (read write open))) -(allow em_svr_26_0 misc_sd_device (chr_file (ioctl read open))) -(allow em_svr_26_0 als_ps_device (chr_file (ioctl read open))) -(allow em_svr_26_0 gsensor_device (chr_file (ioctl read open))) -(allow em_svr_26_0 gyroscope_device (chr_file (ioctl read open))) -(allow em_svr_26_0 nvram_data_file (dir (read write add_name search open))) -(allow em_svr_26_0 nvram_data_file (file (read write create getattr setattr open))) -(allow em_svr_26_0 nvram_data_file (lnk_file (read))) -(allow em_svr_26_0 nvdata_file (dir (read write add_name search open))) -(allow em_svr_26_0 nvdata_file (file (read write create getattr setattr open))) -(allow em_svr_26_0 nvram_device (chr_file (ioctl read write open))) -(allow em_svr_26_0 thermal_manager_exec (file (read getattr execute execute_no_trans open))) -(allow em_svr_26_0 proc_mtkcooler (dir (search))) -(allow em_svr_26_0 proc_mtkcooler (file (read write getattr open))) -(allow em_svr_26_0 proc_thermal (dir (search))) -(allow em_svr_26_0 proc_thermal (file (read write getattr open))) -(allow em_svr_26_0 proc_mtktz (dir (search))) -(allow em_svr_26_0 proc_mtktz (file (read write getattr open))) -(allow em_svr_26_0 proc_slogger (file (read write getattr open))) -(allow em_svr_26_0 proc_battery_cmd (dir (search))) -(allow em_svr_26_0 proc_battery_cmd (file (read write getattr open))) -(allow em_svr_26_0 proc_ged (file (ioctl read write getattr open))) -(allow emdlogger_26_0 debug_mdlogger_prop (property_service (set))) -(allow emdlogger_26_0 debug_prop_26_0 (property_service (set))) -(allow emdlogger_26_0 persist_mtklog_prop (property_service (set))) -(allow emdlogger_26_0 system_radio_prop_26_0 (property_service (set))) -(allow emdlogger_26_0 ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow emdlogger_26_0 eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow emdlogger_26_0 ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow emdlogger_26_0 vmodem_device (chr_file (ioctl read write getattr lock append open))) -(allow emdlogger_26_0 ttyGS_device (chr_file (ioctl read write getattr lock append open))) -(allow emdlogger_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow emdlogger_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 mdlog_data_file (dir (ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open))) -(allow emdlogger_26_0 mdlog_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 mdlog_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 system_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open))) -(allow emdlogger_26_0 mdlog_device (chr_file (ioctl read write getattr lock append open))) -(allow emdlogger_26_0 vfat_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow emdlogger_26_0 vfat_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 log_device_26_0 (chr_file (write open))) -(allow emdlogger_26_0 mnt_user_file_26_0 (dir (search))) -(allow emdlogger_26_0 mnt_user_file_26_0 (lnk_file (read))) -(allow emdlogger_26_0 storage_file_26_0 (lnk_file (read))) -(allow emdlogger_26_0 mnt_media_rw_file_26_0 (dir (search))) -(allow emdlogger_26_0 rootfs_26_0 (file (ioctl read getattr lock open))) -(allow emdlogger_26_0 storage_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow emdlogger_26_0 tmpfs_26_0 (lnk_file (read))) -(allow emdlogger_26_0 storage_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 sysfs_26_0 (file (read open))) -(allow emdlogger_26_0 sysfs_ccci (dir (search))) -(allow emdlogger_26_0 sysfs_ccci (file (ioctl read getattr lock open))) -(allow emdlogger_26_0 system_file_26_0 (dir (read))) -(allow emdlogger_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow emdlogger_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow emdlogger_26_0 system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow emdlogger_26_0 mdlog_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 mdlog_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 mdlog_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 mdlog_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow emdlogger_26_0 mdlog_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition emdlogger_26_0 system_data_file_26_0 dir mdlog_data_file) -(typetransition emdlogger_26_0 system_data_file_26_0 fifo_file mdlog_data_file) -(typetransition emdlogger_26_0 system_data_file_26_0 sock_file mdlog_data_file) -(typetransition emdlogger_26_0 system_data_file_26_0 lnk_file mdlog_data_file) -(typetransition emdlogger_26_0 system_data_file_26_0 file mdlog_data_file) -(allow emdlogger_26_0 file_contexts_file_26_0 (file (read getattr open))) -(allow factory_26_0 system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow factory_26_0 factory_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 factory_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 factory_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 factory_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 factory_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition factory_26_0 system_data_file_26_0 dir factory_data_file) -(typetransition factory_26_0 system_data_file_26_0 fifo_file factory_data_file) -(typetransition factory_26_0 system_data_file_26_0 sock_file factory_data_file) -(typetransition factory_26_0 system_data_file_26_0 lnk_file factory_data_file) -(typetransition factory_26_0 system_data_file_26_0 file factory_data_file) -(allow factory_26_0 MTK_SMI_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 ashmem_device_26_0 (chr_file (execute))) -(allow factory_26_0 ebc_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 stpbt_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 gsm0710muxd_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 debugfs_usb (file (ioctl read write getattr lock append open))) -(allow factory_26_0 debugfs_usb (dir (search))) -(allow factory_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 vfat_26_0 (dir (write lock add_name remove_name search open))) -(allow factory_26_0 labeledfs_26_0 (filesystem (unmount))) -(allow factory_26_0 rootfs_26_0 (dir (mounton))) -(allow factory_26_0 vfat_26_0 (dir (read mounton search open))) -(allow factory_26_0 vfat_26_0 (filesystem (mount unmount))) -(allow factory_26_0 ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 ttyMT_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 ttyGS_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 sdcard_type (dir (mounton))) -(allow factory_26_0 vmodem_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 mtd_device_26_0 (dir (search))) -(allow factory_26_0 mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 self (capability (sys_resource))) -(allow factory_26_0 pro_info_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 proc_mrdump_rst (file (write lock append open))) -(allow factory_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow factory_26_0 self (capability2 (block_suspend))) -(allow factory_26_0 storage_file_26_0 (dir (write create mounton add_name search))) -(allow factory_26_0 factory_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 shell_exec_26_0 (file (ioctl read getattr lock open))) -(allow factory_26_0 vendor_factory_idle_state_prop (property_service (set))) -(allow factory_26_0 agpsd_data_file (dir (search))) -(allow factory_26_0 apk_data_file_26_0 (dir (write))) -(allow factory_26_0 gps_data_file (dir (write unlink add_name remove_name search))) -(allow factory_26_0 gps_data_file (file (read write create getattr setattr lock append unlink open))) -(allow factory_26_0 gps_data_file (lnk_file (read))) -(allow factory_26_0 shell_exec_26_0 (file (getattr execute execute_no_trans))) -(allow factory_26_0 storage_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow factory_26_0 devmap_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow factory_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 mnt_user_file_26_0 (dir (search))) -(allow factory_26_0 mnt_user_file_26_0 (lnk_file (read))) -(allow factory_26_0 storage_file_26_0 (lnk_file (read))) -(allow factory_26_0 factory_26_0 (capability (chown))) -(allow factory_26_0 nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow factory_26_0 nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 nvram_data_file (lnk_file (ioctl read getattr lock open))) -(allow factory_26_0 nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow factory_26_0 nvdata_device (blk_file (ioctl read write getattr lock append open))) -(allow factory_26_0 system_data_file_26_0 (lnk_file (read))) -(allow factory_26_0 als_ps_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 barometer_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 gsensor_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 gyroscope_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 msensor_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 biometric_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 kd_camera_flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 kd_camera_hw_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 powerctl_prop_26_0 (property_service (set))) -(allow factory_26_0 misc_sd_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 mmcblk1_block_device (blk_file (ioctl read write getattr lock append open))) -(allow factory_26_0 bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow factory_26_0 mmcblk1p1_block_device (blk_file (ioctl read write getattr lock append open))) -(allow factory_26_0 block_device_26_0 (dir (write lock add_name remove_name search open))) -(allow factory_26_0 nvdata_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow factory_26_0 nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 hrm_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 irtx_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 pmic_ftm_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 MT_pmic_adc_cali_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 MT_pmic_cali_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 charger_ftm_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 graphics_device_26_0 (dir (write lock add_name remove_name search open))) -(allow factory_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 wmtWifi_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 rtc_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 mt6605_device (chr_file (ioctl read write getattr lock append execute execute_no_trans open))) -(allow factory_26_0 mnld_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 mtk_kpd_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 humidity_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 camera_isp_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 camera_pipemgr_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 camera_sysram_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 ccu_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 vpu_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 MAINAF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 MAIN2AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 SUBAF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 FM50AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 AD5820AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 DW9714AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 DW9714A_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 LC898122AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 LC898212AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 BU6429AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 DW9718AF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 BU64745GWZAF_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 cct_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow factory_26_0 cct_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow factory_26_0 camera_tsf_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 camera_rsc_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 camera_gepf_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 camera_fdvt_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 camera_wpe_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 camera_owe_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 accdet_device (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 fm_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 audio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 audio_device_26_0 (dir (write lock add_name remove_name search open))) -(allow factory_26_0 audiohal_prop (property_service (set))) -(allow factory_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow factory_26_0 input_device_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow factory_26_0 sysfs_ccci (dir (search))) -(allow factory_26_0 sysfs_ccci (file (ioctl read getattr lock open))) -(allow factory_26_0 sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow factory_26_0 media_rw_data_file_26_0 (dir (search))) -(allow factory_26_0 mnld_prop (property_service (set))) -(allow factory_26_0 media_rw_data_file_26_0 (dir (read open))) -(allow factory_26_0 sdcard_type (filesystem (unmount))) -(allow factory_26_0 toolbox_exec_26_0 (file (read getattr execute execute_no_trans open))) -(allow factory_26_0 ctl_default_prop_26_0 (property_service (set))) -(allow factory_26_0 flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow factory_26_0 proc_26_0 (dir (search))) -(allow factory_26_0 proc_26_0 (file (read write open))) -(allow factory_26_0 ctl_emdlogger1_prop (property_service (set))) -(allow factory_26_0 tmpfs_26_0 (filesystem (unmount))) -(allow factory_26_0 sysfs_26_0 (dir (read open))) -(allow factory_26_0 sysfs_leds_26_0 (dir (search))) -(allow factory_26_0 sysfs_leds_26_0 (lnk_file (read))) -(allow factory_26_0 sysfs_vibrator_26_0 (file (read write open))) -(allow factory_26_0 ion_device_26_0 (chr_file (ioctl read open))) -(allow factory_26_0 debugfs_ion (dir (search))) -(allow factory_26_0 proc_26_0 (file (ioctl))) -(allow factory_26_0 st21nfc_device (chr_file (ioctl read write getattr open))) -(allow factory_26_0 nfc_socket (dir (search))) -(allow factory_26_0 vendor_file_26_0 (file (read getattr execute execute_no_trans open))) -(allow factory_26_0 property_socket_26_0 (sock_file (write))) -(allow factory_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow factory_26_0 hwservicemanager_prop_26_0 (property_service (set))) -(allow factory_26_0 hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow factory_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 factory_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 factory_26_0 (dir (search))) -(allow hwservicemanager_26_0 factory_26_0 (file (read open))) -(allow hwservicemanager_26_0 factory_26_0 (process (getattr))) -(allow factory_26_0 debugfs_tracing_26_0 (file (write open))) -(allow factory_26_0 system_data_file_26_0 (lnk_file (read))) -(allow factory_26_0 mtk_cmdq_device (chr_file (ioctl read open))) -(allow factory_26_0 property_socket_26_0 (sock_file (write))) -(allow factory_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow factory_26_0 ctl_ccci_fsd_prop (property_service (set))) -(allow factory_26_0 ctl_ccci_fsd_prop (file (ioctl read getattr lock open))) -(allow fsck_26_0 protect1_block_device (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 protect2_block_device (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 nvdata_device (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 persist_block_device (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 nvcfg_block_device (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 odm_block_device (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 oem_block_device (blk_file (ioctl read write getattr lock append open))) -(allow fsck_26_0 system_block_device_26_0 (blk_file (getattr))) -(allow init_26_0 fuelgauged_exec (file (read getattr execute open))) -(allow init_26_0 fuelgauged (process (transition))) -(allow fuelgauged fuelgauged_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 fuelgauged (process (noatsecure))) -(allow init_26_0 fuelgauged (process (siginh rlimitinh))) -(typetransition init_26_0 fuelgauged_exec process fuelgauged) -(typetransition fuelgauged tmpfs_26_0 file fuelgauged_tmpfs) -(allow fuelgauged fuelgauged_tmpfs (file (read write getattr))) -(allow fuelgauged tmpfs_26_0 (dir (getattr search))) -(allow fuelgauged input_device_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow fuelgauged input_device_26_0 (file (ioctl read getattr lock open))) -(allow fuelgauged mtk-adc-cali_device (chr_file (ioctl read write getattr lock append open))) -(allow fuelgauged kmsg_device_26_0 (chr_file (write lock append open))) -(allow fuelgauged self (netlink_socket (create))) -(allow fuelgauged self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow fuelgauged self (netlink_route_socket (read write create getattr bind nlmsg_read nlmsg_write))) -(allow fuelgauged system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow fuelgauged fuelgauged_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged fuelgauged_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged fuelgauged_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged fuelgauged_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged fuelgauged_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition fuelgauged system_data_file_26_0 dir fuelgauged_file) -(typetransition fuelgauged system_data_file_26_0 fifo_file fuelgauged_file) -(typetransition fuelgauged system_data_file_26_0 sock_file fuelgauged_file) -(typetransition fuelgauged system_data_file_26_0 lnk_file fuelgauged_file) -(typetransition fuelgauged system_data_file_26_0 file fuelgauged_file) -(allow fuelgauged fuelgauged_file (file (ioctl read write getattr lock append open))) -(allow fuelgauged system_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow fuelgauged nvdata_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow fuelgauged nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged nvram_data_file (lnk_file (ioctl read write getattr lock append open))) -(allow fuelgauged self (capability (chown dac_override fsetid))) -(allow fuelgauged cache_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged cache_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow fuelgauged sysfs_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged kernel_26_0 (system (module_request))) -(allow init_26_0 fuelgauged_nvram_exec (file (read getattr execute open))) -(allow init_26_0 fuelgauged_nvram (process (transition))) -(allow fuelgauged_nvram fuelgauged_nvram_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 fuelgauged_nvram (process (noatsecure))) -(allow init_26_0 fuelgauged_nvram (process (siginh rlimitinh))) -(typetransition init_26_0 fuelgauged_nvram_exec process fuelgauged_nvram) -(typetransition fuelgauged_nvram tmpfs_26_0 file fuelgauged_nvram_tmpfs) -(allow fuelgauged_nvram fuelgauged_nvram_tmpfs (file (read write getattr))) -(allow fuelgauged_nvram tmpfs_26_0 (dir (getattr search))) -(allow fuelgauged_nvram system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow fuelgauged_nvram fuelgauged_nvram_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_nvram fuelgauged_nvram_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_nvram fuelgauged_nvram_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_nvram fuelgauged_nvram_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_nvram fuelgauged_nvram_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition fuelgauged_nvram system_data_file_26_0 dir fuelgauged_nvram_file) -(typetransition fuelgauged_nvram system_data_file_26_0 fifo_file fuelgauged_nvram_file) -(typetransition fuelgauged_nvram system_data_file_26_0 sock_file fuelgauged_nvram_file) -(typetransition fuelgauged_nvram system_data_file_26_0 lnk_file fuelgauged_nvram_file) -(typetransition fuelgauged_nvram system_data_file_26_0 file fuelgauged_nvram_file) -(allow fuelgauged_nvram fuelgauged_nvram_file (file (ioctl read write getattr lock append open))) -(allow fuelgauged_nvram system_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow fuelgauged_nvram nvdata_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow fuelgauged_nvram nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_nvram nvram_data_file (lnk_file (ioctl read write getattr lock append open))) -(allow fuelgauged_nvram fuelgauged_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow fuelgauged_nvram fuelgauged_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_nvram cache_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_nvram cache_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow fuelgauged_nvram self (capability (chown dac_override dac_read_search))) -(allow fuelgauged_static_26_0 mtk-adc-cali_device (chr_file (ioctl read write getattr lock append open))) -(allow fuelgauged_static_26_0 kmsg_device_26_0 (chr_file (write lock append open))) -(allow fuelgauged_static_26_0 nvdata_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow fuelgauged_static_26_0 nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow fuelgauged_static_26_0 nvram_data_file (lnk_file (ioctl read write getattr lock append open))) -(allow init_26_0 gsm0710muxd_exec (file (read getattr execute open))) -(allow init_26_0 gsm0710muxd (process (transition))) -(allow gsm0710muxd gsm0710muxd_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 gsm0710muxd (process (noatsecure))) -(allow init_26_0 gsm0710muxd (process (siginh rlimitinh))) -(typetransition init_26_0 gsm0710muxd_exec process gsm0710muxd) -(typetransition gsm0710muxd tmpfs_26_0 file gsm0710muxd_tmpfs) -(allow gsm0710muxd gsm0710muxd_tmpfs (file (read write getattr))) -(allow gsm0710muxd tmpfs_26_0 (dir (getattr search))) -(allow gsm0710muxd self (capability (chown fowner setuid))) -(allow gsm0710muxd property_socket_26_0 (sock_file (write))) -(allow gsm0710muxd init_26_0 (unix_stream_socket (connectto))) -(allow gsm0710muxd ctl_rildaemon_prop_26_0 (property_service (set))) -(allow gsm0710muxd ctl_rildaemon_prop_26_0 (file (ioctl read getattr lock open))) -(allow gsm0710muxd property_socket_26_0 (sock_file (write))) -(allow gsm0710muxd init_26_0 (unix_stream_socket (connectto))) -(allow gsm0710muxd ctl_ril-daemon-mtk_prop (property_service (set))) -(allow gsm0710muxd ctl_ril-daemon-mtk_prop (file (ioctl read getattr lock open))) -(allow gsm0710muxd property_socket_26_0 (sock_file (write))) -(allow gsm0710muxd init_26_0 (unix_stream_socket (connectto))) -(allow gsm0710muxd ctl_fusion_ril_mtk_prop (property_service (set))) -(allow gsm0710muxd ctl_fusion_ril_mtk_prop (file (ioctl read getattr lock open))) -(allow gsm0710muxd property_socket_26_0 (sock_file (write))) -(allow gsm0710muxd init_26_0 (unix_stream_socket (connectto))) -(allow gsm0710muxd gsm0710muxd_prop (property_service (set))) -(allow gsm0710muxd gsm0710muxd_prop (file (ioctl read getattr lock open))) -(allow gsm0710muxd property_socket_26_0 (sock_file (write))) -(allow gsm0710muxd init_26_0 (unix_stream_socket (connectto))) -(allow gsm0710muxd radio_prop_26_0 (property_service (set))) -(allow gsm0710muxd radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow gsm0710muxd property_socket_26_0 (sock_file (write))) -(allow gsm0710muxd init_26_0 (unix_stream_socket (connectto))) -(allow gsm0710muxd ril_mux_report_case_prop (property_service (set))) -(allow gsm0710muxd ril_mux_report_case_prop (file (ioctl read getattr lock open))) -(allow gsm0710muxd gsm0710muxd_device (chr_file (ioctl read write getattr lock append open))) -(allow gsm0710muxd device_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow gsm0710muxd device_26_0 (lnk_file (create unlink))) -(allow gsm0710muxd devpts_26_0 (chr_file (setattr))) -(allow gsm0710muxd eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow gsm0710muxd sysfs_26_0 (file (ioctl read getattr lock open))) -(allow gsm0710muxd sysfs_ccci (dir (search))) -(allow gsm0710muxd sysfs_ccci (file (ioctl read getattr lock open))) -(allow hal_bootctl_default para_block_device (blk_file (read write open))) -(allow hal_bootctl_default proc_26_0 (file (read getattr open))) -(allow hal_bootctl_default rootfs_26_0 (file (read getattr open))) -(allow hal_bootctl_default sysfs_26_0 (dir (read open))) -(allow hal_bootctl_default sysfs_26_0 (file (read getattr open))) -(allow hal_bootctl_default block_device_26_0 (dir (search))) -(allow hal_bootctl_default misc_sd_device (chr_file (ioctl read write getattr lock append open))) -(allow hal_drm_default vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_drm_default vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 hal_drm_default (dir (search))) -(allow vndservicemanager_26_0 hal_drm_default (file (read open))) -(allow vndservicemanager_26_0 hal_drm_default (process (getattr))) -(allow hal_drm_default debugfs_tracing_26_0 (file (write))) -(allow init_26_0 hal_drm_widevine_exec (file (read getattr execute open))) -(allow init_26_0 hal_drm_widevine (process (transition))) -(allow hal_drm_widevine hal_drm_widevine_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_drm_widevine (process (noatsecure))) -(allow init_26_0 hal_drm_widevine (process (siginh rlimitinh))) -(typetransition init_26_0 hal_drm_widevine_exec process hal_drm_widevine) -(typetransition hal_drm_widevine tmpfs_26_0 file hal_drm_widevine_tmpfs) -(allow hal_drm_widevine hal_drm_widevine_tmpfs (file (read write getattr))) -(allow hal_drm_widevine tmpfs_26_0 (dir (getattr search))) -(allow hal_drm_widevine mediacodec_26_0 (fd (use))) -(allow hal_drm_widevine base_typeattr_100_26_0 (fd (use))) -(allow hal_drm_widevine vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_drm_widevine vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 hal_drm_widevine (dir (search))) -(allow vndservicemanager_26_0 hal_drm_widevine (file (read open))) -(allow vndservicemanager_26_0 hal_drm_widevine (process (getattr))) -(allow hal_drm_widevine debugfs_tracing_26_0 (file (write))) -(allow hal_gnss vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_gnss vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 hal_gnss (dir (search))) -(allow vndservicemanager_26_0 hal_gnss (file (read open))) -(allow vndservicemanager_26_0 hal_gnss (process (getattr))) -(allow hal_gnss_default mnld_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_gnss_default mnld_data_file (sock_file (ioctl read write getattr lock append open))) -(allow hal_gnss_default mnld_data_file (dir (ioctl read write create getattr setattr lock append unlink rename open))) -(allow hal_gnss_default mnld_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow hal_gnss_default mnld (unix_dgram_socket (sendto))) -(allow hal_graphics_allocator proc_ged (file (ioctl read open))) -(allow hal_graphics_allocator_default gpu_device_26_0 (dir (search))) -(allow hal_graphics_allocator_default sw_sync_device (chr_file (ioctl read write getattr open))) -(allow hal_graphics_allocator_default debugfs_ion (dir (search))) -(allow hal_graphics_allocator_default debugfs_tracing_26_0 (file (write))) -(allow hal_graphics_allocator_default debugfs_tracing_26_0 (file (open))) -(allow hal_graphics_composer_default vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow hal_graphics_composer_default vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 hal_graphics_composer_default (dir (search))) -(allow vndservicemanager_26_0 hal_graphics_composer_default (file (read open))) -(allow vndservicemanager_26_0 hal_graphics_composer_default (process (getattr))) -(allow hal_graphics_composer_default debugfs_ged (dir (search))) -(allow hal_graphics_composer_default proc_26_0 (file (ioctl read getattr open))) -(allow hal_graphics_composer_default proc_ged (file (ioctl read open))) -(allow hal_graphics_composer_default self (netlink_kobject_uevent_socket (read create bind setopt))) -(allow hal_graphics_composer_default sw_sync_device (chr_file (ioctl read write open))) -(allow hal_graphics_composer_default hal_graphics_mapper_hwservice_26_0 (hwservice_manager (find))) -(allow hal_graphics_composer_default gpu_device_26_0 (dir (search))) -(allow hal_graphics_composer_default debugfs_ion (dir (search))) -(allow hal_graphics_composer_default debugfs_tracing_26_0 (file (write))) -(allow hal_graphics_composer_default debugfs_tracing_26_0 (file (open))) -(allow hal_graphics_composer_default mtk_cmdq_device (chr_file (ioctl read open))) -(allow hal_graphics_composer_default mtk_mdp_device (chr_file (read write open ioctl))) -(allow hal_graphics_composer_default mtk_hal_power_hwservice (hwservice_manager (find))) -(allow hal_graphics_composer_default mtk_hal_power (binder (call transfer))) -(allow mtk_hal_power hal_graphics_composer_default (binder (transfer))) -(allow hal_graphics_composer_default mtk_hal_power (fd (use))) -(allow hal_graphics_composer_default property_socket_26_0 (sock_file (write))) -(allow hal_graphics_composer_default init_26_0 (unix_stream_socket (connectto))) -(allow hal_graphics_composer_default graphics_config_prop (property_service (set))) -(allow hal_graphics_composer_default graphics_config_prop (file (ioctl read getattr lock open))) -(allow hal_graphics_composer_default graphics_config_prop (file (ioctl read getattr lock open))) -(allow hal_imsa_client hal_imsa_server (binder (call transfer))) -(allow hal_imsa_server hal_imsa_client (binder (transfer))) -(allow hal_imsa_client hal_imsa_server (fd (use))) -(allow hal_imsa_server hal_imsa_client (binder (call transfer))) -(allow hal_imsa_client hal_imsa_server (binder (transfer))) -(allow hal_imsa_server hal_imsa_client (fd (use))) -(allow hal_imsa_client mtk_hal_imsa_hwservice (hwservice_manager (find))) -(allow hal_ir_default irtx_device (chr_file (ioctl read write getattr lock append open))) -(allow hal_ir_default irtx_device (chr_file (ioctl open))) -(allow hal_ir_default irtx_device (chr_file (read write))) -(allow init_26_0 hal_keymaster_attestation_exec (file (read getattr execute open))) -(allow init_26_0 hal_keymaster_attestation (process (transition))) -(allow hal_keymaster_attestation hal_keymaster_attestation_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 hal_keymaster_attestation (process (noatsecure))) -(allow init_26_0 hal_keymaster_attestation (process (siginh rlimitinh))) -(typetransition init_26_0 hal_keymaster_attestation_exec process hal_keymaster_attestation) -(typetransition hal_keymaster_attestation tmpfs_26_0 file hal_keymaster_attestation_tmpfs) -(allow hal_keymaster_attestation hal_keymaster_attestation_tmpfs (file (read write getattr))) -(allow hal_keymaster_attestation tmpfs_26_0 (dir (getattr search))) -(allow hal_keymaster_attestation hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 hal_keymaster_attestation (binder (call transfer))) -(allow hwservicemanager_26_0 hal_keymaster_attestation (dir (search))) -(allow hwservicemanager_26_0 hal_keymaster_attestation (file (read open))) -(allow hwservicemanager_26_0 hal_keymaster_attestation (process (getattr))) -(allow hal_keymaster_attestation tee_device_26_0 (chr_file (ioctl read write open))) -(allow hal_memtrack debugfs_gpu_mali_midgard (file (read getattr open))) -(allow hal_memtrack debugfs_gpu_mali_utgard (file (read getattr open))) -(allow hal_memtrack debugfs_gpu_img (dir (search))) -(allow hal_memtrack debugfs_gpu_img (file (read getattr open))) -(allow hal_memtrack debugfs_ion (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow hal_memtrack debugfs_ion (file (read getattr open))) -(allow hal_nfc st21nfc_device (chr_file (ioctl read write getattr open))) -(allow hal_pq_client hal_pq_server (binder (call transfer))) -(allow hal_pq_server hal_pq_client (binder (transfer))) -(allow hal_pq_client hal_pq_server (fd (use))) -(allow hal_pq_server hal_pq_client (binder (call transfer))) -(allow hal_pq_client hal_pq_server (binder (transfer))) -(allow hal_pq_server hal_pq_client (fd (use))) -(allow hal_pq_client mtk_hal_pq_hwservice (hwservice_manager (find))) -(allow hal_wifi wmtWifi_device (chr_file (write lock append open))) -(allow hostapd system_wpa_socket_26_0 (sock_file (write))) -(dontaudit hostapd kernel_26_0 (system (module_request))) -(allow init_26_0 nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow init_26_0 nvram_data_file (lnk_file (ioctl read getattr lock open))) -(allow init_26_0 nvdata_file (dir (ioctl read write create getattr setattr lock append unlink rename open))) -(allow init_26_0 block_device_26_0 (blk_file (setattr))) -(allow init_26_0 system_block_device_26_0 (blk_file (setattr))) -(allow init_26_0 nvram_device (blk_file (setattr))) -(allow init_26_0 seccfg_block_device (blk_file (setattr))) -(allow init_26_0 secro_block_device (blk_file (setattr))) -(allow init_26_0 frp_block_device_26_0 (blk_file (setattr))) -(allow init_26_0 logo_block_device (blk_file (setattr))) -(allow init_26_0 para_block_device (blk_file (setattr))) -(allow init_26_0 recovery_block_device_26_0 (blk_file (setattr))) -(allow init_26_0 protect1_block_device (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 protect2_block_device (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 userdata_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 cache_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 nvdata_device (blk_file (write lock append open))) -(allow init_26_0 persist_block_device (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 nvcfg_block_device (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 odm_block_device (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 oem_block_device (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 para_block_device (blk_file (write lock append open))) -(allow init_26_0 base_typeattr_177_26_0 (process (noatsecure))) -(allow init_26_0 debugfs_dynamic_debug (file (write))) -(allow init_26_0 self (capability (sys_module))) -(allow init_26_0 kernel_26_0 (system (module_request))) -(allow init_26_0 tmpfs_26_0 (lnk_file (create))) -(allow init_26_0 mtk_hal_bluetooth_exec (file (getattr))) -(allow init_26_0 debugfs_26_0 (file (write lock append open))) -(allow init_26_0 mtk_hal_audio_exec (file (getattr))) -(allow init_26_0 vendor_block_device (lnk_file (relabelto))) -(allow init_26_0 mtk_hal_gnss_exec (file (getattr))) -(allow init_26_0 debugfs_tracing_instances_26_0 (file (relabelfrom))) -(allow init_26_0 debugfs_26_0 (file (write))) -(allow init_26_0 kernel_26_0 (system (module_request))) -(allow init_26_0 nvdata_file (dir (mounton))) -(allow init_26_0 oemfs_26_0 (dir (mounton))) -(allow init_26_0 protect_f_data_file (dir (mounton))) -(allow init_26_0 protect_s_data_file (dir (mounton))) -(allow init_26_0 nvcfg_file (dir (mounton))) -(allow init_26_0 persist_data_file (dir (mounton))) -(allow init_26_0 tmpfs_26_0 (lnk_file (create))) -(allow init_26_0 self (capability (sys_module))) -(allow init_26_0 system_file_26_0 (system (module_load))) -(allow init_26_0 vendor_file_26_0 (system (module_load))) -(allow init_26_0 debugfs_ged (file (write lock append open))) -(allow init_26_0 debugfs_tracing_26_0 (dir (write))) -(allow init_26_0 debugfs_tracing_26_0 (file (write))) -(allow init_26_0 sysfs_devices_system_cpu_26_0 (file (relabelfrom))) -(allow kernel_26_0 sdcard_type (dir (search))) -(allow kernel_26_0 block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow kernel_26_0 loop_device_26_0 (blk_file (ioctl read getattr lock open))) -(allow kernel_26_0 vold_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow kernel_26_0 system_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow kernel_26_0 aee_core_forwarder_exec (file (read getattr execute open))) -(allow kernel_26_0 aee_core_forwarder (process (transition))) -(allow aee_core_forwarder aee_core_forwarder_exec (file (read getattr execute entrypoint open))) -(allow aee_core_forwarder kernel_26_0 (process (sigchld))) -(dontaudit kernel_26_0 aee_core_forwarder (process (noatsecure))) -(allow kernel_26_0 aee_core_forwarder (process (siginh rlimitinh))) -(typetransition kernel_26_0 aee_core_forwarder_exec process aee_core_forwarder) -(allow kernel_26_0 fon_image_data_file (file (read))) -(allow kernel_26_0 proc_thermal (dir (search))) -(allow kernel_26_0 nvram_data_file (dir (search))) -(allow kernel_26_0 nvram_data_file (file (ioctl read getattr lock open))) -(allow kernel_26_0 nvram_data_file (lnk_file (read))) -(allow kernel_26_0 nvdata_file (dir (search))) -(allow kernel_26_0 nvdata_file (file (ioctl read getattr lock open))) -(allow kernel_26_0 nvdata_file (file (write lock append open))) -(allow kernel_26_0 mnt_user_file_26_0 (dir (search))) -(allow kernel_26_0 mnt_user_file_26_0 (lnk_file (read))) -(allow kernel_26_0 wifi_data_file_26_0 (file (ioctl read getattr lock open))) -(allow kernel_26_0 wifi_data_file_26_0 (dir (search))) -(allow kernel_26_0 storage_file_26_0 (lnk_file (read))) -(allow kernel_26_0 sdcard_type (file (open))) -(allow kernel_26_0 system_data_file_26_0 (file (read))) -(allow kernel_26_0 block_device_26_0 (dir (search))) -(allow kernel_26_0 misc2_block_device (blk_file (ioctl read write getattr lock append open))) -(allow kernel_26_0 fuseblk (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow kernel_26_0 fuseblk (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow kernel_26_0 vfat_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow kernel_26_0 mnt_media_rw_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow kernel_26_0 vfat_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow kernel_26_0 mnt_media_rw_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow kernel_26_0 kernel_26_0 (key (write search setattr))) -(allow kernel_26_0 platform_app_26_0 (process (setsched))) -(allow kernel_26_0 audioserver_26_0 (fd (use))) -(allow keystore_26_0 app_data_file_26_0 (file (write))) -(allow keystore_26_0 debugfs_tracing_26_0 (file (write))) -(allow hal_keymaster_default debugfs_tracing_26_0 (file (write))) -(allow init_26_0 lbs_hidl_service_exec (file (read getattr execute open))) -(allow init_26_0 lbs_hidl_service (process (transition))) -(allow lbs_hidl_service lbs_hidl_service_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 lbs_hidl_service (process (noatsecure))) -(allow init_26_0 lbs_hidl_service (process (siginh rlimitinh))) -(typetransition init_26_0 lbs_hidl_service_exec process lbs_hidl_service) -(typetransition lbs_hidl_service tmpfs_26_0 file lbs_hidl_service_tmpfs) -(allow lbs_hidl_service lbs_hidl_service_tmpfs (file (read write getattr))) -(allow lbs_hidl_service tmpfs_26_0 (dir (getattr search))) -(allow lbs_hidl_service vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow lbs_hidl_service vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 lbs_hidl_service (dir (search))) -(allow vndservicemanager_26_0 lbs_hidl_service (file (read open))) -(allow vndservicemanager_26_0 lbs_hidl_service (process (getattr))) -#(allow lbs_hidl_service system_file_26_0 (dir (ioctl read getattr lock search open))) -#(allow lbs_hidl_service system_file_26_0 (file (ioctl read getattr lock open))) -#(allow lbs_hidl_service system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow lbs_hidl_service agpsd_socket (sock_file (write))) -(allow lbs_hidl_service mtk_agpsd (unix_stream_socket (connectto))) -(allow lbs_hidl_service mtk_agpsd (unix_dgram_socket (sendto))) -(dontaudit lmkd_26_0 zygote_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(dontaudit lmkd_26_0 platform_app_26_0 (fd (use))) -(allow init_26_0 md_ctrl_exec (file (read getattr execute open))) -(allow init_26_0 md_ctrl (process (transition))) -(allow md_ctrl md_ctrl_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 md_ctrl (process (noatsecure))) -(allow init_26_0 md_ctrl (process (siginh rlimitinh))) -(typetransition init_26_0 md_ctrl_exec process md_ctrl) -(typetransition md_ctrl tmpfs_26_0 file md_ctrl_tmpfs) -(allow md_ctrl md_ctrl_tmpfs (file (read write getattr))) -(allow md_ctrl tmpfs_26_0 (dir (getattr search))) -(allow md_ctrl ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow md_ctrl devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow md_ctrl self (capability (dac_override))) -(allow md_ctrl muxreport_exec (file (ioctl read getattr lock execute execute_no_trans open))) -(allow md_ctrl emd_device (chr_file (ioctl read write getattr lock append open))) -(allow md_ctrl eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow md_ctrl property_socket_26_0 (sock_file (write))) -(allow md_ctrl init_26_0 (unix_stream_socket (connectto))) -(allow md_ctrl vold_prop_26_0 (property_service (set))) -(allow md_ctrl vold_prop_26_0 (file (ioctl read getattr lock open))) -(allow md_ctrl sysfs_ccci (dir (search))) -(allow md_ctrl sysfs_ccci (file (ioctl read getattr lock open))) -(allow mdlogger_26_0 debug_mdlogger_prop (property_service (set))) -(allow mdlogger_26_0 debug_prop_26_0 (property_service (set))) -(allow mdlogger_26_0 ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow mdlogger_26_0 ttyGS_device (chr_file (ioctl read write getattr lock append open))) -(allow mdlogger_26_0 mdlog_data_file (dir (ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open))) -(allow mdlogger_26_0 mdlog_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 mdlog_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 system_data_file_26_0 (dir (ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open))) -(allow mdlogger_26_0 mdlog_device (chr_file (ioctl read write getattr lock append open))) -(allow mdlogger_26_0 vfat_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mdlogger_26_0 vfat_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 log_device_26_0 (chr_file (write lock append open))) -(allow mdlogger_26_0 tmpfs_26_0 (lnk_file (read))) -(allow mdlogger_26_0 storage_file_26_0 (lnk_file (ioctl read write getattr lock append open))) -(allow mdlogger_26_0 mnt_user_file_26_0 (dir (search))) -(allow mdlogger_26_0 mnt_user_file_26_0 (lnk_file (ioctl read write getattr lock append open))) -(allow mdlogger_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mdlogger_26_0 storage_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mdlogger_26_0 storage_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 sysfs_ccci (dir (search))) -(allow mdlogger_26_0 sysfs_ccci (file (ioctl read getattr lock open))) -(allow mdlogger_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mdlogger_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow mdlogger_26_0 system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow mdlogger_26_0 mdlog_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 mdlog_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 mdlog_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 mdlog_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mdlogger_26_0 mdlog_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition mdlogger_26_0 system_data_file_26_0 dir mdlog_data_file) -(typetransition mdlogger_26_0 system_data_file_26_0 fifo_file mdlog_data_file) -(typetransition mdlogger_26_0 system_data_file_26_0 sock_file mdlog_data_file) -(typetransition mdlogger_26_0 system_data_file_26_0 lnk_file mdlog_data_file) -(typetransition mdlogger_26_0 system_data_file_26_0 file mdlog_data_file) -(allow mdlogger_26_0 file_contexts_file_26_0 (file (read getattr open))) -(allow mediacodec_26_0 devmap_device (chr_file (ioctl))) -(allow mediacodec_26_0 Vcodec_device (chr_file (ioctl read write open))) -(allow mediacodec_26_0 M4U_device_device (chr_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 proc_26_0 (file (read open))) -(allow mediacodec_26_0 sysfs_26_0 (file (read write open))) -(allow mediacodec_26_0 debugfs_binder (dir (search))) -(allow mediacodec_26_0 proc_26_0 (file (ioctl getattr))) -(allow mediacodec_26_0 MTK_SMI_device (chr_file (ioctl read open))) -(allow mediacodec_26_0 storage_file_26_0 (lnk_file (read write open))) -(allow mediacodec_26_0 tmpfs_26_0 (dir (search))) -(allow mediacodec_26_0 mnt_user_file_26_0 (dir (read write search))) -(allow mediacodec_26_0 mnt_user_file_26_0 (lnk_file (read write))) -(allow mediacodec_26_0 sdcard_type (dir (read write add_name remove_name search))) -(allow mediacodec_26_0 sdcard_type (file (read write create getattr append unlink open))) -(allow mediacodec_26_0 nvram_data_file (dir (write lock add_name remove_name search open))) -(allow mediacodec_26_0 nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediacodec_26_0 nvram_data_file (lnk_file (read))) -(allow mediacodec_26_0 nvdata_file (dir (write lock add_name remove_name search open))) -(allow mediacodec_26_0 nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediacodec_26_0 devmap_device (chr_file (ioctl read getattr lock open))) -(allow mediacodec_26_0 proc_meminfo_26_0 (file (read getattr open))) -(allow mediacodec_26_0 mtk_sched_device (chr_file (ioctl read write open))) -(allow mediacodec_26_0 mediacodec_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediacodec_26_0 mediacodec_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mediacodec_26_0 sec_device (chr_file (ioctl read getattr lock open))) -(allow mediacodec_26_0 surfaceflinger_26_0 (file (getattr))) -(allow mediacodec_26_0 sysfs_lowmemorykiller_26_0 (file (read open))) -(allow mediacodec_26_0 proc_mtkcooler (dir (search))) -(allow mediacodec_26_0 proc_mtktz (dir (search))) -(allow mediacodec_26_0 proc_thermal (dir (search))) -(allow mediacodec_26_0 proc_mtkcooler (file (read write open))) -(allow mediacodec_26_0 proc_mtktz (file (read write getattr open))) -(allow mediacodec_26_0 proc_thermal (file (read write open))) -(allow mediacodec_26_0 thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediacodec_26_0 thermal_manager_data_file (dir (ioctl read write getattr setattr lock add_name remove_name search open))) -(allow mediacodec_26_0 thermal_manager_data_file (dir (search))) -(allow mediacodec_26_0 untrusted_app_26_0 (dir (search))) -(allow mediacodec_26_0 MJC_device (chr_file (ioctl read write open))) -(allow mediacodec_26_0 MtkCodecService (binder (call))) -(allow mediacodec_26_0 MtkCodecService (binder (transfer))) -(allow mediacodec_26_0 proc_ged (file (ioctl read write getattr open))) -(allow mediacodec_26_0 surfaceflinger_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 gpu_device_26_0 (dir (search))) -(allow mediacodec_26_0 debug_prop_26_0 (property_service (set))) -(allow mediacodec_26_0 system_prop_26_0 (property_service (set))) -(allow mediacodec_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediacodec_26_0 vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 mediacodec_26_0 (dir (search))) -(allow vndservicemanager_26_0 mediacodec_26_0 (file (read open))) -(allow vndservicemanager_26_0 mediacodec_26_0 (process (getattr))) -(allow mediacodec_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mediacodec_26_0 debugfs_ion (dir (search))) -(allow mediacodec_26_0 debugfs_tracing_26_0 (file (write))) -(allow mediacodec_26_0 mtk_thermal_config_prop (file (read getattr open))) -(allow mediacodec_26_0 mtk_thermal_config_prop (property_service (set))) -(allow mediacodec_26_0 mtk_cmdq_device (chr_file (ioctl read open))) -(allow mediacodec_26_0 mtk_hal_power_hwservice (hwservice_manager (find))) -(allow mediacodec_26_0 mtk_hal_power (binder (call))) -(allow mediacodec_26_0 mtk_hal_power (unix_stream_socket (connectto))) -(allow mediadrmserver_26_0 proc_ged (file (ioctl read write getattr open))) -(allow mediaserver_26_0 mtk_thermal_config_prop (file (read getattr open))) -(allow mediaserver_26_0 mtk_thermal_config_prop (property_service (set))) -(allow mediaextractor_26_0 proc_ged (file (ioctl read write getattr open))) -(allow mediaserver_26_0 camera_isp_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 ccu_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 vpu_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 kd_camera_hw_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 self (capability (setuid ipc_lock sys_nice))) -(allow mediaserver_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 MTK_SMI_device (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 camera_pipemgr_device (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 kd_camera_flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 lens_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 sdcard_type (dir (write create lock add_name remove_name search open))) -(allow mediaserver_26_0 sdcard_type (file (create))) -(allow mediaserver_26_0 nvram_data_file (dir (write lock add_name remove_name search open))) -(allow mediaserver_26_0 nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediaserver_26_0 nvram_data_file (lnk_file (read))) -(allow mediaserver_26_0 nvdata_file (dir (write lock add_name remove_name search open))) -(allow mediaserver_26_0 nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediaserver_26_0 sdcard_type (dir (remove_name))) -(allow mediaserver_26_0 sdcard_type (file (unlink))) -(allow mediaserver_26_0 nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 self (capability (net_admin))) -(allow mediaserver_26_0 devmap_device (chr_file (ioctl))) -(allow mediaserver_26_0 system_data_file_26_0 (file (open))) -(allow mediaserver_26_0 bluetooth_26_0 (unix_dgram_socket (sendto))) -(allow mediaserver_26_0 bt_a2dp_stream_socket (sock_file (write))) -(allow mediaserver_26_0 bt_int_adp_socket (sock_file (write))) -(allow mediaserver_26_0 camera_sysram_device (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 Vcodec_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 MtkCodecService (binder (call))) -(allow mediaserver_26_0 ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 devmap_device (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 ebc_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 mtk_sched_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 block_device_26_0 (dir (write search))) -(allow mediaserver_26_0 fm_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 block_device_26_0 (dir (search))) -(allow mediaserver_26_0 FM50AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 AD5820AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 DW9714AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 DW9814AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 AK7345AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 DW9714A_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 LC898122AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 LC898212AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 BU6429AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 DW9718AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 BU64745GWZAF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 MAINAF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 MAIN2AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 SUBAF_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 bootanim_26_0 (binder (call transfer))) -(allow mediaserver_26_0 sdcard_type (file (append))) -(allow mediaserver_26_0 camera_fdvt_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 MtkCodecService (binder (call transfer))) -(allow MtkCodecService mediaserver_26_0 (binder (transfer))) -(allow mediaserver_26_0 MtkCodecService (fd (use))) -(allow mediaserver_26_0 audiohal_prop (property_service (set))) -(allow mediaserver_26_0 mediaserver_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediaserver_26_0 mediaserver_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mediaserver_26_0 sec_device (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 smartpa_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 audiocmdservice_atci_26_0 (binder (call))) -(allow mediaserver_26_0 audiocmdservice_atci_26_0 (binder (call transfer))) -(allow audiocmdservice_atci_26_0 mediaserver_26_0 (binder (transfer))) -(allow mediaserver_26_0 audiocmdservice_atci_26_0 (fd (use))) -(allow mediaserver_26_0 mtk_jpeg_device (chr_file (ioctl read getattr lock open))) -(allow mediaserver_26_0 uhid_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 CAM_CAL_DRV_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 CAM_CAL_DRV1_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 CAM_CAL_DRV2_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 vow_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 rpc_socket (sock_file (write))) -(allow mediaserver_26_0 ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 surfaceflinger_26_0 (file (getattr))) -(allow mediaserver_26_0 sysfs_lowmemorykiller_26_0 (file (read open))) -(allow mediaserver_26_0 proc_mtkcooler (dir (search))) -(allow mediaserver_26_0 proc_mtktz (dir (search))) -(allow mediaserver_26_0 proc_thermal (dir (search))) -(allow mediaserver_26_0 thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediaserver_26_0 thermal_manager_data_file (dir (ioctl read write getattr setattr lock add_name remove_name search open))) -(allow mediaserver_26_0 qemu_pipe_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 system_server_26_0 (unix_stream_socket (read write))) -(allow mediaserver_26_0 radio_data_file_26_0 (dir (search))) -(allow mediaserver_26_0 radio_data_file_26_0 (file (open))) -(allow mediaserver_26_0 radio_26_0 (dir (read search))) -(allow mediaserver_26_0 radio_26_0 (file (ioctl read getattr lock open))) -(allow mediaserver_26_0 radio_data_file_26_0 (file (open))) -(allow mediaserver_26_0 untrusted_app_26_0 (dir (search))) -(allow mediaserver_26_0 offloadservice_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 sensorservice_service_26_0 (service_manager (find))) -(allow mediaserver_26_0 system_data_file_26_0 (dir (write))) -(allow mediaserver_26_0 storage_file_26_0 (lnk_file (read write))) -(allow mediaserver_26_0 mnt_user_file_26_0 (dir (read write search))) -(allow mediaserver_26_0 mnt_user_file_26_0 (lnk_file (read write))) -(allow mediaserver_26_0 surfaceflinger_26_0 (fifo_file (read write))) -(allow mediaserver_26_0 nvcfg_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mediaserver_26_0 nvcfg_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mediaserver_26_0 camera_dpe_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 camera_tsf_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 thermal_manager_exec (file (read getattr execute open))) -(allow mediaserver_26_0 thermal_manager (process (transition))) -(allow thermal_manager thermal_manager_exec (file (read getattr execute entrypoint open))) -(allow thermal_manager mediaserver_26_0 (process (sigchld))) -(dontaudit mediaserver_26_0 thermal_manager (process (noatsecure))) -(allow mediaserver_26_0 thermal_manager (process (siginh rlimitinh))) -(typetransition mediaserver_26_0 thermal_manager_exec process thermal_manager) -(allow mediaserver_26_0 thermal_manager_exec (file (read getattr execute open))) -(allow mediaserver_26_0 camera_rsc_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 proc_ged (file (ioctl read write getattr open))) -(allow mediaserver_26_0 camera_gepf_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow dumpstate_26_0 surfaceflinger_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 camera_wpe_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 gpu_device_26_0 (dir (search))) -(allow mediaserver_26_0 sw_sync_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 camera_owe_device (chr_file (ioctl read write getattr lock append open))) -(allow mediaserver_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow mediaserver_26_0 mtk_cmdq_device (chr_file (ioctl read open))) -(allow meta_tst_26_0 ttyGS_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 ttyMT_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 emd_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 ttyACM_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 mdlog_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 mmcblk1_block_device (blk_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 userdata_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 cache_block_device_26_0 (blk_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow meta_tst_26_0 nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow meta_tst_26_0 nvram_data_file (lnk_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 nvdata_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow meta_tst_26_0 nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow meta_tst_26_0 nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 nvdata_device (blk_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 audio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 audio_device_26_0 (dir (ioctl read getattr lock search open))) -(allow meta_tst_26_0 property_socket_26_0 (sock_file (write))) -(allow meta_tst_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow meta_tst_26_0 audiohal_prop (property_service (set))) -(allow meta_tst_26_0 audiohal_prop (file (ioctl read getattr lock open))) -(allow meta_tst_26_0 rtc_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 MT_pmic_adc_cali_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 persist_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow meta_tst_26_0 persist_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow meta_tst_26_0 cct_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow meta_tst_26_0 cct_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow meta_tst_26_0 devmap_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 camera_pipemgr_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 MTK_SMI_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 camera_isp_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 camera_sysram_device (chr_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 kd_camera_flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 kd_camera_hw_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 AD5820AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 DW9714AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 DW9714A_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 LC898122AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 LC898212AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 BU6429AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 DW9718AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 BU64745GWZAF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 MAINAF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 MAIN2AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 SUBAF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 graphics_device_26_0 (dir (search))) -(allow meta_tst_26_0 als_ps_device (chr_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 gsensor_device (chr_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 msensor_device (chr_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 gyroscope_device (chr_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 fm_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 FM50AF_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 wmtWifi_device (chr_file (write lock append open))) -(allow meta_tst_26_0 stpbt_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 gps_data_file (dir (write unlink add_name remove_name search))) -(allow meta_tst_26_0 gps_data_file (file (read write create getattr setattr lock append unlink open))) -(allow meta_tst_26_0 gps_data_file (lnk_file (read))) -(allow meta_tst_26_0 tmpfs_26_0 (lnk_file (read))) -(allow meta_tst_26_0 agpsd_data_file (dir (search))) -(allow meta_tst_26_0 agpsd_data_file (sock_file (write))) -(allow meta_tst_26_0 mnld_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 property_socket_26_0 (sock_file (write))) -(allow meta_tst_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow meta_tst_26_0 mnld_prop (property_service (set))) -(allow meta_tst_26_0 mnld_prop (file (ioctl read getattr lock open))) -(allow meta_tst_26_0 mt6605_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 shell_exec_26_0 (file (ioctl read getattr lock execute execute_no_trans open))) -(allow meta_tst_26_0 system_data_file_26_0 (dir (create))) -(allow meta_tst_26_0 key_install_data_file_26_0 (dir (write lock add_name remove_name search open))) -(allow meta_tst_26_0 key_install_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow meta_tst_26_0 misc_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 proc_lk_env (file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 block_device_26_0 (blk_file (getattr))) -(allow meta_tst_26_0 system_block_device_26_0 (blk_file (getattr))) -(allow meta_tst_26_0 shell_exec_26_0 (file (ioctl read getattr lock open))) -(allow meta_tst_26_0 pro_info_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 self (process (execmem))) -(allow meta_tst_26_0 mtd_device_26_0 (dir (search))) -(allow meta_tst_26_0 mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow meta_tst_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow meta_tst_26_0 mnt_user_file_26_0 (dir (search))) -(allow meta_tst_26_0 mnt_user_file_26_0 (lnk_file (read))) -(allow meta_tst_26_0 storage_file_26_0 (lnk_file (read))) -(allow meta_tst_26_0 sysfs_ccci (dir (search))) -(allow meta_tst_26_0 sysfs_ccci (file (ioctl read getattr lock open))) -(allow meta_tst_26_0 sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow meta_tst_26_0 gsm0710muxd_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 property_socket_26_0 (sock_file (write))) -(allow meta_tst_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow meta_tst_26_0 system_radio_prop_26_0 (property_service (set))) -(allow meta_tst_26_0 system_radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow meta_tst_26_0 media_rw_data_file_26_0 (dir (read search open))) -(allow meta_tst_26_0 media_rw_data_file_26_0 (file (read write open))) -(allow meta_tst_26_0 flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 para_block_device (blk_file (read write open))) -(allow meta_tst_26_0 nvcfg_file (dir (read search open))) -(allow meta_tst_26_0 sdcard_type (filesystem (unmount))) -(allow meta_tst_26_0 toolbox_exec_26_0 (file (read getattr execute execute_no_trans open))) -(allow meta_tst_26_0 storage_stub_file_26_0 (dir (search))) -(allow meta_tst_26_0 self (netlink_route_socket (read write create getattr bind nlmsg_read nlmsg_write))) -(allow meta_tst_26_0 self (capability (setgid setuid))) -(allow meta_tst_26_0 self (packet_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow meta_tst_26_0 self (capability (setgid setuid sys_module))) -(allow meta_tst_26_0 wifi_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow meta_tst_26_0 wifi_data_file_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow meta_tst_26_0 self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow meta_tst_26_0 self (rawip_socket (create))) -(allow meta_tst_26_0 self (udp_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow meta_tst_26_0 self (rawip_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow meta_tst_26_0 proc_ged (file (ioctl read getattr lock open))) -(allowx meta_tst_26_0 self (ioctl udp_socket (0x8912 0x8914))) -(allowx meta_tst_26_0 self (ioctl udp_socket (((range 0x8be8 0x8be9))))) -(allow meta_tst_26_0 property_socket_26_0 (sock_file (write))) -(allow meta_tst_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow meta_tst_26_0 meta_connecttype_prop (property_service (set))) -(allow meta_tst_26_0 meta_connecttype_prop (file (ioctl read getattr lock open))) -(allow meta_tst_26_0 input_device_26_0 (dir (ioctl read getattr lock search open))) -(allow meta_tst_26_0 input_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow meta_tst_26_0 ashmem_device_26_0 (chr_file (execute))) -(allow meta_tst_26_0 ctl_default_prop_26_0 (property_service (set))) -(allow meta_tst_26_0 ctl_emdlogger1_prop (property_service (set))) -(allow meta_tst_26_0 system_data_file_26_0 (lnk_file (read))) -(allow meta_tst_26_0 st21nfc_device (chr_file (ioctl read write open))) -(allow meta_tst_26_0 factory_data_file (sock_file (write unlink))) -(allow meta_tst_26_0 nfc_socket (dir (search))) -(allow meta_tst_26_0 vendor_file_26_0 (file (read getattr execute execute_no_trans open))) -(allow meta_tst_26_0 property_socket_26_0 (sock_file (write))) -(allow meta_tst_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow meta_tst_26_0 hwservicemanager_prop_26_0 (property_service (set))) -(allow meta_tst_26_0 hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow meta_tst_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 meta_tst_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 meta_tst_26_0 (dir (search))) -(allow hwservicemanager_26_0 meta_tst_26_0 (file (read open))) -(allow hwservicemanager_26_0 meta_tst_26_0 (process (getattr))) -(allow meta_tst_26_0 debugfs_tracing_26_0 (file (write open))) -(allow meta_tst_26_0 sysfs_leds_26_0 (lnk_file (read))) -(allow meta_tst_26_0 sysfs_leds_26_0 (file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 sysfs_leds_26_0 (dir (ioctl read getattr lock search open))) -(allow meta_tst_26_0 sysfs_26_0 (dir (read write open))) -(allow meta_tst_26_0 sysfs_mmc1 (dir (read search open))) -(allow meta_tst_26_0 sysfs_mmc1 (lnk_file (read))) -(allow meta_tst_26_0 mtk_hal_audio (binder (call transfer))) -(allow mtk_hal_audio meta_tst_26_0 (binder (transfer))) -(allow meta_tst_26_0 mtk_hal_audio (fd (use))) -(allow meta_tst_26_0 mtk_hal_audio (binder (call))) -(allow meta_tst_26_0 hal_audio_hwservice_26_0 (hwservice_manager (find))) -(allow meta_tst_26_0 mtk_audiohal_data_file (dir (read search open))) -(allow meta_tst_26_0 proc_26_0 (file (read open))) -(allow meta_tst_26_0 audio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 audio_device_26_0 (dir (write lock add_name remove_name search open))) -(allow meta_tst_26_0 audiohal_prop (property_service (set))) -(allow init_26_0 mmc_ffu_exec (file (read getattr execute open))) -(allow init_26_0 mmc_ffu (process (transition))) -(allow mmc_ffu mmc_ffu_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mmc_ffu (process (noatsecure))) -(allow init_26_0 mmc_ffu (process (siginh rlimitinh))) -(typetransition init_26_0 mmc_ffu_exec process mmc_ffu) -(typetransition mmc_ffu tmpfs_26_0 file mmc_ffu_tmpfs) -(allow mmc_ffu mmc_ffu_tmpfs (file (read write getattr))) -(allow mmc_ffu tmpfs_26_0 (dir (getattr search))) -(allow mmc_ffu block_device_26_0 (dir (ioctl read getattr lock search open))) -(allow mmc_ffu misc_sd_device (chr_file (ioctl read getattr lock open))) -(allow mmc_ffu bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow init_26_0 mnld_exec (file (read getattr execute open))) -(allow init_26_0 mnld (process (transition))) -(allow mnld mnld_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mnld (process (noatsecure))) -(allow init_26_0 mnld (process (siginh rlimitinh))) -(typetransition init_26_0 mnld_exec process mnld) -(typetransition mnld tmpfs_26_0 file mnld_tmpfs) -(allow mnld mnld_tmpfs (file (read write getattr))) -(allow mnld tmpfs_26_0 (dir (getattr search))) -(allow mnld agpsd_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mnld agpsd_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld mtk_agpsd (unix_dgram_socket (sendto))) -(allow mnld sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow mnld sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow mnld nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mnld nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld nvram_data_file (lnk_file (read))) -(allow mnld nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow mnld nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow mnld nvdata_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mnld nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld mnld_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow mnld mnld_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld mnld_device (chr_file (ioctl read write getattr lock append open))) -(allow mnld mnld_data_file (file (ioctl read write getattr lock append open))) -(allow mnld mnld_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld mnld_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld init_26_0 (unix_stream_socket (connectto))) -(allow mnld init_26_0 (udp_socket (read write))) -(allow mnld lbs_hidl_service (unix_dgram_socket (sendto))) -(allow mnld system_data_file_26_0 (dir (write add_name))) -(allow mnld system_data_file_26_0 (lnk_file (read))) -(allow mnld bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow mnld block_device_26_0 (dir (search))) -(allow mnld mnld_prop (property_service (set))) -(allow mnld property_socket_26_0 (sock_file (write))) -(allow mnld mdlog_device (chr_file (read write))) -(allow mnld self (capability (dac_override fsetid))) -(allow mnld stpbt_device (chr_file (read write))) -(allow mnld ttyGS_device (chr_file (read write))) -(allow mnld sdcard_type (dir (search))) -(allow mnld sdcard_type (dir (write))) -(allow mnld sdcard_type (dir (add_name))) -(allow mnld sdcard_type (file (create))) -(allow mnld sdcard_type (file (ioctl read write getattr lock append open))) -(allow mnld sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld sdcard_type (dir (read create remove_name open))) -(allow mnld tmpfs_26_0 (lnk_file (read create open))) -(allow mnld mtd_device_26_0 (dir (search))) -(allow mnld mnt_user_file_26_0 (lnk_file (read))) -(allow mnld mnt_user_file_26_0 (dir (search))) -(allow mnld gps_data_file (dir (write unlink add_name remove_name search))) -(allow mnld gps_data_file (file (read write create getattr setattr lock append unlink open))) -(allow mnld gps_data_file (lnk_file (read))) -(allow mnld storage_file_26_0 (lnk_file (read))) -(allow mnld nvcfg_file (dir (search))) -(allow mnld media_rw_data_file_26_0 (dir (read write create getattr add_name remove_name search open))) -(allow mnld media_rw_data_file_26_0 (file (create))) -(allow mnld media_rw_data_file_26_0 (file (ioctl read write getattr lock append open))) -(allow mnld media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mnld proc_lk_env (file (ioctl read write getattr lock append open))) -(allow mnld mtk_hal_gnss (unix_dgram_socket (sendto))) -(allow mnld hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mnld (binder (call transfer))) -(allow hwservicemanager_26_0 mnld (dir (search))) -(allow hwservicemanager_26_0 mnld (file (read open))) -(allow hwservicemanager_26_0 mnld (process (getattr))) -(allow mnld system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 mnld (binder (transfer))) -(allow mnld system_server_26_0 (fd (use))) -(allow mnld fwk_sensor_hwservice_26_0 (hwservice_manager (find))) -(allow mnld hwservicemanager_prop_26_0 (file (read getattr open))) -(allow mnld debugfs_tracing_26_0 (file (write open))) -(allow mobile_log_d_26_0 sysfs_scp (file (write open))) -(allow mobile_log_d_26_0 sysfs_scp (dir (search))) -(allow mobile_log_d_26_0 scp_device (chr_file (read open))) -(allow mobile_log_d_26_0 sysfs_sspm (file (write open))) -(allow mobile_log_d_26_0 sysfs_sspm (dir (search))) -(allow mobile_log_d_26_0 sspm_device (chr_file (read open))) -(allow mobile_log_d_26_0 logmisc_data_file (dir (ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open))) -(allow mobile_log_d_26_0 logmisc_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mobile_log_d_26_0 logtemp_data_file (dir (ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open))) -(allow mobile_log_d_26_0 logtemp_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mobile_log_d_26_0 data_tmpfs_log_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mobile_log_d_26_0 data_tmpfs_log_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mobile_log_d_26_0 property_socket_26_0 (sock_file (write))) -(allow mobile_log_d_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow mobile_log_d_26_0 ftrace_log_prop (property_service (set))) -(allow mobile_log_d_26_0 ftrace_log_prop (file (ioctl read getattr lock open))) -(allow mobile_log_d_26_0 property_socket_26_0 (sock_file (write))) -(allow mobile_log_d_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow mobile_log_d_26_0 mtk_telephony_sensitive_prop (property_service (set))) -(allow mobile_log_d_26_0 mtk_telephony_sensitive_prop (file (ioctl read getattr lock open))) -(allow mobile_log_d_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow mobile_log_d_26_0 ttyGS_device (chr_file (ioctl read write open))) -(allow init_26_0 MPED_exec (file (read getattr execute open))) -(allow init_26_0 MPED (process (transition))) -(allow MPED MPED_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 MPED (process (noatsecure))) -(allow init_26_0 MPED (process (siginh rlimitinh))) -(typetransition init_26_0 MPED_exec process MPED) -(typetransition MPED tmpfs_26_0 file MPED_tmpfs) -(allow MPED MPED_tmpfs (file (read write getattr))) -(allow MPED tmpfs_26_0 (dir (getattr search))) -(allow MPED sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow MPED sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow MPED init_26_0 (unix_stream_socket (connectto))) -(allow MPED init_26_0 (udp_socket (ioctl read write getattr setattr lock append bind connect getopt setopt shutdown))) -(allow MPED self (capability (dac_override fsetid))) -(allow MPED sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow MPED tmpfs_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow MPED MPED_socket (sock_file (ioctl read write create getattr setattr lock append unlink link rename open))) -(allow MPED system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow MPED MPED_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow MPED MPED_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow MPED MPED_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow MPED MPED_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow MPED MPED_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition MPED system_data_file_26_0 dir MPED_data_file) -(typetransition MPED system_data_file_26_0 fifo_file MPED_data_file) -(typetransition MPED system_data_file_26_0 sock_file MPED_data_file) -(typetransition MPED system_data_file_26_0 lnk_file MPED_data_file) -(typetransition MPED system_data_file_26_0 file MPED_data_file) -(allow MPED MPED_data_file (dir (write lock add_name remove_name search open))) -(allow MPED MPED_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow MPED MPED_socket (sock_file (setattr))) -(allow init_26_0 mtk_agpsd_exec (file (read getattr execute open))) -(allow init_26_0 mtk_agpsd (process (transition))) -(allow mtk_agpsd mtk_agpsd_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_agpsd (process (noatsecure))) -(allow init_26_0 mtk_agpsd (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_agpsd_exec process mtk_agpsd) -(typetransition mtk_agpsd tmpfs_26_0 file mtk_agpsd_tmpfs) -(allow mtk_agpsd mtk_agpsd_tmpfs (file (read write getattr))) -(allow mtk_agpsd tmpfs_26_0 (dir (getattr search))) -(allow mtk_agpsd agps_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_agpsd ttySDIO_device (chr_file (ioctl read write create getattr setattr lock append unlink open))) -(allow mtk_agpsd ccci_device (chr_file (ioctl read write create getattr setattr lock append unlink open))) -(allow mtk_agpsd agpsd_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_agpsd agpsd_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_agpsd agpsd_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_agpsd sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_agpsd sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_agpsd eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_agpsd mnt_user_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_agpsd tmpfs_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_agpsd storage_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_agpsd mnt_user_file_26_0 (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_agpsd media_rw_data_file_26_0 (dir (read write add_name search open))) -(allow mtk_agpsd media_rw_data_file_26_0 (file (read create getattr append open))) -(allow mtk_agpsd slpd (unix_dgram_socket (sendto))) -(allow mtk_agpsd nvcfg_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_agpsd nvcfg_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_agpsd mnld (unix_dgram_socket (sendto))) -(allow mtk_agpsd lbs_hidl_service (unix_dgram_socket (sendto))) -(allow init_26_0 mtk_hal_audio_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_audio (process (transition))) -(allow mtk_hal_audio mtk_hal_audio_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_audio (process (noatsecure))) -(allow init_26_0 mtk_hal_audio (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_audio_exec process mtk_hal_audio) -(typetransition mtk_hal_audio tmpfs_26_0 file mtk_hal_audio_tmpfs) -(allow mtk_hal_audio mtk_hal_audio_tmpfs (file (read write getattr))) -(allow mtk_hal_audio tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_audio hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_audio (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_audio (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_audio (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_audio (process (getattr))) -(allow mtk_hal_audio ion_device_26_0 (chr_file (ioctl read getattr lock open))) -(allow mtk_hal_audio system_file_26_0 (dir (read open))) -(allow mtk_hal_audio audiohal_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_hal_audio audiohal_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_audio proc_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_audio proc_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_audio proc_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_audio audio_device_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_audio audio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(neverallow mtk_hal_audio fs_type (file (execute_no_trans))) -(neverallow mtk_hal_audio file_type (file (execute_no_trans))) -(neverallow mtk_hal_audio domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect))) -(neverallow mtk_hal_audio domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(neverallow mtk_hal_audio domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind))) -(allow mtk_hal_audio sdcard_type (dir (write create lock add_name remove_name search open))) -(allow mtk_hal_audio sdcard_type (file (create))) -(allow mtk_hal_audio nvram_data_file (dir (write lock add_name remove_name search open))) -(allow mtk_hal_audio nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_audio nvram_data_file (lnk_file (read))) -(allow mtk_hal_audio nvdata_file (dir (write lock add_name remove_name search open))) -(allow mtk_hal_audio nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_audio sdcard_type (dir (remove_name))) -(allow mtk_hal_audio sdcard_type (file (unlink))) -(allow mtk_hal_audio system_data_file_26_0 (lnk_file (read))) -(allow mtk_hal_audio nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio self (netlink_kobject_uevent_socket (create bind setopt))) -(allow mtk_hal_audio self (netlink_kobject_uevent_socket (read))) -(allow mtk_hal_audio system_data_file_26_0 (file (open))) -(allow mtk_hal_audio bt_a2dp_stream_socket (sock_file (write))) -(allow mtk_hal_audio bt_int_adp_socket (sock_file (write))) -(allow mtk_hal_audio MtkCodecService (binder (call))) -(allow mtk_hal_audio ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio devmap_device (chr_file (ioctl read getattr lock open))) -(allow mtk_hal_audio ebc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio block_device_26_0 (dir (write search))) -(allow mtk_hal_audio fm_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio sdcard_type (file (append))) -(allow mtk_hal_audio audiohal_prop (property_service (set))) -(allow mtk_hal_audio graphics_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio smartpa_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio uhid_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio vow_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio rpc_socket (sock_file (write))) -(allow mtk_hal_audio ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio sysfs_lowmemorykiller_26_0 (file (read open))) -(allow mtk_hal_audio proc_mtkcooler (dir (search))) -(allow mtk_hal_audio proc_mtktz (dir (search))) -(allow mtk_hal_audio proc_thermal (dir (search))) -(allow mtk_hal_audio thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_audio thermal_manager_data_file (dir (ioctl read write getattr setattr lock add_name remove_name search open))) -(allow mtk_hal_audio radio_data_file_26_0 (dir (search))) -(allow mtk_hal_audio radio_data_file_26_0 (file (open))) -(allow mtk_hal_audio radio_26_0 (dir (read search))) -(allow mtk_hal_audio radio_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_audio untrusted_app_26_0 (dir (search))) -(allow mtk_hal_audio offloadservice_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio system_data_file_26_0 (dir (write))) -(allow mtk_hal_audio storage_file_26_0 (dir (search))) -(allow mtk_hal_audio storage_file_26_0 (lnk_file (read write))) -(allow mtk_hal_audio mnt_user_file_26_0 (dir (read write search))) -(allow mtk_hal_audio mnt_user_file_26_0 (lnk_file (read write))) -(allow mtk_hal_audio sysfs_ccci (file (ioctl read getattr lock open))) -(allow mtk_hal_audio tmpfs_26_0 (dir (search))) -(allow mtk_hal_audio sysfs_26_0 (file (read write open))) -(allow mtk_hal_audio sysfs_ccci (dir (search))) -(allow mtk_hal_audio debugfs_binder (dir (search))) -(allow mtk_hal_audio kmsg_device_26_0 (chr_file (write open))) -(allow mtk_hal_audio property_socket_26_0 (sock_file (write))) -(allow mtk_hal_audio media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_hal_audio fuse_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_audio init_26_0 (unix_stream_socket (connectto))) -(allow mtk_hal_audio radio_26_0 (binder (call transfer))) -(allow radio_26_0 mtk_hal_audio (binder (transfer))) -(allow mtk_hal_audio radio_26_0 (fd (use))) -(allow mtk_hal_audio mtk_audiohal_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_hal_audio mtk_audiohal_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_audio sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_audio proc_ged (file (ioctl read write getattr open))) -(allow mtk_hal_audio property_socket_26_0 (sock_file (write))) -(allow mtk_hal_audio init_26_0 (unix_stream_socket (connectto))) -(allow mtk_hal_audio hwservicemanager_prop_26_0 (property_service (set))) -(allow mtk_hal_audio hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_audio storage_file_26_0 (dir (search))) -(allow mtk_hal_audio system_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_audio fuse_26_0 (dir (read))) -(allow mtk_hal_audio debugfs_tracing_26_0 (file (write open))) -(allow mtk_hal_audio self (capability (sys_nice))) -(allow mtk_hal_audio audiocmdservice_atci_26_0 (binder (call transfer))) -(allow audiocmdservice_atci_26_0 mtk_hal_audio (binder (transfer))) -(allow mtk_hal_audio audiocmdservice_atci_26_0 (fd (use))) -(allow mtk_hal_audio mtk_hal_power_hwservice (hwservice_manager (find))) -(allow mtk_hal_audio mtk_hal_power (binder (call transfer))) -(allow mtk_hal_power mtk_hal_audio (binder (transfer))) -(allow mtk_hal_audio mtk_hal_power (fd (use))) -(allow mtk_hal_audio media_rw_data_file_26_0 (file (read write create getattr append open))) -(allow init_26_0 mtk_hal_bluetooth_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_bluetooth (process (transition))) -(allow mtk_hal_bluetooth mtk_hal_bluetooth_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_bluetooth (process (noatsecure))) -(allow init_26_0 mtk_hal_bluetooth (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_bluetooth_exec process mtk_hal_bluetooth) -(typetransition mtk_hal_bluetooth tmpfs_26_0 file mtk_hal_bluetooth_tmpfs) -(allow mtk_hal_bluetooth mtk_hal_bluetooth_tmpfs (file (read write getattr))) -(allow mtk_hal_bluetooth tmpfs_26_0 (dir (getattr search))) -#(allow mtk_hal_bluetooth system_file_26_0 (dir (ioctl read getattr lock search open))) -#(allow mtk_hal_bluetooth system_file_26_0 (file (ioctl read getattr lock open))) -#(allow mtk_hal_bluetooth system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth bluetooth_26_0 (binder (call transfer))) -(allow bluetooth_26_0 mtk_hal_bluetooth (binder (transfer))) -(allow mtk_hal_bluetooth bluetooth_26_0 (fd (use))) -(allow mtk_hal_bluetooth hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_bluetooth (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_bluetooth (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_bluetooth (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_bluetooth (process (getattr))) -(allow mtk_hal_bluetooth sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_bluetooth self (capability2 (block_suspend))) -(allow mtk_hal_bluetooth bluetooth_efs_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_bluetooth bluetooth_efs_file_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth bluetooth_efs_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth uhid_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_bluetooth hci_attach_dev_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_bluetooth bluetooth_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_bluetooth bluetooth_data_file_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth bluetooth_data_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth sysfs_type (dir (ioctl read getattr lock search open))) -(allow mtk_hal_bluetooth sysfs_type (file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth sysfs_bluetooth_writable_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_bluetooth self (capability2 (wake_alarm))) -(allow mtk_hal_bluetooth property_socket_26_0 (sock_file (write))) -(allow mtk_hal_bluetooth init_26_0 (unix_stream_socket (connectto))) -(allow mtk_hal_bluetooth bluetooth_prop_26_0 (property_service (set))) -(allow mtk_hal_bluetooth bluetooth_prop_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth proc_bluetooth_writable_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_bluetooth self (capability (net_admin))) -(allow mtk_hal_bluetooth bluetooth_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow mtk_hal_bluetooth bluetooth_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_bluetooth stpbt_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_bluetooth nvdata_file (dir (search))) -(allow mtk_hal_bluetooth nvdata_file (file (ioctl read write getattr lock append open))) -(allow mtk_hal_bluetooth nvram_data_file (lnk_file (read))) -(allow mtk_hal_bluetooth hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow hal_bluetooth mtk_hal_bluetooth_hwservice (hwservice_manager (add find))) -(allow hal_bluetooth hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_178_26_0 mtk_hal_bluetooth_hwservice (hwservice_manager (add))) -(neverallow hal_bluetooth unlabeled_26_0 (hwservice_manager (add))) -(allow hal_bluetooth_client mtk_hal_bluetooth_hwservice (hwservice_manager (find))) -(allow mtk_hal_bluetooth system_data_file_26_0 (lnk_file (read))) -(allow init_26_0 mtk_hal_camera_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_camera (process (transition))) -(allow mtk_hal_camera mtk_hal_camera_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_camera (process (noatsecure))) -(allow init_26_0 mtk_hal_camera (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_camera_exec process mtk_hal_camera) -(typetransition mtk_hal_camera tmpfs_26_0 file mtk_hal_camera_tmpfs) -(allow mtk_hal_camera mtk_hal_camera_tmpfs (file (read write getattr))) -(allow mtk_hal_camera tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_camera hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_camera (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_camera (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_camera (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_camera (process (getattr))) -(allow mtk_hal_camera vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 mtk_hal_camera (dir (search))) -(allow vndservicemanager_26_0 mtk_hal_camera (file (read open))) -(allow vndservicemanager_26_0 mtk_hal_camera (process (getattr))) -(allow mtk_hal_camera hwservicemanager_prop_26_0 (file (read getattr open))) -(allow mtk_hal_camera cameraserver_26_0 (binder (call transfer))) -(allow cameraserver_26_0 mtk_hal_camera (binder (transfer))) -(allow mtk_hal_camera cameraserver_26_0 (fd (use))) -(allow mtk_hal_camera shell_26_0 (binder (call transfer))) -(allow shell_26_0 mtk_hal_camera (binder (transfer))) -(allow mtk_hal_camera shell_26_0 (fd (use))) -(allow mtk_hal_camera aee_aedv_26_0 (binder (call transfer))) -(allow aee_aedv_26_0 mtk_hal_camera (binder (transfer))) -(allow mtk_hal_camera aee_aedv_26_0 (fd (use))) -(allow mtk_hal_camera hal_graphics_allocator (binder (call transfer))) -(allow hal_graphics_allocator mtk_hal_camera (binder (transfer))) -(allow mtk_hal_camera hal_graphics_allocator (fd (use))) -(allow mtk_hal_camera mtk_hal_power (binder (call transfer))) -(allow mtk_hal_power mtk_hal_camera (binder (transfer))) -(allow mtk_hal_camera mtk_hal_power (fd (use))) -(allow mtk_hal_camera hal_graphics_mapper_hwservice_26_0 (hwservice_manager (find))) -(allow mtk_hal_camera hal_graphics_allocator_hwservice_26_0 (hwservice_manager (find))) -(allow mtk_hal_camera fwk_sensor_hwservice_26_0 (hwservice_manager (find))) -(allow mtk_hal_camera mtk_hal_power_hwservice (hwservice_manager (find))) -(allow mtk_hal_camera nvram_data_file (lnk_file (read write create getattr setattr open))) -(allow mtk_hal_camera proc_26_0 (file (ioctl read open))) -(allow mtk_hal_camera sysfs_26_0 (file (read write getattr open))) -(allow mtk_hal_camera camera_sysram_device (chr_file (ioctl read getattr lock open))) -(allow mtk_hal_camera camera_pipemgr_device (chr_file (ioctl read getattr lock open))) -(allow mtk_hal_camera camera_isp_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera kd_camera_hw_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera kd_camera_flashlight_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera flashlight_device (chr_file (ioctl read write open))) -(allow mtk_hal_camera lens_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera camera_fdvt_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera camera_dpe_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera camera_tsf_device (chr_file (ioctl read write open))) -(allow mtk_hal_camera mtk_jpeg_device (chr_file (ioctl read getattr lock open))) -(allow mtk_hal_camera ccu_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera vpu_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera MAINAF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera MAIN2AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera SUBAF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera FM50AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera AD5820AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera DW9714AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera DW9814AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera AK7345AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera DW9714A_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera LC898122AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera LC898212AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera BU6429AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera DW9718AF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera BU64745GWZAF_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera CAM_CAL_DRV_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera CAM_CAL_DRV1_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera CAM_CAL_DRV2_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera ion_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera sw_sync_device (chr_file (getattr))) -(allow mtk_hal_camera MTK_SMI_device (chr_file (ioctl read getattr lock open))) -(allow mtk_hal_camera fuse_26_0 (dir (read write search))) -(allow mtk_hal_camera fuse_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera block_device_26_0 (dir (write search))) -(allow mtk_hal_camera nvdata_file (dir (write add_name search))) -(allow mtk_hal_camera nvdata_file (file (read write create getattr setattr open))) -(allow mtk_hal_camera nvram_data_file (dir (write create add_name search))) -(allow mtk_hal_camera nvram_data_file (file (read write create getattr setattr open))) -(allow mtk_hal_camera nvram_data_file (lnk_file (read))) -(allow mtk_hal_camera nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera self (netlink_kobject_uevent_socket (create bind setopt))) -(allow mtk_hal_camera sdcard_type (dir (write create add_name))) -(allow mtk_hal_camera sdcard_type (file (create getattr append))) -(allow mtk_hal_camera sdcardfs_26_0 (dir (search))) -(allow mtk_hal_camera sdcardfs_26_0 (file (read write open))) -(allow mtk_hal_camera mtkcam_prop (file (read getattr open))) -(allow mtk_hal_camera shell_26_0 (unix_stream_socket (read write))) -(allow mtk_hal_camera shell_26_0 (fifo_file (write))) -(allow mtk_hal_camera dumpstate_26_0 (binder (call))) -(allow mtk_hal_camera dumpstate_26_0 (unix_stream_socket (read write))) -(allow mtk_hal_camera dumpstate_26_0 (fd (use))) -(allow mtk_hal_camera dumpstate_26_0 (fifo_file (write))) -(allow mtk_hal_camera aee_exp_data_file (dir (write lock add_name remove_name search open))) -(allow mtk_hal_camera aee_exp_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_camera self (process (ptrace))) -(allow mtk_hal_camera self (capability (setuid ipc_lock sys_nice))) -(allow mtk_hal_camera sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera nvdata_file (dir (write add_name search))) -(allow mtk_hal_camera nvdata_file (file (read write create getattr setattr open))) -(allow mtk_hal_camera proc_meminfo_26_0 (file (read getattr open))) -(allow mtk_hal_camera sysfs_lowmemorykiller_26_0 (file (read open))) -(allow mtk_hal_camera proc_mtkcooler (dir (search))) -(allow mtk_hal_camera proc_mtktz (dir (search))) -(allow mtk_hal_camera proc_thermal (dir (search))) -(allow mtk_hal_camera thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_camera thermal_manager_data_file (dir (ioctl read write getattr setattr lock add_name remove_name search open))) -(allow mtk_hal_camera untrusted_app_26_0 (dir (search))) -(allow mtk_hal_camera offloadservice_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_camera system_data_file_26_0 (dir (write))) -(allow mtk_hal_camera storage_file_26_0 (lnk_file (read write))) -(allow mtk_hal_camera mnt_user_file_26_0 (dir (read write search))) -(allow mtk_hal_camera mnt_user_file_26_0 (lnk_file (read write))) -(allow mtk_hal_camera media_rw_data_file_26_0 (dir (create getattr))) -(allow mtk_hal_camera surfaceflinger_26_0 (fifo_file (read write))) -(allow mtk_hal_camera nvcfg_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_hal_camera nvcfg_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_camera system_server_26_0 (unix_stream_socket (read write))) -(allow mtk_hal_camera tmpfs_26_0 (dir (search))) -(allow mtk_hal_camera system_file_26_0 (dir (read open))) -(allow mtk_hal_camera gpu_device_26_0 (dir (search))) -(allow mtk_hal_camera gpu_device_26_0 (chr_file (ioctl read write getattr open))) -(allow mtk_hal_camera proc_ged (file (ioctl read write getattr open))) -(allow mtk_hal_camera system_data_file_26_0 (lnk_file (read))) -(allow mtk_hal_camera debugfs_tracing_26_0 (file (write open))) -(allow mtk_hal_camera media_rw_data_file_26_0 (dir (read write add_name search open))) -(allow mtk_hal_camera media_rw_data_file_26_0 (file (read write create getattr open))) -(allow mtk_hal_camera debugfs_ion (dir (search))) -(allow mtk_hal_camera hal_graphics_composer_default (fd (use))) -(allow mtk_hal_camera property_socket_26_0 (sock_file (write))) -(allow mtk_hal_camera mtk_cmdq_device (chr_file (ioctl read open))) -(allow mtk_hal_camera sysfs_power_supply (dir (search))) -(allow mtk_hal_camera sysfs_power_supply (file (read getattr open))) -(allow init_26_0 mtk_hal_gnss_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_gnss (process (transition))) -(allow mtk_hal_gnss mtk_hal_gnss_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_gnss (process (noatsecure))) -(allow init_26_0 mtk_hal_gnss (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_gnss_exec process mtk_hal_gnss) -(typetransition mtk_hal_gnss tmpfs_26_0 file mtk_hal_gnss_tmpfs) -(allow mtk_hal_gnss mtk_hal_gnss_tmpfs (file (read write getattr))) -(allow mtk_hal_gnss tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_gnss vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_gnss vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 mtk_hal_gnss (dir (search))) -(allow vndservicemanager_26_0 mtk_hal_gnss (file (read open))) -(allow vndservicemanager_26_0 mtk_hal_gnss (process (getattr))) -#(allow mtk_hal_gnss system_file_26_0 (dir (ioctl read getattr lock search open))) -#(allow mtk_hal_gnss system_file_26_0 (file (ioctl read getattr lock open))) -#(allow mtk_hal_gnss system_file_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_gnss mnld_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_gnss mnld_data_file (sock_file (ioctl read write getattr lock append open))) -(allow mtk_hal_gnss mnld_data_file (dir (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_gnss mnld_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow mtk_hal_gnss mnld (unix_dgram_socket (sendto))) -(allow init_26_0 mtk_hal_imsa_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_imsa (process (transition))) -(allow mtk_hal_imsa mtk_hal_imsa_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_imsa (process (noatsecure))) -(allow init_26_0 mtk_hal_imsa (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_imsa_exec process mtk_hal_imsa) -(typetransition mtk_hal_imsa tmpfs_26_0 file mtk_hal_imsa_tmpfs) -(allow mtk_hal_imsa mtk_hal_imsa_tmpfs (file (read write getattr))) -(allow mtk_hal_imsa tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_imsa hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_imsa (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_imsa (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_imsa (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_imsa (process (getattr))) -(allow hal_imsa_server mtk_hal_imsa_hwservice (hwservice_manager (add find))) -(allow hal_imsa_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_179_26_0 mtk_hal_imsa_hwservice (hwservice_manager (add))) -(neverallow hal_imsa_server unlabeled_26_0 (hwservice_manager (add))) -(allow mtk_hal_imsa system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 mtk_hal_imsa (binder (transfer))) -(allow mtk_hal_imsa system_server_26_0 (fd (use))) -(allow mtk_hal_imsa rild_imsm_socket (sock_file (write))) -(allow mtk_hal_imsa hwservicemanager_prop_26_0 (file (read open))) -(allow mtk_hal_imsa hwservicemanager_prop_26_0 (file (getattr))) -(allow mtk_hal_imsa radio_26_0 (binder (call))) -(allow mtk_hal_imsa debugfs_tracing_26_0 (file (write open))) -(allow mtk_hal_keyattestation_client mtk_hal_keyattestation_server (binder (call transfer))) -(allow mtk_hal_keyattestation_server mtk_hal_keyattestation_client (binder (transfer))) -(allow mtk_hal_keyattestation_client mtk_hal_keyattestation_server (fd (use))) -(allow mtk_hal_keyattestation_server mtk_hal_keyattestation_hwservice (hwservice_manager (add find))) -(allow mtk_hal_keyattestation_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_180_26_0 mtk_hal_keyattestation_hwservice (hwservice_manager (add))) -(neverallow mtk_hal_keyattestation_server unlabeled_26_0 (hwservice_manager (add))) -(allow mtk_hal_keyattestation_client mtk_hal_keyattestation_hwservice (hwservice_manager (find))) -(allow mtk_hal_lbs_client mtk_hal_lbs_server (binder (call transfer))) -(allow mtk_hal_lbs_server mtk_hal_lbs_client (binder (transfer))) -(allow mtk_hal_lbs_client mtk_hal_lbs_server (fd (use))) -(allow mtk_hal_lbs_server mtk_hal_lbs_client (binder (call transfer))) -(allow mtk_hal_lbs_client mtk_hal_lbs_server (binder (transfer))) -(allow mtk_hal_lbs_server mtk_hal_lbs_client (fd (use))) -(allow mtk_hal_lbs_server mtk_hal_lbs_hwservice (hwservice_manager (add find))) -(allow mtk_hal_lbs_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_181_26_0 mtk_hal_lbs_hwservice (hwservice_manager (add))) -(neverallow mtk_hal_lbs_server unlabeled_26_0 (hwservice_manager (add))) -(allow mtk_hal_lbs_client mtk_hal_lbs_hwservice (hwservice_manager (find))) -(allow mtk_hal_lbs vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_lbs vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 mtk_hal_lbs (dir (search))) -(allow vndservicemanager_26_0 mtk_hal_lbs (file (read open))) -(allow vndservicemanager_26_0 mtk_hal_lbs (process (getattr))) -(allow init_26_0 mtk_hal_light_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_light (process (transition))) -(allow mtk_hal_light mtk_hal_light_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_light (process (noatsecure))) -(allow init_26_0 mtk_hal_light (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_light_exec process mtk_hal_light) -(typetransition mtk_hal_light tmpfs_26_0 file mtk_hal_light_tmpfs) -(allow mtk_hal_light mtk_hal_light_tmpfs (file (read write getattr))) -(allow mtk_hal_light tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_light hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_light (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_light (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_light (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_light (process (getattr))) -(allow mtk_hal_light system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 mtk_hal_light (binder (transfer))) -(allow mtk_hal_light system_server_26_0 (fd (use))) -(allow mtk_hal_light system_file_26_0 (dir (read))) -(allow mtk_hal_light system_file_26_0 (dir (open))) -(allow mtk_hal_light sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_light sysfs_leds_26_0 (lnk_file (read))) -(allow mtk_hal_light sysfs_leds_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_light sysfs_leds_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_light hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow init_26_0 mtk_hal_power_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_power (process (transition))) -(allow mtk_hal_power mtk_hal_power_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_power (process (noatsecure))) -(allow init_26_0 mtk_hal_power (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_power_exec process mtk_hal_power) -(typetransition mtk_hal_power tmpfs_26_0 file mtk_hal_power_tmpfs) -(allow mtk_hal_power mtk_hal_power_tmpfs (file (read write getattr))) -(allow mtk_hal_power tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_power hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_power (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_power (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_power (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_power (process (getattr))) -(allow mtk_hal_power hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_power hal_power_hwservice_26_0 (hwservice_manager (add find))) -(allow mtk_hal_power hidl_base_hwservice_26_0 (hwservice_manager (add))) -(allow hal_power mtk_hal_power_hwservice (hwservice_manager (add find))) -(allow hal_power hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_182_26_0 mtk_hal_power_hwservice (hwservice_manager (add))) -(neverallow hal_power unlabeled_26_0 (hwservice_manager (add))) -(allow hal_power_client mtk_hal_power_hwservice (hwservice_manager (find))) -(allow mtk_hal_power proc_26_0 (dir (getattr search))) -(allow mtk_hal_power proc_26_0 (file (ioctl read write getattr open))) -(allow mtk_hal_light sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_power sysfs_devices_system_cpu_26_0 (file (write))) -(allow mtk_hal_power debugfs_ged (dir (search))) -(allow mtk_hal_power system_data_file_26_0 (dir (write))) -(allow mtk_hal_power proc_thermal (file (write open))) -(allow init_26_0 mtk_hal_pq_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_pq (process (transition))) -(allow mtk_hal_pq mtk_hal_pq_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_pq (process (noatsecure))) -(allow init_26_0 mtk_hal_pq (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_pq_exec process mtk_hal_pq) -(typetransition mtk_hal_pq tmpfs_26_0 file mtk_hal_pq_tmpfs) -(allow mtk_hal_pq mtk_hal_pq_tmpfs (file (read write getattr))) -(allow mtk_hal_pq tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_pq hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_pq (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_pq (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_pq (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_pq (process (getattr))) -(allow hal_pq_server mtk_hal_pq_hwservice (hwservice_manager (add find))) -(allow hal_pq_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_183_26_0 mtk_hal_pq_hwservice (hwservice_manager (add))) -(neverallow hal_pq_server unlabeled_26_0 (hwservice_manager (add))) -(allow mtk_hal_pq graphics_device_26_0 (chr_file (ioctl read write open))) -(allow mtk_hal_pq init_26_0 (unix_stream_socket (connectto))) -(allow mtk_hal_pq property_socket_26_0 (sock_file (write))) -(allow mtk_hal_pq system_prop_26_0 (property_service (set))) -(allow mtk_hal_pq debug_prop_26_0 (property_service (set))) -(allow init_26_0 mtk_hal_sensors_exec (file (read getattr execute open))) -(allow init_26_0 mtk_hal_sensors (process (transition))) -(allow mtk_hal_sensors mtk_hal_sensors_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_hal_sensors (process (noatsecure))) -(allow init_26_0 mtk_hal_sensors (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_hal_sensors_exec process mtk_hal_sensors) -(typetransition mtk_hal_sensors tmpfs_26_0 file mtk_hal_sensors_tmpfs) -(allow mtk_hal_sensors mtk_hal_sensors_tmpfs (file (read write getattr))) -(allow mtk_hal_sensors tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_sensors hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_sensors (binder (call transfer))) -(allow hwservicemanager_26_0 mtk_hal_sensors (dir (search))) -(allow hwservicemanager_26_0 mtk_hal_sensors (file (read open))) -(allow hwservicemanager_26_0 mtk_hal_sensors (process (getattr))) -(allow mtk_hal_sensors system_server_26_0 (binder (call transfer))) -(allow system_server_26_0 mtk_hal_sensors (binder (transfer))) -(allow mtk_hal_sensors system_server_26_0 (fd (use))) -(allow mtk_hal_sensors system_file_26_0 (dir (read))) -(allow mtk_hal_sensors system_file_26_0 (dir (open))) -(allow mtk_hal_sensors sysfs_26_0 (file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors hwmsensor_device (chr_file (ioctl read getattr lock open))) -(allow mtk_hal_sensors hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_sensors m_acc_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_als_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_ps_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_mag_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_gyro_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_baro_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_hmdy_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_act_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_pedo_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_situ_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_step_c_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_fusion_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors m_bio_misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_hal_sensors sensor_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_sensors sensor_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow mtk_hal_wifi_hostapd_client mtk_hal_wifi_hostapd_server (binder (call transfer))) -(allow mtk_hal_wifi_hostapd_server mtk_hal_wifi_hostapd_client (binder (transfer))) -(allow mtk_hal_wifi_hostapd_client mtk_hal_wifi_hostapd_server (fd (use))) -(allow mtk_hal_wifi_hostapd_server mtk_hal_wifi_hostapd_client (binder (call transfer))) -(allow mtk_hal_wifi_hostapd_client mtk_hal_wifi_hostapd_server (binder (transfer))) -(allow mtk_hal_wifi_hostapd_server mtk_hal_wifi_hostapd_client (fd (use))) -(allow mtk_hal_wifi_hostapd_server mtk_hal_wifi_hostapd_hwservice (hwservice_manager (add find))) -(allow mtk_hal_wifi_hostapd_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_184_26_0 mtk_hal_wifi_hostapd_hwservice (hwservice_manager (add))) -(neverallow mtk_hal_wifi_hostapd_server unlabeled_26_0 (hwservice_manager (add))) -(allow mtk_hal_wifi_hostapd_client mtk_hal_wifi_hostapd_hwservice (hwservice_manager (find))) -(allowx mtk_hal_wifi_hostapd self (ioctl udp_socket (0x6900 0x6902))) -(allowx mtk_hal_wifi_hostapd self (ioctl udp_socket (((range 0x890b 0x890d)) 0x8911 0x8914 0x8916 0x8918 0x891a ((range 0x891c 0x8920)) ((range 0x8922 0x8927)) 0x8929 ((range 0x8930 0x8932)) ((range 0x8934 0x8937)) 0x8939 ((range 0x8940 0x8941)) 0x8943 ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx mtk_hal_wifi_hostapd self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 ((range 0x8b14 0x8b1d)) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 ((range 0x8b2a 0x8b2c)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow mtk_hal_wifi_hostapd sysfs_type (dir (ioctl read getattr lock search open))) -(allow mtk_hal_wifi_hostapd sysfs_type (file (ioctl read getattr lock open))) -(allow mtk_hal_wifi_hostapd sysfs_type (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_wifi_hostapd proc_net_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_wifi_hostapd proc_net_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_wifi_hostapd proc_net_26_0 (lnk_file (ioctl read getattr lock open))) -(allow mtk_hal_wifi_hostapd kernel_26_0 (system (module_request))) -(allow mtk_hal_wifi_hostapd self (capability (setgid setuid net_admin net_raw))) -(allow mtk_hal_wifi_hostapd cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_hal_wifi_hostapd self (netlink_route_socket (nlmsg_write))) -(allow mtk_hal_wifi_hostapd self (netlink_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow mtk_hal_wifi_hostapd self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow mtk_hal_wifi_hostapd self (packet_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allowx mtk_hal_wifi_hostapd self (ioctl packet_socket (((range 0x5401 0x5403)) 0x540b ((range 0x540e 0x5411)) ((range 0x5413 0x5414)) 0x5451))) -(allowx mtk_hal_wifi_hostapd self (ioctl packet_socket (0x6900 0x6902))) -(allowx mtk_hal_wifi_hostapd self (ioctl packet_socket (((range 0x8906 0x8907)) ((range 0x890b 0x890d)) ((range 0x8910 0x8927)) 0x8929 ((range 0x8930 0x8939)) ((range 0x8940 0x8943)) ((range 0x8946 0x894b)) ((range 0x8953 0x8955)) ((range 0x8960 0x8962)) ((range 0x8970 0x8971)) ((range 0x8980 0x8983)) ((range 0x8990 0x8995)) ((range 0x89a0 0x89a3)) 0x89b0 ((range 0x89e0 0x89ff))))) -(allowx mtk_hal_wifi_hostapd self (ioctl packet_socket (((range 0x8b00 0x8b02)) ((range 0x8b04 0x8b1d)) ((range 0x8b20 0x8b2d)) ((range 0x8b30 0x8b36)) ((range 0x8be0 0x8bff))))) -(allow mtk_hal_wifi_hostapd wifi_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_hal_wifi_hostapd wifi_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_wifi_hostapd wpa_socket_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtk_hal_wifi_hostapd wpa_socket_26_0 (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtk_hal_wifi_hostapd wpa_socket_26_0 (sock_file (write))) -(allow mtk_hal_wifi_hostapd su_26_0 (unix_dgram_socket (sendto))) -(neverallow mtk_hal_wifi_hostapd_server sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod))) -(neverallow mtk_hal_wifi_hostapd_server sdcard_type (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute quotaon mounton execute_no_trans entrypoint execmod open audit_access))) -(allow init_26_0 mtk_wmt_launcher_exec (file (read getattr execute open))) -(allow init_26_0 mtk_wmt_launcher (process (transition))) -(allow mtk_wmt_launcher mtk_wmt_launcher_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtk_wmt_launcher (process (noatsecure))) -(allow init_26_0 mtk_wmt_launcher (process (siginh rlimitinh))) -(typetransition init_26_0 mtk_wmt_launcher_exec process mtk_wmt_launcher) -(typetransition mtk_wmt_launcher tmpfs_26_0 file mtk_wmt_launcher_tmpfs) -(allow mtk_wmt_launcher mtk_wmt_launcher_tmpfs (file (read write getattr))) -(allow mtk_wmt_launcher tmpfs_26_0 (dir (getattr search))) -(allow mtk_wmt_launcher property_socket_26_0 (sock_file (write))) -(allow mtk_wmt_launcher init_26_0 (unix_stream_socket (connectto))) -(allow mtk_wmt_launcher wmt_prop (property_service (set))) -(allow mtk_wmt_launcher wmt_prop (file (ioctl read getattr lock open))) -(allow mtk_wmt_launcher stpwmt_device (chr_file (ioctl read write getattr lock append open))) -(allow mtk_wmt_launcher devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtk_wmt_launcher system_file_26_0 (dir (read open))) -(allow mtk_wmt_launcher vendor_file_26_0 (dir (read open))) -(allow rild_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow rild_26_0 self (capability2 (block_suspend))) -(allow rild_26_0 kernel_26_0 (system (module_request))) -(allow rild_26_0 self (capability (setuid net_admin net_raw))) -(allow rild_26_0 self (capability (dac_override))) -(allow rild_26_0 cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 radio_prop_26_0 (property_service (set))) -(allow rild_26_0 radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 net_radio_prop_26_0 (property_service (set))) -(allow rild_26_0 net_radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 system_radio_prop_26_0 (property_service (set))) -(allow rild_26_0 system_radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 persist_ril_prop (property_service (set))) -(allow rild_26_0 persist_ril_prop (file (ioctl read getattr lock open))) -(auditallow rild_26_0 net_radio_prop_26_0 (property_service (set))) -(auditallow rild_26_0 system_radio_prop_26_0 (property_service (set))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 ril_active_md_prop (property_service (set))) -(allow rild_26_0 ril_active_md_prop (file (ioctl read getattr lock open))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 ril_cdma_report_prop (property_service (set))) -(allow rild_26_0 ril_cdma_report_prop (file (ioctl read getattr lock open))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 ril_mux_report_case_prop (property_service (set))) -(allow rild_26_0 ril_mux_report_case_prop (file (ioctl read getattr lock open))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 ctl_muxreport-daemon_prop (property_service (set))) -(allow rild_26_0 ctl_muxreport-daemon_prop (file (ioctl read getattr lock open))) -(allow rild_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow rild_26_0 self (capability2 (block_suspend))) -(allow rild_26_0 efs_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow rild_26_0 efs_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow rild_26_0 bluetooth_efs_file_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 bluetooth_efs_file_26_0 (dir (ioctl read getattr lock search open))) -(allow rild_26_0 radio_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow rild_26_0 radio_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow rild_26_0 sdcard_type (dir (ioctl read getattr lock search open))) -(allow rild_26_0 system_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow rild_26_0 system_data_file_26_0 (file (ioctl read getattr lock open))) -(allow rild_26_0 system_file_26_0 (file (getattr execute execute_no_trans))) -(allow rild_26_0 proc_26_0 (file (ioctl read write getattr lock append open))) -(allow rild_26_0 proc_net_26_0 (file (write lock append open))) -(allow rild_26_0 self (netlink_route_socket (nlmsg_write))) -(allow rild_26_0 alarm_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 radio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 radio_device_26_0 (blk_file (ioctl read getattr lock open))) -(allow rild_26_0 mtd_device_26_0 (dir (search))) -(allow rild_26_0 tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 Vcodec_device (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 devmap_device (chr_file (ioctl read getattr lock open))) -(allow rild_26_0 devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 misc_device (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 proc_lk_env (file (ioctl read write getattr lock append open))) -(allow rild_26_0 sysfs_vcorefs_pwrctrl (file (write lock append open))) -(allow rild_26_0 bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow rild_26_0 para_block_device (blk_file (ioctl read write getattr lock append open))) -(allow rild_26_0 block_device_26_0 (dir (search))) -(allow rild_26_0 platform_app_26_0 (fd (use))) -(allow rild_26_0 radio_26_0 (fd (use))) -(allow rild_26_0 mal_mfi_socket (sock_file (write lock append open))) -(allow rild_26_0 sysfs_ccci (dir (search))) -(allow rild_26_0 sysfs_ccci (file (ioctl read getattr lock open))) -(allow hal_telephony_server mtk_hal_rild_hwservice (hwservice_manager (add find))) -(allow hal_telephony_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_123_26_0 mtk_hal_rild_hwservice (hwservice_manager (add))) -(neverallow hal_telephony_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_telephony_client mtk_hal_rild_hwservice (hwservice_manager (find))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 mtk_telephony_sensitive_prop (property_service (set))) -(allow rild_26_0 mtk_telephony_sensitive_prop (file (ioctl read getattr lock open))) -(allow init_26_0 mtkrild_exec (file (read getattr execute open))) -(allow init_26_0 mtkrild (process (transition))) -(allow mtkrild mtkrild_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtkrild (process (noatsecure))) -(allow init_26_0 mtkrild (process (siginh rlimitinh))) -(typetransition init_26_0 mtkrild_exec process mtkrild) -(typetransition mtkrild tmpfs_26_0 file mtkrild_tmpfs) -(allow mtkrild mtkrild_tmpfs (file (read write getattr))) -(allow mtkrild tmpfs_26_0 (dir (getattr search))) -(allow mtkrild kernel_26_0 (system (module_request))) -(allow mtkrild self (capability (setuid net_admin net_raw))) -(allow mtkrild self (capability (dac_override))) -(allow mtkrild cgroup_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild radio_prop_26_0 (property_service (set))) -(allow mtkrild radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild net_radio_prop_26_0 (property_service (set))) -(allow mtkrild net_radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild system_radio_prop_26_0 (property_service (set))) -(allow mtkrild system_radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild persist_ril_prop (property_service (set))) -(allow mtkrild persist_ril_prop (file (ioctl read getattr lock open))) -(auditallow mtkrild net_radio_prop_26_0 (property_service (set))) -(auditallow mtkrild system_radio_prop_26_0 (property_service (set))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild ril_active_md_prop (property_service (set))) -(allow mtkrild ril_active_md_prop (file (ioctl read getattr lock open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild ril_cdma_report_prop (property_service (set))) -(allow mtkrild ril_cdma_report_prop (file (ioctl read getattr lock open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild ril_mux_report_case_prop (property_service (set))) -(allow mtkrild ril_mux_report_case_prop (file (ioctl read getattr lock open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild ctl_muxreport-daemon_prop (property_service (set))) -(allow mtkrild ctl_muxreport-daemon_prop (file (ioctl read getattr lock open))) -(allow mtkrild property_socket_26_0 (sock_file (write))) -(allow mtkrild init_26_0 (unix_stream_socket (connectto))) -(allow mtkrild mtk_telephony_sensitive_prop (property_service (set))) -(allow mtkrild mtk_telephony_sensitive_prop (file (ioctl read getattr lock open))) -(allow mtkrild sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow mtkrild self (capability2 (block_suspend))) -(allow mtkrild efs_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow mtkrild efs_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtkrild bluetooth_efs_file_26_0 (file (ioctl read getattr lock open))) -(allow mtkrild bluetooth_efs_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mtkrild radio_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow mtkrild radio_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow mtkrild sdcard_type (dir (ioctl read getattr lock search open))) -(allow mtkrild system_data_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mtkrild system_data_file_26_0 (file (ioctl read getattr lock open))) -(allow mtkrild system_file_26_0 (file (getattr execute execute_no_trans))) -(allow mtkrild proc_26_0 (file (ioctl read write getattr lock append open))) -(allow mtkrild proc_net_26_0 (file (write lock append open))) -(allow mtkrild self (netlink_route_socket (nlmsg_write))) -(allow mtkrild alarm_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild radio_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild radio_device_26_0 (blk_file (ioctl read getattr lock open))) -(allow mtkrild mtd_device_26_0 (dir (search))) -(allow mtkrild tty_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild Vcodec_device (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild devmap_device (chr_file (ioctl read getattr lock open))) -(allow mtkrild devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild misc_device (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild proc_lk_env (file (ioctl read write getattr lock append open))) -(allow mtkrild sysfs_vcorefs_pwrctrl (file (write lock append open))) -(allow mtkrild bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow mtkrild para_block_device (blk_file (ioctl read write getattr lock append open))) -(allow mtkrild block_device_26_0 (dir (search))) -(allow mtkrild platform_app_26_0 (fd (use))) -(allow mtkrild radio_26_0 (fd (use))) -(allow mtkrild qemu_pipe_device (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild socket_device_26_0 (sock_file (write lock append open))) -(allow mtkrild mal_mfi_socket (sock_file (write lock append open))) -(allow mtkrild sysfs_ccci (dir (search))) -(allow mtkrild sysfs_ccci (file (ioctl read getattr lock open))) -(allow init_26_0 socket_device_26_0 (sock_file (create setattr unlink))) -(allow mtkrild aee_aedv_26_0 (unix_stream_socket (connectto))) -(allowx mtkrild self (ioctl udp_socket (0x890c 0x8914 0x8916 0x8939 ((range 0x89f0 0x89f1))))) -(allow mtkrild vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow mtkrild vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 mtkrild (dir (search))) -(allow vndservicemanager_26_0 mtkrild (file (read open))) -(allow vndservicemanager_26_0 mtkrild (process (getattr))) -(allow mtkrild node_26_0 (rawip_socket (node_bind))) -(allow mtkrild sysfs_26_0 (file (open))) -(allow mtkrild sysfs_26_0 (file (read))) -(allow init_26_0 muxreport_exec (file (read getattr execute open))) -(allow init_26_0 muxreport (process (transition))) -(allow muxreport muxreport_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 muxreport (process (noatsecure))) -(allow init_26_0 muxreport (process (siginh rlimitinh))) -(typetransition init_26_0 muxreport_exec process muxreport) -(typetransition muxreport tmpfs_26_0 file muxreport_tmpfs) -(allow muxreport muxreport_tmpfs (file (read write getattr))) -(allow muxreport tmpfs_26_0 (dir (getattr search))) -(allow muxreport self (capability (dac_override))) -(allow muxreport property_socket_26_0 (sock_file (write))) -(allow muxreport init_26_0 (unix_stream_socket (connectto))) -(allow muxreport ril_mux_report_case_prop (property_service (set))) -(allow muxreport ril_mux_report_case_prop (file (ioctl read getattr lock open))) -(allow muxreport ccci_device (chr_file (ioctl read write getattr lock append open))) -(allow muxreport devpts_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow muxreport eemcs_device (chr_file (ioctl read write getattr lock append open))) -(allow muxreport emd_device (chr_file (ioctl read write getattr lock append open))) -(allow muxreport sysfs_ccci (dir (search))) -(allow muxreport sysfs_ccci (file (ioctl read getattr lock open))) -(allow netd_26_0 wmtWifi_device (chr_file (write open))) -(allow netd_26_0 mdlogger_26_0 (fd (use))) -(allow netd_26_0 mdlogger_26_0 (tcp_socket (read write))) -(allow netd_26_0 mdlogger_26_0 (tcp_socket (getopt setopt))) -(allow netd_26_0 netdiag_26_0 (fd (use))) -(allow netd_26_0 netdiag_26_0 (udp_socket (read write getopt setopt))) -(allow netdiag_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow netdiag_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow netdiag_26_0 net_data_file_26_0 (file (ioctl read getattr lock open))) -(allow netdiag_26_0 net_data_file_26_0 (dir (search))) -(allow netdiag_26_0 storage_file_26_0 (dir (search))) -(allow netdiag_26_0 storage_file_26_0 (lnk_file (read))) -(allow netdiag_26_0 mnt_user_file_26_0 (dir (search))) -(allow netdiag_26_0 mnt_user_file_26_0 (lnk_file (read))) -(allow netdiag_26_0 platform_app_26_0 (dir (search))) -(allow netdiag_26_0 untrusted_app_26_0 (dir (search))) -(allow netdiag_26_0 mnt_media_rw_file_26_0 (dir (search))) -(allow netdiag_26_0 vfat_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow netdiag_26_0 vfat_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow netdiag_26_0 tmpfs_26_0 (lnk_file (read))) -(allow netdiag_26_0 property_socket_26_0 (sock_file (write))) -(allow netdiag_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow netdiag_26_0 debug_netlog_prop (property_service (set))) -(allow netdiag_26_0 debug_netlog_prop (file (ioctl read getattr lock open))) -(allow netdiag_26_0 property_socket_26_0 (sock_file (write))) -(allow netdiag_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow netdiag_26_0 persist_mtklog_prop (property_service (set))) -(allow netdiag_26_0 persist_mtklog_prop (file (ioctl read getattr lock open))) -(allow netdiag_26_0 property_socket_26_0 (sock_file (write))) -(allow netdiag_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow netdiag_26_0 debug_mtklog_prop (property_service (set))) -(allow netdiag_26_0 debug_mtklog_prop (file (ioctl read getattr lock open))) -(allow netdiag_26_0 device_logging_prop_26_0 (file (getattr open))) -(allow netdiag_26_0 mmc_prop_26_0 (file (getattr open))) -(allow netdiag_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow netdiag_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow netdiag_26_0 mtk_em_ril_apnchange_prop (file (open))) -(allow init_26_0 nvram_agent_binder_exec (file (read getattr execute open))) -(allow init_26_0 nvram_agent_binder (process (transition))) -(allow nvram_agent_binder nvram_agent_binder_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 nvram_agent_binder (process (noatsecure))) -(allow init_26_0 nvram_agent_binder (process (siginh rlimitinh))) -(typetransition init_26_0 nvram_agent_binder_exec process nvram_agent_binder) -(typetransition nvram_agent_binder tmpfs_26_0 file nvram_agent_binder_tmpfs) -(allow nvram_agent_binder nvram_agent_binder_tmpfs (file (read write getattr))) -(allow nvram_agent_binder tmpfs_26_0 (dir (getattr search))) -(allow nvram_agent_binder nvram_agent_service_26_0 (service_manager (add))) -(allow nvram_agent_binder nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow nvram_agent_binder bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow nvram_agent_binder nvdata_device (blk_file (ioctl read write getattr lock append open))) -(allow nvram_agent_binder nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow nvram_agent_binder nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow nvram_agent_binder nvram_data_file (lnk_file (read))) -(allow nvram_agent_binder nvdata_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow nvram_agent_binder nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow nvram_agent_binder als_ps_device (chr_file (ioctl read getattr lock open))) -(allow nvram_agent_binder mtk-adc-cali_device (chr_file (ioctl read write getattr lock append open))) -(allow nvram_agent_binder gsensor_device (chr_file (ioctl read getattr lock open))) -(allow nvram_agent_binder gyroscope_device (chr_file (ioctl read getattr lock open))) -(allow nvram_agent_binder init_26_0 (unix_stream_socket (connectto))) -(allow nvram_agent_binder property_socket_26_0 (sock_file (write))) -(allow nvram_agent_binder sysfs_26_0 (file (write))) -(allow nvram_agent_binder self (capability (chown dac_override fowner fsetid))) -(allow nvram_agent_binder system_data_file_26_0 (dir (ioctl read write create getattr setattr lock append unlink rename open))) -(allow nvram_agent_binder nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow nvram_agent_binder pro_info_device (chr_file (ioctl read write getattr lock append open))) -(allow nvram_agent_binder block_device_26_0 (dir (search))) -(allow nvram_agent_binder app_data_file_26_0 (file (write))) -(allow nvram_agent_binder mtd_device_26_0 (dir (search))) -(allow nvram_agent_binder mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow nvram_agent_binder hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow hal_nvramagent_client hal_nvramagent_server (binder (call transfer))) -(allow hal_nvramagent_server hal_nvramagent_client (binder (transfer))) -(allow hal_nvramagent_client hal_nvramagent_server (fd (use))) -(allow hal_nvramagent_client nvram_agent_binder_hwservice (hwservice_manager (find))) -(allow nvram_agent_binder sysfs_26_0 (file (read open))) -(allow nvram_agent_binder system_data_file_26_0 (lnk_file (read))) -(allow nvram_agent_binder hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 nvram_agent_binder (binder (call transfer))) -(allow hwservicemanager_26_0 nvram_agent_binder (dir (search))) -(allow hwservicemanager_26_0 nvram_agent_binder (file (read open))) -(allow hwservicemanager_26_0 nvram_agent_binder (process (getattr))) -(allow hal_nvramagent_server nvram_agent_binder_hwservice (hwservice_manager (add find))) -(allow hal_nvramagent_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_185_26_0 nvram_agent_binder_hwservice (hwservice_manager (add))) -(neverallow hal_nvramagent_server unlabeled_26_0 (hwservice_manager (add))) -(allow init_26_0 nvram_daemon_exec (file (read getattr execute open))) -(allow init_26_0 nvram_daemon (process (transition))) -(allow nvram_daemon nvram_daemon_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 nvram_daemon (process (noatsecure))) -(allow init_26_0 nvram_daemon (process (siginh rlimitinh))) -(typetransition init_26_0 nvram_daemon_exec process nvram_daemon) -(typetransition nvram_daemon tmpfs_26_0 file nvram_daemon_tmpfs) -(allow nvram_daemon nvram_daemon_tmpfs (file (read write getattr))) -(allow nvram_daemon tmpfs_26_0 (dir (getattr search))) -(allow nvram_daemon nvram_device (blk_file (ioctl read write getattr lock append open))) -(allow nvram_daemon bootdevice_block_device (blk_file (ioctl read write getattr lock append open))) -(allow nvram_daemon nvdata_device (blk_file (ioctl read write getattr lock append open))) -(allow nvram_daemon system_prop_26_0 (property_service (set))) -(allow nvram_daemon nvram_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow nvram_daemon nvram_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow nvram_daemon nvram_data_file (lnk_file (read))) -(allow nvram_daemon nvdata_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow nvram_daemon nvdata_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow nvram_daemon als_ps_device (chr_file (ioctl read getattr lock open))) -(allow nvram_daemon mtk-adc-cali_device (chr_file (ioctl read write getattr lock append open))) -(allow nvram_daemon gsensor_device (chr_file (ioctl read getattr lock open))) -(allow nvram_daemon gyroscope_device (chr_file (ioctl read getattr lock open))) -(allow nvram_daemon init_26_0 (unix_stream_socket (connectto))) -(allow nvram_daemon sysfs_26_0 (file (write lock append open))) -(allow nvram_daemon self (capability (chown dac_override fowner fsetid))) -(allow nvram_daemon nvram_device (chr_file (ioctl read write getattr lock append open))) -(allow nvram_daemon pro_info_device (chr_file (ioctl read write getattr lock append open))) -(allow nvram_daemon block_device_26_0 (dir (search))) -(allow nvram_daemon mtd_device_26_0 (dir (search))) -(allow nvram_daemon mtd_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow nvram_daemon kmsg_device_26_0 (chr_file (write lock append open))) -(allow nvram_daemon proc_lk_env (file (ioctl read write getattr lock append open))) -(allow nvram_daemon system_data_file_26_0 (dir (write))) -(allow nvram_daemon rootfs_26_0 (dir (read open))) -(allow nvram_daemon rootfs_26_0 (file (ioctl read getattr lock open))) -(allow nvram_daemon system_data_file_26_0 (lnk_file (read))) -(allow nvram_daemon system_data_file_26_0 (dir (add_name remove_name))) -(allow nvram_daemon system_data_file_26_0 (lnk_file (create unlink))) -(allow nvram_daemon nvram_data_file (lnk_file (unlink))) -(allow nvram_daemon property_socket_26_0 (sock_file (write))) -(allow nvram_daemon init_26_0 (unix_stream_socket (connectto))) -(allow nvram_daemon service_nvram_init_prop (property_service (set))) -(allow nvram_daemon service_nvram_init_prop (file (ioctl read getattr lock open))) -(allow nvram_daemon property_socket_26_0 (sock_file (write))) -(allow nvram_daemon init_26_0 (unix_stream_socket (connectto))) -(allow nvram_daemon wifi_5g_prop (property_service (set))) -(allow nvram_daemon wifi_5g_prop (file (ioctl read getattr lock open))) -(allow nvram_daemon sysfs_26_0 (dir (read))) -(allow nvram_daemon sysfs_26_0 (file (read))) -(allow platform_app_26_0 fm_device (chr_file (ioctl read write getattr lock append open))) -(allow platform_app_26_0 mobile_log_d_26_0 (unix_stream_socket (connectto))) -(allow platform_app_26_0 mdlogger_26_0 (unix_stream_socket (connectto))) -(allow platform_app_26_0 emdlogger_26_0 (unix_stream_socket (connectto))) -(allow platform_app_26_0 cmddumper_26_0 (unix_stream_socket (connectto))) -(allow platform_app_26_0 netdiag_socket (sock_file (write))) -(allow platform_app_26_0 netdiag_26_0 (unix_stream_socket (connectto))) -(allow platform_app_26_0 ttySDIO_device (chr_file (ioctl read write getattr lock append open))) -(allow platform_app_26_0 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow platform_app_26_0 sdcard_type (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow platform_app_26_0 aee_exp_data_file (file (ioctl read getattr lock open))) -(allow platform_app_26_0 aee_exp_data_file (dir (ioctl read getattr lock search open))) -(allow platform_app_26_0 mdlog_data_file (file (ioctl read write getattr lock append open))) -(allow platform_app_26_0 mdlog_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow platform_app_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow platform_app_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow ppp_26_0 pppoe_ppp0_prop (property_service (set))) -(allow pre_meta_26_0 proc_lk_env (file (ioctl read write getattr lock append open))) -(allow pre_meta_26_0 para_block_device (blk_file (ioctl read write getattr lock append open))) -(allow meta_tst_26_0 property_socket_26_0 (sock_file (write))) -(allow meta_tst_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow meta_tst_26_0 powerctl_prop_26_0 (property_service (set))) -(allow meta_tst_26_0 powerctl_prop_26_0 (file (ioctl read getattr lock open))) -(allow radio_26_0 sysfs_keypad_file (dir (write lock add_name remove_name search open))) -(allow radio_26_0 sysfs_keypad_file (file (write lock append open))) -(allow radio_26_0 surfaceflinger_26_0 (fifo_file (ioctl read write getattr lock append open))) -(allow radio_26_0 mtk_em_prop (property_service (set))) -(allow radio_26_0 cameraserver_service_26_0 (service_manager (find))) -(allow radio_26_0 debugfs_usb20_phy (file (read getattr open))) -(allow radio_26_0 debugfs_usb20_phy (dir (search))) -(allow radio_26_0 als_ps_device (chr_file (ioctl read open))) -(allow radio_26_0 mediatek_prop (property_service (set))) -(allow radio_26_0 mt_otg_test_device (chr_file (ioctl read write open))) -(allow radio_26_0 mtgpio_device (chr_file (ioctl read open))) -(allow radio_26_0 stpbt_device (chr_file (read write open))) -(allow radio_26_0 stpant_device (chr_file (read write open))) -(allow radio_26_0 bt_int_adp_socket (sock_file (write))) -(allow radio_26_0 persist_ril_prop (property_service (set))) -(allow radio_26_0 mt6605_device (chr_file (ioctl read write getattr open))) -(allow radio_26_0 nfc_socket (dir (write add_name remove_name search))) -(allow radio_26_0 nfc_socket (sock_file (write create setattr unlink))) -(allow radio_26_0 system_prop_26_0 (property_service (set))) -(allow radio_26_0 em_svr_26_0 (unix_stream_socket (connectto))) -(allowx radio_26_0 self (ioctl udp_socket (0x8b06 0x8b1a ((range 0x8be0 0x8be9)) 0x8beb))) -(allow radio_26_0 block_device_26_0 (dir (search))) -(allow radio_26_0 ttyGS_device (chr_file (ioctl read write open))) -(allow radio_26_0 mtk_em_pdn_prop (property_service (set))) -(allow radio_26_0 mtk_em_ims_simulate_prop (property_service (set))) -(allow radio_26_0 mtk_em_auto_answer_prop (property_service (set))) -(allow radio_26_0 mtk_em_bt_sspdebug_prop (property_service (set))) -(allow radio_26_0 media_rw_data_file_26_0 (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow radio_26_0 media_rw_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow radio_26_0 ccci_fsd (dir (ioctl read getattr lock search open))) -(allow radio_26_0 ccci_fsd (file (ioctl read getattr lock open))) -(allow radio_26_0 nvdata_file (dir (search))) -(allow radio_26_0 nvdata_file (file (ioctl read write getattr lock append open))) -(allow radio_26_0 mtk_em_ril_apnchange_prop (property_service (set))) -(allow radio_26_0 mtk_em_net_auto_tethering_prop (property_service (set))) -(allow radio_26_0 debug_prop_26_0 (property_service (set))) -(allow radio_26_0 hal_telephony (binder (call transfer))) -(allow hal_telephony radio_26_0 (binder (transfer))) -(allow radio_26_0 hal_telephony (fd (use))) -(allow radio_26_0 hal_graphics_composer_default (fd (use))) -(allow radio_26_0 property_socket_26_0 (sock_file (write))) -(allow radio_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow radio_26_0 mtk_telephony_sensitive_prop (property_service (set))) -(allow radio_26_0 mtk_telephony_sensitive_prop (file (ioctl read getattr lock open))) -(allow radio_26_0 mtk_hal_imsa (binder (call transfer))) -(allow mtk_hal_imsa radio_26_0 (binder (transfer))) -(allow radio_26_0 mtk_hal_imsa (fd (use))) -(allow radio_26_0 sysfs_26_0 (file (read open))) -(allow radio_26_0 hal_audio_hwservice_26_0 (hwservice_manager (find))) -(allow radio_26_0 mtk_hal_audio (binder (call transfer))) -(allow mtk_hal_audio radio_26_0 (binder (transfer))) -(allow radio_26_0 mtk_hal_audio (fd (use))) -(allow radio_26_0 property_socket_26_0 (sock_file (write))) -(allow radio_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow radio_26_0 system_radio_prop_26_0 (property_service (set))) -(allow radio_26_0 system_radio_prop_26_0 (file (ioctl read getattr lock open))) -(allow radio_26_0 hal_nfc_hwservice_26_0 (hwservice_manager (find))) -(allow radio_26_0 hal_nfc (binder (call transfer))) -(allow hal_nfc radio_26_0 (binder (transfer))) -(allow radio_26_0 hal_nfc (fd (use))) -(allow hal_nfc radio_26_0 (binder (call transfer))) -(allow radio_26_0 hal_nfc (binder (transfer))) -(allow hal_nfc radio_26_0 (fd (use))) -(allow radio_26_0 hwservicemanager_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 radio_26_0 (binder (call transfer))) -(allow hwservicemanager_26_0 radio_26_0 (dir (search))) -(allow hwservicemanager_26_0 radio_26_0 (file (read open))) -(allow hwservicemanager_26_0 radio_26_0 (process (getattr))) -(allow radio_26_0 debugfs_tracing_26_0 (file (write))) -(allow radio_26_0 nfc_socket (sock_file (write create setattr unlink))) -(allow radio_26_0 mtk_hal_power_hwservice (hwservice_manager (find))) -(allow radio_26_0 mtk_hal_power (binder (call transfer))) -(allow mtk_hal_power radio_26_0 (binder (transfer))) -(allow radio_26_0 mtk_hal_power (fd (use))) -(allow rild_26_0 sysfs_wake_lock_26_0 (file (ioctl read write getattr lock append open))) -(allow rild_26_0 self (capability2 (block_suspend))) -(allow rild_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow rild_26_0 mtkrild (unix_stream_socket (connectto))) -(allow rild_26_0 property_socket_26_0 (sock_file (write))) -(allow rild_26_0 self (capability (setuid))) -(allow rild_26_0 socket_device_26_0 (sock_file (write))) -(allow rild_26_0 radio_prop_26_0 (property_service (set))) -(allow rild_26_0 ril_mux_report_case_prop (property_service (set))) -(allow rild_26_0 mtk_agpsd (unix_stream_socket (connectto))) -(allow servicemanager_26_0 rild_26_0 (dir (search))) -(allow servicemanager_26_0 rild_26_0 (file (read open))) -(allow servicemanager_26_0 rild_26_0 (process (getattr))) -(allow rild_26_0 proc_26_0 (file (read))) -(allow rild_26_0 netd_socket_26_0 (sock_file (write))) -(allow rild_26_0 netd_socket_26_0 (sock_file (read))) -(allow rild_26_0 hwservicemanager_prop_26_0 (file (ioctl read getattr lock open))) -(allow hal_telephony_server mtk_hal_rild_hwservice (hwservice_manager (add find))) -(allow hal_telephony_server hidl_base_hwservice_26_0 (hwservice_manager (add))) -(neverallow base_typeattr_123_26_0 mtk_hal_rild_hwservice (hwservice_manager (add))) -(neverallow hal_telephony_server unlabeled_26_0 (hwservice_manager (add))) -(allow hal_telephony_client mtk_hal_rild_hwservice (hwservice_manager (find))) -(allow rild_26_0 vndbinder_device_26_0 (chr_file (ioctl read write getattr lock append open))) -(allow rild_26_0 vndservicemanager_26_0 (binder (call transfer))) -(allow vndservicemanager_26_0 rild_26_0 (dir (search))) -(allow vndservicemanager_26_0 rild_26_0 (file (read open))) -(allow vndservicemanager_26_0 rild_26_0 (process (getattr))) -(allow rild_26_0 mtk_hal_audio (binder (call transfer))) -(allow mtk_hal_audio rild_26_0 (binder (transfer))) -(allow rild_26_0 mtk_hal_audio (fd (use))) -(allow rild_26_0 hal_audio_hwservice_26_0 (hwservice_manager (find))) -(allow shell_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 stp_dump3_exec (file (ioctl read getattr lock execute execute_no_trans open))) -(allow shell_26_0 graphics_config_prop (file (ioctl read getattr lock open))) -(allow shell_26_0 hal_camera_hwservice_26_0 (hwservice_manager (find))) -(allow shell_26_0 mtk_hal_camera (binder (call transfer))) -(allow mtk_hal_camera shell_26_0 (binder (transfer))) -(allow shell_26_0 mtk_hal_camera (fd (use))) -(allow shell_26_0 property_socket_26_0 (sock_file (write))) -(allow shell_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow shell_26_0 mtkcam_prop (property_service (set))) -(allow shell_26_0 mtkcam_prop (file (ioctl read getattr lock open))) -(allow shell_26_0 mtk_hal_power (binder (call transfer))) -(allow mtk_hal_power shell_26_0 (binder (transfer))) -(allow shell_26_0 mtk_hal_power (fd (use))) -(allow init_26_0 slpd_exec (file (read getattr execute open))) -(allow init_26_0 slpd (process (transition))) -(allow slpd slpd_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 slpd (process (noatsecure))) -(allow init_26_0 slpd (process (siginh rlimitinh))) -(typetransition init_26_0 slpd_exec process slpd) -(typetransition slpd tmpfs_26_0 file slpd_tmpfs) -(allow slpd slpd_tmpfs (file (read write getattr))) -(allow slpd tmpfs_26_0 (dir (getattr search))) -(allow slpd mtk_agpsd (unix_dgram_socket (sendto))) -(allow init_26_0 spm_loader_exec (file (read getattr execute open))) -(allow init_26_0 spm_loader (process (transition))) -(allow spm_loader spm_loader_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 spm_loader (process (noatsecure))) -(allow init_26_0 spm_loader (process (siginh rlimitinh))) -(typetransition init_26_0 spm_loader_exec process spm_loader) -(typetransition spm_loader tmpfs_26_0 file spm_loader_tmpfs) -(allow spm_loader spm_loader_tmpfs (file (read write getattr))) -(allow spm_loader tmpfs_26_0 (dir (getattr search))) -(allow spm_loader self (capability (dac_override dac_read_search))) -(allow spm_loader spm_device (chr_file (ioctl read getattr lock open))) -(allow stp_dump3 system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow stp_dump3 stp_dump_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow stp_dump3 stp_dump_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow stp_dump3 stp_dump_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow stp_dump3 stp_dump_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow stp_dump3 stp_dump_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition stp_dump3 system_data_file_26_0 dir stp_dump_data_file) -(typetransition stp_dump3 system_data_file_26_0 fifo_file stp_dump_data_file) -(typetransition stp_dump3 system_data_file_26_0 sock_file stp_dump_data_file) -(typetransition stp_dump3 system_data_file_26_0 lnk_file stp_dump_data_file) -(typetransition stp_dump3 system_data_file_26_0 file stp_dump_data_file) -(allow stp_dump3 self (capability (chown dac_override fowner fsetid net_admin))) -(allow stp_dump3 self (netlink_socket (read write create getattr bind setopt))) -(allow stp_dump3 self (netlink_generic_socket (read write create getattr bind setopt))) -(allow stp_dump3 media_rw_data_file_26_0 (dir (setattr add_name))) -(allow stp_dump3 media_rw_data_file_26_0 (dir (rmdir))) -(allow stp_dump3 media_rw_data_file_26_0 (dir (read write create getattr setattr add_name remove_name search open))) -(allow stp_dump3 media_rw_data_file_26_0 (file (read write create getattr setattr append unlink rename open))) -(allow stp_dump3 wmtdetect_device (chr_file (ioctl read write open))) -(allow stp_dump3 stpwmt_device (chr_file (ioctl read write open))) -(allow stp_dump3 tmpfs_26_0 (lnk_file (ioctl read getattr lock open))) -(allow stp_dump3 tmpfs_26_0 (lnk_file (read))) -(allow stp_dump3 mnt_user_file_26_0 (dir (search))) -(allow stp_dump3 mnt_user_file_26_0 (lnk_file (read))) -(allow stp_dump3 storage_file_26_0 (lnk_file (read))) -(allow stp_dump3 sdcard_type (dir (search))) -(allow stp_dump3 sdcard_type (dir (read write create getattr setattr add_name remove_name search open))) -(allow stp_dump3 sdcard_type (file (read write create getattr setattr append unlink rename open))) -(allow stp_dump3 sdcard_type (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow init_26_0 stp_dump3_exec (file (read getattr execute open))) -(allow init_26_0 stp_dump3 (process (transition))) -(allow stp_dump3 stp_dump3_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 stp_dump3 (process (noatsecure))) -(allow init_26_0 stp_dump3 (process (siginh rlimitinh))) -(typetransition init_26_0 stp_dump3_exec process stp_dump3) -(typetransition stp_dump3 tmpfs_26_0 file stp_dump3_tmpfs) -(allow stp_dump3 stp_dump3_tmpfs (file (read write getattr))) -(allow stp_dump3 tmpfs_26_0 (dir (getattr search))) -(allow surfaceflinger_26_0 sw_sync_device (chr_file (ioctl read write getattr lock append open))) -(allow surfaceflinger_26_0 debug_prop_26_0 (property_service (set))) -(allow surfaceflinger_26_0 proc_ged (file (ioctl read write getattr open))) -(allow surfaceflinger_26_0 gpu_device_26_0 (dir (search))) -(allow surfaceflinger_26_0 proc_26_0 (file (ioctl read getattr lock open))) -(allow surfaceflinger_26_0 debugfs_ion (dir (search))) -(allow surfaceflinger_26_0 debugfs_tracing_26_0 (file (write))) -(allow surfaceflinger_26_0 debugfs_tracing_26_0 (file (open))) -(allow surfaceflinger_26_0 mtk_cmdq_device (chr_file (ioctl read open))) -(allow surfaceflinger_26_0 graphics_config_prop (file (ioctl read getattr lock open))) -(allow init_26_0 sysenv_daemon_exec (file (read getattr execute open))) -(allow init_26_0 sysenv_daemon (process (transition))) -(allow sysenv_daemon sysenv_daemon_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 sysenv_daemon (process (noatsecure))) -(allow init_26_0 sysenv_daemon (process (siginh rlimitinh))) -(typetransition init_26_0 sysenv_daemon_exec process sysenv_daemon) -(typetransition sysenv_daemon tmpfs_26_0 file sysenv_daemon_tmpfs) -(allow sysenv_daemon sysenv_daemon_tmpfs (file (read write getattr))) -(allow sysenv_daemon tmpfs_26_0 (dir (getattr search))) -(allow sysenv_daemon block_device_26_0 (dir (search))) -(allow sysenv_daemon para_block_device (blk_file (ioctl read write getattr lock append open))) -(allow sysenv_daemon proc_lk_env (file (ioctl read write getattr lock append open))) -(allow sysenv_daemon self (netlink_socket (read create bind))) -(allow sysenv_daemon sysfs_26_0 (file (read open))) -(allow system_app_26_0 property_socket_26_0 (sock_file (write))) -(allow system_app_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow system_app_26_0 mtk_telephony_sensitive_prop (property_service (set))) -(allow system_app_26_0 mtk_telephony_sensitive_prop (file (ioctl read getattr lock open))) -(allow system_server_26_0 touch_device (chr_file (ioctl read write getattr lock append open))) -(allow system_server_26_0 stpant_device (chr_file (ioctl read write getattr lock append open))) -(allow system_server_26_0 devmap_device (chr_file (ioctl read getattr lock open))) -(allow system_server_26_0 irtx_device (chr_file (ioctl read write getattr lock append open))) -(allow system_server_26_0 qemu_pipe_device (chr_file (ioctl read write getattr lock append open))) -(allow system_server_26_0 wmtWifi_device (chr_file (write lock append open))) -(allow system_server_26_0 proc_26_0 (file (write lock append open))) -(allow system_server_26_0 dontpanic_data_file (dir (search))) -(allow system_server_26_0 agpsd_data_file (dir (ioctl read getattr lock search open))) -(allow system_server_26_0 aee_core_data_file (dir (ioctl read getattr lock search open))) -(allow system_server_26_0 debugfs_26_0 (dir (ioctl read getattr lock search open))) -(allow system_server_26_0 wide_dhcpv6_data_file (dir (ioctl read getattr lock search open))) -(allow system_server_26_0 wide_dhcpv6_data_file (file (ioctl read getattr lock open))) -(allow system_server_26_0 wide_dhcpv6_data_file (lnk_file (ioctl read getattr lock open))) -(allow system_server_26_0 aee_dumpsys_data_file (file (write lock append open))) -(allow system_server_26_0 aee_exp_data_file (file (write lock append open))) -(allow system_server_26_0 exec_type (file (ioctl read getattr lock open))) -(allow system_server_26_0 mnld_data_file (dir (ioctl read write create getattr setattr lock append unlink rename open))) -(allow system_server_26_0 mnld_data_file (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow system_server_26_0 debugfs_wakeup_sources (file (ioctl read getattr lock open))) -(allow system_server_26_0 sysfs_dcm (file (ioctl read write getattr lock append open))) -(allow system_server_26_0 proc_ged (file (ioctl read write getattr open))) -(allow system_server_26_0 debugfs_gpu_img (dir (search))) -(allow system_server_26_0 sw_sync_device (chr_file (ioctl read write getattr open))) -(allow system_server_26_0 ttyMT_device (chr_file (ioctl read write getattr lock append open))) -(allow system_server_26_0 proc_mtktz (dir (search))) -(allow system_server_26_0 proc_mtktz (file (ioctl read getattr lock open))) -(allow system_server_26_0 meta_connecttype_prop (property_service (set))) -(allow system_server_26_0 mtk_hal_audio (process (getsched setsched))) -(allow system_server_26_0 mtk_hal_bluetooth (binder (call transfer))) -(allow mtk_hal_bluetooth system_server_26_0 (binder (transfer))) -(allow system_server_26_0 mtk_hal_bluetooth (fd (use))) -(allow system_server_26_0 mtk_hal_sensors (binder (call transfer))) -(allow mtk_hal_sensors system_server_26_0 (binder (transfer))) -(allow system_server_26_0 mtk_hal_sensors (fd (use))) -(allow system_server_26_0 mtk_hal_light (binder (call transfer))) -(allow mtk_hal_light system_server_26_0 (binder (transfer))) -(allow system_server_26_0 mtk_hal_light (fd (use))) -(allow system_server_26_0 wifi_prop_26_0 (file (read getattr open))) -(allow system_server_26_0 aee_aed_26_0 (unix_stream_socket (connectto))) -(allow system_server_26_0 property_socket_26_0 (sock_file (write))) -(allow system_server_26_0 init_26_0 (unix_stream_socket (connectto))) -(allow system_server_26_0 mtk_telephony_sensitive_prop (property_service (set))) -(allow system_server_26_0 mtk_telephony_sensitive_prop (file (ioctl read getattr lock open))) -(allow system_server_26_0 debugfs_wakeup_sources (file (read getattr open))) -(allow system_server_26_0 mtk_hal_imsa (binder (call transfer))) -(allow mtk_hal_imsa system_server_26_0 (binder (transfer))) -(allow system_server_26_0 mtk_hal_imsa (fd (use))) -(allow system_server_26_0 mtk_hal_camera (binder (call transfer))) -(allow mtk_hal_camera system_server_26_0 (binder (transfer))) -(allow system_server_26_0 mtk_hal_camera (fd (use))) -(allow system_server_26_0 tracing_shell_writable_26_0 (file (write getattr open))) -(allow system_server_26_0 mnld (binder (call transfer))) -(allow mnld system_server_26_0 (binder (transfer))) -(allow system_server_26_0 mnld (fd (use))) -(allow system_server_26_0 netdiag_26_0 (fifo_file (write))) -(allow system_server_26_0 dhcp_data_file_26_0 (dir (search))) -(allow system_server_26_0 dhcp_data_file_26_0 (dir (ioctl read write getattr lock add_name remove_name search open))) -(allow system_server_26_0 dhcp_data_file_26_0 (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow init_26_0 thermal_manager_exec (file (read getattr execute open))) -(allow init_26_0 thermal_manager (process (transition))) -(allow thermal_manager thermal_manager_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 thermal_manager (process (noatsecure))) -(allow init_26_0 thermal_manager (process (siginh rlimitinh))) -(typetransition init_26_0 thermal_manager_exec process thermal_manager) -(typetransition thermal_manager tmpfs_26_0 file thermal_manager_tmpfs) -(allow thermal_manager thermal_manager_tmpfs (file (read write getattr))) -(allow thermal_manager tmpfs_26_0 (dir (getattr search))) -(allow thermal_manager proc_mtkcooler (dir (search))) -(allow thermal_manager proc_mtktz (dir (search))) -(allow thermal_manager proc_thermal (dir (search))) -(allow thermal_manager proc_mtkcooler (file (ioctl read write getattr lock append open))) -(allow thermal_manager proc_mtktz (file (ioctl read write getattr lock append open))) -(allow thermal_manager proc_thermal (file (ioctl read write getattr lock append open))) -(allow thermal_manager system_data_file_26_0 (dir (write add_name))) -(allow thermal_manager self (capability (chown dac_override fowner fsetid))) -(allow thermal_manager thermal_manager_data_file (dir (ioctl read write getattr setattr lock add_name remove_name search open))) -(allow thermal_manager mediaserver_26_0 (fd (use))) -(allow thermal_manager mediaserver_26_0 (fifo_file (read write))) -(allow thermal_manager mediaserver_26_0 (tcp_socket (read write))) -(allow thermal_manager camera_isp_device (chr_file (read write))) -(allow thermal_manager cameraserver_26_0 (fd (use))) -(allow thermal_manager kd_camera_hw_device (chr_file (read write))) -(allow thermal_manager MTK_SMI_device (chr_file (read))) -(allow thermal_manager property_socket_26_0 (sock_file (write))) -(allow thermal_manager surfaceflinger_26_0 (fd (use))) -(allow thermal_manager init_26_0 (unix_stream_socket (connectto))) -(allow thermal_manager sysfs_26_0 (file (write))) -(allow thermalindicator_26_0 proc_ged (file (ioctl read write getattr open))) -(allow init_26_0 thermalloadalgod_exec (file (read getattr execute open))) -(allow init_26_0 thermalloadalgod (process (transition))) -(allow thermalloadalgod thermalloadalgod_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 thermalloadalgod (process (noatsecure))) -(allow init_26_0 thermalloadalgod (process (siginh rlimitinh))) -(typetransition init_26_0 thermalloadalgod_exec process thermalloadalgod) -(typetransition thermalloadalgod tmpfs_26_0 file thermalloadalgod_tmpfs) -(allow thermalloadalgod thermalloadalgod_tmpfs (file (read write getattr))) -(allow thermalloadalgod tmpfs_26_0 (dir (getattr search))) -(allow thermal_manager system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow thermal_manager thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow thermal_manager thermal_manager_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow thermal_manager thermal_manager_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow thermal_manager thermal_manager_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow thermal_manager thermal_manager_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition thermal_manager system_data_file_26_0 dir thermal_manager_data_file) -(typetransition thermal_manager system_data_file_26_0 fifo_file thermal_manager_data_file) -(typetransition thermal_manager system_data_file_26_0 sock_file thermal_manager_data_file) -(typetransition thermal_manager system_data_file_26_0 lnk_file thermal_manager_data_file) -(typetransition thermal_manager system_data_file_26_0 file thermal_manager_data_file) -(allow thermalloadalgod input_device_26_0 (dir (ioctl read write getattr lock search open))) -(allow thermalloadalgod input_device_26_0 (file (ioctl read getattr lock open))) -(allow thermalloadalgod thermalloadalgod (netlink_socket (read write create bind))) -(allow thermalloadalgod thermal_manager_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(allow thermalloadalgod thermal_manager_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow thermalloadalgod kmsg_device_26_0 (chr_file (write))) -(allow thermalloadalgod proc_26_0 (dir (getattr search))) -(allow thermalloadalgod proc_26_0 (file (ioctl read write getattr open))) -(allow thermalloadalgod shell_26_0 (dir (search))) -(allow thermalloadalgod platform_app_26_0 (dir (search))) -(allow thermalloadalgod platform_app_26_0 (file (read getattr open))) -(allow thermalloadalgod priv_app_26_0 (dir (search))) -(allow thermalloadalgod priv_app_26_0 (file (read getattr open))) -(allow thermalloadalgod system_app_26_0 (dir (search))) -(allow thermalloadalgod system_app_26_0 (file (read getattr open))) -(allow thermalloadalgod untrusted_app_26_0 (dir (search))) -(allow thermalloadalgod untrusted_app_26_0 (file (read getattr open))) -(allow thermalloadalgod mediaserver_26_0 (dir (search))) -(allow thermalloadalgod mediaserver_26_0 (file (read getattr open))) -(allow thermalloadalgod proc_thermal (dir (search))) -(allow thermalloadalgod proc_thermal (file (read write getattr open))) -(allow ueventd_26_0 proc_net_26_0 (file (ioctl read getattr lock open))) -(allow ueventd_26_0 device_26_0 (chr_file (relabelfrom relabelto))) -(allow ueventd_26_0 m_acc_misc_device (chr_file (relabelfrom relabelto))) -(allow ueventd_26_0 m_mag_misc_device (chr_file (relabelfrom relabelto))) -(allow untrusted_app_26_0 proc_mtktz (dir (search))) -(allow untrusted_app_26_0 proc_mtktz (file (ioctl read getattr lock open))) -(allow untrusted_app_25_26_0 proc_mtktz (dir (search))) -(allow untrusted_app_25_26_0 proc_mtktz (file (read getattr open))) -(allow untrusted_app_25_26_0 proc_stat_26_0 (file (read getattr open))) -(allow untrusted_app_25_26_0 proc_thermal (dir (search))) -(allow untrusted_app_25_26_0 proc_thermal (file (read getattr open))) -(allow untrusted_app_25_26_0 sysfs_fps (dir (search))) -(allow untrusted_app_25_26_0 sysfs_fps (file (read getattr open))) -(allow untrusted_app_25_26_0 sysfs_power_supply (dir (search))) -(allow untrusted_app_25_26_0 sysfs_power_supply (file (read getattr open))) -(allow untrusted_app_25_26_0 sysfs_therm (dir (read search open))) -(allow untrusted_app_25_26_0 sysfs_therm (file (read getattr open))) -(allow untrusted_app_25_26_0 vendor_file_26_0 (file (execute_no_trans))) -(allow untrusted_app_26_0 vendor_file_26_0 (file (execute_no_trans))) -(allow update_engine_26_0 preloader_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 lk_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 dtbo_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 tee_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 vendor_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 odm_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 oem_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 md1img_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 md1dsp_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 md1arm7_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 md3img_block_device (blk_file (ioctl read write getattr lock append open))) -(allow update_engine_26_0 self (capability (dac_override))) -(allow update_engine_26_0 system_app_26_0 (binder (call transfer))) -(allow update_engine_26_0 postinstall_mnt_dir_26_0 (dir (read write getattr unlink search open))) -(typetransition vendor_app tmpfs_26_0 file vendor_app_tmpfs) -(allow vendor_app vendor_app_tmpfs (file (read write getattr))) -(allow vendor_app tmpfs_26_0 (dir (getattr search))) -(allow vendor_app vendor_app_tmpfs (file (execute))) -(allow vendor_app mnt_media_rw_file_26_0 (dir (search))) -(allow vendor_app servicemanager_26_0 (service_manager (list))) -(allow vendor_app audioserver_service_26_0 (service_manager (find))) -(allow vendor_app cameraserver_service_26_0 (service_manager (find))) -(allow vendor_app drmserver_service_26_0 (service_manager (find))) -(allow vendor_app mediaserver_service_26_0 (service_manager (find))) -(allow vendor_app mediaextractor_service_26_0 (service_manager (find))) -(allow vendor_app mediametrics_service_26_0 (service_manager (find))) -(allow vendor_app mediadrmserver_service_26_0 (service_manager (find))) -(allow vendor_app mediacasserver_service_26_0 (service_manager (find))) -(allow vendor_app nfc_service_26_0 (service_manager (find))) -(allow vendor_app radio_service_26_0 (service_manager (find))) -(allow vendor_app surfaceflinger_service_26_0 (service_manager (find))) -(allow vendor_app app_api_service (service_manager (find))) -(allow vendor_app vr_manager_service_26_0 (service_manager (find))) -(allow vendor_app sysfs_hwrandom_26_0 (dir (search))) -(allow vendor_app sysfs_hwrandom_26_0 (file (ioctl read getattr lock open))) -(allow vendor_app preloads_media_file_26_0 (dir (ioctl read getattr lock search open))) -(allow vendor_app preloads_media_file_26_0 (file (ioctl read getattr lock open))) -(allow vendor_app preloads_data_file_26_0 (dir (search))) -(allow vendor_app vendor_app_file_26_0 (dir (read getattr search open))) -(allow vendor_app vendor_app_file_26_0 (file (read getattr execute open))) -(allow vendor_app vendor_app_file_26_0 (lnk_file (read getattr open))) -(allow vendor_app mnld_socket (sock_file (write))) -(allow vendor_app mnld (unix_stream_socket (connectto))) -(allow vendor_app mnld (unix_stream_socket (connectto))) -(allow vendor_app aee_exp_data_file (file (ioctl read getattr lock open))) -(allow vendor_app aee_exp_data_file (dir (ioctl read getattr lock search open))) -(allow vold_26_0 iso9660 (filesystem (unmount))) -(allow vold_26_0 nvdata_file (dir (ioctl read getattr lock search open))) -(allow vold_26_0 protect_f_data_file (dir (ioctl read getattr lock search open))) -(allow vold_26_0 protect_s_data_file (dir (ioctl read getattr lock search open))) -(dontaudit vold_26_0 proc_battery_cmd (dir (read open))) -(dontaudit vold_26_0 proc_mtkcooler (dir (read open))) -(dontaudit vold_26_0 proc_mtktz (dir (read open))) -(dontaudit vold_26_0 proc_thermal (dir (read open))) -(allow vold_26_0 debugfs_tracing_26_0 (file (open))) -(allow vold_26_0 kernel_26_0 (system (module_request))) -(allow vold_26_0 proc_26_0 (file (write))) -(allow init_26_0 wifi2agps_exec (file (read getattr execute open))) -(allow init_26_0 wifi2agps (process (transition))) -(allow wifi2agps wifi2agps_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 wifi2agps (process (noatsecure))) -(allow init_26_0 wifi2agps (process (siginh rlimitinh))) -(typetransition init_26_0 wifi2agps_exec process wifi2agps) -(typetransition wifi2agps tmpfs_26_0 file wifi2agps_tmpfs) -(allow wifi2agps wifi2agps_tmpfs (file (read write getattr))) -(allow wifi2agps tmpfs_26_0 (dir (getattr search))) -(allow wifi2agps agpsd_data_file (sock_file (write))) -(allow wifi2agps mtk_agpsd (unix_dgram_socket (sendto))) -(allow wifi2agps agpsd_data_file (dir (search))) -(allow wifi2agps self (netlink_generic_socket (read write create getattr setattr lock append bind connect getopt setopt shutdown))) -(allow wifi2agps self (udp_socket (ioctl create))) -(allow init_26_0 wmt_loader_exec (file (read getattr execute open))) -(allow init_26_0 wmt_loader (process (transition))) -(allow wmt_loader wmt_loader_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 wmt_loader (process (noatsecure))) -(allow init_26_0 wmt_loader (process (siginh rlimitinh))) -(typetransition init_26_0 wmt_loader_exec process wmt_loader) -(typetransition wmt_loader tmpfs_26_0 file wmt_loader_tmpfs) -(allow wmt_loader wmt_loader_tmpfs (file (read write getattr))) -(allow wmt_loader tmpfs_26_0 (dir (getattr search))) -(allow wmt_loader self (capability (chown dac_override))) -(allow wmt_loader property_socket_26_0 (sock_file (write))) -(allow wmt_loader init_26_0 (unix_stream_socket (connectto))) -(allow wmt_loader wmt_prop (property_service (set))) -(allow wmt_loader wmt_prop (file (ioctl read getattr lock open))) -(allow wmt_loader wmtdetect_device (chr_file (ioctl read write getattr lock append open))) -(allow wmt_loader stpwmt_device (chr_file (ioctl read write getattr lock append open))) -(allow wmt_loader devpts_26_0 (chr_file (ioctl read write getattr lock append execute execute_no_trans open))) -(allow wmt_loader proc_26_0 (file (setattr))) -(allow zygote_26_0 proc_ged (file (ioctl read write getattr open))) -(allow zygote_26_0 gpu_device_26_0 (dir (search))) -(allow zygote_26_0 gpu_device_26_0 (chr_file (ioctl read write getattr open))) -(allow zygote_26_0 graphics_config_prop (file (ioctl read getattr lock open))) -(allow shell_26_0 debugfs_tracing_26_0 (file (write))) -(allow shell_26_0 persist_debug_prop_26_0 (property_service (set))) -(allow init_26_0 epdg_wod_exec (file (read getattr execute open))) -(allow init_26_0 epdg_wod (process (transition))) -(allow epdg_wod epdg_wod_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 epdg_wod (process (noatsecure))) -(allow init_26_0 epdg_wod (process (siginh rlimitinh))) -(typetransition init_26_0 epdg_wod_exec process epdg_wod) -(typetransition epdg_wod tmpfs_26_0 file epdg_wod_tmpfs) -(allow epdg_wod epdg_wod_tmpfs (file (read write getattr))) -(allow epdg_wod tmpfs_26_0 (dir (getattr search))) -(allow epdg_wod starter_exec (file (read getattr execute open))) -(allow epdg_wod ipsec (process (transition))) -(allow ipsec starter_exec (file (read getattr execute entrypoint open))) -(allow ipsec epdg_wod (process (sigchld))) -(dontaudit epdg_wod ipsec (process (noatsecure))) -(allow epdg_wod ipsec (process (siginh rlimitinh))) -(typetransition epdg_wod starter_exec process ipsec) -(allow epdg_wod charon_exec (file (read getattr execute open))) -(allow epdg_wod ipsec (process (transition))) -(allow ipsec charon_exec (file (read getattr execute entrypoint open))) -(allow ipsec epdg_wod (process (sigchld))) -(dontaudit epdg_wod ipsec (process (noatsecure))) -(allow epdg_wod ipsec (process (siginh rlimitinh))) -(typetransition epdg_wod charon_exec process ipsec) -(allow epdg_wod starter_exec (file (read getattr execute open))) -(allow epdg_wod ipsec (process (transition))) -(allow ipsec starter_exec (file (read getattr execute entrypoint open))) -(allow ipsec epdg_wod (process (sigchld))) -(dontaudit epdg_wod ipsec (process (noatsecure))) -(allow epdg_wod ipsec (process (siginh rlimitinh))) -(typetransition epdg_wod starter_exec process ipsec) -(allow epdg_wod stroke_exec (file (read getattr execute open))) -(allow epdg_wod ipsec (process (transition))) -(allow ipsec stroke_exec (file (read getattr execute entrypoint open))) -(allow ipsec epdg_wod (process (sigchld))) -(dontaudit epdg_wod ipsec (process (noatsecure))) -(allow epdg_wod ipsec (process (siginh rlimitinh))) -(typetransition epdg_wod stroke_exec process ipsec) -(allow epdg_wod system_file_26_0 (file (read getattr execute execute_no_trans open))) -(allow epdg_wod self (tun_socket (create relabelfrom relabelto))) -(allow epdg_wod tun_device_26_0 (chr_file (ioctl read write getattr open))) -(allow epdg_wod self (netlink_route_socket (read write create getattr bind setopt nlmsg_read nlmsg_write))) -(allow epdg_wod self (capability (kill net_admin))) -(allow epdg_wod ipsec_exec (file (read getattr execute execute_no_trans open))) -(allow epdg_wod ipsec (process (sigkill signull signal))) -(allow epdg_wod init_26_0 (unix_stream_socket (connectto))) -(allow epdg_wod mtk_wod_prop (property_service (set))) -(allow epdg_wod property_socket_26_0 (sock_file (write))) -(allow epdg_wod persist_wod_prop (property_service (set))) -(allow epdg_wod vpn_data_file_26_0 (dir (read write remove_name search open))) -(allow epdg_wod vpn_data_file_26_0 (file (read getattr unlink open))) -(allow epdg_wod wod_apn_conf_file (dir (read write add_name remove_name search open))) -(allow epdg_wod wod_apn_conf_file (file (read write create getattr unlink open))) -(allow epdg_wod wod_ipsec_conf_file (file (read write create getattr unlink open))) -(allow epdg_wod wod_ipsec_conf_file (dir (read write add_name remove_name search open))) -(allow epdg_wod self (netlink_xfrm_socket (read write create getattr bind setopt nlmsg_write))) -(allow epdg_wod self (udp_socket (ioctl create))) -(allow epdg_wod self (capability (sys_module))) -(allow epdg_wod shell_exec_26_0 (file (read execute execute_no_trans open))) -(allow epdg_wod device_26_0 (dir (write add_name))) -(allow epdg_wod device_26_0 (lnk_file (create))) -(allow epdg_wod system_server_26_0 (process (signull signal))) -(allow epdg_wod kernel_26_0 (process (signal))) -(allow epdg_wod self (capability (net_raw))) -(allow epdg_wod self (rawip_socket (create getopt setopt))) -(allow epdg_wod netd_26_0 (unix_stream_socket (connectto))) -(allow epdg_wod netd_socket_26_0 (sock_file (write))) -(allow netd_26_0 epdg_wod (fd (use))) -(allow netd_26_0 epdg_wod (tcp_socket (read write getopt setopt))) -(allow netd_26_0 epdg_wod (udp_socket (read write getopt setopt))) -(allow ipsec proc_net_26_0 (file (write))) -(allow ipsec mtk_wod_prop (property_service (set))) -(allow ipsec property_socket_26_0 (sock_file (write))) -(allow ipsec node_26_0 (udp_socket (node_bind))) -(allow ipsec port_26_0 (tcp_socket (name_connect))) -(allow ipsec port_26_0 (udp_socket (name_bind))) -(allow ipsec netd_26_0 (unix_stream_socket (connectto))) -(allow ipsec dnsproxyd_socket_26_0 (sock_file (write))) -(allow ipsec init_26_0 (unix_stream_socket (connectto))) -(allow ipsec epdg_wod (unix_stream_socket (read write connectto))) -(allow ipsec epdg_wod (fd (use))) -(allow ipsec charon_exec (file (execute_no_trans))) -(allow ipsec fwmarkd_socket_26_0 (sock_file (write))) -(allow ipsec self (capability (kill net_bind_service net_admin))) -(allow ipsec self (tcp_socket (read write create getattr connect getopt))) -(allow ipsec self (udp_socket (read write create bind setopt))) -(allow ipsec self (netlink_route_socket (read write create bind nlmsg_read nlmsg_write))) -(allow ipsec self (netlink_xfrm_socket (read write create bind nlmsg_read nlmsg_write))) -(allow ipsec custom_file (dir (read search open))) -(allow ipsec custom_file (file (read getattr open))) -(allow ipsec wod_apn_conf_file (dir (read write create add_name remove_name search open))) -(allow ipsec wod_apn_conf_file (file (ioctl read write getattr open))) -(allow ipsec wod_ipsec_conf_file (file (ioctl read write create getattr append unlink open))) -(allow ipsec wod_ipsec_conf_file (dir (read write add_name remove_name search open))) -(allow ipsec self (capability2 (wake_alarm))) -(allow ipsec devpts_26_0 (chr_file (read write open))) -(allow ipsec netd_26_0 (unix_stream_socket (connectto))) -(allow ipsec netd_socket_26_0 (sock_file (write))) -(allow netd_26_0 ipsec (fd (use))) -(allow netd_26_0 ipsec (tcp_socket (read write getopt setopt))) -(allow netd_26_0 ipsec (udp_socket (read write getopt setopt))) -(allow ipsec wod_ipsec_conf_file (sock_file (write create setattr unlink))) -(allow mtkimsapdomain volte_imsvt1_socket (sock_file (write))) -(allow mtkimsapdomain volte_imcb (unix_stream_socket (connectto))) -(allow mtkimsapdomain volte_vt_socket (dir (ioctl read write add_name remove_name open))) -(allow mtkimsapdomain volte_vt_socket (dir (write))) -(allow mtkimsapdomain volte_vt_socket (sock_file (read write create unlink))) -(allow mtkimsapdomain volte_ua (fd (use))) -(allow mtkimsapdomain volte_stack (unix_stream_socket (connectto))) -(allow mtkimsapdomain volte_stack_socket (sock_file (write))) -(allow mtkimsapdomain volte_stack (unix_stream_socket (connectto))) -(allow mtkimsapdomain volte_imsa1_socket (sock_file (write))) -(allow mtkimsapdomain volte_imcb (unix_stream_socket (connectto))) -(allow mtkimsapdomain rild_imsm_socket (sock_file (write))) -(allow mtkimsapdomain mtkmal (unix_stream_socket (connectto))) -(allow mtkimsapdomain mal_mfi_socket (sock_file (write))) -(allow mtkimsapdomain mal_mfi_socket (sock_file (write lock append open))) -(allow init_26_0 mtkmal_exec (file (read getattr execute open))) -(allow init_26_0 mtkmal (process (transition))) -(allow mtkmal mtkmal_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 mtkmal (process (noatsecure))) -(allow init_26_0 mtkmal (process (siginh rlimitinh))) -(typetransition init_26_0 mtkmal_exec process mtkmal) -(typetransition mtkmal tmpfs_26_0 file mtkmal_tmpfs) -(allow mtkmal mtkmal_tmpfs (file (read write getattr))) -(allow mtkmal tmpfs_26_0 (dir (getattr search))) -(allow mtkmal socket_device_26_0 (sock_file (write))) -(allow mtkmal device_26_0 (dir (write))) -(allow mtkmal device_26_0 (dir (add_name))) -(allow mtkmal device_26_0 (lnk_file (create))) -(allow mtkmal device_26_0 (dir (remove_name))) -(allow mtkmal device_26_0 (lnk_file (unlink))) -(allow mtkmal persist_mal_prop (property_service (set))) -(allow mtkmal volte_imcb (unix_stream_socket (connectto))) -(allow mtkmal volte_imsa1_socket (sock_file (write))) -(allow mtkmal mtkmal (unix_stream_socket (connectto))) -(allow mtkmal mal_mfi_socket (sock_file (write))) -(allow mtkmal init_26_0 (unix_stream_socket (connectto))) -(allow mtkmal property_socket_26_0 (sock_file (write))) -(allow mtkmal ctl_volte_imcb_prop (property_service (set))) -(allow mtkmal ctl_volte_ua_prop (property_service (set))) -(allow mtkmal ctl_volte_stack_prop (property_service (set))) -(allow mtkmal volte_prop (property_service (set))) -(allow mtkmal ril_mux_report_case_prop (property_service (set))) -(allow mtkmal radio_prop_26_0 (property_service (set))) -(allow mtkmal self (capability (setgid setuid))) -(allow mtkmal devpts_26_0 (chr_file (setattr))) -(allow mtkmal epdg_wod (unix_stream_socket (connectto))) -(allow mtkmal wod_sim_socket (sock_file (write))) -(allow mtkmal wod_action_socket (sock_file (write))) -(allow mtkmal self (udp_socket (ioctl create))) -(allow mtkmal device_26_0 (dir (write))) -(allow mtkmal device_26_0 (dir (add_name))) -(allow mtkmal self (netlink_route_socket (read write create bind nlmsg_read nlmsg_write))) -(allow mtkmal device_26_0 (lnk_file (create))) -(allow mtkmal wfca (unix_stream_socket (connectto))) -(allow mtkmal vendor_file_26_0 (dir (read))) -(allow mtkmal vendor_file_26_0 (dir (open))) -(allow init_26_0 volte_imcb_exec (file (read getattr execute open))) -(allow init_26_0 volte_imcb (process (transition))) -(allow volte_imcb volte_imcb_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 volte_imcb (process (noatsecure))) -(allow init_26_0 volte_imcb (process (siginh rlimitinh))) -(typetransition init_26_0 volte_imcb_exec process volte_imcb) -(typetransition volte_imcb tmpfs_26_0 file volte_imcb_tmpfs) -(allow volte_imcb volte_imcb_tmpfs (file (read write getattr))) -(allow volte_imcb tmpfs_26_0 (dir (getattr search))) -(allow volte_imcb node_26_0 (tcp_socket (node_bind))) -(allow volte_imcb port_26_0 (tcp_socket (name_bind))) -(allow volte_imcb self (tcp_socket (create bind listen accept setopt))) -(allow volte_imcb socket_device_26_0 (sock_file (write))) -(allow volte_imcb volte_ua (unix_stream_socket (connectto))) -(allow volte_imcb self (tcp_socket (read getattr))) -(allow volte_imcb self (tcp_socket (write))) -(allow volte_imcb self (capability (setgid setuid))) -(allow volte_imcb volte_ua_socket (sock_file (write))) -(allow volte_imcb volte_ua (unix_stream_socket (connectto))) -(allow volte_imcb volte_imcb_socket (sock_file (write))) -(allow volte_imcb init_26_0 (unix_stream_socket (connectto))) -(allow volte_imcb property_socket_26_0 (sock_file (write))) -(allow volte_imcb system_prop_26_0 (property_service (set))) -(allow volte_imcb volte_prop (property_service (set))) -(allow volte_imcb netd_26_0 (unix_stream_socket (connectto))) -(allow volte_imcb netd_socket_26_0 (sock_file (write))) -(allow netd_26_0 volte_imcb (fd (use))) -(allow netd_26_0 volte_imcb (tcp_socket (read write getopt setopt))) -(allow netd_26_0 volte_imcb (udp_socket (read write getopt setopt))) -(allow init_26_0 volte_imsm_md_exec (file (read getattr execute open))) -(allow init_26_0 volte_imsm_md (process (transition))) -(allow volte_imsm_md volte_imsm_md_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 volte_imsm_md (process (noatsecure))) -(allow init_26_0 volte_imsm_md (process (siginh rlimitinh))) -(typetransition init_26_0 volte_imsm_md_exec process volte_imsm_md) -(typetransition volte_imsm_md tmpfs_26_0 file volte_imsm_md_tmpfs) -(allow volte_imsm_md volte_imsm_md_tmpfs (file (read write getattr))) -(allow volte_imsm_md tmpfs_26_0 (dir (getattr search))) -(allow volte_imsm_md socket_device_26_0 (sock_file (write))) -(allow volte_imsm_md volte_imcb (unix_stream_socket (connectto))) -(allow volte_imsm_md volte_imsa1_socket (sock_file (write))) -(allow volte_imsm_md mtkmal (unix_stream_socket (connectto))) -(allow volte_imsm_md mal_mfi_socket (sock_file (write))) -(allow volte_imsm_md init_26_0 (unix_stream_socket (connectto))) -(allow volte_imsm_md property_socket_26_0 (sock_file (write))) -(allow volte_imsm_md ctl_volte_imcb_prop (property_service (set))) -(allow volte_imsm_md ctl_volte_ua_prop (property_service (set))) -(allow volte_imsm_md ctl_volte_stack_prop (property_service (set))) -(allow volte_imsm_md volte_prop (property_service (set))) -(allow volte_imsm_md self (capability (setgid setuid))) -(allow volte_imsm_md system_file_26_0 (file (execute_no_trans))) -(allow volte_imsm_md devpts_26_0 (chr_file (setattr))) -(allow volte_imsm_md epdg_wod (unix_stream_socket (connectto))) -(allow volte_imsm_md wod_sim_socket (sock_file (write))) -(allow volte_imsm_md wod_action_socket (sock_file (write))) -(allow volte_imsm_md self (udp_socket (ioctl create))) -(allow init_26_0 volte_stack_exec (file (read getattr execute open))) -(allow init_26_0 volte_stack (process (transition))) -(allow volte_stack volte_stack_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 volte_stack (process (noatsecure))) -(allow init_26_0 volte_stack (process (siginh rlimitinh))) -(typetransition init_26_0 volte_stack_exec process volte_stack) -(typetransition volte_stack tmpfs_26_0 file volte_stack_tmpfs) -(allow volte_stack volte_stack_tmpfs (file (read write getattr))) -(allow volte_stack tmpfs_26_0 (dir (getattr search))) -(allow volte_stack system_data_file_26_0 (dir (ioctl read write getattr lock add_name search open))) -(allow volte_stack ims_ipsec_data_file (file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow volte_stack ims_ipsec_data_file (lnk_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow volte_stack ims_ipsec_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow volte_stack ims_ipsec_data_file (fifo_file (ioctl read write create getattr setattr lock append unlink rename open))) -(allow volte_stack ims_ipsec_data_file (dir (ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open))) -(typetransition volte_stack system_data_file_26_0 dir ims_ipsec_data_file) -(typetransition volte_stack system_data_file_26_0 fifo_file ims_ipsec_data_file) -(typetransition volte_stack system_data_file_26_0 sock_file ims_ipsec_data_file) -(typetransition volte_stack system_data_file_26_0 lnk_file ims_ipsec_data_file) -(typetransition volte_stack system_data_file_26_0 file ims_ipsec_data_file) -(allow volte_stack socket_device_26_0 (sock_file (write))) -(allow volte_stack self (key_socket (read write create setopt))) -(allow volte_stack self (capability (net_admin))) -(allow volte_stack self (capability (setgid setuid))) -(allow volte_stack self (tcp_socket (create bind listen setopt))) -(allow volte_stack self (udp_socket (read write bind setopt))) -(allow volte_stack self (udp_socket (create))) -(allow volte_stack self (tcp_socket (shutdown))) -(allow volte_stack self (udp_socket (shutdown))) -(allow volte_stack node_26_0 (tcp_socket (node_bind))) -(allow volte_stack node_26_0 (udp_socket (node_bind))) -(allow volte_stack port_26_0 (tcp_socket (name_bind))) -(allow volte_stack port_26_0 (udp_socket (name_bind))) -(allow volte_stack self (tcp_socket (accept))) -(allow volte_stack self (tcp_socket (read))) -(allow volte_stack self (tcp_socket (write))) -(allow volte_stack self (tcp_socket (getattr))) -(allow volte_stack self (tcp_socket (connect))) -(allow volte_stack port_26_0 (tcp_socket (name_connect))) -(allow volte_stack volte_stack_socket (sock_file (write))) -(allow volte_stack init_26_0 (unix_stream_socket (connectto))) -(allow volte_stack property_socket_26_0 (sock_file (write))) -(allow volte_stack self (netlink_xfrm_socket (read write create bind nlmsg_read nlmsg_write))) -(allow volte_stack system_prop_26_0 (property_service (set))) -(allow volte_stack netd_26_0 (unix_stream_socket (connectto))) -(allow volte_stack netd_socket_26_0 (sock_file (write))) -(allow netd_26_0 volte_stack (fd (use))) -(allow netd_26_0 volte_stack (tcp_socket (read write getopt setopt))) -(allow netd_26_0 volte_stack (udp_socket (read write getopt setopt))) -(allow init_26_0 volte_ua_exec (file (read getattr execute open))) -(allow init_26_0 volte_ua (process (transition))) -(allow volte_ua volte_ua_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 volte_ua (process (noatsecure))) -(allow init_26_0 volte_ua (process (siginh rlimitinh))) -(typetransition init_26_0 volte_ua_exec process volte_ua) -(typetransition volte_ua tmpfs_26_0 file volte_ua_tmpfs) -(allow volte_ua volte_ua_tmpfs (file (read write getattr))) -(allow volte_ua tmpfs_26_0 (dir (getattr search))) -(allow volte_ua socket_device_26_0 (sock_file (write))) -(allow volte_ua volte_stack (unix_stream_socket (connectto))) -(allow volte_ua wfca (unix_stream_socket (connectto))) -(allow volte_ua node_26_0 (udp_socket (node_bind))) -(allow volte_ua self (udp_socket (create bind))) -(allow volte_ua self (udp_socket (read))) -(allow volte_ua self (capability (setgid setuid))) -(allow volte_ua volte_stack_socket (sock_file (write))) -(allow volte_ua volte_stack (unix_stream_socket (connectto))) -(allow volte_ua volte_ua_socket (sock_file (write))) -(allow volte_ua self (udp_socket (setopt))) -(allow volte_ua self (capability2 (wake_alarm))) -(allow volte_ua netd_26_0 (unix_stream_socket (connectto))) -(allow volte_ua netd_socket_26_0 (sock_file (write))) -(allow netd_26_0 volte_ua (fd (use))) -(allow netd_26_0 volte_ua (tcp_socket (read write getopt setopt))) -(allow netd_26_0 volte_ua (udp_socket (read write getopt setopt))) -(allow init_26_0 wfca_exec (file (read getattr execute open))) -(allow init_26_0 wfca (process (transition))) -(allow wfca wfca_exec (file (read getattr execute entrypoint open))) -(dontaudit init_26_0 wfca (process (noatsecure))) -(allow init_26_0 wfca (process (siginh rlimitinh))) -(typetransition init_26_0 wfca_exec process wfca) -(typetransition wfca tmpfs_26_0 file wfca_tmpfs) -(allow wfca wfca_tmpfs (file (read write getattr))) -(allow wfca tmpfs_26_0 (dir (getattr search))) -(allow wfca socket_device_26_0 (sock_file (write create unlink))) -(allow wfca socket_device_26_0 (dir (write add_name remove_name))) -(allow wfca self (capability (setgid setuid net_admin net_raw))) -(allow wfca self (udp_socket (ioctl read write create getattr bind setopt shutdown))) -(allow wfca node_26_0 (udp_socket (node_bind))) -(allow wfca port_26_0 (udp_socket (name_bind))) -(allow wfca fwmarkd_socket_26_0 (sock_file (write))) -#(allow wfca system_file_26_0 (file (execute_no_trans))) -(allow wfca ccci_device (chr_file (ioctl read write open))) -(allow wfca sysfs_wake_lock_26_0 (file (read write open))) -(allow wfca self (rawip_socket (read write create getattr bind setopt))) -(allow wfca node_26_0 (rawip_socket (node_bind))) -(allow wfca volte_ua (fd (use))) -(allow wfca volte_ua (udp_socket (read write getattr getopt setopt shutdown))) -(allow wfca self (packet_socket (read create setopt))) -(allow wfca self (capability2 (block_suspend))) -(allow wfca netd_26_0 (unix_stream_socket (connectto))) -(allow wfca netd_socket_26_0 (sock_file (write))) -(allow netd_26_0 wfca (fd (use))) -(allow netd_26_0 wfca (tcp_socket (read write getopt setopt))) -(allow netd_26_0 wfca (udp_socket (read write getopt setopt))) -(typetransition MPED system_data_file_26_0 sock_file "mtk_mpe_server" MPED_socket) -(typetransition hal_wifi_supplicant_default wifi_data_file_26_0 dir "sockets" wpa_socket) -(typeattribute base_typeattr_185_26_0) -(typeattributeset base_typeattr_185_26_0 ((and (domain) ((not (hal_nvramagent_server)))))) -(typeattribute base_typeattr_184_26_0) -(typeattributeset base_typeattr_184_26_0 ((and (domain) ((not (mtk_hal_wifi_hostapd_server)))))) -(typeattribute base_typeattr_183_26_0) -(typeattributeset base_typeattr_183_26_0 ((and (domain) ((not (hal_pq_server)))))) -(typeattribute base_typeattr_182_26_0) -(typeattributeset base_typeattr_182_26_0 ((and (domain) ((not (hal_power)))))) -(typeattribute base_typeattr_181_26_0) -(typeattributeset base_typeattr_181_26_0 ((and (domain) ((not (mtk_hal_lbs_server)))))) -(typeattribute base_typeattr_180_26_0) -(typeattributeset base_typeattr_180_26_0 ((and (domain) ((not (mtk_hal_keyattestation_server)))))) -(typeattribute base_typeattr_179_26_0) -(typeattributeset base_typeattr_179_26_0 ((and (domain) ((not (hal_imsa_server)))))) -(typeattribute base_typeattr_178_26_0) -(typeattributeset base_typeattr_178_26_0 ((and (domain) ((not (hal_bluetooth)))))) -(typeattribute base_typeattr_177_26_0) -(typeattributeset base_typeattr_177_26_0 ((and (domain) ((not (crash_dump_26_0 lmkd_26_0)))))) -(typeattribute base_typeattr_176_26_0) -(typeattributeset base_typeattr_176_26_0 ((and (domain) ((not (untrusted_app_all ephemeral_app_26_0 isolated_app_26_0 untrusted_app_26_0 untrusted_app_25_26_0 untrusted_v2_app_26_0)))))) -(typeattribute base_typeattr_175_26_0) -(typeattributeset base_typeattr_175_26_0 ((and (coredomain) ((not (untrusted_app_all untrusted_v2_app_26_0)))))) -(typeattribute base_typeattr_174_26_0) -(typeattributeset base_typeattr_174_26_0 ((and (domain) ((not (init_26_0 keystore_26_0 logd_26_0)))))) -(typeattribute base_typeattr_173_26_0) -(typeattributeset base_typeattr_173_26_0 ((and (domain) ((not (coredomain init_26_0)))))) -(typeattribute base_typeattr_172_26_0) -(typeattributeset base_typeattr_172_26_0 ((and (domain) ((not (wificond_26_0)))))) -(typeattribute base_typeattr_171_26_0) -(typeattributeset base_typeattr_171_26_0 ((and (domain) ((not (vr_hwc_26_0)))))) -(typeattribute base_typeattr_170_26_0) -(typeattributeset base_typeattr_170_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 vold_26_0)))))) -(typeattribute base_typeattr_169_26_0) -(typeattributeset base_typeattr_169_26_0 ((and (domain) ((not (kernel_26_0 vold_26_0)))))) -(typeattribute base_typeattr_168_26_0) -(typeattributeset base_typeattr_168_26_0 ((and (domain) ((not (virtual_touchpad_26_0)))))) -(typeattribute base_typeattr_167_26_0) -(typeattributeset base_typeattr_167_26_0 ((and (coredomain) ((not (init_26_0 modprobe_26_0)))))) -(typeattribute base_typeattr_166_26_0) -(typeattributeset base_typeattr_166_26_0 ((and (domain) ((not (update_engine_26_0)))))) -(typeattribute base_typeattr_165_26_0) -(typeattributeset base_typeattr_165_26_0 ((and (fs_type file_type) ((not (toolbox_exec_26_0)))))) -(typeattribute base_typeattr_164_26_0) -(typeattributeset base_typeattr_164_26_0 ((and (service_manager_type) ((not (gatekeeper_service_26_0 incident_service_26_0 installd_service_26_0 netd_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0)))))) -(typeattribute base_typeattr_163_26_0) -(typeattributeset base_typeattr_163_26_0 ((and (fs_type file_type) ((not (sgdisk_exec_26_0)))))) -(typeattribute base_typeattr_162_26_0) -(typeattributeset base_typeattr_162_26_0 ((and (domain) ((not (hwservicemanager_26_0 init_26_0 vndservicemanager_26_0)))))) -(typeattribute base_typeattr_161_26_0) -(typeattributeset base_typeattr_161_26_0 ((and (appdomain) ((not (system_app_26_0)))))) -(typeattribute base_typeattr_160_26_0) -(typeattributeset base_typeattr_160_26_0 ((and (domain) ((not (radio_26_0)))))) -(typeattribute base_typeattr_159_26_0) -(typeattributeset base_typeattr_159_26_0 ((and (core_property_type) ((not (audio_prop_26_0 config_prop_26_0 cppreopt_prop_26_0 dalvik_prop_26_0 debuggerd_prop_26_0 debug_prop_26_0 default_prop_26_0 dhcp_prop_26_0 dumpstate_prop_26_0 ffs_prop_26_0 fingerprint_prop_26_0 logd_prop_26_0 net_radio_prop_26_0 nfc_prop_26_0 pan_result_prop_26_0 persist_debug_prop_26_0 powerctl_prop_26_0 radio_prop_26_0 restorecon_prop_26_0 shell_prop_26_0 system_prop_26_0 system_radio_prop_26_0 vold_prop_26_0)))))) -(typeattribute base_typeattr_158_26_0) -(typeattributeset base_typeattr_158_26_0 ((and (domain) ((not (performanced_26_0)))))) -(typeattribute base_typeattr_157_26_0) -(typeattributeset base_typeattr_157_26_0 ((and (domain) ((not (dumpstate_26_0 netd_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_156_26_0) -(typeattributeset base_typeattr_156_26_0 ((and (domain) ((not (netd_26_0)))))) -(typeattribute base_typeattr_155_26_0) -(typeattributeset base_typeattr_155_26_0 ((and (domain) ((not (mediaserver_26_0)))))) -(typeattribute base_typeattr_154_26_0) -(typeattributeset base_typeattr_154_26_0 ((and (domain) ((not (mediametrics_26_0)))))) -(typeattribute base_typeattr_153_26_0) -(typeattributeset base_typeattr_153_26_0 ((and (domain) ((not (mediaextractor_26_0)))))) -(typeattribute base_typeattr_152_26_0) -(typeattributeset base_typeattr_152_26_0 ((and (domain) ((not (mediadrmserver_26_0)))))) -(typeattribute base_typeattr_151_26_0) -(typeattributeset base_typeattr_151_26_0 ((and (domain) ((not (mediacodec_26_0)))))) -(typeattribute base_typeattr_150_26_0) -(typeattributeset base_typeattr_150_26_0 ((and (domain) ((not (init_26_0 logd_26_0)))))) -(typeattribute base_typeattr_149_26_0) -(typeattributeset base_typeattr_149_26_0 ((and (domain) ((not (crash_dump_26_0)))))) -(typeattribute base_typeattr_148_26_0) -(typeattributeset base_typeattr_148_26_0 ((and (domain) ((not (init_26_0 keystore_26_0)))))) -(typeattribute base_typeattr_147_26_0) -(typeattributeset base_typeattr_147_26_0 ((and (domain) ((not (keystore_26_0)))))) -(typeattribute base_typeattr_146_26_0) -(typeattributeset base_typeattr_146_26_0 ((and (domain) ((not (servicemanager_26_0 su_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_145_26_0) -(typeattributeset base_typeattr_145_26_0 ((and (domain) ((not (dumpstate_26_0 installd_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_144_26_0) -(typeattributeset base_typeattr_144_26_0 ((and (domain) ((not (installd_26_0)))))) -(typeattribute base_typeattr_143_26_0) -(typeattributeset base_typeattr_143_26_0 ((and (domain) ((not (inputflinger_26_0)))))) -(typeattribute base_typeattr_142_26_0) -(typeattributeset base_typeattr_142_26_0 ((and (fs_type file_type) ((not (init_exec_26_0)))))) -(typeattribute base_typeattr_141_26_0) -(typeattributeset base_typeattr_141_26_0 ((and (dev_type) ((not (kmem_device_26_0 port_device_26_0)))))) -(typeattribute base_typeattr_140_26_0) -(typeattributeset base_typeattr_140_26_0 ((and (dev_type) ((not (device_26_0 alarm_device_26_0 ashmem_device_26_0 binder_device_26_0 hwbinder_device_26_0 dm_device_26_0 keychord_device_26_0 console_device_26_0 hw_random_device_26_0 kmem_device_26_0 port_device_26_0 ptmx_device_26_0 kmsg_device_26_0 null_device_26_0 random_device_26_0 owntty_device_26_0 zero_device_26_0 devpts_26_0)))))) -(typeattribute base_typeattr_139_26_0) -(typeattributeset base_typeattr_139_26_0 ((and (dev_type) ((not (device_26_0 vndbinder_device_26_0 kmem_device_26_0 port_device_26_0)))))) -(typeattribute base_typeattr_138_26_0) -(typeattributeset base_typeattr_138_26_0 ((and (fs_type) ((not (contextmount_type sdcard_type rootfs_26_0)))))) -(typeattribute base_typeattr_137_26_0) -(typeattributeset base_typeattr_137_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0)))))) -(typeattribute base_typeattr_136_26_0) -(typeattributeset base_typeattr_136_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 runtime_event_log_tags_file_26_0 shell_data_file_26_0 keystore_data_file_26_0 vold_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 misc_logd_file_26_0)))))) -(typeattribute base_typeattr_135_26_0) -(typeattributeset base_typeattr_135_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 shell_data_file_26_0 keystore_data_file_26_0 vold_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 misc_logd_file_26_0)))))) -(typeattribute base_typeattr_134_26_0) -(typeattributeset base_typeattr_134_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 app_data_file_26_0 system_app_data_file_26_0 misc_logd_file_26_0)))))) -(typeattribute base_typeattr_133_26_0) -(typeattributeset base_typeattr_133_26_0 ((and (domain) ((not (healthd_26_0)))))) -(typeattribute base_typeattr_132_26_0) -(typeattributeset base_typeattr_132_26_0 ((and (domain) ((not (hal_wifi_supplicant_server)))))) -(typeattribute base_typeattr_131_26_0) -(typeattributeset base_typeattr_131_26_0 ((and (domain) ((not (hal_wifi_server)))))) -(typeattribute base_typeattr_130_26_0) -(typeattributeset base_typeattr_130_26_0 ((and (domain) ((not (hal_weaver_server)))))) -(typeattribute base_typeattr_129_26_0) -(typeattributeset base_typeattr_129_26_0 ((and (domain) ((not (hal_vr_server)))))) -(typeattribute base_typeattr_128_26_0) -(typeattributeset base_typeattr_128_26_0 ((and (domain) ((not (hal_vibrator_server)))))) -(typeattribute base_typeattr_127_26_0) -(typeattributeset base_typeattr_127_26_0 ((and (domain) ((not (hal_usb_server)))))) -(typeattribute base_typeattr_126_26_0) -(typeattributeset base_typeattr_126_26_0 ((and (domain) ((not (hal_tv_input_server)))))) -(typeattribute base_typeattr_125_26_0) -(typeattributeset base_typeattr_125_26_0 ((and (domain) ((not (hal_tv_cec_server)))))) -(typeattribute base_typeattr_124_26_0) -(typeattributeset base_typeattr_124_26_0 ((and (domain) ((not (hal_thermal_server)))))) -(typeattribute base_typeattr_123_26_0) -(typeattributeset base_typeattr_123_26_0 ((and (domain) ((not (hal_telephony_server)))))) -(typeattribute base_typeattr_122_26_0) -(typeattributeset base_typeattr_122_26_0 ((and (domain) ((not (hal_sensors_server)))))) -(typeattribute base_typeattr_121_26_0) -(typeattributeset base_typeattr_121_26_0 ((and (domain) ((not (hal_power_server)))))) -(typeattribute base_typeattr_120_26_0) -(typeattributeset base_typeattr_120_26_0 ((and (domain) ((not (hal_oemlock_server)))))) -(typeattribute base_typeattr_119_26_0) -(typeattributeset base_typeattr_119_26_0 ((and (domain) ((not (hal_nfc_server)))))) -(typeattribute base_typeattr_118_26_0) -(typeattributeset base_typeattr_118_26_0 ((and (halserverdomain) ((not (hal_dumpstate_server rild_26_0)))))) -(typeattribute base_typeattr_117_26_0) -(typeattributeset base_typeattr_117_26_0 ((and (halserverdomain) ((not (hal_tetheroffload_server hal_wifi_server hal_wifi_supplicant_server rild_26_0)))))) -(typeattribute base_typeattr_116_26_0) -(typeattributeset base_typeattr_116_26_0 ((and (halserverdomain) ((not (hal_bluetooth_server hal_wifi_server hal_wifi_supplicant_server rild_26_0)))))) -(typeattribute base_typeattr_115_26_0) -(typeattributeset base_typeattr_115_26_0 ((and (domain) ((not (hal_memtrack_server)))))) -(typeattribute base_typeattr_114_26_0) -(typeattributeset base_typeattr_114_26_0 ((and (domain) ((not (hal_light_server)))))) -(typeattribute base_typeattr_113_26_0) -(typeattributeset base_typeattr_113_26_0 ((and (domain) ((not (hal_keymaster_server)))))) -(typeattribute base_typeattr_112_26_0) -(typeattributeset base_typeattr_112_26_0 ((and (domain) ((not (hal_ir_server)))))) -(typeattribute base_typeattr_111_26_0) -(typeattributeset base_typeattr_111_26_0 ((and (domain) ((not (hal_health_server)))))) -(typeattribute base_typeattr_110_26_0) -(typeattributeset base_typeattr_110_26_0 ((and (domain) ((not (hal_graphics_composer_server)))))) -(typeattribute base_typeattr_109_26_0) -(typeattributeset base_typeattr_109_26_0 ((and (domain) ((not (hal_graphics_allocator_server)))))) -(typeattribute base_typeattr_108_26_0) -(typeattributeset base_typeattr_108_26_0 ((and (domain) ((not (hal_gnss_server)))))) -(typeattribute base_typeattr_107_26_0) -(typeattributeset base_typeattr_107_26_0 ((and (domain) ((not (hal_gatekeeper_server)))))) -(typeattribute base_typeattr_106_26_0) -(typeattributeset base_typeattr_106_26_0 ((and (domain) ((not (hal_fingerprint_server)))))) -(typeattribute base_typeattr_105_26_0) -(typeattributeset base_typeattr_105_26_0 ((and (domain) ((not (hal_dumpstate_server)))))) -(typeattribute base_typeattr_104_26_0) -(typeattributeset base_typeattr_104_26_0 ((and (domain) ((not (hal_drm_server)))))) -(typeattribute base_typeattr_103_26_0) -(typeattributeset base_typeattr_103_26_0 ((and (domain) ((not (hal_contexthub_server)))))) -(typeattribute base_typeattr_102_26_0) -(typeattributeset base_typeattr_102_26_0 ((and (domain) ((not (hal_configstore_server)))))) -(typeattribute base_typeattr_101_26_0) -(typeattributeset base_typeattr_101_26_0 ((and (halserverdomain) ((not (hal_camera_server)))))) -(typeattribute base_typeattr_100_26_0) -(typeattributeset base_typeattr_100_26_0 ((and (appdomain) ((not (isolated_app_26_0)))))) -(typeattribute base_typeattr_99_26_0) -(typeattributeset base_typeattr_99_26_0 ((and (domain) ((not (hal_camera_server)))))) -(typeattribute base_typeattr_98_26_0) -(typeattributeset base_typeattr_98_26_0 ((and (domain) ((not (hal_bootctl_server)))))) -(typeattribute base_typeattr_97_26_0) -(typeattributeset base_typeattr_97_26_0 ((and (domain) ((not (hal_bluetooth_server)))))) -(typeattribute base_typeattr_96_26_0) -(typeattributeset base_typeattr_96_26_0 ((and (halserverdomain) ((not (hal_audio_server)))))) -(typeattribute base_typeattr_95_26_0) -(typeattributeset base_typeattr_95_26_0 ((and (domain) ((not (hal_audio_server)))))) -(typeattribute base_typeattr_94_26_0) -(typeattributeset base_typeattr_94_26_0 ((and (domain) ((not (hal_allocator_server)))))) -(typeattribute base_typeattr_93_26_0) -(typeattributeset base_typeattr_93_26_0 ((and (domain) ((not (gatekeeperd_26_0)))))) -(typeattribute base_typeattr_92_26_0) -(typeattributeset base_typeattr_92_26_0 ((and (domain) ((not (vold_26_0)))))) -(typeattribute base_typeattr_91_26_0) -(typeattributeset base_typeattr_91_26_0 ((and (fs_type file_type) ((not (fsck_exec_26_0)))))) -(typeattribute base_typeattr_90_26_0) -(typeattributeset base_typeattr_90_26_0 ((and (domain) ((not (init_26_0 vold_26_0)))))) -(typeattribute base_typeattr_89_26_0) -(typeattributeset base_typeattr_89_26_0 ((and (domain) ((not (fingerprintd_26_0)))))) -(typeattribute base_typeattr_88_26_0) -(typeattributeset base_typeattr_88_26_0 ((and (domain) ((not (dumpstate_26_0 shell_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_87_26_0) -(typeattributeset base_typeattr_87_26_0 ((and (domain) ((not (dumpstate_26_0)))))) -(typeattribute base_typeattr_86_26_0) -(typeattributeset base_typeattr_86_26_0 ((and (service_manager_type) ((not (dumpstate_service_26_0 gatekeeper_service_26_0 incident_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0)))))) -(typeattribute base_typeattr_85_26_0) -(typeattributeset base_typeattr_85_26_0 ((and (domain) ((not (drmserver_26_0)))))) -(typeattribute base_typeattr_84_26_0) -(typeattributeset base_typeattr_84_26_0 ((not (coredomain)))) -(typeattribute base_typeattr_83_26_0) -(typeattributeset base_typeattr_83_26_0 ((not (rootfs_26_0 system_file_26_0 vendor_file_26_0)))) -(typeattribute base_typeattr_82_26_0) -(typeattributeset base_typeattr_82_26_0 ((and (domain) ((not (installd_26_0 profman_26_0)))))) -(typeattribute base_typeattr_81_26_0) -(typeattributeset base_typeattr_81_26_0 ((and (domain) ((not (dumpstate_26_0 init_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_80_26_0) -(typeattributeset base_typeattr_80_26_0 ((not (hwservicemanager_26_0)))) -(typeattribute base_typeattr_79_26_0) -(typeattributeset base_typeattr_79_26_0 ((not (servicemanager_26_0 vndservicemanager_26_0)))) -(typeattribute base_typeattr_78_26_0) -(typeattributeset base_typeattr_78_26_0 ((and (domain) ((not (appdomain adbd_26_0 dumpstate_26_0 installd_26_0 uncrypt_26_0)))))) -(typeattribute base_typeattr_77_26_0) -(typeattributeset base_typeattr_77_26_0 ((and (domain) ((not (appdomain adbd_26_0 dumpstate_26_0 init_26_0 installd_26_0 system_server_26_0 uncrypt_26_0)))))) -(typeattribute base_typeattr_76_26_0) -(typeattributeset base_typeattr_76_26_0 ((and (domain) ((not (adbd_26_0 dumpstate_26_0 init_26_0 installd_26_0 shell_26_0 vold_26_0)))))) -(typeattribute base_typeattr_75_26_0) -(typeattributeset base_typeattr_75_26_0 ((and (domain) ((not (installd_26_0 shell_26_0 uncrypt_26_0)))))) -(typeattribute base_typeattr_74_26_0) -(typeattributeset base_typeattr_74_26_0 ((and (domain) ((not (appdomain installd_26_0 uncrypt_26_0)))))) -(typeattribute base_typeattr_73_26_0) -(typeattributeset base_typeattr_73_26_0 ((and (appdomain) ((not (bluetooth_26_0 shell_26_0 su_26_0)))))) -(typeattribute base_typeattr_72_26_0) -(typeattributeset base_typeattr_72_26_0 ((and (domain) ((not (runas_26_0 webview_zygote_26_0 zygote_26_0)))))) -(typeattribute base_typeattr_71_26_0) -(typeattributeset base_typeattr_71_26_0 ((and (domain) ((not (adbd_26_0 init_26_0 runas_26_0 zygote_26_0)))))) -(typeattribute base_typeattr_70_26_0) -(typeattributeset base_typeattr_70_26_0 ((and (domain) ((not (appdomain installd_26_0)))))) -(typeattribute base_typeattr_69_26_0) -(typeattributeset base_typeattr_69_26_0 ((and (domain) ((not (appdomain installd_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_68_26_0) -(typeattributeset base_typeattr_68_26_0 ((and (domain) ((not (init_26_0 installd_26_0 system_app_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_67_26_0) -(typeattributeset base_typeattr_67_26_0 ((not (domain)))) -(typeattribute base_typeattr_66_26_0) -(typeattributeset base_typeattr_66_26_0 ((and (domain) ((not (untrusted_app_all)))))) -(typeattribute base_typeattr_65_26_0) -(typeattributeset base_typeattr_65_26_0 ((and (file_type) ((not (apk_data_file_26_0 app_data_file_26_0 asec_public_file_26_0)))))) -(typeattribute base_typeattr_64_26_0) -(typeattributeset base_typeattr_64_26_0 ((and (domain) ((not (dumpstate_26_0 shell_26_0 su_26_0)))))) -(typeattribute base_typeattr_63_26_0) -(typeattributeset base_typeattr_63_26_0 ((and (domain) ((not (dumpstate_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_62_26_0) -(typeattributeset base_typeattr_62_26_0 ((and (domain) ((not (crash_dump_26_0 mediacodec_26_0 mediaextractor_26_0)))))) -(typeattribute base_typeattr_61_26_0) -(typeattributeset base_typeattr_61_26_0 ((and (domain) ((not (crash_dump_26_0 dumpstate_26_0 mediacodec_26_0 mediaextractor_26_0 system_server_26_0 tombstoned_26_0)))))) -(typeattribute base_typeattr_60_26_0) -(typeattributeset base_typeattr_60_26_0 ((and (domain) ((not (system_server_26_0 webview_zygote_26_0)))))) -(typeattribute base_typeattr_59_26_0) -(typeattributeset base_typeattr_59_26_0 ((and (domain) ((not (system_server_26_0)))))) -(typeattribute base_typeattr_58_26_0) -(typeattributeset base_typeattr_58_26_0 ((and (domain) ((not (system_server_26_0 zygote_26_0)))))) -(typeattribute base_typeattr_57_26_0) -(typeattributeset base_typeattr_57_26_0 ((and (domain) ((not (cppreopts_26_0 dex2oat_26_0 init_26_0 installd_26_0 otapreopt_slot_26_0 postinstall_dexopt_26_0 zygote_26_0)))))) -(typeattribute base_typeattr_56_26_0) -(typeattributeset base_typeattr_56_26_0 ((and (exec_type) ((not (vendor_file_type crash_dump_exec_26_0 netutils_wrapper_exec_26_0)))))) -(typeattribute base_typeattr_55_26_0) -(typeattributeset base_typeattr_55_26_0 ((and (domain) ((not (appdomain coredomain vendor_executes_system_violators rild_26_0)))))) -(typeattribute base_typeattr_54_26_0) -(typeattributeset base_typeattr_54_26_0 ((and (coredomain) ((not (init_26_0)))))) -(typeattribute base_typeattr_53_26_0) -(typeattributeset base_typeattr_53_26_0 ((and (coredomain) ((not (appdomain idmap_26_0 init_26_0 installd_26_0 system_server_26_0 zygote_26_0)))))) -(typeattribute base_typeattr_52_26_0) -(typeattributeset base_typeattr_52_26_0 ((and (coredomain) ((not (appdomain dex2oat_26_0 idmap_26_0 init_26_0 installd_26_0 postinstall_dexopt_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_51_26_0) -(typeattributeset base_typeattr_51_26_0 ((and (dev_type file_type) ((not (core_data_file_type coredomain_socket unlabeled_26_0)))))) -(typeattribute base_typeattr_50_26_0) -(typeattributeset base_typeattr_50_26_0 ((and (coredomain) ((not (socket_between_core_and_vendor_violators init_26_0 ueventd_26_0)))))) -(typeattribute base_typeattr_49_26_0) -(typeattributeset base_typeattr_49_26_0 ((and (core_data_file_type coredomain_socket unlabeled_26_0) ((not (pdx_endpoint_socket_type pdx_channel_socket_type app_data_file_26_0)))))) -(typeattribute base_typeattr_48_26_0) -(typeattributeset base_typeattr_48_26_0 ((and (domain) ((not (netdomain coredomain socket_between_core_and_vendor_violators)))))) -(typeattribute base_typeattr_47_26_0) -(typeattributeset base_typeattr_47_26_0 ((and (coredomain) ((not (incidentd_26_0 init_26_0 logd_26_0 mdnsd_26_0 netd_26_0 su_26_0 tombstoned_26_0)))))) -(typeattribute base_typeattr_46_26_0) -(typeattributeset base_typeattr_46_26_0 ((and (domain) ((not (appdomain coredomain socket_between_core_and_vendor_violators)))))) -(typeattribute base_typeattr_45_26_0) -(typeattributeset base_typeattr_45_26_0 ((and (domain) ((not (coredomain socket_between_core_and_vendor_violators)))))) -(typeattribute base_typeattr_44_26_0) -(typeattributeset base_typeattr_44_26_0 ((and (coredomain) ((not (adbd_26_0 init_26_0)))))) -(typeattribute base_typeattr_43_26_0) -(typeattributeset base_typeattr_43_26_0 ((and (coredomain) ((not (shell_26_0 su_26_0)))))) -(typeattribute base_typeattr_42_26_0) -(typeattributeset base_typeattr_42_26_0 ((and (coredomain) ((not (shell_26_0 su_26_0 ueventd_26_0)))))) -(typeattribute base_typeattr_41_26_0) -(typeattributeset base_typeattr_41_26_0 ((and (service_manager_type) ((not (app_api_service ephemeral_app_api_service audioserver_service_26_0 cameraserver_service_26_0 drmserver_service_26_0 keystore_service_26_0 mediaserver_service_26_0 mediametrics_service_26_0 mediaextractor_service_26_0 mediadrmserver_service_26_0 mediacasserver_service_26_0 nfc_service_26_0 radio_service_26_0 surfaceflinger_service_26_0 virtual_touchpad_service_26_0 vr_hwc_service_26_0 vr_manager_service_26_0)))))) -(typeattribute base_typeattr_40_26_0) -(typeattributeset base_typeattr_40_26_0 ((and (appdomain) ((not (coredomain)))))) -(typeattribute base_typeattr_39_26_0) -(typeattributeset base_typeattr_39_26_0 ((and (domain) ((not (appdomain coredomain binder_in_vendor_violators)))))) -(typeattribute base_typeattr_38_26_0) -(typeattributeset base_typeattr_38_26_0 ((and (domain) ((not (hwservicemanager_26_0 servicemanager_26_0 vndservicemanager_26_0)))))) -(typeattribute base_typeattr_37_26_0) -(typeattributeset base_typeattr_37_26_0 ((and (domain) ((not (domain hal_bootctl init_26_0 recovery_26_0 ueventd_26_0 uncrypt_26_0 update_engine_26_0 vold_26_0)))))) -(typeattribute base_typeattr_36_26_0) -(typeattributeset base_typeattr_36_26_0 ((and (domain) ((not (install_recovery_26_0 recovery_26_0)))))) -(typeattribute base_typeattr_35_26_0) -(typeattributeset base_typeattr_35_26_0 ((and (domain) ((not (recovery_26_0 update_engine_26_0)))))) -(typeattribute base_typeattr_34_26_0) -(typeattributeset base_typeattr_34_26_0 ((and (domain) ((not (init_26_0 recovery_26_0 vold_26_0)))))) -(typeattribute base_typeattr_33_26_0) -(typeattributeset base_typeattr_33_26_0 ((and (domain) ((not (init_26_0 recovery_26_0 shell_26_0 system_server_26_0 ueventd_26_0)))))) -(typeattribute base_typeattr_32_26_0) -(typeattributeset base_typeattr_32_26_0 ((and (domain) ((not (init_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_31_26_0) -(typeattributeset base_typeattr_31_26_0 ((and (domain) ((not (hal_drm adbd_26_0 dumpstate_26_0 init_26_0 mediadrmserver_26_0 recovery_26_0 shell_26_0 system_server_26_0)))))) -(typeattribute base_typeattr_30_26_0) -(typeattributeset base_typeattr_30_26_0 ((and (fs_type) ((not (contextmount_type)))))) -(typeattribute base_typeattr_29_26_0) -(typeattributeset base_typeattr_29_26_0 ((and (domain) ((not (kernel_26_0 recovery_26_0)))))) -(typeattribute base_typeattr_28_26_0) -(typeattributeset base_typeattr_28_26_0 ((and (domain) ((not (shell_26_0)))))) -(typeattribute base_typeattr_27_26_0) -(typeattributeset base_typeattr_27_26_0 ((and (data_file_type) ((not (system_data_file_26_0 apk_data_file_26_0 dalvikcache_data_file_26_0)))))) -(typeattribute base_typeattr_26_26_0) -(typeattributeset base_typeattr_26_26_0 ((and (domain) ((not (appdomain)))))) -(typeattribute base_typeattr_25_26_0) -(typeattributeset base_typeattr_25_26_0 ((and (fs_type) ((not (rootfs_26_0)))))) -(typeattribute base_typeattr_24_26_0) -(typeattributeset base_typeattr_24_26_0 ((and (domain) ((not (appdomain recovery_26_0)))))) -(typeattribute base_typeattr_23_26_0) -(typeattributeset base_typeattr_23_26_0 ((and (file_type) ((not (exec_type vendor_file_type system_file_26_0 postinstall_file_26_0)))))) -(typeattribute base_typeattr_22_26_0) -(typeattributeset base_typeattr_22_26_0 ((and (domain) ((not (appdomain dumpstate_26_0 shell_26_0 su_26_0 system_server_26_0 webview_zygote_26_0 zygote_26_0)))))) -(typeattribute base_typeattr_21_26_0) -(typeattributeset base_typeattr_21_26_0 ((and (fs_type) ((not (sdcard_type)))))) -(typeattribute base_typeattr_20_26_0) -(typeattributeset base_typeattr_20_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 otapreopt_chroot_26_0 recovery_26_0 update_engine_26_0 vold_26_0 zygote_26_0)))))) -(typeattribute base_typeattr_19_26_0) -(typeattributeset base_typeattr_19_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 recovery_26_0)))))) -(typeattribute base_typeattr_18_26_0) -(typeattributeset base_typeattr_18_26_0 ((and (domain) ((not (shell_26_0 ueventd_26_0)))))) -(typeattribute base_typeattr_17_26_0) -(typeattributeset base_typeattr_17_26_0 ((and (file_type) ((not (exec_type postinstall_file_26_0)))))) -(typeattribute base_typeattr_16_26_0) -(typeattributeset base_typeattr_16_26_0 ((and (domain) ((not (init_26_0 shell_26_0 system_server_26_0 ueventd_26_0)))))) -(typeattribute base_typeattr_15_26_0) -(typeattributeset base_typeattr_15_26_0 ((and (domain) ((not (kernel_26_0)))))) -(typeattribute base_typeattr_14_26_0) -(typeattributeset base_typeattr_14_26_0 ((and (domain) ((not (recovery_26_0)))))) -(typeattribute base_typeattr_13_26_0) -(typeattributeset base_typeattr_13_26_0 ((and (domain) ((not (domain healthd_26_0 init_26_0 kernel_26_0 recovery_26_0 tee_26_0 ueventd_26_0 uncrypt_26_0)))))) -(typeattribute base_typeattr_12_26_0) -(typeattributeset base_typeattr_12_26_0 ((and (domain) ((not (init_26_0 kernel_26_0 ueventd_26_0 vold_26_0)))))) -(typeattribute base_typeattr_11_26_0) -(typeattributeset base_typeattr_11_26_0 ((and (domain) ((not (init_26_0 recovery_26_0)))))) -(typeattribute base_typeattr_10_26_0) -(typeattributeset base_typeattr_10_26_0 ((all))) -(typeattribute base_typeattr_9_26_0) -(typeattributeset base_typeattr_9_26_0 ((and (domain) ((not (domain)))))) -(typeattribute base_typeattr_8_26_0) -(typeattributeset base_typeattr_8_26_0 ((and (domain) ((not (coredomain)))))) -(typeattribute base_typeattr_7_26_0) -(typeattributeset base_typeattr_7_26_0 ((and (domain) ((not (servicemanager_26_0 vndservicemanager_26_0)))))) -(typeattribute base_typeattr_6_26_0) -(typeattributeset base_typeattr_6_26_0 ((and (appdomain coredomain binder_in_vendor_violators) ((not (hwservicemanager_26_0)))))) -(typeattribute base_typeattr_5_26_0) -(typeattributeset base_typeattr_5_26_0 ((and (domain) ((not (init_26_0)))))) -(typeattribute base_typeattr_4_26_0) -(typeattributeset base_typeattr_4_26_0 ((and (domain) ((not (display_service_server)))))) -(typeattribute base_typeattr_3_26_0) -(typeattributeset base_typeattr_3_26_0 ((and (domain) ((not (crash_dump_26_0 init_26_0 keystore_26_0 logd_26_0)))))) -(typeattribute base_typeattr_2_26_0) -(typeattributeset base_typeattr_2_26_0 ((and (domain) ((not (cameraserver_26_0)))))) -(typeattribute base_typeattr_1_26_0) -(typeattributeset base_typeattr_1_26_0 ((and (domain) ((not (bufferhubd_26_0)))))) diff --git a/prebuilts/api/26.0/plat_private/README b/prebuilts/api/26.0/plat_private/README deleted file mode 100755 index 6e6b283..0000000 --- a/prebuilts/api/26.0/plat_private/README +++ /dev/null @@ -1,4 +0,0 @@ -This directory contains the MTK SELinux policy configuration for platform private. - -It extend the domains and types for the AOSP services and apps common to -all devices.
\ No newline at end of file diff --git a/prebuilts/api/26.0/plat_private/aee_aed.te b/prebuilts/api/26.0/plat_private/aee_aed.te deleted file mode 100755 index 85ac8b7..0000000 --- a/prebuilts/api/26.0/plat_private/aee_aed.te +++ /dev/null @@ -1,126 +0,0 @@ -# ============================================== -# Policy File of /system/bin/aee_aed Executable File - -# ============================================== -# Type Declaration -# ============================================== -type aee_aed_exec, exec_type, file_type; -typeattribute aee_aed coredomain; -typeattribute aee_aed mlstrustedsubject; - -init_daemon_domain(aee_aed) - -# ============================================== -# MTK Policy Rule -# ============================================== - -# AED start: /dev/block/expdb -allow aee_aed block_device:dir search; - -# aee db dir and db files -allow aee_aed sdcard_type:dir create_dir_perms; -allow aee_aed sdcard_type:file create_file_perms; - -#data/anr -allow aee_aed anr_data_file:dir create_dir_perms; -allow aee_aed anr_data_file:file create_file_perms; - -allow aee_aed domain:process { sigkill getattr getsched}; -allow aee_aed domain:lnk_file getattr; - -#core-pattern -allow aee_aed usermodehelper:file r_file_perms; - -#suid_dumpable. this is neverallow -# allow aee_aed proc_security:file r_file_perms; - -#property -allow aee_aed init:unix_stream_socket connectto; -allow aee_aed property_socket:sock_file write; - -allow aee_aed system_file:file execute_no_trans; - -allow aee_aed init:process getsched; -#allow aee_aed kernel:process getsched; - -# Date: W15.34 -# Operation: Migration -# Purpose: For pagemap & pageflags information in NE DB -userdebug_or_eng(`allow aee_aed self:capability sys_admin;') - -# Date: W16.17 -# Operation: N0 Migeration -# Purpose: creat dir "aee_exp" under /data -allow aee_aed system_data_file:dir { write create add_name }; -allow aee_aed system_data_file:file r_file_perms; - -# Purpose: allow aee_aed to access toolbox -allow aee_aed toolbox_exec:file rx_file_perms; - -# purpose: allow aee_aed to access storage on N version -allow aee_aed media_rw_data_file:file { create_file_perms }; -allow aee_aed media_rw_data_file:dir { create_dir_perms }; - -# Purpose: mnt/user/* -allow aee_aed mnt_user_file:dir search; -allow aee_aed mnt_user_file:lnk_file read; - -allow aee_aed storage_file:dir search; -allow aee_aed storage_file:lnk_file read; - -# Date : WK17.09 -# Operation : AEE UT for Android O -# Purpose : for AEE module to dump files -domain_auto_trans(aee_aed, dumpstate_exec, dumpstate) - -# Purpose : aee_aed communicate with aee_core_forwarder -# allow aee_aed aee_core_forwarder:dir search; -# allow aee_aed aee_core_forwarder:file { read getattr open }; - -userdebug_or_eng(` -# allow aee_aed su:dir {search read open }; -# allow aee_aed su:file { read getattr open }; -') - -# /data/tombstone -allow aee_aed tombstone_data_file:dir w_dir_perms; -allow aee_aed tombstone_data_file:file create_file_perms; - -# /proc/pid/ -allow aee_aed self:capability { fowner chown fsetid sys_nice sys_resource net_admin sys_module}; - -# system(cmd) aee_dumpstate aee_archive -#allow aee_aed shell_exec:file rx_file_perms; - -# PROCESS_FILE_STATE -allow aee_aed dumpstate:unix_stream_socket { read write ioctl }; -allow aee_aed dumpstate:dir search; -allow aee_aed dumpstate:file r_file_perms; - -allow aee_aed logdr_socket:sock_file write; -allow aee_aed logd:unix_stream_socket connectto; -# allow aee_aed system_ndebug_socket:sock_file write; mask for never allow rule - -# vibrator -allow aee_aed sysfs_vibrator:file w_file_perms; - -# Data : 2017/03/22 -# Operation : add NE flow rule for Android O -# Purpose : make aee_aed can get specific process NE info -allow aee_aed domain:dir r_dir_perms; -allow aee_aed domain:{ file lnk_file } r_file_perms; -allow aee_aed { - domain - -logd - -keystore - -init -}:process ptrace; -allow aee_aed dalvikcache_data_file:dir r_dir_perms; -allow aee_aed zygote_exec:file r_file_perms; -allow aee_aed init_exec:file r_file_perms; - -# Data : 2017/04/06 -# Operation : add selinux rule for crash_dump notify aee_aed -# Purpose : make aee_aed can get notify from crash_dump -allow aee_aed crash_dump:dir search; -allow aee_aed crash_dump:file r_file_perms; diff --git a/prebuilts/api/26.0/plat_private/audiocmdservice_atci.te b/prebuilts/api/26.0/plat_private/audiocmdservice_atci.te deleted file mode 100755 index af40b45..0000000 --- a/prebuilts/api/26.0/plat_private/audiocmdservice_atci.te +++ /dev/null @@ -1,49 +0,0 @@ -#=============================================== -# Policy File of /system/bin/audiocmdservice_atci Executable File - -type audiocmdservice_atci_exec , exec_type, file_type; - -# New added for move to /system -typeattribute audiocmdservice_atci coredomain; -# ============================================== -# MTK Policy Rule -# ============================================== -# audiocmdservice_atci - audio-daemon service -init_daemon_domain(audiocmdservice_atci) - -# Perform Binder IPC for audio tuning tool and access to mediaserver -binder_use(audiocmdservice_atci) -binder_call(audiocmdservice_atci, mediaserver) -allow audiocmdservice_atci mediaserver:dir w_dir_perms; -allow audiocmdservice_atci mediaserver_service:service_manager find; - -# Since Android N, google separates mediaserver to audioserver and cameraserver -binder_call(audiocmdservice_atci, audioserver) -allow audiocmdservice_atci audioserver:dir w_dir_perms; -allow audiocmdservice_atci audioserver_service:service_manager find; - - -# Access to fuse file system -allow audiocmdservice_atci sdcard_type:file create_file_perms; -allow audiocmdservice_atci sdcard_type:dir w_dir_perms; - -# Access to internal storage -allow audiocmdservice_atci media_rw_data_file:dir create_dir_perms; -allow audiocmdservice_atci media_rw_data_file:file create_file_perms; - -hal_client_domain(audiocmdservice_atci, hal_audio) - -#To access the file at /dev/kmsg -allow audiocmdservice_atci kmsg_device:chr_file w_file_perms; - -userdebug_or_eng(` - allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin}; -') - -#audio-daemon needs to controlled from adb shell by AudioTuningTool -allow shell audiocmdservice_atci_exec:file rx_file_perms; -allow radio audiocmdservice_atci_exec:file getattr; - -#Android O porting -hwbinder_use(audiocmdservice_atci) -get_prop(audiocmdservice_atci, hwservicemanager_prop); diff --git a/prebuilts/api/26.0/plat_private/audioserver.te b/prebuilts/api/26.0/plat_private/audioserver.te deleted file mode 100755 index e57961b..0000000 --- a/prebuilts/api/26.0/plat_private/audioserver.te +++ /dev/null @@ -1,75 +0,0 @@ -# ============================================== -# MTK Policy Rule for plat_private -# ============================================== - -# Date : WK14.32 -# Operation : Migration -# Purpose : For audio dump and log -allow audioserver sdcard_type:dir { w_dir_perms create }; -allow audioserver sdcard_type:file create; -allow audioserver sdcard_type:dir remove_name; -allow audioserver sdcard_type:file unlink; - -# Date : WK14.34 -# Operation : Migration -# Purpose : Smartcard Service -allow audioserver system_data_file:file open; - -# Data : WK14.38 -# Operation : Migration -# Purpose : for boot animation. -allow audioserver bootanim:binder { transfer call }; - -# Data : WK14.38 -# Operation : Migration -# Purpose : dump for debug -allow audioserver sdcard_type:file append; - -# Data : WK14.46 -# Operation : Migration -# Purpose : for SMS app -allow audioserver radio_data_file:dir search; -allow audioserver radio_data_file:file open; - -# Data : WK14.47 -# Operation : Audio playback -# Purpose : Music as ringtone -allow audioserver radio:dir { search read }; -allow audioserver radio:file r_file_perms; - -# Data : WK14.47 -# Operation : CTS -# Purpose : cts search strange app -allow audioserver untrusted_app:dir search; - -# Date : WK15.34 -# Operation : Migration -# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -allow audioserver system_data_file:dir write; -allow audioserver storage_file:lnk_file {read write}; -allow audioserver mnt_user_file:dir {write read search}; -allow audioserver mnt_user_file:lnk_file {read write}; - -# Purpose: Dump debug info -allow audioserver kmsg_device:chr_file { open write }; -allow audioserver property_socket:sock_file write; -allow audioserver media_rw_data_file:dir { create_dir_perms }; -allow audioserver init:unix_stream_socket connectto; - -# Date : WK16.27 -# Operation : Migration -# Purpose: tunning tool update parameters -allow audioserver media_rw_data_file:file { create_file_perms }; - -# Date : WK16.28 -# Operation : Migration -# Purpose: Write audio dump files to external SDCard. -allow audioserver sdcard_type:file { create_file_perms }; -allow audioserver storage_file:dir { r_dir_perms }; - -# Date : W18.01 -# Add for turn on SElinux in enforcing mode -allow audioserver self:netlink_kobject_uevent_socket { read create }; - -# Audio Tuning Tool Android O porting -allow audioserver audiocmdservice_atci:binder call; diff --git a/prebuilts/api/26.0/plat_private/boot_logo_updater.te b/prebuilts/api/26.0/plat_private/boot_logo_updater.te deleted file mode 100755 index a55a3ca..0000000 --- a/prebuilts/api/26.0/plat_private/boot_logo_updater.te +++ /dev/null @@ -1,36 +0,0 @@ -# ============================================== -# Policy File of /system/binboot_logo_updater Executable File - -# New added for move to /system -typeattribute boot_logo_updater coredomain; -type boot_logo_updater_exec , exec_type, file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(boot_logo_updater) - -# Date : WK14.32 -# Operation : Migration -# Puration : set boot reason -allow boot_logo_updater system_prop:property_service set; - -allow boot_logo_updater graphics_device:chr_file rw_file_perms; - -# For IPC communication -allow boot_logo_updater init:unix_stream_socket connectto; -allow boot_logo_updater property_socket:sock_file write; -# To access directory /dev/block/mmcblk0 or /dev/block/sdc -allow boot_logo_updater block_device:dir search; -allow boot_logo_updater graphics_device:dir search; -# to access file at /dev/block/mtd -allow boot_logo_updater mtd_device:chr_file r_file_perms; -allow boot_logo_updater mtd_device:dir search; -#To access the file at /dev/kmsg -allow boot_logo_updater device:dir write; -allow boot_logo_updater kmsg_device:chr_file w_file_perms; -#To the access /fstab mount point -allow boot_logo_updater rootfs:file r_file_perms; -#To access linux filesystem -allow boot_logo_updater sysfs:dir read; diff --git a/prebuilts/api/26.0/plat_private/bootanim.te b/prebuilts/api/26.0/plat_private/bootanim.te deleted file mode 100755 index a7c07a1..0000000 --- a/prebuilts/api/26.0/plat_private/bootanim.te +++ /dev/null @@ -1,36 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date : WK14.32 -# Operation : Migration -# Purpose : for playing boot tone -allow bootanim mediaserver:binder {call transfer}; -allow bootanim mediaserver_service:service_manager find; - -# Purpose : for playing bootanimation audio -allow bootanim audioserver:binder {call transfer}; -allow bootanim audioserver_service:service_manager find; - -# Date : WK14.37 -# Operation : Migration -# Purpose : for opetator -allow bootanim property_socket:sock_file write; -allow bootanim init:unix_stream_socket connectto; -allow bootanim debug_prop:property_service set; - -# Date : WK14.46 -# Operation : Migration -# /data/resource-cache -allow bootanim resourcecache_data_file:dir search; - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow bootanim surfaceflinger:fifo_file rw_file_perms; - -# Date : W16.42 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required - -allow bootanim gpu_device:dir search; diff --git a/prebuilts/api/26.0/plat_private/cameraserver.te b/prebuilts/api/26.0/plat_private/cameraserver.te deleted file mode 100755 index 3cb964b..0000000 --- a/prebuilts/api/26.0/plat_private/cameraserver.te +++ /dev/null @@ -1,2 +0,0 @@ -allow cameraserver hal_allocator_default:fd use; - diff --git a/prebuilts/api/26.0/plat_private/cmddumper.te b/prebuilts/api/26.0/plat_private/cmddumper.te deleted file mode 100755 index 405bebe..0000000 --- a/prebuilts/api/26.0/plat_private/cmddumper.te +++ /dev/null @@ -1,36 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# New added for move to /system -type cmddumper_exec, exec_type, file_type; -typeattribute cmddumper coredomain; - -init_daemon_domain(cmddumper) - -# cmddumper access on /data/mdlog -allow cmddumper system_data_file:dir { create_dir_perms relabelfrom relabelto}; - -# "mdl_serv_fifo" scontext=u:r:cmddumper:s0 tcontext=u:object_r:system_data_file -allow cmddumper system_data_file:fifo_file create_file_perms; - - -# for modem logging sdcard access -allow cmddumper sdcard_type:dir create_dir_perms; -allow cmddumper sdcard_type:file create_file_perms; - -# modem logger socket access -allow cmddumper init:unix_stream_socket connectto; -allow cmddumper property_socket:sock_file { write read }; -allow cmddumper platform_app:unix_stream_socket connectto; -allow cmddumper shell_exec:file { rx_file_perms }; -allow cmddumper system_file:file x_file_perms; - - -# purpose: allow cmddumper to access storage in N version -allow cmddumper media_rw_data_file:file { create_file_perms }; -allow cmddumper media_rw_data_file:dir { create_dir_perms }; - -# purpose: access plat_file_contexts -allow cmddumper file_contexts_file:file { read getattr open }; - diff --git a/prebuilts/api/26.0/plat_private/crash_dump.te b/prebuilts/api/26.0/plat_private/crash_dump.te deleted file mode 100755 index 238ac06..0000000 --- a/prebuilts/api/26.0/plat_private/crash_dump.te +++ /dev/null @@ -1 +0,0 @@ -#allow crash_dump aee_aed:unix_stream_socket connectto;
\ No newline at end of file diff --git a/prebuilts/api/26.0/plat_private/dhcp.te b/prebuilts/api/26.0/plat_private/dhcp.te deleted file mode 100755 index 4d50933..0000000 --- a/prebuilts/api/26.0/plat_private/dhcp.te +++ /dev/null @@ -1,26 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date :WK14.34 -# Operation : Migration -# Purpose: for connecting Wifi -allow dhcp devpts:chr_file rw_file_perms; - - -# Date :WK14.41 -# Operation : ALPS01757300 -# Purpose: connect AP, using for wifi connect -allow dhcp kernel:system module_request; - - -# Date :WK14.44 -# Operation : ALPS01798575 -# Purpose: Search on Internet using browser, the 3th App use dhcp -#============= netd ============== -allow dhcp platform_app:fd use; - -allow dhcp init:fifo_file rw_file_perms; -allow dhcp init:unix_stream_socket { read write }; - -allow dhcp untrusted_app:fd use; diff --git a/prebuilts/api/26.0/plat_private/drmserver.te b/prebuilts/api/26.0/plat_private/drmserver.te deleted file mode 100755 index 425240f..0000000 --- a/prebuilts/api/26.0/plat_private/drmserver.te +++ /dev/null @@ -1,6 +0,0 @@ -# ====================== -# MTK Policy Rule -# ====================== - -# =======drmserver====== -allow drmserver access_sys_file:file { read open }; diff --git a/prebuilts/api/26.0/plat_private/dumpstate.te b/prebuilts/api/26.0/plat_private/dumpstate.te deleted file mode 100755 index 8010f66..0000000 --- a/prebuilts/api/26.0/plat_private/dumpstate.te +++ /dev/null @@ -1,43 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Purpose: access for SYS_MEMORY_INFO -allow dumpstate fuse:dir { w_dir_perms }; -allow dumpstate fuse:file { write create open setattr append }; - -# Purpose: mnt/user/* -allow dumpstate mnt_user_file:dir search; -allow dumpstate mnt_user_file:lnk_file read; - -# Purpose: /storage/* -allow dumpstate storage_file:lnk_file read; - -# Purpose: timer_intval. this is neverallow -#allow dumpstate app_data_file:dir search; -allow dumpstate kmsg_device:chr_file r_file_perms; - -# Purpose: -# 01-01 18:00:35.600 7723 7723 I ps : type=1400 audit(0.0:63712): avc: -# denied { ioctl } for path="/storage/emulated/0/mtklog/aee_exp/temp/db.PQtNt4/ -# SYS_ALL_THREADS" dev="fuse" ino=209 ioctlcmd=5401 scontext=u:r:dumpstate:s0 -# tcontext=u:object_r:fuse:s0 tclass=file permissive=1 -allow dumpstate fuse:file ioctl; - -# Purpose: -# 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497): -# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev= -# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r: -# tracing_shell_writable:s0 tclass=file permissive=1 -allow dumpstate debugfs_tracing:file { write read open }; -allow dumpstate tracing_shell_writable:file { write read open }; - -# Data : WK17.03 -# Purpose: Allow to access gpu -allow dumpstate gpu_device:dir search; - -# Date: 2017/07/11 -# Purpose: 01-01 08:30:57.474 286 286 E SELinux : avc: denied { find } for interface= -# android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext= -# u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager -#allow dumpstate hal_camera_hwservice:hwservice_manager find; diff --git a/prebuilts/api/26.0/plat_private/em_svr.te b/prebuilts/api/26.0/plat_private/em_svr.te deleted file mode 100755 index a061bfa..0000000 --- a/prebuilts/api/26.0/plat_private/em_svr.te +++ /dev/null @@ -1,63 +0,0 @@ -# ============================================== -# Policy File of /system/bin/em_svr Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type em_svr_exec , exec_type, file_type; -typeattribute em_svr coredomain; - -# ============================================== -# Android Policy Rule -# ============================================== - -# ============================================== -# NSA Policy Rule -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(em_svr) - -# Date: WK1812 -# Purpose: add for MD log filter -allow em_svr block_device:dir search; -allow em_svr sdcardfs:dir { search write add_name }; -allow em_svr sdcardfs:file { write create open }; - -allow em_svr media_rw_data_file:dir { read write search open add_name }; -allow em_svr media_rw_data_file:file { write create open }; - - - -# Date: WK1812 -# Purpose: add for controlling screen on/off -allow em_svr graphics_device:dir search; -allow em_svr graphics_device:chr_file { open read write ioctl }; -allow em_svr surfaceflinger_service:service_manager find; -binder_use(em_svr) -binder_call(em_svr, surfaceflinger) - -# Date: WK1812 -# Purpose: add for controlling backlight -allow em_svr sysfs_leds:dir search; - -# Date: WK1812 -# Purpose: add for sensor calibration -allow em_svr self:capability { chown fsetid }; - -# Date: WK1812 -# Purpose: add for shell cmd -allow em_svr shell_exec:file { getattr execute read open execute_no_trans }; - -# Date: WK1812 -# Purpose: add for power battery charge/PMU -allow em_svr toolbox_exec:file { getattr execute read open execute_no_trans }; - -# Date: WK1812 -# Purpose: sys file access -allow em_svr sysfs:dir { open read }; diff --git a/prebuilts/api/26.0/plat_private/emdlogger.te b/prebuilts/api/26.0/plat_private/emdlogger.te deleted file mode 100755 index c73c775..0000000 --- a/prebuilts/api/26.0/plat_private/emdlogger.te +++ /dev/null @@ -1,62 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# New added for move to /system -type emdlogger_exec , exec_type, file_type; -typeattribute emdlogger coredomain; - -init_daemon_domain(emdlogger) -binder_use(emdlogger) -binder_service(emdlogger) - - -# for modem logging sdcard access -allow emdlogger sdcard_type:dir { create_dir_perms }; -allow emdlogger sdcard_type:file { create_file_perms }; - - -# modem logger socket access -allow emdlogger property_socket:sock_file write; -allow emdlogger init:unix_stream_socket connectto; -allow emdlogger platform_app:unix_stream_socket connectto; -allow emdlogger shell_exec:file { rx_file_perms }; -allow emdlogger system_file:file execute_no_trans; -allow emdlogger zygote_exec:file { rx_file_perms }; - -#modem logger SD logging in factory mode -allow emdlogger vfat:dir create_dir_perms; -allow emdlogger vfat:file create_file_perms; - -#modem logger permission in storage in android M version -allow emdlogger log_device:chr_file { write open }; -allow emdlogger mnt_user_file:dir search; -allow emdlogger mnt_user_file:lnk_file read; -allow emdlogger storage_file:lnk_file read; - -#permission for storage link access in vzw Project -allow emdlogger mnt_media_rw_file:dir search; - - -#permission for use SELinux API -#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs" -allow emdlogger rootfs:file r_file_perms; - -#permission for storage access storage -allow emdlogger storage_file:dir { create_dir_perms }; -allow emdlogger tmpfs:lnk_file read; -allow emdlogger storage_file:file { create_file_perms }; - -# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 -# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 -allow emdlogger system_file:dir read; - -# permission for android N policy -allow emdlogger toolbox_exec:file rx_file_perms; - -# purpose: allow emdlogger to access storage in N version -allow emdlogger media_rw_data_file:file { create_file_perms }; -allow emdlogger media_rw_data_file:dir { create_dir_perms }; - -## purpose: avc: denied { read } for name="plat_file_contexts" -allow emdlogger file_contexts_file:file { read getattr open }; diff --git a/prebuilts/api/26.0/plat_private/file.te b/prebuilts/api/26.0/plat_private/file.te deleted file mode 100755 index 6a91007..0000000 --- a/prebuilts/api/26.0/plat_private/file.te +++ /dev/null @@ -1,9 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# For drmserver -type access_sys_file, fs_type, sysfs_type; - -# For boot type -type sysfs_boot_type, fs_type, sysfs_type;
\ No newline at end of file diff --git a/prebuilts/api/26.0/plat_private/file_contexts b/prebuilts/api/26.0/plat_private/file_contexts deleted file mode 100755 index 8145163..0000000 --- a/prebuilts/api/26.0/plat_private/file_contexts +++ /dev/null @@ -1,41 +0,0 @@ -############################# -# Data files -# - -############################# -# debugfs files -# - -############################# -# System files -# -/system/bin/mdlogger u:object_r:mdlogger_exec:s0 -/system/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0 -/system/bin/cmddumper u:object_r:cmddumper_exec:s0 -/system/bin/netdiag u:object_r:netdiag_exec:s0 -/system/bin/mobile_log_d u:object_r:mobile_log_d_exec:s0 -/system/bin/em_svr u:object_r:em_svr_exec:s0 -/system/bin/aee_aed u:object_r:aee_aed_exec:s0 -/system/bin/aee_aed64 u:object_r:aee_aed_exec:s0 -/system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0 -/system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0 -/system/bin/boot_logo_updater u:object_r:boot_logo_updater_exec:s0 -/system/bin/meta_tst u:object_r:meta_tst_exec:s0 -/system/bin/pre_meta u:object_r:pre_meta_exec:s0 -/system/bin/factory u:object_r:factory_exec:s0 - -# google suggest that move aee_aedv_exec to platform @google_issue_id:64130120 -/(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0 -/(system\/vendor|vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0 - -# storagemanager daemon -# it is used to mount all storages in meta/factory mode -/system/bin/storagemanagerd u:object_r:storagemanagerd_exec:s0 - -# For drmserver -/sys/block/mmcblk0rpmb/size u:object_r:access_sys_file:s0 - -# For boot type -/sys/devices/virtual/BOOT/BOOT/boot/boot_type(/.*)? u:object_r:sysfs_boot_type:s0 - -/dev/socket/netd u:object_r:netd_socket:s0 diff --git a/prebuilts/api/26.0/plat_private/fuelgauged_static.te b/prebuilts/api/26.0/plat_private/fuelgauged_static.te deleted file mode 100755 index 19e1f2a..0000000 --- a/prebuilts/api/26.0/plat_private/fuelgauged_static.te +++ /dev/null @@ -1,43 +0,0 @@ -# ============================================== -# Policy File of /system/bin/fuelgauged_static Executable File - -# ============================================== -# Type Declaration -# ============================================== -type fuelgauged_static_exec , exec_type, file_type; -type fuelgauged_static_file, file_type, data_file_type, core_data_file_type; -typeattribute fuelgauged_static coredomain; -# ============================================== -# Android Policy Rule -# ============================================== - -# ============================================== -# NSA Policy Rule -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(fuelgauged_static) - -# Data : WK14.43 -# Operation : Migration -# Purpose : Fuel Gauge daemon for access driver node -allow fuelgauged_static input_device:dir rw_dir_perms; -allow fuelgauged_static input_device:file r_file_perms; - -# Data : WK16.21 -# Operation : New Feature -# Purpose : For fg daemon can access /data/FG folder -file_type_auto_trans(fuelgauged_static, system_data_file, fuelgauged_static_file); -allow fuelgauged_static fuelgauged_static_file:file rw_file_perms; -allow fuelgauged_static system_data_file:dir rw_dir_perms; - -# Data : WK16.25 -# Operation : Migration -# Purpose : For fg daemon can work in recovery mode -allow fuelgauged_static rootfs:file entrypoint; - -# Data : WK16.39 -allow fuelgauged_static self:capability { chown fsetid }; diff --git a/prebuilts/api/26.0/plat_private/hal_graphics_allocator.te b/prebuilts/api/26.0/plat_private/hal_graphics_allocator.te deleted file mode 100755 index e713f4f..0000000 --- a/prebuilts/api/26.0/plat_private/hal_graphics_allocator.te +++ /dev/null @@ -1,5 +0,0 @@ -# Date : WK17.13 -# Operation : Add sepolicy -# Purpose : Add policy for gralloc HIDL - -allow hal_graphics_allocator proc:file { read getattr open ioctl };
\ No newline at end of file diff --git a/prebuilts/api/26.0/plat_private/mdlogger.te b/prebuilts/api/26.0/plat_private/mdlogger.te deleted file mode 100755 index 2e9464e..0000000 --- a/prebuilts/api/26.0/plat_private/mdlogger.te +++ /dev/null @@ -1,50 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# New added for move to /system -type mdlogger_exec , exec_type, file_type; -typeattribute mdlogger coredomain; - -init_daemon_domain(mdlogger) - -binder_use(mdlogger) - -binder_service(mdlogger) - -# modem logger socket access -allow mdlogger init:unix_stream_socket connectto; -allow mdlogger property_socket:sock_file write; -allow mdlogger platform_app:unix_stream_socket connectto; -allow mdlogger shell_exec:file { rx_file_perms }; -allow mdlogger system_file:file x_file_perms; -allow mdlogger zygote_exec:file { r_file_perms }; -allow mdlogger node:tcp_socket node_bind; -allow mdlogger port:tcp_socket name_bind; -allow mdlogger self:tcp_socket { create_stream_socket_perms }; - -#modem logger SD logging in factory mode -allow mdlogger vfat:dir create_dir_perms; -allow mdlogger vfat:file create_file_perms; - -#mdlogger for read /sdcard -allow mdlogger log_device:chr_file w_file_perms; -allow mdlogger tmpfs:lnk_file read; -allow mdlogger storage_file:lnk_file rw_file_perms; -allow mdlogger mnt_user_file:dir search; -allow mdlogger mnt_user_file:lnk_file rw_file_perms; -allow mdlogger sdcard_type:file create_file_perms; -allow mdlogger sdcard_type:dir { create_dir_perms }; - -# purpose: allow mdlogger to access storage in new version -allow mdlogger media_rw_data_file:file { create_file_perms }; -allow mdlogger media_rw_data_file:dir { create_dir_perms }; -allow mdlogger storage_file:dir { create_dir_perms }; -allow mdlogger storage_file:file { create_file_perms }; - -## purpose: avc: denied { read } for name="plat_file_contexts" -allow mdlogger file_contexts_file:file { read getattr open }; - -# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 -# scontext=u:r:mdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 -allow mdlogger system_file:dir read; diff --git a/prebuilts/api/26.0/plat_private/meta_tst.te b/prebuilts/api/26.0/plat_private/meta_tst.te deleted file mode 100755 index 6753ea4..0000000 --- a/prebuilts/api/26.0/plat_private/meta_tst.te +++ /dev/null @@ -1,45 +0,0 @@ -# ============================================== -# Policy File of /system/bin/meta_tst Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type meta_tst_exec , exec_type, file_type; -typeattribute meta_tst coredomain; - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(meta_tst) - -# Date : WK16.12 -# Operation : Migration -# Purpose : for meta mode driver module operation -#============= meta_tst ========================= - -allow meta_tst port:tcp_socket { name_connect name_bind }; -allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner sys_admin }; -allow meta_tst self:tcp_socket { create connect setopt bind }; -allow meta_tst self:tcp_socket { bind setopt listen accept read write }; -allow meta_tst self:udp_socket { create ioctl }; -allow meta_tst self:capability { sys_boot ipc_lock }; -allow meta_tst sysfs_wake_lock:file rw_file_perms; -allow meta_tst property_socket:sock_file w_file_perms; -allow meta_tst init:unix_stream_socket connectto; -allow meta_tst vold:unix_stream_socket connectto; -allow meta_tst node:tcp_socket node_bind; -allow meta_tst labeledfs:filesystem unmount; -allow meta_tst shell_exec:file execute; -set_prop(meta_tst, powerctl_prop); - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode file system -allow meta_tst system_data_file:sock_file create_file_perms; -allow meta_tst system_file:file x_file_perms; -allow meta_tst system_data_file:dir w_dir_perms; -allow meta_tst block_device:dir search; -allow meta_tst rootfs:file entrypoint; diff --git a/prebuilts/api/26.0/plat_private/mobile_log_d.te b/prebuilts/api/26.0/plat_private/mobile_log_d.te deleted file mode 100755 index aca585f..0000000 --- a/prebuilts/api/26.0/plat_private/mobile_log_d.te +++ /dev/null @@ -1,70 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# New added for moving to /system -type mobile_log_d_exec , exec_type, file_type; -typeattribute mobile_log_d coredomain; - -init_daemon_domain(mobile_log_d) - -#syslog module -allow mobile_log_d kernel:system syslog_mod; - -#GMO project -dontaudit mobile_log_d untrusted_app:fd use; -dontaudit mobile_log_d isolated_app:fd use; - -#debug property set -set_prop(mobile_log_d, debug_prop) - -#socket connect and write -unix_socket_connect(mobile_log_d, logdr, logd); - -#capability -allow mobile_log_d self:capability { setuid setgid chown fowner fsetid }; -allow mobile_log_d self:capability { setuid chown setgid }; -allow mobile_log_d self:capability2 syslog; - -#aee mode switch -allow mobile_log_d system_file:file execute_no_trans; - -#shell command -allow mobile_log_d shell_exec:file rx_file_perms; - -#general storage access -allow mobile_log_d storage_file:dir create_dir_perms; -allow mobile_log_d storage_file:file create_file_perms; -allow mobile_log_d storage_file:lnk_file create_file_perms; -allow mobile_log_d mnt_user_file:dir create_dir_perms; -allow mobile_log_d mnt_user_file:lnk_file create_file_perms; -allow mobile_log_d sdcard_type:dir create_dir_perms; -allow mobile_log_d sdcard_type:file create_file_perms; - -#factory mode vfat access -allow mobile_log_d vfat:dir create_dir_perms; -allow mobile_log_d vfat:file create_file_perms; - -#chiptest mode storage access -allow mobile_log_d mnt_media_rw_file:dir create_dir_perms; -allow mobile_log_d mnt_media_rw_file:lnk_file create_file_perms; - -#system/bin/toybox for using 'sh' command -allow mobile_log_d toolbox_exec:file rx_file_perms; - -#selinux_version access -allow mobile_log_d rootfs:file r_file_perms; - -#dev/__properties__ access -allow mobile_log_d device_logging_prop:file { getattr open }; -allow mobile_log_d mmc_prop:file { getattr open }; -allow mobile_log_d safemode_prop:file { getattr open }; - -# purpose: allow MobileLog to access storage in N version -allow mobile_log_d media_rw_data_file:file create_file_perms; -allow mobile_log_d media_rw_data_file:dir create_dir_perms; - -# access debugfs/tracing/instances/ -allow mobile_log_d debugfs_tracing:dir create_dir_perms; -allow mobile_log_d debugfs_tracing_instances:dir create_dir_perms; -allow mobile_log_d debugfs_tracing_instances:file create_file_perms; diff --git a/prebuilts/api/26.0/plat_private/netd.te b/prebuilts/api/26.0/plat_private/netd.te deleted file mode 100755 index 5db451c..0000000 --- a/prebuilts/api/26.0/plat_private/netd.te +++ /dev/null @@ -1,37 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK14.34 -# Operation : Migration -# Purpose : NA -# Owner: Changqing Sun -allow netd kernel:system module_request; -allow netd self:capability sys_module; -allow netd self:capability fsetid; - -# Date : WK14.34 -# Operation : Migration -# Purpose : APP -allow netd platform_app:fd use; - -# Date : WK14.37 -# Operation : Migration -# Purpose : PPPOE Test -# Owner : lina wang -allow netd ppp:process sigkill; - -# Date : WK14.44 -# Operation : Migration -# Purpose : ALPS01789552 -#============= netd ============== -allow netd self:capability { setuid setgid }; - -#============= netd ============== -allow netd untrusted_app:fd use; - -# Date : W15.02 -# Operation : SQC -# Purpose : CTS for wifi -allow netd untrusted_app:unix_stream_socket { read write getopt setopt}; -allow netd isolated_app:fd use; diff --git a/prebuilts/api/26.0/plat_private/netdiag.te b/prebuilts/api/26.0/plat_private/netdiag.te deleted file mode 100755 index 75b630f..0000000 --- a/prebuilts/api/26.0/plat_private/netdiag.te +++ /dev/null @@ -1,87 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# New added for move to /system -type netdiag_exec , exec_type, file_type; -typeattribute netdiag coredomain; - -init_daemon_domain(netdiag) - -# Purpose : for access storage file -allow netdiag sdcard_type:dir create_dir_perms; -allow netdiag sdcard_type:file create_file_perms; -allow netdiag domain:dir search; -allow netdiag domain:file { read open }; -allow netdiag net_data_file:file r_file_perms; -allow netdiag net_data_file:dir search; -allow netdiag storage_file:dir search; -allow netdiag storage_file:lnk_file read; -allow netdiag mnt_user_file:dir search; -allow netdiag mnt_user_file:lnk_file read; -allow netdiag platform_app:dir search; -allow netdiag untrusted_app:dir search; -allow netdiag mnt_media_rw_file:dir search; -allow netdiag vfat:dir create_dir_perms; -allow netdiag vfat:file create_file_perms; -allow netdiag tmpfs:lnk_file read; -allow netdiag system_file:file rx_file_perms; - -# Purpose : for shell, set uid and gid -allow netdiag self:capability { net_admin setuid net_raw setgid}; -allow netdiag shell_exec:file rx_file_perms; - -#/proc/3523/net/xt_qtaguid/ctrl & /proc -allow netdiag qtaguid_proc:file r_file_perms; - -#access /proc/318/net/psched -allow netdiag proc_net:file r_file_perms; - -# Purpose : for ping -allow netdiag dnsproxyd_socket:sock_file write; -allow netdiag fwmarkd_socket:sock_file write; -allow netdiag netd:unix_stream_socket connectto; -allow netdiag self:udp_socket connect; - - -# Purpose : for service permission -typeattribute netdiag mlstrustedsubject; -allow netdiag connectivity_service:service_manager find; -allow netdiag netstats_service:service_manager find; -allow netdiag system_server:binder call; -allow system_server netdiag:fd use; -allow netdiag servicemanager:binder call; -binder_use(netdiag) - -# Purpose : for dumpsys permission -allow netdiag connmetrics_service:service_manager find; -allow netdiag netpolicy_service:service_manager find; -allow netdiag network_management_service:service_manager find; -allow netdiag settings_service:service_manager find; - -# Purpose : for acess /system/bin/toybox, mmc_prop,proc_net and safemode_prop -allow netdiag device_logging_prop:file { getattr open }; -allow netdiag mmc_prop:file { getattr open }; -allow netdiag proc_net:dir { read open }; -allow netdiag safemode_prop:file { getattr open }; -allow netdiag toolbox_exec:file rx_file_perms; - -# purpose: allow netdiag to access storage in new version -allow netdiag media_rw_data_file:file { create_file_perms }; -allow netdiag media_rw_data_file:dir { create_dir_perms }; - -# Purpose : for ip spec output -allow netdiag self:netlink_xfrm_socket { write getattr setopt read bind create nlmsg_read }; - -# Purpose: for socket error of tcpdump -allow netdiag self:packet_socket { read getopt create setopt }; -allowxperm netdiag self:packet_socket ioctl {SIOCGIFINDEX SIOCGSTAMP}; -allow netdiag self:packet_socket { write ioctl }; - -# Purpose: for ip -allow netdiag self:netlink_route_socket { write getattr setopt read bind create nlmsg_read }; - -# Purpose: for iptables -allow netdiag kernel:system module_request; -allow netdiag self:rawip_socket { getopt create }; -allow netdiag self:udp_socket { ioctl create }; diff --git a/prebuilts/api/26.0/plat_private/platform_app.te b/prebuilts/api/26.0/plat_private/platform_app.te deleted file mode 100755 index 0af2f60..0000000 --- a/prebuilts/api/26.0/plat_private/platform_app.te +++ /dev/null @@ -1,13 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# SEPolicy Split - -allow platform_app system_app_service:service_manager find; -allow platform_app init:unix_stream_socket connectto; - -# Date : WK17.29 -# Stage: O Migration, SQC -# Purpose: Allow to use selinux for hal_power -hal_client_domain(platform_app, hal_power) diff --git a/prebuilts/api/26.0/plat_private/ppp.te b/prebuilts/api/26.0/plat_private/ppp.te deleted file mode 100755 index 99248c7..0000000 --- a/prebuilts/api/26.0/plat_private/ppp.te +++ /dev/null @@ -1,39 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - - - -# Date : WK14.34 -# Operation : Migration -# Purpose: for VPN - -allow ppp init:unix_stream_socket connectto; -allow ppp property_socket:sock_file write; - -# Date : WK14.37 -# Operation : Migration -# Purpose: for PPPOE Test - -allow ppp devpts:chr_file { read write ioctl open setattr }; -allow ppp shell_exec:file { read execute open execute_no_trans }; - - -# Date : WK14.37 -# Operation : Migration -# Purpose: for PPPOE Test: Property permission - -allow ppp net_radio_prop:property_service set; -allow ppp system_prop:property_service set; - - -# Date : WK14.38 -# Operation : Migration -# Purpose: for PPPOE Test - -allow ppp ppp_exec:file execute_no_trans; - -# Date : WK14.53 -# Operation : check in -# Purpose: for warning kernel API -allow ppp mtp:file read; diff --git a/prebuilts/api/26.0/plat_private/pre_meta.te b/prebuilts/api/26.0/plat_private/pre_meta.te deleted file mode 100755 index 7c694eb..0000000 --- a/prebuilts/api/26.0/plat_private/pre_meta.te +++ /dev/null @@ -1,20 +0,0 @@ -# ============================================== -# Type Declaration -# ============================================== - -type pre_meta_exec , exec_type, file_type; -typeattribute pre_meta coredomain; - - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(pre_meta) - -# Date : WK16.15 -# Operation : For reboot target to meta mode -# Purpose : for pre_meta daemon to access lk_env and reboot target -allow pre_meta block_device:dir search; -allow pre_meta property_socket:sock_file write; -allow pre_meta init:unix_stream_socket connectto;
\ No newline at end of file diff --git a/prebuilts/api/26.0/plat_private/recovery.te b/prebuilts/api/26.0/plat_private/recovery.te deleted file mode 100755 index 3d92389..0000000 --- a/prebuilts/api/26.0/plat_private/recovery.te +++ /dev/null @@ -1,7 +0,0 @@ -# Purpose : Nand device policy -allow recovery mtd_device:dir search; -allow recovery mtd_device:chr_file { read write open ioctl getattr }; -allow recovery self:capability sys_resource; - -# For boot type -allow recovery sysfs_boot_type:file { read open }; diff --git a/prebuilts/api/26.0/plat_private/storagemanagerd.te b/prebuilts/api/26.0/plat_private/storagemanagerd.te deleted file mode 100755 index 9c43b79..0000000 --- a/prebuilts/api/26.0/plat_private/storagemanagerd.te +++ /dev/null @@ -1,31 +0,0 @@ -# ============================================== -# Policy File of storagemanagerd Executable File - -# ============================================== -# Type Declaration -# ============================================== -type storagemanagerd, domain; -type storagemanagerd_exec, exec_type, file_type; -typeattribute storagemanagerd coredomain; - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(storagemanagerd) - -#unix_socket_connect(storagemanagerd, vold, vold) - -# storagemanagerd sends information back to dumpstate when "adb bugreport" is used -allow storagemanagerd dumpstate:fd use; -allow storagemanagerd dumpstate:unix_stream_socket { read write getattr }; - -# storagemanagerd information is written to shell owned bugreport files -allow storagemanagerd shell_data_file:file { write getattr }; - -# Why? -allow storagemanagerd dumpstate:unix_dgram_socket { read write }; - -# storagemanagerd can be invoked with logwrapper, so let it write to pty -allow storagemanagerd devpts:chr_file rw_file_perms; - diff --git a/prebuilts/api/26.0/plat_private/system_app.te b/prebuilts/api/26.0/plat_private/system_app.te deleted file mode 100755 index 757a464..0000000 --- a/prebuilts/api/26.0/plat_private/system_app.te +++ /dev/null @@ -1,17 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - - -# Date : 2016/07/12 -# Purpose : Issue submitter need creat folder on SD card -allow system_app vfat:dir create; - -# Date: 2017/07/01 -# Change to simple policy -allow system_app media_rw_data_file:dir {r_dir_perms w_dir_perms}; -allow system_app media_rw_data_file:file {r_file_perms w_file_perms}; - -#Dat: 2017/07/13 -#Purpose: allow system app to read/open system data file -allow system_app system_data_file:dir { read open };
\ No newline at end of file diff --git a/prebuilts/api/26.0/plat_private/system_server.te b/prebuilts/api/26.0/plat_private/system_server.te deleted file mode 100755 index 7a5ffc1..0000000 --- a/prebuilts/api/26.0/plat_private/system_server.te +++ /dev/null @@ -1,34 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== -# Perform Binder IPC. -allow system_server zygote:binder impersonate; -# Property service. -allow system_server ctl_bootanim_prop:property_service set; -# After connected to DHCPv6, enabled 6to4 IPv6 AP to get property. -allow system_server proc_net:file w_file_perms; -# Querying zygote socket. -allow system_server zygote:unix_stream_socket { getopt getattr }; -# Date : WK16.36 -# Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW -allow system_server log_tag_prop:property_service set; -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow system_server surfaceflinger:fifo_file rw_file_perms; - -# Date : W16.42 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required -allow system_server gpu_device:dir search; -# Date : W18.01 -# Add for turn on SElinux in enforcing mode -allow system_server vendor_framework_file:dir r_file_perms; - -# Fix bootup violation -allow system_server vendor_framework_file:file getattr; - -# Date: W18.32 -# Operation : allow writing to timerslack_ns -allow system_server appdomain:file w_file_perms; - diff --git a/prebuilts/api/26.0/plat_public/README b/prebuilts/api/26.0/plat_public/README deleted file mode 100755 index 24a972f..0000000 --- a/prebuilts/api/26.0/plat_public/README +++ /dev/null @@ -1,3 +0,0 @@ -This directory contains the MTK SELinux policy configuration for platform public. - -It define the domains and types for MTK services running in /system all devices.
\ No newline at end of file diff --git a/prebuilts/api/26.0/plat_public/aee_aed.te b/prebuilts/api/26.0/plat_public/aee_aed.te deleted file mode 100755 index f95f4b8..0000000 --- a/prebuilts/api/26.0/plat_public/aee_aed.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# Policy File of /system/bin/aee_aed Executable File - -# ============================================== -# Type Declaration -# ============================================== -type aee_aed, domain; diff --git a/prebuilts/api/26.0/plat_public/audiocmdservice_atci.te b/prebuilts/api/26.0/plat_public/audiocmdservice_atci.te deleted file mode 100755 index 323134f..0000000 --- a/prebuilts/api/26.0/plat_public/audiocmdservice_atci.te +++ /dev/null @@ -1,8 +0,0 @@ -# ============================================== -# Policy File of /system/bin/audiocmdservice_atci Executable File - -# ============================================== -# Type Declaration -# ============================================== - -type audiocmdservice_atci ,domain; diff --git a/prebuilts/api/26.0/plat_public/boot_logo_updater.te b/prebuilts/api/26.0/plat_public/boot_logo_updater.te deleted file mode 100755 index 9ed27ca..0000000 --- a/prebuilts/api/26.0/plat_public/boot_logo_updater.te +++ /dev/null @@ -1,9 +0,0 @@ -# ============================================== -# Policy File of /system/binboot_logo_updater Executable File - -# ============================================== -# Type Declaration -# ============================================== - -# New added for move to /system -type boot_logo_updater ,domain; diff --git a/prebuilts/api/26.0/plat_public/cmddumper.te b/prebuilts/api/26.0/plat_public/cmddumper.te deleted file mode 100755 index 332858a..0000000 --- a/prebuilts/api/26.0/plat_public/cmddumper.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# Policy File of /system/bin/cmddumper Executable File - -# ============================================== -# Type Declaration -# ============================================== -type cmddumper, domain; diff --git a/prebuilts/api/26.0/plat_public/em_svr.te b/prebuilts/api/26.0/plat_public/em_svr.te deleted file mode 100755 index c626a14..0000000 --- a/prebuilts/api/26.0/plat_public/em_svr.te +++ /dev/null @@ -1,11 +0,0 @@ -# ============================================== -# Policy File of /system/bin/em_svr Executable File - - -# ============================================== -# Type Declaration -# ============================================== -type em_svr ,domain; - - - diff --git a/prebuilts/api/26.0/plat_public/emdlogger.te b/prebuilts/api/26.0/plat_public/emdlogger.te deleted file mode 100755 index f116ac0..0000000 --- a/prebuilts/api/26.0/plat_public/emdlogger.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# Policy File of /system/bin/emdlogger[x] Executable File - -# ============================================== -# Type Declaration -# ============================================== -type emdlogger, domain; diff --git a/prebuilts/api/26.0/plat_public/fuelgauged_static.te b/prebuilts/api/26.0/plat_public/fuelgauged_static.te deleted file mode 100755 index 3e65ecd..0000000 --- a/prebuilts/api/26.0/plat_public/fuelgauged_static.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# Policy File of /system/bin/fuelgauged_static Executable File - -# ============================================== -# Type Declaration -# ============================================== -type fuelgauged_static ,domain; diff --git a/prebuilts/api/26.0/plat_public/mdlogger.te b/prebuilts/api/26.0/plat_public/mdlogger.te deleted file mode 100755 index e4ca402..0000000 --- a/prebuilts/api/26.0/plat_public/mdlogger.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# Policy File of /system/bin/mdlogger Executable File - -# ============================================== -# Type Declaration -# ============================================== -type mdlogger ,domain; diff --git a/prebuilts/api/26.0/plat_public/meta_tst.te b/prebuilts/api/26.0/plat_public/meta_tst.te deleted file mode 100755 index b5b9a43..0000000 --- a/prebuilts/api/26.0/plat_public/meta_tst.te +++ /dev/null @@ -1,11 +0,0 @@ -# ============================================== -# Policy File of /system/bin/meta_tst Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type meta_tst ,domain; - - diff --git a/prebuilts/api/26.0/plat_public/mobile_log_d.te b/prebuilts/api/26.0/plat_public/mobile_log_d.te deleted file mode 100755 index 2eccc21..0000000 --- a/prebuilts/api/26.0/plat_public/mobile_log_d.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# Policy File of /system/bin/mobile_log_d Executable File - -# ============================================== -# Type Declaration -# ============================================== -type mobile_log_d ,domain; diff --git a/prebuilts/api/26.0/plat_public/netdiag.te b/prebuilts/api/26.0/plat_public/netdiag.te deleted file mode 100755 index 19a04b5..0000000 --- a/prebuilts/api/26.0/plat_public/netdiag.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# Policy File of /system/bin/netdiag Executable File - -# ============================================== -# Type Declaration -# ============================================== -type netdiag ,domain; diff --git a/prebuilts/api/26.0/plat_public/pre_meta.te b/prebuilts/api/26.0/plat_public/pre_meta.te deleted file mode 100755 index f179869..0000000 --- a/prebuilts/api/26.0/plat_public/pre_meta.te +++ /dev/null @@ -1,5 +0,0 @@ -# ============================================== -# Policy File of /system/bin/pre_meta Executable File - -type pre_meta ,domain; - diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil deleted file mode 100755 index 3085b92..0000000 --- a/private/compat/26.0/26.0.cil +++ /dev/null @@ -1,735 +0,0 @@ -;; private attributes removed from public types -(typeattributeset domain_deprecated (bluetooth_26_0)) - -;; attributes removed from current policy -(typeattribute hal_wifi_keystore) -(typeattribute hal_wifi_keystore_client) -(typeattribute hal_wifi_keystore_server) - -;; types removed from current policy -(type asan_reboot_prop) -(type log_device) -(type mediacasserver_service) -(type tracing_shell_writable) -(type tracing_shell_writable_debug) -(type netd_socket) - -(typeattributeset tracing_shell_writable_debug_26_0 (debugfs_tracing_debug tracing_shell_writable_debug)) -(typeattributeset priv_app_26_0 (mediaprovider priv_app)) -(typeattributeset service_contexts_file_26_0 (service_contexts_file nonplat_service_contexts_file)) -(typeattributeset proc_26_0 (proc proc_uid_time_in_state)) -(typeattributeset usermodehelper_26_0 (sysfs_usermodehelper usermodehelper)) - -(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service)) -(typeattributeset recovery_refresh_26_0 (recovery_refresh)) -(typeattributeset pdx_display_dir_26_0 (pdx_display_dir)) -(typeattributeset mediacasserver_service_26_0 (mediacasserver_service)) -(typeattributeset processinfo_service_26_0 (processinfo_service)) -(typeattributeset vdc_26_0 (vdc)) -(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec)) -(typeattributeset serial_service_26_0 (serial_service)) -(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket)) -(typeattributeset fingerprint_service_26_0 (fingerprint_service)) -(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service)) -(typeattributeset recovery_block_device_26_0 (recovery_block_device)) -(typeattributeset drmserver_26_0 (drmserver)) -(typeattributeset vr_hwc_service_26_0 (vr_hwc_service)) -(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice)) -(typeattributeset audiohal_data_file_26_0 (audiohal_data_file)) -(typeattributeset wifi_service_26_0 (wifi_service)) -(typeattributeset system_prop_26_0 (system_prop)) -(typeattributeset vfat_26_0 (vfat)) -(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket)) -(typeattributeset keystore_exec_26_0 (keystore_exec)) -(typeattributeset netpolicy_service_26_0 (netpolicy_service)) -(typeattributeset video_device_26_0 (video_device)) -(typeattributeset serialno_prop_26_0 (serialno_prop)) -(typeattributeset midi_service_26_0 (midi_service)) -(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop)) -(typeattributeset file_contexts_file_26_0 (file_contexts_file)) -(typeattributeset tzdatacheck_26_0 (tzdatacheck)) -(typeattributeset property_contexts_file_26_0 (property_contexts_file)) -(typeattributeset firstboot_prop_26_0 (firstboot_prop)) -(typeattributeset pan_result_prop_26_0 (pan_result_prop)) -(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop)) -(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop)) -(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file)) -(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice)) -(typeattributeset print_service_26_0 (print_service)) -(typeattributeset same_process_hal_file_26_0 (same_process_hal_file)) -(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice)) -(typeattributeset location_service_26_0 (location_service)) -(typeattributeset device_policy_service_26_0 (device_policy_service)) -(typeattributeset preopt2cachename_26_0 (preopt2cachename)) -(typeattributeset autofill_service_26_0 (autofill_service)) -(typeattributeset debugfs_26_0 (debugfs)) -(typeattributeset configfs_26_0 (configfs)) -(typeattributeset config_prop_26_0 (config_prop)) -(typeattributeset charger_26_0 (charger)) -(typeattributeset mdlogger_26_0 (mdlogger)) -(typeattributeset system_block_device_26_0 (system_block_device)) -(typeattributeset postinstall_26_0 (postinstall)) -(typeattributeset updatelock_service_26_0 (updatelock_service)) -(typeattributeset apk_data_file_26_0 (apk_data_file)) -(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice)) -(typeattributeset system_app_26_0 (system_app)) -(typeattributeset emdlogger_26_0 (emdlogger)) -(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice)) -(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice)) -(typeattributeset preloads_media_file_26_0 (preloads_media_file)) -(typeattributeset surfaceflinger_26_0 (surfaceflinger)) -(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket)) -(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances)) -(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice)) -(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo)) -(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers)) -(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service)) -(typeattributeset activity_service_26_0 (activity_service)) -(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec)) -(typeattributeset watchdog_device_26_0 (watchdog_device)) -(typeattributeset fuelgauged_static_26_0 (fuelgauged_static)) -(typeattributeset graphics_device_26_0 (graphics_device)) -(typeattributeset method_trace_data_file_26_0 (method_trace_data_file)) -(typeattributeset vndservicemanager_26_0 (vndservicemanager)) -(typeattributeset apk_private_data_file_26_0 (apk_private_data_file)) -(typeattributeset hwservicemanager_26_0 (hwservicemanager)) -(typeattributeset keychord_device_26_0 (keychord_device)) -(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice)) -(typeattributeset servicemanager_26_0 (servicemanager)) -(typeattributeset ashmem_device_26_0 (ashmem_device)) -(typeattributeset virtual_touchpad_26_0 (virtual_touchpad)) -(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice)) -(typeattributeset fingerprint_prop_26_0 (fingerprint_prop)) -(typeattributeset proc_stat_26_0 (proc_stat)) -(typeattributeset rootfs_26_0 (rootfs)) -(typeattributeset sdcardfs_26_0 (sdcardfs)) -(typeattributeset netd_26_0 (netd)) -(typeattributeset pre_meta_26_0 (pre_meta)) -(typeattributeset sysfs_usb_26_0 (sysfs_usb)) -(typeattributeset proc_perf_26_0 (proc_perf)) -(typeattributeset mqueue_26_0 (mqueue)) -(typeattributeset tee_26_0 (tee)) -(typeattributeset media_session_service_26_0 (media_session_service)) -(typeattributeset adbd_26_0 (adbd)) -(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file)) -(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app)) -(typeattributeset fuse_26_0 (fuse)) -(typeattributeset recovery_26_0 (recovery)) -(typeattributeset bootstat_26_0 (bootstat)) -(typeattributeset labeledfs_26_0 (labeledfs)) -(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir)) -(typeattributeset usermodehelper_26_0 (usermodehelper)) -(typeattributeset mediaextractor_service_26_0 (mediaextractor_service)) -(typeattributeset debug_prop_26_0 (debug_prop)) -(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice)) -(typeattributeset update_engine_service_26_0 (update_engine_service)) -(typeattributeset lock_settings_service_26_0 (lock_settings_service)) -(typeattributeset cameraproxy_service_26_0 (cameraproxy_service)) -(typeattributeset audio_prop_26_0 (audio_prop)) -(typeattributeset healthd_26_0 (healthd)) -(typeattributeset keychain_data_file_26_0 (keychain_data_file)) -(typeattributeset kmem_device_26_0 (kmem_device)) -(typeattributeset kmsg_device_26_0 (kmsg_device)) -(typeattributeset netif_26_0 (netif)) -(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec)) -(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file)) -(typeattributeset radio_26_0 (radio)) -(typeattributeset pipefs_26_0 (pipefs)) -(typeattributeset pstorefs_26_0 (pstorefs)) -(typeattributeset proc_sysrq_26_0 (proc_sysrq)) -(typeattributeset audiocmdservice_atci_26_0 (audiocmdservice_atci)) -(typeattributeset gatekeeperd_26_0 (gatekeeperd)) -(typeattributeset consumer_ir_service_26_0 (consumer_ir_service)) -(typeattributeset aee_aedv_26_0 (aee_aedv)) -(typeattributeset sysfs_zram_26_0 (sysfs_zram)) -(typeattributeset wifi_data_file_26_0 (wifi_data_file)) -(typeattributeset mediametrics_service_26_0 (mediametrics_service)) -(typeattributeset meta_tst_26_0 (meta_tst)) -(typeattributeset assetatlas_service_26_0 (assetatlas_service)) -(typeattributeset backup_service_26_0 (backup_service)) -(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket)) -(typeattributeset zero_device_26_0 (zero_device)) -(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file)) -(typeattributeset service_contexts_file_26_0 (service_contexts_file)) -(typeattributeset sysfs_uio_26_0 (sysfs_uio)) -(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec)) -(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file)) -(typeattributeset incident_26_0 (incident)) -(typeattributeset cache_block_device_26_0 (cache_block_device)) -(typeattributeset crash_dump_exec_26_0 (crash_dump_exec)) -(typeattributeset shell_26_0 (shell)) -(typeattributeset network_time_update_service_26_0 (network_time_update_service)) -(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file)) -(typeattributeset textclassification_service_26_0 (textclassification_service)) -(typeattributeset blkid_untrusted_26_0 (blkid_untrusted)) -(typeattributeset dumpstate_prop_26_0 (dumpstate_prop)) -(typeattributeset zygote_exec_26_0 (zygote_exec)) -(typeattributeset cppreopt_prop_26_0 (cppreopt_prop)) -(typeattributeset radio_prop_26_0 (radio_prop)) -(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir)) -(typeattributeset misc_user_data_file_26_0 (misc_user_data_file)) -(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing)) -(typeattributeset shell_prop_26_0 (shell_prop)) -(typeattributeset isolated_app_26_0 (isolated_app)) -(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator)) -(typeattributeset network_management_service_26_0 (network_management_service)) -(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom)) -(typeattributeset system_server_26_0 (system_server)) -(typeattributeset device_identifiers_service_26_0 (device_identifiers_service)) -(typeattributeset network_score_service_26_0 (network_score_service)) -(typeattributeset em_svr_26_0 (em_svr)) -(typeattributeset usbfs_26_0 (usbfs)) -(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice)) -(typeattributeset sdcardd_26_0 (sdcardd)) -(typeattributeset logdr_socket_26_0 (logdr_socket)) -(typeattributeset logdw_socket_26_0 (logdw_socket)) -(typeattributeset vpn_data_file_26_0 (vpn_data_file)) -(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file)) -(typeattributeset mediaserver_service_26_0 (mediaserver_service)) -(typeattributeset property_data_file_26_0 (property_data_file)) -(typeattributeset wifi_log_prop_26_0 (wifi_log_prop)) -(typeattributeset accessibility_service_26_0 (accessibility_service)) -(typeattributeset camera_device_26_0 (camera_device)) -(typeattributeset recovery_data_file_26_0 (recovery_data_file)) -(typeattributeset system_app_data_file_26_0 (system_app_data_file)) -(typeattributeset sysfs_leds_26_0 (sysfs_leds)) -(typeattributeset mediacodec_26_0 (mediacodec)) -(typeattributeset restrictions_service_26_0 (restrictions_service)) -(typeattributeset ffs_prop_26_0 (ffs_prop)) -(typeattributeset log_prop_26_0 (log_prop)) -(typeattributeset mmc_prop_26_0 (mmc_prop)) -(typeattributeset nfc_prop_26_0 (nfc_prop)) -(typeattributeset toolbox_26_0 (toolbox)) -(typeattributeset IProxyService_service_26_0 (IProxyService_service)) -(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file)) -(typeattributeset proc_26_0 (proc)) -(typeattributeset bluetooth_socket_26_0 (bluetooth_socket)) -(typeattributeset logcat_exec_26_0 (logcat_exec)) -(typeattributeset inputflinger_exec_26_0 (inputflinger_exec)) -(typeattributeset overlay_prop_26_0 (overlay_prop)) -(typeattributeset safemode_prop_26_0 (safemode_prop)) -(typeattributeset wallpaper_file_26_0 (wallpaper_file)) -(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons)) -(typeattributeset dhcp_prop_26_0 (dhcp_prop)) -(typeattributeset gps_control_26_0 (gps_control)) -(typeattributeset logd_prop_26_0 (logd_prop)) -(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop)) -(typeattributeset vold_prop_26_0 (vold_prop)) -(typeattributeset wifi_prop_26_0 (wifi_prop)) -(typeattributeset imms_service_26_0 (imms_service)) -(typeattributeset netd_socket_26_0 (netd_socket)) -(typeattributeset sysfs_26_0 (sysfs)) -(typeattributeset default_android_service_26_0 (default_android_service)) -(typeattributeset bufferhubd_26_0 (bufferhubd)) -(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu)) -(typeattributeset untrusted_app_26_0 (untrusted_app)) -(typeattributeset shared_relro_26_0 (shared_relro)) -(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice)) -(typeattributeset alarm_device_26_0 (alarm_device)) -(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice)) -(typeattributeset audio_data_file_26_0 (audio_data_file)) -(typeattributeset radio_data_file_26_0 (radio_data_file)) -(typeattributeset display_service_26_0 (display_service)) -(typeattributeset overlay_service_26_0 (overlay_service)) -(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice)) -(typeattributeset performanced_exec_26_0 (performanced_exec)) -(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice)) -(typeattributeset system_wpa_socket_26_0 (system_wpa_socket)) -(typeattributeset fsck_26_0 (fsck)) -(typeattributeset netd_listener_service_26_0 (netd_listener_service)) -(typeattributeset app_fusefs_26_0 (app_fusefs)) -(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory)) -(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop)) -(typeattributeset connmetrics_service_26_0 (connmetrics_service)) -(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid)) -(typeattributeset boot_block_device_26_0 (boot_block_device)) -(typeattributeset powerctl_prop_26_0 (powerctl_prop)) -(typeattributeset misc_block_device_26_0 (misc_block_device)) -(typeattributeset root_block_device_26_0 (root_block_device)) -(typeattributeset swap_block_device_26_0 (swap_block_device)) -(typeattributeset block_device_26_0 (block_device)) -(typeattributeset kb_block_device_26_0 (kb_block_device)) -(typeattributeset dkb_block_device_26_0 (dkb_block_device)) -(typeattributeset frp_block_device_26_0 (frp_block_device)) -(typeattributeset loop_device_26_0 (loop_device)) -(typeattributeset nvram_agent_service_26_0 (nvram_agent_service)) -(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket)) -(typeattributeset crash_dump_26_0 (crash_dump)) -(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice)) -(typeattributeset shm_26_0 (shm)) -(typeattributeset installd_service_26_0 (installd_service)) -(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat)) -(typeattributeset bootstat_exec_26_0 (bootstat_exec)) -(typeattributeset mdns_socket_26_0 (mdns_socket)) -(typeattributeset oem_lock_service_26_0 (oem_lock_service)) -(typeattributeset audioserver_26_0 (audioserver)) -(typeattributeset tmpfs_26_0 (tmpfs)) -(typeattributeset bootanim_exec_26_0 (bootanim_exec)) -(typeattributeset vendor_configs_file_26_0 (vendor_configs_file)) -(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec)) -(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop)) -(typeattributeset clatd_26_0 (clatd)) -(typeattributeset input_device_26_0 (input_device)) -(typeattributeset DockObserver_service_26_0 (DockObserver_service)) -(typeattributeset shell_data_file_26_0 (shell_data_file)) -(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service)) -(typeattributeset contexthub_service_26_0 (contexthub_service)) -(typeattributeset dnsmasq_26_0 (dnsmasq)) -(typeattributeset dumpstate_26_0 (dumpstate)) -(typeattributeset cmddumper_26_0 (cmddumper)) -(typeattributeset install_data_file_26_0 (install_data_file)) -(typeattributeset asec_image_file_26_0 (asec_image_file)) -(typeattributeset hardware_properties_service_26_0 (hardware_properties_service)) -(typeattributeset owntty_device_26_0 (owntty_device)) -(typeattributeset null_device_26_0 (null_device)) -(typeattributeset uimode_service_26_0 (uimode_service)) -(typeattributeset uncrypt_exec_26_0 (uncrypt_exec)) -(typeattributeset priv_app_26_0 (priv_app)) -(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice)) -(typeattributeset wifiscanner_service_26_0 (wifiscanner_service)) -(typeattributeset audio_timer_device_26_0 (audio_timer_device)) -(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file)) -(typeattributeset loop_control_device_26_0 (loop_control_device)) -(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket)) -(typeattributeset net_dns_prop_26_0 (net_dns_prop)) -(typeattributeset fingerprintd_26_0 (fingerprintd)) -(typeattributeset bluetooth_prop_26_0 (bluetooth_prop)) -(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice)) -(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice)) -(typeattributeset font_service_26_0 (font_service)) -(typeattributeset wificond_service_26_0 (wificond_service)) -(typeattributeset postinstall_file_26_0 (postinstall_file)) -(typeattributeset qtaguid_proc_26_0 (qtaguid_proc)) -(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop)) -(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice)) -(typeattributeset dalvik_prop_26_0 (dalvik_prop)) -(typeattributeset inputflinger_service_26_0 (inputflinger_service)) -(typeattributeset audio_seq_device_26_0 (audio_seq_device)) -(typeattributeset mtpd_socket_26_0 (mtpd_socket)) -(typeattributeset keystore_service_26_0 (keystore_service)) -(typeattributeset bluetooth_service_26_0 (bluetooth_service)) -(typeattributeset appops_service_26_0 (appops_service)) -(typeattributeset system_data_file_26_0 (system_data_file)) -(typeattributeset devpts_26_0 (devpts)) -(typeattributeset aee_aed_26_0 (aee_aed)) -(typeattributeset drm_data_file_26_0 (drm_data_file)) -(typeattributeset su_26_0 (su)) -(typeattributeset otadexopt_service_26_0 (otadexopt_service)) -(typeattributeset proc_security_26_0 (proc_security)) -(typeattributeset nfc_service_26_0 (nfc_service)) -(typeattributeset settings_service_26_0 (settings_service)) -(typeattributeset cppreopts_26_0 (cppreopts)) -(typeattributeset cpuinfo_service_26_0 (cpuinfo_service)) -(typeattributeset dbinfo_service_26_0 (dbinfo_service)) -(typeattributeset gfxinfo_service_26_0 (gfxinfo_service)) -(typeattributeset meminfo_service_26_0 (meminfo_service)) -(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec)) -(typeattributeset ppp_26_0 (ppp)) -(typeattributeset vndbinder_device_26_0 (vndbinder_device)) -(typeattributeset ethernet_service_26_0 (ethernet_service)) -(typeattributeset pinner_service_26_0 (pinner_service)) -(typeattributeset performanced_26_0 (performanced)) -(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file)) -(typeattributeset binder_device_26_0 (binder_device)) -(typeattributeset hwbinder_device_26_0 (hwbinder_device)) -(typeattributeset hw_random_device_26_0 (hw_random_device)) -(typeattributeset random_device_26_0 (random_device)) -(typeattributeset ctl_default_prop_26_0 (ctl_default_prop)) -(typeattributeset userdata_block_device_26_0 (userdata_block_device)) -(typeattributeset default_prop_26_0 (default_prop)) -(typeattributeset vndk_sp_file_26_0 (vndk_sp_file)) -(typeattributeset cameraserver_26_0 (cameraserver)) -(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec)) -(typeattributeset debuggerd_prop_26_0 (debuggerd_prop)) -(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec)) -(typeattributeset shared_relro_file_26_0 (shared_relro_file)) -(typeattributeset lmkd_socket_26_0 (lmkd_socket)) -(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice)) -(typeattributeset ringtone_file_26_0 (ringtone_file)) -(typeattributeset toolbox_exec_26_0 (toolbox_exec)) -(typeattributeset permission_service_26_0 (permission_service)) -(typeattributeset metadata_block_device_26_0 (metadata_block_device)) -(typeattributeset logd_socket_26_0 (logd_socket)) -(typeattributeset mac_perms_file_26_0 (mac_perms_file)) -(typeattributeset vendor_app_file_26_0 (vendor_app_file)) -(typeattributeset vendor_hal_file_26_0 (vendor_hal_file)) -(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath)) -(typeattributeset nfc_26_0 (nfc)) -(typeattributeset default_android_vndservice_26_0 (default_android_vndservice)) -(typeattributeset rtc_device_26_0 (rtc_device)) -(typeattributeset ram_device_26_0 (ram_device)) -(typeattributeset perfprofd_data_file_26_0 (perfprofd_data_file)) -(typeattributeset nativetest_data_file_26_0 (nativetest_data_file)) -(typeattributeset country_detector_service_26_0 (country_detector_service)) -(typeattributeset cgroup_26_0 (cgroup)) -(typeattributeset drmserver_socket_26_0 (drmserver_socket)) -(typeattributeset ppp_device_26_0 (ppp_device)) -(typeattributeset proc_net_26_0 (proc_net)) -(typeattributeset zygote_26_0 (zygote)) -(typeattributeset untrusted_app_25_26_0 (untrusted_app_25)) -(typeattributeset adb_data_file_26_0 (adb_data_file)) -(typeattributeset anr_data_file_26_0 (anr_data_file)) -(typeattributeset adb_keys_file_26_0 (adb_keys_file)) -(typeattributeset kernel_26_0 (kernel)) -(typeattributeset servicediscovery_service_26_0 (servicediscovery_service)) -(typeattributeset coverage_service_26_0 (coverage_service)) -(typeattributeset keystore_26_0 (keystore)) -(typeattributeset package_service_26_0 (package_service)) -(typeattributeset ephemeral_app_26_0 (ephemeral_app)) -(typeattributeset bluetooth_26_0 (bluetooth)) -(typeattributeset inputflinger_26_0 (inputflinger)) -(typeattributeset vcs_device_26_0 (vcs_device)) -(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice)) -(typeattributeset port_26_0 (port)) -(typeattributeset factory_26_0 (factory)) -(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec)) -(typeattributeset runas_26_0 (runas)) -(typeattributeset tty_device_26_0 (tty_device)) -(typeattributeset tun_device_26_0 (tun_device)) -(typeattributeset clatd_exec_26_0 (clatd_exec)) -(typeattributeset uio_device_26_0 (uio_device)) -(typeattributeset usb_device_26_0 (usb_device)) -(typeattributeset tv_input_service_26_0 (tv_input_service)) -(typeattributeset input_service_26_0 (input_service)) -(typeattributeset tee_device_26_0 (tee_device)) -(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice)) -(typeattributeset radio_device_26_0 (radio_device)) -(typeattributeset bootstat_data_file_26_0 (bootstat_data_file)) -(typeattributeset ptmx_device_26_0 (ptmx_device)) -(typeattributeset textservices_service_26_0 (textservices_service)) -(typeattributeset usbaccessory_device_26_0 (usbaccessory_device)) -(typeattributeset asec_public_file_26_0 (asec_public_file)) -(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice)) -(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec)) -(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket)) -(typeattributeset user_profile_data_file_26_0 (user_profile_data_file)) -(typeattributeset input_method_service_26_0 (input_method_service)) -(typeattributeset media_projection_service_26_0 (media_projection_service)) -(typeattributeset racoon_socket_26_0 (racoon_socket)) -(typeattributeset cameraserver_service_26_0 (cameraserver_service)) -(typeattributeset idmap_exec_26_0 (idmap_exec)) -(typeattributeset uncrypt_socket_26_0 (uncrypt_socket)) -(typeattributeset install_recovery_26_0 (install_recovery)) -(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop)) -(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs)) -(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice)) -(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice)) -(typeattributeset incident_data_file_26_0 (incident_data_file)) -(typeattributeset webview_zygote_26_0 (webview_zygote)) -(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set)) -(typeattributeset connectivity_service_26_0 (connectivity_service)) -(typeattributeset notification_service_26_0 (notification_service)) -(typeattributeset init_26_0 (init)) -(typeattributeset logpersist_26_0 (logpersist)) -(typeattributeset dreams_service_26_0 (dreams_service)) -(typeattributeset companion_device_service_26_0 (companion_device_service)) -(typeattributeset bootanim_26_0 (bootanim)) -(typeattributeset ota_package_file_26_0 (ota_package_file)) -(typeattributeset diskstats_service_26_0 (diskstats_service)) -(typeattributeset wallpaper_service_26_0 (wallpaper_service)) -(typeattributeset fscklogs_26_0 (fscklogs)) -(typeattributeset task_service_26_0 (task_service)) -(typeattributeset hardware_service_26_0 (hardware_service)) -(typeattributeset logd_26_0 (logd)) -(typeattributeset procstats_service_26_0 (procstats_service)) -(typeattributeset dumpstate_service_26_0 (dumpstate_service)) -(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec)) -(typeattributeset alarm_service_26_0 (alarm_service)) -(typeattributeset rttmanager_service_26_0 (rttmanager_service)) -(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice)) -(typeattributeset ueventd_26_0 (ueventd)) -(typeattributeset node_26_0 (node)) -(typeattributeset nfc_data_file_26_0 (nfc_data_file)) -(typeattributeset misc_logd_file_26_0 (misc_logd_file)) -(typeattributeset sepolicy_file_26_0 (sepolicy_file)) -(typeattributeset audioserver_service_26_0 (audioserver_service)) -(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address)) -(typeattributeset modprobe_26_0 (modprobe)) -(typeattributeset incidentd_26_0 (incidentd)) -(typeattributeset apk_tmp_file_26_0 (apk_tmp_file)) -(typeattributeset gpu_device_26_0 (gpu_device)) -(typeattributeset mdnsd_26_0 (mdnsd)) -(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats)) -(typeattributeset sensorservice_service_26_0 (sensorservice_service)) -(typeattributeset runas_exec_26_0 (runas_exec)) -(typeattributeset dex2oat_26_0 (dex2oat)) -(typeattributeset wifiaware_service_26_0 (wifiaware_service)) -(typeattributeset netstats_service_26_0 (netstats_service)) -(typeattributeset vr_manager_service_26_0 (vr_manager_service)) -(typeattributeset watchdogd_26_0 (watchdogd)) -(typeattributeset mediacodec_exec_26_0 (mediacodec_exec)) -(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec)) -(typeattributeset shell_exec_26_0 (shell_exec)) -(typeattributeset hdmi_control_service_26_0 (hdmi_control_service)) -(typeattributeset clipboard_service_26_0 (clipboard_service)) -(typeattributeset dumpstate_exec_26_0 (dumpstate_exec)) -(typeattributeset perfprofd_26_0 (perfprofd)) -(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec)) -(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket)) -(typeattributeset wificond_26_0 (wificond)) -(typeattributeset debugfs_mmc_26_0 (debugfs_mmc)) -(typeattributeset netutils_wrapper_26_0 (netutils_wrapper)) -(typeattributeset racoon_26_0 (racoon)) -(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice)) -(typeattributeset vold_26_0 (vold)) -(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket)) -(typeattributeset iio_device_26_0 (iio_device)) -(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket)) -(typeattributeset ion_device_26_0 (ion_device)) -(typeattributeset port_device_26_0 (port_device)) -(typeattributeset nfc_device_26_0 (nfc_device)) -(typeattributeset rild_socket_26_0 (rild_socket)) -(typeattributeset keystore_data_file_26_0 (keystore_data_file)) -(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec)) -(typeattributeset pmsg_device_26_0 (pmsg_device)) -(typeattributeset rpmsg_device_26_0 (rpmsg_device)) -(typeattributeset i2c_device_26_0 (i2c_device)) -(typeattributeset cache_file_26_0 (cache_file)) -(typeattributeset fingerprintd_service_26_0 (fingerprintd_service)) -(typeattributeset mtp_device_26_0 (mtp_device)) -(typeattributeset mtd_device_26_0 (mtd_device)) -(typeattributeset log_device_26_0 (log_device)) -(typeattributeset adbd_socket_26_0 (adbd_socket)) -(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker)) -(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot)) -(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice)) -(typeattributeset cppreopts_exec_26_0 (cppreopts_exec)) -(typeattributeset installd_exec_26_0 (installd_exec)) -(typeattributeset tombstoned_exec_26_0 (tombstoned_exec)) -(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file)) -(typeattributeset wpa_socket_26_0 (wpa_socket)) -(typeattributeset mtp_26_0 (mtp)) -(typeattributeset backup_data_file_26_0 (backup_data_file)) -(typeattributeset app_fuse_file_26_0 (app_fuse_file)) -(typeattributeset app_data_file_26_0 (app_data_file)) -(typeattributeset dhcp_data_file_26_0 (dhcp_data_file)) -(typeattributeset racoon_exec_26_0 (racoon_exec)) -(typeattributeset unlabeled_26_0 (unlabeled)) -(typeattributeset ipsec_service_26_0 (ipsec_service)) -(typeattributeset user_service_26_0 (user_service)) -(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service)) -(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file)) -(typeattributeset socket_device_26_0 (socket_device)) -(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service)) -(typeattributeset update_engine_exec_26_0 (update_engine_exec)) -(typeattributeset installd_26_0 (installd)) -(typeattributeset profman_exec_26_0 (profman_exec)) -(typeattributeset key_install_data_file_26_0 (key_install_data_file)) -(typeattributeset bootchart_data_file_26_0 (bootchart_data_file)) -(typeattributeset persist_debug_prop_26_0 (persist_debug_prop)) -(typeattributeset telecom_service_26_0 (telecom_service)) -(typeattributeset audioserver_data_file_26_0 (audioserver_data_file)) -(typeattributeset console_device_26_0 (console_device)) -(typeattributeset sensors_device_26_0 (sensors_device)) -(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service)) -(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice)) -(typeattributeset search_service_26_0 (search_service)) -(typeattributeset mediaserver_26_0 (mediaserver)) -(typeattributeset mediaserver_exec_26_0 (mediaserver_exec)) -(typeattributeset oemfs_26_0 (oemfs)) -(typeattributeset drmserver_exec_26_0 (drmserver_exec)) -(typeattributeset sgdisk_exec_26_0 (sgdisk_exec)) -(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket)) -(typeattributeset camera_data_file_26_0 (camera_data_file)) -(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file)) -(typeattributeset media_data_file_26_0 (media_data_file)) -(typeattributeset ota_data_file_26_0 (ota_data_file)) -(typeattributeset system_file_26_0 (system_file)) -(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file)) -(typeattributeset hci_attach_dev_26_0 (hci_attach_dev)) -(typeattributeset statusbar_service_26_0 (statusbar_service)) -(typeattributeset boot_logo_updater_26_0 (boot_logo_updater)) -(typeattributeset idmap_26_0 (idmap)) -(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket)) -(typeattributeset cameraserver_exec_26_0 (cameraserver_exec)) -(typeattributeset shortcut_service_26_0 (shortcut_service)) -(typeattributeset profman_26_0 (profman)) -(typeattributeset media_rw_data_file_26_0 (media_rw_data_file)) -(typeattributeset coredump_file_26_0 (coredump_file)) -(typeattributeset serial_device_26_0 (serial_device)) -(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service)) -(typeattributeset boottrace_data_file_26_0 (boottrace_data_file)) -(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice)) -(typeattributeset cache_backup_file_26_0 (cache_backup_file)) -(typeattributeset tracing_shell_writable_26_0 (tracing_shell_writable)) -(typeattributeset mediacodec_service_26_0 (mediacodec_service)) -(typeattributeset lmkd_26_0 (lmkd)) -(typeattributeset deviceidle_service_26_0 (deviceidle_service)) -(typeattributeset dropbox_service_26_0 (dropbox_service)) -(typeattributeset mobile_log_d_26_0 (mobile_log_d)) -(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice)) -(typeattributeset storagestats_service_26_0 (storagestats_service)) -(typeattributeset wifip2p_service_26_0 (wifip2p_service)) -(typeattributeset registry_service_26_0 (registry_service)) -(typeattributeset platform_app_26_0 (platform_app)) -(typeattributeset cpuctl_device_26_0 (cpuctl_device)) -(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo)) -(typeattributeset recovery_persist_26_0 (recovery_persist)) -(typeattributeset jobscheduler_service_26_0 (jobscheduler_service)) -(typeattributeset proc_iomem_26_0 (proc_iomem)) -(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice)) -(typeattributeset proc_timer_26_0 (proc_timer)) -(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket)) -(typeattributeset sdcardd_exec_26_0 (sdcardd_exec)) -(typeattributeset mediametrics_26_0 (mediametrics)) -(typeattributeset mediametrics_exec_26_0 (mediametrics_exec)) -(typeattributeset audio_device_26_0 (audio_device)) -(typeattributeset webviewupdate_service_26_0 (webviewupdate_service)) -(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec)) -(typeattributeset dex2oat_exec_26_0 (dex2oat_exec)) -(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller)) -(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec)) -(typeattributeset servicemanager_exec_26_0 (servicemanager_exec)) -(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir)) -(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo)) -(typeattributeset proc_meminfo_26_0 (proc_meminfo)) -(typeattributeset zygote_socket_26_0 (zygote_socket)) -(typeattributeset vendor_framework_file_26_0 (vendor_framework_file)) -(typeattributeset boottime_prop_26_0 (boottime_prop)) -(typeattributeset system_radio_prop_26_0 (system_radio_prop)) -(typeattributeset fsck_untrusted_26_0 (fsck_untrusted)) -(typeattributeset uhid_device_26_0 (uhid_device)) -(typeattributeset incident_service_26_0 (incident_service)) -(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop)) -(typeattributeset restorecon_prop_26_0 (restorecon_prop)) -(typeattributeset account_service_26_0 (account_service)) -(typeattributeset content_service_26_0 (content_service)) -(typeattributeset mount_service_26_0 (mount_service)) -(typeattributeset net_radio_prop_26_0 (net_radio_prop)) -(typeattributeset asec_apk_file_26_0 (asec_apk_file)) -(typeattributeset heapdump_data_file_26_0 (heapdump_data_file)) -(typeattributeset update_verifier_exec_26_0 (update_verifier_exec)) -(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice)) -(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file)) -(typeattributeset usb_service_26_0 (usb_service)) -(typeattributeset battery_service_26_0 (battery_service)) -(typeattributeset tracing_shell_writable_debug_26_0 (tracing_shell_writable_debug)) -(typeattributeset recovery_service_26_0 (recovery_service)) -(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop)) -(typeattributeset ctl_console_prop_26_0 (ctl_console_prop)) -(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec)) -(typeattributeset sockfs_26_0 (sockfs)) -(typeattributeset trust_service_26_0 (trust_service)) -(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs)) -(typeattributeset storage_file_26_0 (storage_file)) -(typeattributeset update_verifier_26_0 (update_verifier)) -(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop)) -(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file)) -(typeattributeset update_engine_data_file_26_0 (update_engine_data_file)) -(typeattributeset healthd_exec_26_0 (healthd_exec)) -(typeattributeset mnt_expand_file_26_0 (mnt_expand_file)) -(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice)) -(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt)) -(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket)) -(typeattributeset proc_drop_caches_26_0 (proc_drop_caches)) -(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file)) -(typeattributeset netd_service_26_0 (netd_service)) -(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice)) -(typeattributeset log_tag_prop_26_0 (log_tag_prop)) -(typeattributeset tombstone_data_file_26_0 (tombstone_data_file)) -(typeattributeset audio_service_26_0 (audio_service)) -(typeattributeset radio_service_26_0 (radio_service)) -(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec)) -(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file)) -(typeattributeset vold_socket_26_0 (vold_socket)) -(typeattributeset otapreopt_slot_26_0 (otapreopt_slot)) -(typeattributeset properties_device_26_0 (properties_device)) -(typeattributeset vibrator_service_26_0 (vibrator_service)) -(typeattributeset window_service_26_0 (window_service)) -(typeattributeset update_engine_26_0 (update_engine)) -(typeattributeset mediaextractor_26_0 (mediaextractor)) -(typeattributeset blkid_26_0 (blkid)) -(typeattributeset properties_serial_26_0 (properties_serial)) -(typeattributeset functionfs_26_0 (functionfs)) -(typeattributeset rild_debug_socket_26_0 (rild_debug_socket)) -(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service)) -(typeattributeset appwidget_service_26_0 (appwidget_service)) -(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file)) -(typeattributeset launcherapps_service_26_0 (launcherapps_service)) -(typeattributeset proc_misc_26_0 (proc_misc)) -(typeattributeset mnt_user_file_26_0 (mnt_user_file)) -(typeattributeset reboot_data_file_26_0 (reboot_data_file)) -(typeattributeset su_exec_26_0 (su_exec)) -(typeattributeset ppp_exec_26_0 (ppp_exec)) -(typeattributeset vdc_exec_26_0 (vdc_exec)) -(typeattributeset mtp_exec_26_0 (mtp_exec)) -(typeattributeset net_data_file_26_0 (net_data_file)) -(typeattributeset vold_data_file_26_0 (vold_data_file)) -(typeattributeset dhcp_26_0 (dhcp)) -(typeattributeset preloads_data_file_26_0 (preloads_data_file)) -(typeattributeset vold_exec_26_0 (vold_exec)) -(typeattributeset usagestats_service_26_0 (usagestats_service)) -(typeattributeset dhcp_exec_26_0 (dhcp_exec)) -(typeattributeset fsck_exec_26_0 (fsck_exec)) -(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice)) -(typeattributeset kisd_26_0 (kisd)) -(typeattributeset lmkd_exec_26_0 (lmkd_exec)) -(typeattributeset logd_exec_26_0 (logd_exec)) -(typeattributeset netd_exec_26_0 (netd_exec)) -(typeattributeset sgdisk_26_0 (sgdisk)) -(typeattributeset init_exec_26_0 (init_exec)) -(typeattributeset media_router_service_26_0 (media_router_service)) -(typeattributeset batteryproperties_service_26_0 (batteryproperties_service)) -(typeattributeset storaged_service_26_0 (storaged_service)) -(typeattributeset selinuxfs_26_0 (selinuxfs)) -(typeattributeset sysfs_thermal_26_0 (sysfs_thermal)) -(typeattributeset system_app_service_26_0 (system_app_service)) -(typeattributeset full_device_26_0 (full_device)) -(typeattributeset fuse_device_26_0 (fuse_device)) -(typeattributeset power_service_26_0 (power_service)) -(typeattributeset uncrypt_26_0 (uncrypt)) -(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket)) -(typeattributeset debugfs_tracing_26_0 (debugfs_tracing)) -(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent)) -(typeattributeset proc_modules_26_0 (proc_modules)) -(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service)) -(typeattributeset wificond_exec_26_0 (wificond_exec)) -(typeattributeset commontime_management_service_26_0 (commontime_management_service)) -(typeattributeset proc_interrupts_26_0 (proc_interrupts)) -(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket)) -(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice)) -(typeattributeset slideshow_26_0 (slideshow)) -(typeattributeset graphicsstats_service_26_0 (graphicsstats_service)) -(typeattributeset drmserver_service_26_0 (drmserver_service)) -(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file)) -(typeattributeset vr_hwc_26_0 (vr_hwc)) -(typeattributeset inotify_26_0 (inotify)) -(typeattributeset tombstoned_26_0 (tombstoned)) -(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket)) -(typeattributeset gpu_service_26_0 (gpu_service)) -(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice)) -(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable)) -(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable)) -(typeattributeset dm_device_26_0 (dm_device)) -(typeattributeset tee_data_file_26_0 (tee_data_file)) -(typeattributeset default_android_hwservice_26_0 (default_android_hwservice)) -(typeattributeset dumpstate_socket_26_0 (dumpstate_socket)) -(typeattributeset provision_file_26_0 (provision_file)) -(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket)) -(typeattributeset perfprofd_exec_26_0 (perfprofd_exec)) -(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice)) -(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec)) -(typeattributeset cache_recovery_file_26_0 (cache_recovery_file)) -(typeattributeset batterystats_service_26_0 (batterystats_service)) -(typeattributeset mediadrmserver_26_0 (mediadrmserver)) -(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice)) -(typeattributeset device_26_0 (device)) -(typeattributeset storage_stub_file_26_0 (storage_stub_file)) -(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable)) -(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service)) -(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice)) -(typeattributeset gatekeeper_service_26_0 (gatekeeper_service)) -(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice)) -(typeattributeset qtaguid_device_26_0 (qtaguid_device)) -(typeattributeset netdiag_26_0 (netdiag)) -(typeattributeset property_socket_26_0 (property_socket)) -(typeattributeset install_recovery_exec_26_0 (install_recovery_exec)) -(typeattributeset vendor_file_26_0 (vendor_file)) -(typeattributeset efs_file_26_0 (efs_file)) -(typeattributeset rild_26_0 (rild)) -(typeattributeset device_logging_prop_26_0 (device_logging_prop)) -(typeattributeset mdnsd_socket_26_0 (mdnsd_socket)) -(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file)) -(typeattributeset icon_file_26_0 (icon_file)) -(typeattributeset vold_device_26_0 (vold_device)) -(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock)) diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil deleted file mode 100755 index 560339e..0000000 --- a/private/compat/26.0/26.0.ignore.cil +++ /dev/null @@ -1,40 +0,0 @@ -;; new_objects - a collection of types that have been introduced that have no -;; analogue in older policy. Thus, we do not need to map these types to -;; previous ones. Add here to pass checkapi tests. -(typeattribute new_objects) -(typeattributeset new_objects - ( adbd_exec - broadcastradio_service - e2fs - e2fs_exec - hal_broadcastradio_hwservice - hal_cas_hwservice - hal_neuralnetworks_hwservice - hal_tetheroffload_hwservice - hal_wifi_offload_hwservice - kmsg_debug_device - mediaprovider_tmpfs - netd_stable_secret_prop - package_native_service - sysfs_fs_ext4_features - system_net_netd_hwservice - thermal_service - thermalcallback_hwservice - thermalserviced - thermalserviced_exec - thermalserviced_tmpfs - timezone_service - tombstoned_java_trace_socket - mtkbootanimation - mtkbootanimation_exec - mtkbootanimation_tmpfs -)) - -;; private_objects - a collection of types that were labeled differently in -;; older policy, but that should not remain accessible to vendor policy. -;; Thus, these types are also not mapped, but recorded for checkapi tests -(typeattribute priv_objects) -(typeattributeset priv_objects - ( adbd_tmpfs - screencap - screencap_exec )) diff --git a/r_non_plat/MtkCodecService.te b/r_non_plat/MtkCodecService.te deleted file mode 100644 index f9229a7..0000000 --- a/r_non_plat/MtkCodecService.te +++ /dev/null @@ -1,9 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/MtkCodecService Executable File - -# ============================================== -# Type Declaration -# ============================================== -type MtkCodecService_exec , exec_type, file_type, vendor_file_type; -type MtkCodecService ,domain; - diff --git a/r_non_plat/adbd.te b/r_non_plat/adbd.te deleted file mode 100644 index b431979..0000000 --- a/r_non_plat/adbd.te +++ /dev/null @@ -1,13 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -#permissive adbd; - -# Data : WK17.46 -# Operator: Migration -# Purpose: Allow adbd to read KE DB -allow adbd aee_dumpsys_data_file:file r_file_perms; -allow adbd aee_exp_data_file:dir r_dir_perms; -allow adbd aee_exp_data_file:file r_file_perms; -allow adbd gpu_device:dir search; diff --git a/r_non_plat/aee_aed.te b/r_non_plat/aee_aed.te deleted file mode 100644 index fb69ca2..0000000 --- a/r_non_plat/aee_aed.te +++ /dev/null @@ -1,69 +0,0 @@ -# ============================================== -# Policy File of /system/bin/aee_aed Executable File - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK14.32 -# Operation : AEE UT -# Purpose : for AEE module -allow aee_aed aed_device:chr_file rw_file_perms; -allow aee_aed expdb_device:chr_file rw_file_perms; -allow aee_aed expdb_block_device:blk_file rw_file_perms; -allow aee_aed etb_device:chr_file rw_file_perms; - -# open/dev/mtd/mtd12 failed(expdb) -allow aee_aed mtd_device:dir create_dir_perms; -allow aee_aed mtd_device:chr_file rw_file_perms; - -# NE flow: /dev/RT_Monitor -allow aee_aed RT_Monitor_device:chr_file r_file_perms; - -#data/aee_exp -allow aee_aed aee_exp_data_file:dir create_dir_perms; -allow aee_aed aee_exp_data_file:file create_file_perms; - -#data/dumpsys -allow aee_aed aee_dumpsys_data_file:dir create_dir_perms; -allow aee_aed aee_dumpsys_data_file:file create_file_perms; - -#/data/core -allow aee_aed aee_core_data_file:dir create_dir_perms; -allow aee_aed aee_core_data_file:file create_file_perms; - -# /data/data_tmpfs_log -allow aee_aed data_tmpfs_log_file:dir create_dir_perms; -allow aee_aed data_tmpfs_log_file:file create_file_perms; - -# Purpose: aee_aed set property -set_prop(aee_aed, persist_mtk_aee_prop); -set_prop(aee_aed, persist_aee_prop); -set_prop(aee_aed, debug_mtk_aee_prop); - -# /proc/lk_env -allow aee_aed proc_lk_env:file rw_file_perms; - -# Purpose: Allow aee_aed to read /proc/pid/exe -#allow aee_aed exec_type:file r_file_perms; - -# Purpose: Allow aee_aed to read /proc/cpu/alignment -allow aee_aed proc_cpu_alignment:file { write open }; - -# Purpose: Allow aee_aed to access /sys/devices/virtual/timed_output/vibrator/enable -allow aee_aed sysfs_vibrator_setting:dir search; -allow aee_aed sysfs_vibrator_setting:file w_file_perms; -allow aee_aed sysfs_vibrator:dir search; -allow aee_aed sysfs_leds:dir search; - -# Purpose: Allow aee_aed to read /proc/kpageflags -allow aee_aed proc_kpageflags:file r_file_perms; - -# temp solution -get_prop(aee_aed, vendor_default_prop) - -hal_client_domain(aee_aed, mtk_hal_log) - -# Purpose: create /data/aee_exp at runtime -allow aee_aed file_contexts_file:file r_file_perms; -allow aee_aed aee_exp_data_file:dir relabelto; diff --git a/r_non_plat/aee_aedv.te b/r_non_plat/aee_aedv.te deleted file mode 100644 index 7a13c5a..0000000 --- a/r_non_plat/aee_aedv.te +++ /dev/null @@ -1,431 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/aee_aedv Executable File - -# ============================================== -# MTK Policy Rule -# ============================================== - -type aee_aedv, domain; - -type aee_aedv_exec, exec_type, file_type, vendor_file_type; -typeattribute aee_aedv mlstrustedsubject; - -init_daemon_domain(aee_aedv) - -# Date : WK14.32 -# Operation : AEE UT -# Purpose : for AEE module -allow aee_aedv aed_device:chr_file rw_file_perms; -allow aee_aedv expdb_device:chr_file rw_file_perms; -allow aee_aedv expdb_block_device:blk_file rw_file_perms; -allow aee_aedv bootdevice_block_device:blk_file rw_file_perms; -allow aee_aedv etb_device:chr_file rw_file_perms; - -# AED start: /dev/block/expdb -allow aee_aedv block_device:dir search; - -# NE flow: /dev/RT_Monitor -allow aee_aedv RT_Monitor_device:chr_file r_file_perms; - -#data/aee_exp -allow aee_aedv aee_exp_vendor_file:dir create_dir_perms; -allow aee_aedv aee_exp_vendor_file:file create_file_perms; - -#data/dumpsys -allow aee_aedv aee_dumpsys_vendor_file:dir create_dir_perms; -allow aee_aedv aee_dumpsys_vendor_file:file create_file_perms; - -#/data/core -allow aee_aedv aee_core_vendor_file:dir create_dir_perms; -allow aee_aedv aee_core_vendor_file:file create_file_perms; - -# /data/data_tmpfs_log -allow aee_aedv vendor_tmpfs_log_file:dir create_dir_perms; -allow aee_aedv vendor_tmpfs_log_file:file create_file_perms; - -allow aee_aedv domain:process { sigkill getattr getsched}; -allow aee_aedv domain:lnk_file getattr; - -#core-pattern -allow aee_aedv usermodehelper:file r_file_perms; - -# Date: W15.34 -# Operation: Migration -# Purpose: For pagemap & pageflags information in NE DB -userdebug_or_eng(`allow aee_aedv self:capability sys_admin;') - -# Purpose: aee_aedv set property -set_prop(aee_aedv, persist_mtk_aeev_prop); -set_prop(aee_aedv, persist_aeev_prop); -set_prop(aee_aedv, debug_mtk_aeev_prop); - -# Purpose: mnt/user/* -allow aee_aedv mnt_user_file:dir search; -allow aee_aedv mnt_user_file:lnk_file read; - -allow aee_aedv storage_file:dir search; -allow aee_aedv storage_file:lnk_file read; - -userdebug_or_eng(` - allow aee_aedv su:dir {search read open }; - allow aee_aedv su:file { read getattr open }; -') - -# /proc/pid/ -allow aee_aedv self:capability { fowner chown fsetid sys_nice sys_resource net_admin sys_module}; - -# PROCESS_FILE_STATE -allow aee_aedv dumpstate:unix_stream_socket { read write ioctl }; -allow aee_aedv dumpstate:dir search; -allow aee_aedv dumpstate:file r_file_perms; - -allow aee_aedv logdr_socket:sock_file write; -allow aee_aedv logd:unix_stream_socket connectto; - -# vibrator -allow aee_aedv sysfs_vibrator:file w_file_perms; - -# /proc/lk_env -allow aee_aedv proc_lk_env:file rw_file_perms; - -# Data : 2017/03/22 -# Operation : add NE flow rule for Android O -# Purpose : make aee_aedv can get specific process NE info -allow aee_aedv domain:dir r_dir_perms; -allow aee_aedv domain:{ file lnk_file } r_file_perms; -#allow aee_aedv { -# domain -# -logd -# -keystore -# -init -#}:process ptrace; -#allow aee_aedv zygote_exec:file r_file_perms; -#allow aee_aedv init_exec:file r_file_perms; - -# Data : 2017/04/06 -# Operation : add selinux rule for crash_dump notify aee_aedv -# Purpose : make aee_aedv can get notify from crash_dump -allow aee_aedv crash_dump:dir search; -allow aee_aedv crash_dump:file r_file_perms; - -# Date : 20170512 -# Operation : fix aee_archive can't execute issue -# Purpose : type=1400 audit(0.0:97916): avc: denied { execute_no_trans } for -# path="/system/vendor/bin/aee_archive" dev="mmcblk0p26" ino=2355 -# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:vendor_file:s0 -# tclass=file permissive=0 -allow aee_aedv vendor_file:file execute_no_trans; - -# Purpose: debugfs files -allow aee_aedv debugfs_binder:dir { read open }; -allow aee_aedv debugfs_binder:file { read open }; -allow aee_aedv debugfs_blockio:file { read open }; -allow aee_aedv debugfs_fb:dir search; -allow aee_aedv debugfs_fb:file { read open }; -allow aee_aedv debugfs_fuseio:dir search; -allow aee_aedv debugfs_fuseio:file { read open }; -allow aee_aedv debugfs_ged:dir search; -allow aee_aedv debugfs_ged:file { read open }; -allow aee_aedv debugfs_rcu:dir search; -allow aee_aedv debugfs_shrinker_debug:file { read open }; -allow aee_aedv debugfs_wakeup_sources:file { read open }; -allow aee_aedv debugfs_dmlog_debug:file { read open }; -allow aee_aedv debugfs_page_owner_slim_debug:file { read open }; -allow aee_aedv debugfs_ion_mm_heap:dir search; -allow aee_aedv debugfs_ion_mm_heap:file r_file_perms; -allow aee_aedv debugfs_ion_mm_heap:lnk_file read; -allow aee_aedv debugfs_cpuhvfs:dir search; -allow aee_aedv debugfs_cpuhvfs:file { read open }; -allow aee_aedv debugfs_emi_mbw_buf:file { read open }; -allow aee_aedv debugfs_vpu_device_dbg:file { read open }; - -# Purpose: -# 01-01 00:02:46.390 3315 3315 W aee_dumpstatev: type=1400 audit(0.0:4728): -# avc: denied { read } for name="interrupts" dev="proc" ino=4026533608 scontext= -# u:r:aee_aedv:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0 -allow aee_aedv proc_interrupts:file read; - -# Purpose: -# 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497): -# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev= -# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r: -# tracing_shell_writable:s0 tclass=file permissive=1 -allow aee_aedv debugfs_tracing:file rw_file_perms; - -# Purpose: -# 01-01 00:05:16.730 3566 3566 W dmesg : type=1400 audit(0.0:5173): avc: -# denied { read } for name="kmsg" dev="tmpfs" ino=12292 scontext=u:r:aee_aedv: -# s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 -allow aee_aedv kmsg_device:chr_file read; - -# Purpose: -# 01-01 00:05:17.720 3567 3567 W ps : type=1400 audit(0.0:5192): avc: -# denied { getattr } for path="/proc/3421" dev="proc" ino=78975 scontext=u:r: -# aee_aedv:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=0 -allow aee_aedv platform_app:dir r_dir_perms; -allow aee_aedv platform_app:file r_file_perms; - -# Purpose: -# 01-01 00:05:17.750 3567 3567 W ps : type=1400 audit(0.0:5193): avc: -# denied { getattr } for path="/proc/3461" dev="proc" ino=11013 scontext=u:r: -# aee_aedv:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=0 -allow aee_aedv untrusted_app_25:dir getattr; - -# Purpose: -# 01-01 00:05:17.650 3567 3567 W ps : type=1400 audit(0.0:5179): avc: -# denied { getattr } for path="/proc/2712" dev="proc" ino=65757 scontext=u:r: -# aee_aedv:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0 -allow aee_aedv untrusted_app:dir getattr; - -# Purpose: -# 01-01 00:05:17.650 3567 3567 W ps : type=1400 audit(0.0:5180): avc: -# denied { getattr } for path="/proc/2747" dev="proc" ino=66659 scontext=u:r: -# aee_aedv:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=dir permissive=0 -allow aee_aedv priv_app:dir getattr; - -# Purpose: -# 01-01 00:05:16.270 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5153): -# avc: denied { open } for path="/proc/interrupts" dev="proc" ino=4026533608 -# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file -# permissive=0 -allow aee_aedv proc_interrupts:file r_file_perms; - -# Purpose: -# 01-01 00:05:16.620 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5171): -# avc: denied { read } for name="route" dev="proc" ino=4026533633 scontext=u:r: -# aee_aedv:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 -allow aee_aedv proc_net:file read; - -# Purpose: -# 01-01 00:05:16.610 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5168): -# avc: denied { read } for name="zoneinfo" dev="proc" ino=4026533664 scontext= -# u:r:aee_aedv:s0 tcontext=u:object_r:proc_zoneinfo:s0 tclass=file permissive=0 -allow aee_aedv proc_zoneinfo:file read; - -# Purpose: -# 01-01 00:05:17.840 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5200): -# avc: denied { search } for name="leds" dev="sysfs" ino=6217 scontext=u:r: -# aee_aedv:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=0 -allow aee_aedv sysfs_leds:dir search; -allow aee_aedv sysfs_leds:file r_file_perms; - -# Purpose: -# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5592): avc: denied -# { search } for name="ccci" dev="sysfs" ino=6026 scontext=u:r:aee_aedv:s0 tcontext=u:object_r: -# sysfs_ccci:s0 tclass=dir permissive=1 -# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5593): avc: denied { read } -# for name="md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:sysfs_ccci:s0 -# tclass=file permissive=1 -# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5594): avc: denied { open } -# for path="/sys/kernel/ccci/md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u: -# object_r:sysfs_ccci:s0 tclass=file permissive=1 -allow aee_aedv sysfs_ccci:dir search; -allow aee_aedv sysfs_ccci:file r_file_perms; - -# Purpose: -# 01-01 00:03:44.330 3658 3658 I aee_dumpstatev: type=1400 audit(0.0:5411): avc: denied -# { execute_no_trans } for path="/vendor/bin/toybox_vendor" dev="mmcblk0p26" ino=250 scontext=u:r: -# aee_aedv:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1 -allow aee_aedv vendor_toolbox_exec:file rx_file_perms; - -# Purpose: -# 01-01 00:12:06.320000 4145 4145 W dmesg : type=1400 audit(0.0:826): avc: denied { open } for -# path="/dev/kmsg" dev="tmpfs" ino=10875 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:kmsg_device: -# s0 tclass=chr_file permissive=0 -# 01-01 00:42:33.070000 4171 4171 W dmesg : type=1400 audit(0.0:1343): avc: denied -# { syslog_read } for scontext=u:r:aee_aedv:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0 -allow aee_aedv kmsg_device:chr_file r_file_perms; -allow aee_aedv kernel:system syslog_read; - -# Purpose: -# 01-01 00:12:37.890000 4162 4162 W aee_dumpstatev: type=1400 audit(0.0:914): avc: denied -# { read } for name="meminfo" dev="proc" ino=4026533612 scontext=u:r:aee_aedv:s0 tcontext=u: -# object_r:proc_meminfo:s0 tclass=file permissive=0 -allow aee_aedv proc_meminfo:file r_file_perms; - -# Purpose: -# 01-01 00:08:39.900000 3833 3833 W aee_dumpstatev: type=1400 audit(0.0:371): avc: denied -# { open } for path="/proc/3833/net/route" dev="proc" ino=4026533632 scontext=u:r:aee_aedv:s0 -# tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 -allow aee_aedv proc_net:file r_file_perms; - -# Purpose: -# 01-01 00:08:39.880000 3833 3833 W aee_dumpstatev: type=1400 audit(0.0:370): avc: denied -# { open } for path="/proc/zoneinfo" dev="proc" ino=4026533663 scontext=u:r:aee_aedv:s0 tcontext= -# u:object_r:proc_zoneinfo:s0 tclass=file permissive=0 -allow aee_aedv proc_zoneinfo:file r_file_perms; - -# Purpose: -# 01-01 00:33:27.750000 338 338 W aee_aedv: type=1400 audit(0.0:98): avc: denied { read } -# for name="fstab.mt6755" dev="rootfs" ino=1082 scontext=u:r:aee_aedv:s0 tcontext=u:object_r: -# rootfs:s0 tclass=file permissive=0 -allow aee_aedv rootfs:file r_file_perms; - -# Purpose: -# 01-01 00:33:28.340000 338 338 W aee_aedv: type=1400 audit(0.0:104): avc: denied { search } -# for name="dynamic_debug" dev="debugfs" ino=8182 scontext=u:r:aee_aedv:s0 tcontext=u:object_r: -# debugfs_dynamic_debug:s0 tclass=dir permissive=0 -allow aee_aedv debugfs_dynamic_debug:dir search; -allow aee_aedv debugfs_dynamic_debug:file r_file_perms; - -# Purpose: -# [ 241.001976] <1>.(1)[209:logd.auditd]type=1400 audit(1262304586.172:515): avc: denied { read } -# for pid=1978 comm="aee_aedv64" name="atag,devinfo" dev="sysfs" ino=2349 scontext=u:r:aee_aedv:s0 -# tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 -allow aee_aedv sysfs_mrdump_lbaooo:file w_file_perms; - -# Purpose: Allow aee_aedv to use HwBinder IPC. -hwbinder_use(aee_aedv) -get_prop(aee_aedv, hwservicemanager_prop) - -# Purpose: Allow aee_aedv access to vendor/bin/mtkcam-debug, which in turn invokes ICameraProvider -# - avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=2956 -# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager -# - Transaction error in ICameraProvider::debug: Status(EX_TRANSACTION_FAILED) -hal_client_domain(aee_aedv, hal_camera) -allow aee_aedv hal_camera_hwservice:hwservice_manager { find }; -binder_call(aee_aedv, mtk_hal_camera) - -# Purpose: allow aee to read /sys/fs/selinux/enforce to get selinux status -allow aee_aedv selinuxfs:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/pid/exe -#allow aee_aedv exec_type:file r_file_perms; - -# Purpose: mrdump db flow and pre-allocation -# mrdump db flow -allow aee_aedv sysfs_dt_firmware_android:dir search; -allow aee_aedv sysfs_dt_firmware_android:file r_file_perms; -allow aee_aedv kernel:system module_request; -allow aee_aedv metadata_file:dir search; -# pre-allocation -allow aee_aedv self:capability linux_immutable; -allow aee_aedv userdata_block_device:blk_file { read write open }; -allow aee_aedv para_block_device:blk_file rw_file_perms; -allow aee_aedv mrdump_device:blk_file rw_file_perms; -allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl { - FS_IOC_GETFLAGS - FS_IOC_SETFLAGS - F2FS_IOC_GET_PIN_FILE - F2FS_IOC_SET_PIN_FILE - FS_IOC_FIEMAP -}; - -# Purpose: allow vendor aee read lowmemorykiller logs -# file path: /sys/module/lowmemorykiller/parameters/ -allow aee_aedv sysfs_lowmemorykiller:dir search; -allow aee_aedv sysfs_lowmemorykiller:file r_file_perms; - -# Purpose: Allow aee read /sys/class/misc/scp/scp_dump -allow aee_aedv sysfs_scp:dir r_dir_perms; -allow aee_aedv sysfs_scp:file r_file_perms; - -# Purpose: Allow aee read /sys/class/misc/adsp/adsp_dump -allow aee_aedv sysfs_adsp:dir r_dir_perms; -allow aee_aedv sysfs_adsp:file r_file_perms; - -# Purpose: allow aee_aedv self to fsetid/sys_nice/chown/fowner/kill -allow aee_aedv self:capability { fsetid sys_nice chown fowner kill }; - -# Purpose: allow aee_aedv to read /proc/buddyinfo -allow aee_aedv proc_buddyinfo:file r_file_perms; - -# Purpose: allow aee_aedv to read /proc/cmdline -allow aee_aedv proc_cmdline:file r_file_perms; - -# Purpose: allow aee_aedv to read /proc/slabinfo -allow aee_aedv proc_slabinfo:file r_file_perms; - -# Purpose: allow aee_aedv to read /proc/stat -allow aee_aedv proc_stat:file r_file_perms; - -# Purpose: allow aee_aedv to read /proc/version -allow aee_aedv proc_version:file r_file_perms; - -# Purpose: allow aee_aedv to read /proc/vmallocinfo -allow aee_aedv proc_vmallocinfo:file r_file_perms; - -# Purpose: allow aee_aedv to read /proc/vmstat -allow aee_aedv proc_vmstat:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/cpu/alignment -allow aee_aedv proc_cpu_alignment:file w_file_perms; - -# Purpose: Allow aee_aedv to read /proc/gpulog -allow aee_aedv proc_gpulog:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/chip/hw_ver -allow aee_aedv proc_chip:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/sched_debug -allow aee_aedv proc_sched_debug:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/atf_log -allow aee_aedv proc_atf_log:dir search; - -# Purpose: Allow aee_aedv to read /proc/last_kmsg -allow aee_aedv proc_last_kmsg:file r_file_perms; - -# Purpose: Allow aee_aedv to access /sys/devices/virtual/timed_output/vibrator/enable -allow aee_aedv sysfs_vibrator_setting:dir search; -allow aee_aedv sysfs_vibrator_setting:file w_file_perms; -allow aee_aedv sysfs_vibrator:dir search; - -# Purpose: Allow aee_aedv to read /sys/kernel/debug/rcu/rcu_callback_log -allow aee_aedv debugfs_rcu:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/ufs_debug -allow aee_aedv proc_ufs_debug:file rw_file_perms; - -# Purpose: Allow aee_aedv to read /proc/msdc_debug -allow aee_aedv proc_msdc_debug:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/pidmap -allow aee_aedv proc_pidmap:file r_file_perms; - -# Purpose: Allow aee_aedv to read /sys/power/vcorefs/vcore_debug -allow aee_aedv sysfs_vcore_debug:file r_file_perms; - -# Purpose: Allow aee_aedv to read /sys/devices/virtual/BOOT/BOOT/boot/boot_mode -allow aee_aedv sysfs_boot_mode:file r_file_perms; - -#Purpose: Allow aee_aedv to read/write /sys/kernel/debug/tracing/buffer_total_size_kb -userdebug_or_eng(` -allow aee_aedv debugfs_tracing_debug:file { rw_file_perms }; -') - -#Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace -allow aee_aedv proc_slabtrace:file r_file_perms; - -#Purpose: Allow aee_aedv to read /proc/mtk_cmdq_debug/status -allow aee_aedv proc_cmdq_debug:file r_file_perms; - -# temp solution -get_prop(aee_aedv, vendor_default_prop) - -#data/dipdebug -allow aee_aedv aee_dipdebug_vendor_file:dir r_dir_perms; -allow aee_aedv aee_dipdebug_vendor_file:file r_file_perms; -allow aee_aedv proc_isp_p2:dir r_dir_perms; -allow aee_aedv proc_isp_p2:file r_file_perms; - -allow aee_aedv connsyslog_data_vendor_file:file r_file_perms; -allow aee_aedv connsyslog_data_vendor_file:dir r_dir_perms; - -# Purpose: Allow aee_aedv to read the /proc/*/exe of vendor process -allow aee_aedv vendor_file_type:file r_file_perms; - -# Purpose: Allow aee_aedv to read /sys/kernel/debug/smi_mon -allow aee_aedv debugfs_smi_mon:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/isp_p2/isp_p2_kedump -allow aee_aedv proc_isp_p2_kedump:file r_file_perms; - -# Purpose: Allow aee_aedv to read /sys/kernel/debug/vpu/vpu_memory -allow aee_aedv debugfs_vpu_memory:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/cpuhvfs/dbg_repo -allow aee_aedv proc_dbg_repo:file r_file_perms; - -# Purpose: Allow aee_aedv to read /proc/pl_lk -allow aee_aedv proc_pl_lk:file r_file_perms; diff --git a/r_non_plat/aee_core_forwarder.te b/r_non_plat/aee_core_forwarder.te deleted file mode 100644 index 43e97fe..0000000 --- a/r_non_plat/aee_core_forwarder.te +++ /dev/null @@ -1,18 +0,0 @@ -# ============================================== -# Policy File of /system/bin/aee_core_forwarder Executable File - -# ============================================== -# MTK Policy Rule -# ============================================== - -allow aee_core_forwarder aee_exp_data_file:dir { write add_name search }; -allow aee_core_forwarder aee_exp_data_file:file { write create open getattr }; -get_prop(aee_core_forwarder, hwservicemanager_prop) - -# Date: 2019/06/14 -# Operation : Migration -# Purpose : interface=android.system.suspend::ISystemSuspend for aee_core_forwarder -wakelock_use(aee_core_forwarder) -allow aee_core_forwarder aee_aed:unix_stream_socket connectto; -allow aee_core_forwarder aee_core_data_file:dir r_dir_perms; -hwbinder_use(aee_core_forwarder) diff --git a/r_non_plat/aee_hidl.te b/r_non_plat/aee_hidl.te deleted file mode 100644 index 347cbdc..0000000 --- a/r_non_plat/aee_hidl.te +++ /dev/null @@ -1,17 +0,0 @@ -# ============================================== -# Type Declaration -# ============================================== -type aee_hal,domain; -type aee_hal_exec, exec_type, file_type, vendor_file_type; -typeattribute aee_hal mlstrustedsubject; -# Purpose : for create hidl server -hal_server_domain(aee_hal, mtk_hal_log) -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(aee_hal) - -set_prop(aee_hal, persist_mtk_aeev_prop); -set_prop(aee_hal, persist_aeev_prop); -set_prop(aee_hal, debug_mtk_aeev_prop); - diff --git a/r_non_plat/app.te b/r_non_plat/app.te deleted file mode 100644 index 455cafb..0000000 --- a/r_non_plat/app.te +++ /dev/null @@ -1,50 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow appdomain proc_ged:file rw_file_perms; -allowxperm appdomain proc_ged:file ioctl { proc_ged_ioctls }; - -# Date : W16.42 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required -allow appdomain gpu_device:dir search; - -# Date : W17.30 -# Purpose : Allow MDP user access cmdq driver -allow appdomain mtk_cmdq_device:chr_file {open read ioctl}; - -# Date : W17.41 -# Operation: SQC -# Purpose : Allow HWUI to access perfmgr -allow appdomain proc_perfmgr:dir search; -allow appdomain proc_perfmgr:file { getattr open read ioctl}; -allowxperm appdomain proc_perfmgr:file ioctl { - PERFMGR_FPSGO_QUEUE - PERFMGR_FPSGO_DEQUEUE - PERFMGR_FPSGO_QUEUE_CONNECT - PERFMGR_FPSGO_BQID -}; - -# Date : W19.4 -# Purpose : Allow MDP user access mdp driver -allow appdomain mdp_device:chr_file rw_file_perms; -allow appdomain mtk_mdp_device:chr_file rw_file_perms; -allow appdomain sw_sync_device:chr_file rw_file_perms; - -# Date : W19.23 -# Operation : Migration -# Purpose : For platform app com.android.gallery3d -allow { appdomain -isolated_app } radio_data_file:file rw_file_perms; - -# Date : W19.23 -# Operation : Migration -# Purpose : For app com.tencent.qqpimsecure -allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START; - -# Date: 2019/06/17 -# Operation : Migration -# Purpose : appdomain need get mtk_amslog_prop -get_prop(appdomain, mtk_amslog_prop) diff --git a/r_non_plat/appdomain.te b/r_non_plat/appdomain.te deleted file mode 100644 index 3311b98..0000000 --- a/r_non_plat/appdomain.te +++ /dev/null @@ -1,8 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow appdomain surfaceflinger:fifo_file rw_file_perms; diff --git a/r_non_plat/atci_service.te b/r_non_plat/atci_service.te deleted file mode 100644 index a10bc1d..0000000 --- a/r_non_plat/atci_service.te +++ /dev/null @@ -1,137 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/atci_service Executable File -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== -type atci_service, domain; -type atci_service_exec, exec_type, file_type, vendor_file_type; - -init_daemon_domain(atci_service) - -allow atci_service block_device:dir search; -allow atci_service misc2_block_device:blk_file { open read write }; -allow atci_service misc2_device:chr_file { open read write }; -allow atci_service camera_isp_device:chr_file { read write ioctl open }; -allow atci_service graphics_device:chr_file { read write ioctl open }; -allow atci_service graphics_device:dir search; -allow atci_service kd_camera_hw_device:chr_file { read write ioctl open }; -allow atci_service self:capability { sys_nice ipc_lock }; -allow atci_service nvram_device:chr_file { read write open ioctl }; -allow atci_service camera_isp_device:chr_file { read write ioctl open }; -allow atci_service camera_sysram_device:chr_file { read ioctl open }; -allow atci_service camera_tsf_device:chr_file rw_file_perms; -allow atci_service camera_rsc_device:chr_file rw_file_perms; -allow atci_service camera_gepf_device:chr_file rw_file_perms; -allow atci_service camera_fdvt_device:chr_file rw_file_perms; -allow atci_service camera_wpe_device:chr_file rw_file_perms; -allow atci_service camera_owe_device:chr_file rw_file_perms; -allow atci_service kd_camera_flashlight_device:chr_file { read write ioctl open }; -allow atci_service ccu_device:chr_file { read write ioctl open }; -allow atci_service vpu_device:chr_file { read write ioctl open }; -allow atci_service MTK_SMI_device:chr_file { open read write ioctl }; -allow atci_service DW9714AF_device:chr_file { read write ioctl open }; -allow atci_service devmap_device:chr_file { open read write ioctl }; -allow atci_service sdcard_type:dir { search write read open add_name remove_name create getattr setattr }; -allow atci_service sdcard_type:file { setattr read create write getattr unlink open append }; -allow atci_service mediaserver:binder call; -#allow atci_service system_server:unix_stream_socket { read write }; -allow atci_service self:capability sys_boot; - -# Date : 2015/09/17 -# Operation : M-Migration -# Purpose : to operation CCT tool -allow atci_service nvram_device:blk_file { open read write }; -allow atci_service input_device:dir { open read search }; -allow atci_service input_device:file { open read write ioctl }; -allow atci_service input_device:chr_file { open read write ioctl }; -allow atci_service MAINAF_device:chr_file { open read write ioctl }; -allow atci_service MAIN2AF_device:chr_file { open read write ioctl }; -allow atci_service SUBAF_device:chr_file { open read write ioctl }; -allow atci_service tmpfs:lnk_file read; -allow atci_service self:capability2 block_suspend; - -# Date : 2015/10/13 -# Operation : M-Migration -# Purpose : to operation CCT tool -#allow atci_service mediaserver_service:service_manager find; -allow atci_service mnt_user_file:dir search; -allow atci_service mnt_user_file:lnk_file read; -#allow atci_service mtk_perf_service:service_manager find; -#allow atci_service sensorservice_service:service_manager find; -allow atci_service storage_file:lnk_file read; -#allow atci_service media_rw_data_file:dir { write search create add_name }; -#allow atci_service media_rw_data_file:file { read write create open }; - -#============= atci_service ============== -allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open}; - -set_prop(atci_service, mtk_em_prop) - -# Date : 2016/03/02 -# Operation : M-Migration -# Purpose : to support ATCI touch tool -allow atci_service vendor_shell_exec:file { read execute open execute_no_trans }; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow atci_service proc_ged:file rw_file_perms; - -# Date : WK16.35 -# Operation : Migration -# Purpose : Update camera flashlight driver device file -allow atci_service flashlight_device:chr_file { read write ioctl open }; - -# Date : WK17.01 -# Operation : Migration -# Purpose : Update AT_Command NFC function -allow atci_service factory_data_file:sock_file write; - -# Date : WK17.23 -# Stage: O Migration, SQC -# Purpose: Allow to use HAL PQ -hal_client_domain(atci_service, hal_pq) - -# Date : WK17.28 -# Purpose : Allow to execute battery command -allow atci_service MT_pmic_adc_cali_device:chr_file rw_file_perms; - -# Date : WK17.43 -# Purpose : CCT -allow atci_service CAM_CAL_DRV_device:chr_file rw_file_perms; -allow atci_service CAM_CAL_DRV1_device:chr_file rw_file_perms; -allow atci_service CAM_CAL_DRV2_device:chr_file rw_file_perms; -allow atci_service fwk_sensor_hwservice:hwservice_manager find; -allow atci_service hidl_allocator_hwservice:hwservice_manager find; -allow atci_service hidl_memory_hwservice:hwservice_manager find; -allow atci_service ion_device:chr_file { read ioctl open }; -allow atci_service mtk_cmdq_device:chr_file { read ioctl open }; -allow atci_service mtk_mdp_device:chr_file rw_file_perms; -allow atci_service sw_sync_device:chr_file rw_file_perms; -allow atci_service mtk_hal_power:binder call; -allow atci_service mtk_hal_power_hwservice:hwservice_manager find; -allow atci_service sysfs_batteryinfo:dir search; -allow atci_service sysfs_batteryinfo:file { read getattr open }; -allow atci_service system_file:dir { read open }; -allow atci_service camera_pipemgr_device:chr_file { read ioctl open }; -allow atci_service mtkcam_prop:file { read getattr open }; -allow atci_service mtk_hal_camera:binder call; -allow atci_service debugfs_ion:dir search; -allow atci_service sysfs_tpd_setting:file { read write open getattr }; -allow atci_service sysfs_vibrator_setting:file { read write open getattr }; -allow atci_service sysfs_leds_setting:file { read write open getattr }; -allow atci_service vendor_toolbox_exec:file { read getattr open execute execute_no_trans }; - -# Date : WK18.21 -# Purpose: Allow to use HIDL -hwbinder_use(atci_service) -hal_client_domain(atci_service, hal_atci) - -# Date : WK18.26 -# Purpose: Allow gps socket sendto -allow atci_service mnld:unix_dgram_socket sendto; - -# Date : WK18.35 -# Purpose : allow CCT to allocate memory -hal_client_domain(atci_service, hal_allocator); diff --git a/r_non_plat/atcid.te b/r_non_plat/atcid.te deleted file mode 100644 index 9ce98d2..0000000 --- a/r_non_plat/atcid.te +++ /dev/null @@ -1,74 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/atcid Executable File -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== -type atcid, domain; -type atcid_exec, exec_type, file_type, vendor_file_type; - -init_daemon_domain(atcid) -set_prop(atcid,persist_service_atci_prop) -allow atcid block_device:dir search; -allow atcid socket_device:sock_file write; -allow atcid gsmrild_socket:sock_file write; - -# Date : WK17.21 -# Purpose: Allow to use HIDL -hwbinder_use(atcid) -hal_client_domain(atcid, hal_telephony) - -allow atcid ttyGS_device:chr_file { read write ioctl open }; -allow atcid wmtWifi_device:chr_file { write open }; -allow atcid misc2_block_device:blk_file { read write open }; -allow atci_service gpu_device:chr_file { read write open ioctl getattr }; -allow atcid self:capability sys_time; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow atcid proc_ged:file rw_file_perms; - -# Date : WK17.23 -# Stage: O Migration, SQC -# Purpose: Allow to use HAL PQ -hal_client_domain(atcid, hal_pq) - -# Date : WK17.34 -# Purpose: Allow to access meta_tst -allow atcid meta_tst:unix_stream_socket connectto; - -# Date : WK18.15 -# Purpose: Allow to access power_supply in sysfs -allow atcid sysfs_batteryinfo:file { read open }; - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow atcid to get tel_switch_prop -get_prop(atcid, tel_switch_prop) - -# Date : WK18.21 -# Purpose: Allow to use HIDL -hwbinder_use(atcid); -vndbinder_use(atcid); -hal_server_domain(atcid, hal_atci) -add_hwservice(hal_atci_server,hal_atci_hwservice) - -# Date : WK18.21 -# Purpose: For special command for customer -set_prop(atcid, mtk_atci_prop); -set_prop(atcid, powerctl_prop); -allow atcid mnt_vendor_file:dir search; -allow atcid nvdata_file:dir { open read write search add_name }; -allow atcid nvdata_file:file { open read write create getattr setattr }; -allow atcid nvram_device:blk_file { open read write }; -allow atcid proc_meminfo:file { open read }; -allow atcid sysfs_batteryinfo:dir search; -allow atcid sysfs_mmcblk:dir search; -allow atcid sysfs_mmcblk:file { read open }; - -# Date : WK18.35 -# Purpose: Add socket for TelephonyWare ATCI -unix_socket_connect(atcid, rild_atci, rild); -unix_socket_connect(atcid, rilproxy_atci, rild); -unix_socket_connect(atcid, atci_service, atci_service); diff --git a/r_non_plat/attributes b/r_non_plat/attributes deleted file mode 100644 index e00aa73..0000000 --- a/r_non_plat/attributes +++ /dev/null @@ -1,90 +0,0 @@ -# ============================================== -# MTK Attribute declarations -# ============================================== - -# Attribute that represents all mtk property types (except those with ctl_xxx prefix) -attribute mtk_core_property_type; - -# Date: 2017/06/12 -# LBS HIDL -#attribute mtk_hal_lbs; -#attribute mtk_hal_lbs_client; -#attribute mtk_hal_lbs_server; - -# Date: 2017/06/27 -# IMSA HIDL -attribute hal_imsa; -attribute hal_imsa_client; -attribute hal_imsa_server; - -# attribute that represents all MTK IMS types. It should be used by AP side module only. -attribute mtkimsapdomain; -# -# # attribute that represents all MTK IMS types. It should be used by MD side module only. -attribute mtkimsmddomain; - -# Date: 2017/07/19 -# PQ HIDL -attribute hal_pq; -attribute hal_pq_client; -attribute hal_pq_server; - -# Date: 2017/07/28 -# KEY ATTESTATION HIDL -attribute mtk_hal_keyattestation; -attribute mtk_hal_keyattestation_client; -attribute mtk_hal_keyattestation_server; -# Date: 2017/07/13 -# NVRAM AGENT HIDL -attribute hal_nvramagent; -attribute hal_nvramagent_client; -attribute hal_nvramagent_server; - -# Date: 2018/05/25 -# FM HIDL -attribute mtk_hal_fm; -attribute mtk_hal_fm_client; -attribute mtk_hal_fm_server; - -# Date: 2018/03/23 -# log hidl -attribute mtk_hal_log; -attribute mtk_hal_log_client; -attribute mtk_hal_log_server; - -# Date: 2018/06/26 -# em hidl -attribute mtk_hal_em; -attribute mtk_hal_em_client; -attribute mtk_hal_em_server; - -# Date: 2018/07/02 -# MDP HIDL -attribute hal_mms; -attribute hal_mms_client; -attribute hal_mms_server; - -attribute hal_mtkcodecservice_server; -attribute hal_mtkcodecservice; - -attribute hal_atci; -attribute hal_atci_client; -attribute hal_atci_server; - -# Date: 2019/06/12 -# modem db filter hidl -attribute mtk_hal_md_dbfilter_server; - -# Date: 2019/07/16 -# HDMI HIDL -attribute hal_hdmi; -attribute hal_hdmi_client; -attribute hal_hdmi_server; - -# Date: 2019/09/06 -# BGService HIDL -attribute mtk_hal_bgs; -attribute mtk_hal_bgs_client; -attribute mtk_hal_bgs_server; - - diff --git a/r_non_plat/audiocmdservice_atci.te b/r_non_plat/audiocmdservice_atci.te deleted file mode 100644 index 7be9753..0000000 --- a/r_non_plat/audiocmdservice_atci.te +++ /dev/null @@ -1,34 +0,0 @@ -# ============================================== -# Policy File of /system/bin/audiocmdservice_atci Executable File -type audiocmdservice_atci ,domain; -type audiocmdservice_atci_exec, exec_type, file_type, vendor_file_type; - -init_daemon_domain(audiocmdservice_atci) - -unix_socket_connect(atcid, atci-audio, audiocmdservice_atci); -allow audiocmdservice_atci self:unix_stream_socket { create_socket_perms read write }; - -# Access to storages for audio tuning tool to read/write tuning result -allow audiocmdservice_atci { block_device device }:dir { write search }; -allow audiocmdservice_atci mnt_user_file:dir rw_dir_perms; -allow audiocmdservice_atci { mnt_user_file storage_file }:lnk_file rw_file_perms; -allow audiocmdservice_atci bootdevice_block_device:blk_file { read write }; - - -# can route /dev/binder traffic to /dev/vndbinder -vndbinder_use(audiocmdservice_atci) -binder_call(audiocmdservice_atci,mtk_hal_audio); - -#Android O porting -hwbinder_use(audiocmdservice_atci) -get_prop(audiocmdservice_atci, hwservicemanager_prop); -#allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find; - -hal_client_domain(audiocmdservice_atci, hal_audio) - -#To access the file at /dev/kmsg -allow audiocmdservice_atci kmsg_device:chr_file w_file_perms; - -userdebug_or_eng(` - allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin}; -') diff --git a/r_non_plat/audioserver.te b/r_non_plat/audioserver.te deleted file mode 100644 index e4451c8..0000000 --- a/r_non_plat/audioserver.te +++ /dev/null @@ -1,57 +0,0 @@ -# ============================================== -# MTK Policy Rule for vendor -# ============================================== - -# Date: WK14.44 -# Operation : Migration -# Purpose : EVDO -allow audioserver rpc_socket:sock_file write; -allow audioserver ttySDIO_device:chr_file rw_file_perms; - -# Data: WK14.44 -# Operation : Migration -# Purpose : for low SD card latency issue -allow audioserver sysfs_lowmemorykiller:file { read open }; - -# Data: WK14.45 -# Operation : Migration -# Purpose : for change thermal policy when needed -allow audioserver proc_mtkcooler:dir search; -allow audioserver proc_mtktz:dir search; -allow audioserver proc_thermal:dir search; - -# Date : WK15.03 -# Operation : Migration -# Purpose : offloadservice -allow audioserver offloadservice_device:chr_file rw_file_perms; - -# Date : WK16.17 -# Operation : Migration -# Purpose: read/open sysfs node -allow audioserver sysfs_ccci:file r_file_perms; - -# Date : WK16.18 -# Operation : Migration -# Purpose: research root dir "/" -allow audioserver tmpfs:dir search; - -# Date : WK16.18 -# Operation : Migration -# Purpose: access sysfs node -allow audioserver sysfs_ccci:dir search; - -# Purpose: Dump debug info -allow audioserver debugfs_binder:dir search; -allow audioserver fuse:file write; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow audioserver proc_ged:file rw_file_perms; - -# Date : WK16.48 -# Purpose: Allow to trigger AEE dump -allow audioserver aee_aed:unix_stream_socket connectto; - -# Date: 2019/06/14 -# Operation : Migration -get_prop(audioserver, vendor_default_prop) diff --git a/r_non_plat/biosensord_nvram.te b/r_non_plat/biosensord_nvram.te deleted file mode 100644 index 5fe181c..0000000 --- a/r_non_plat/biosensord_nvram.te +++ /dev/null @@ -1,32 +0,0 @@ -# ============================================== -# Policy File of /system/bin/biosensord_nvram Executable File - -# ============================================== -# Type Declaration -# ============================================== -type biosensord_nvram ,domain; -type biosensord_nvram_exec , exec_type, file_type, vendor_file_type; -type biosensord_nvram_file, file_type, data_file_type; - -# ============================================== -# Android Policy Rule -# ============================================== - -# ============================================== -# NSA Policy Rule -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(biosensord_nvram) - -# Data : WK16.21 -# Operation : New Feature -# Purpose : For biosensor daemon can do nvram r/w to save calibration data -allow biosensord_nvram nvdata_file:dir rw_dir_perms; -allow biosensord_nvram nvdata_file:file {rw_file_perms create_file_perms}; -allow biosensord_nvram nvram_data_file:lnk_file rw_file_perms; -allow biosensord_nvram biometric_device:chr_file { open ioctl read write }; -allow biosensord_nvram self:capability { chown fsetid }; diff --git a/r_non_plat/bluetooth.te b/r_non_plat/bluetooth.te deleted file mode 100644 index ec4d725..0000000 --- a/r_non_plat/bluetooth.te +++ /dev/null @@ -1,25 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date:W17.07 -# Operation : bt hal developing -# Purpose : bt hal interface permission -binder_call(bluetooth, mtk_hal_bluetooth) - -allow bluetooth storage_stub_file:dir getattr; - -# Date: 2018/01/17 -#allow bluetooth to set property -set_prop(bluetooth, vendor_bluetooth_prop) -set_prop(bluetooth, debug_prop) - -# Date: 2018/02/02 -# Major permission allow are in /system/sepoplicy/private/bluetooth.te -# Add dir create perms for bluetooth on /data/misc/bluetooth/logs -allow bluetooth bluetooth_logs_data_file:dir { create_dir_perms relabelto }; -allow bluetooth bluetooth_logs_data_file:fifo_file { create_file_perms }; - -# Date: 2019/06/14 -# Operation : Migration -get_prop(bluetooth, mtk_amslog_prop) diff --git a/r_non_plat/boot_logo_updater.te b/r_non_plat/boot_logo_updater.te deleted file mode 100644 index bebd392..0000000 --- a/r_non_plat/boot_logo_updater.te +++ /dev/null @@ -1,22 +0,0 @@ -# ============================================== -# Policy File of /system/binboot_logo_updater Executable File -# ============================================== -# Type Declaration -# ============================================== - -# Date : WK14.43 -# Operation : Migration -# Purpose : To access file directories and files like logo.bin -allow boot_logo_updater logo_block_device:blk_file r_file_perms; -# To access block files at /dev/block/mmcblk0 ir /dev/block/sdc -allow boot_logo_updater bootdevice_block_device:blk_file r_file_perms; - -#To access file at /dev/logo -allow boot_logo_updater logo_device:chr_file r_file_perms; -# To access file at /proc/lk_env -allow boot_logo_updater proc_lk_env:file rw_file_perms; - -# Date : WK16.25 -# Operation : Global_Device/Uniservice Feature -# Purpose : for it to read-write SysEnv data -allow boot_logo_updater para_block_device:blk_file rw_file_perms; diff --git a/r_non_plat/bootanim.te b/r_non_plat/bootanim.te deleted file mode 100644 index 4f0bc35..0000000 --- a/r_non_plat/bootanim.te +++ /dev/null @@ -1,34 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date : WK14.37 -# Operation : Migration -# Purpose : for opetator -allow bootanim bootani_prop:property_service set; - -# Date : WK14.46 -# Operation : Migration -# Purpose : For MTK Emulator HW GPU -allow bootanim qemu_pipe_device:chr_file rw_file_perms; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow bootanim proc_ged:file rw_file_perms; - -# Date : WK17.43 -# Operation : Migration -# Purpose : For MTK perfmgr -allow bootanim proc_perfmgr:dir r_dir_perms; -allow bootanim proc_perfmgr:file r_file_perms; - -# Date : WK19.11 -# Operation : Migration -# Purpose : Allow to access ged for ioctl related functions -allowxperm bootanim proc_ged:file ioctl { proc_ged_ioctls }; -allowxperm bootanim proc_perfmgr:file ioctl { - PERFMGR_FPSGO_QUEUE - PERFMGR_FPSGO_DEQUEUE - PERFMGR_FPSGO_QUEUE_CONNECT - PERFMGR_FPSGO_BQID -}; diff --git a/r_non_plat/cameraserver.te b/r_non_plat/cameraserver.te deleted file mode 100644 index 727eef6..0000000 --- a/r_non_plat/cameraserver.te +++ /dev/null @@ -1,322 +0,0 @@ -# ============================================================================== -# Policy File of /system/bin/cameraserver Executable File - -# ============================================== -# MTK Policy Rule -# ============================================== - -# ----------------------------------- -# Android O -# Purpose: Allow cameraserver to perform binder IPC to servers and callbacks. -# ----------------------------------- - -# call camerahalserver -binder_call(cameraserver, mtk_hal_camera) - -# call the graphics allocator hal -binder_call(cameraserver, hal_graphics_allocator) - -# ----------------------------------- -# Android O -# Purpose: Debugging -# ----------------------------------- -# Purpose: adb shell dumpsys media.camera --unreachable -allow cameraserver self:process { ptrace }; - -# ----------------------------------- -# Purpose: property access -# ----------------------------------- -allow cameraserver mtkcam_prop:file { open read getattr }; - -# Date : WK14.34 -# Operation : Migration -# Purpose : nvram access (dumchar case for nand and legacy chip) -# allow cameraserver nvram_device:chr_file rw_file_perms; -### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te -# #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind }; -# allow cameraserver self:capability { net_admin }; - -# Date : WK14.34 -# Operation : Migration -# Purpose : VP/VR -# allow cameraserver devmap_device:chr_file { ioctl }; - -# Date : WK14.36 -# Operation : Migration -# Purpose : media server and bt process communication for A2DP data.and other control flow -# allow cameraserver bluetooth:unix_dgram_socket sendto; -# allow cameraserver bt_a2dp_stream_socket:sock_file write; -# allow cameraserver bt_int_adp_socket:sock_file write; - -# Date : WK14.37 -# Operation : Migration -# Purpose : camera ioctl -# allow cameraserver camera_sysram_device:chr_file r_file_perms; - -# Date : WK14.36 -# Operation : Migration -# Purpose : VDEC/VENC device node -# allow cameraserver Vcodec_device:chr_file rw_file_perms; - -# Date : WK14.36 -# Operation : Migration -# Purpose : access nvram, otp, ccci cdoec devices. -# allow cameraserver MtkCodecService:binder call; -# allow cameraserver ccci_device:chr_file rw_file_perms; -# allow cameraserver eemcs_device:chr_file rw_file_perms; -# allow cameraserver devmap_device:chr_file r_file_perms; -# allow cameraserver ebc_device:chr_file rw_file_perms; -# allow cameraserver nvram_device:blk_file rw_file_perms; -# allow cameraserver bootdevice_block_device:blk_file rw_file_perms; - -# Date : WK14.36 -# Operation : Migration -# Purpose : for SW codec VP/VR -# allow cameraserver mtk_sched_device:chr_file rw_file_perms; - -# Date : WK14.38 -# Operation : Migration -# Purpose : NVRam access -# allow cameraserver block_device:dir { write search }; - -# Date : WK14.38 -# Operation : Migration -# Purpose : FM driver access -# allow cameraserver fm_device:chr_file rw_file_perms; - -# Data : WK14.38 -# Operation : Migration -# Purpose : for VP/VR -# allow cameraserver block_device:dir search; -# allow cameraserver FM50AF_device:chr_file rw_file_perms; -# allow cameraserver AD5820AF_device:chr_file rw_file_perms; -# allow cameraserver DW9714AF_device:chr_file rw_file_perms; -# allow cameraserver DW9814AF_device:chr_file rw_file_perms; -# allow cameraserver AK7345AF_device:chr_file rw_file_perms; -# allow cameraserver DW9714A_device:chr_file rw_file_perms; -# allow cameraserver LC898122AF_device:chr_file rw_file_perms; -# allow cameraserver LC898212AF_device:chr_file rw_file_perms; -# allow cameraserver BU6429AF_device:chr_file rw_file_perms; -# allow cameraserver DW9718AF_device:chr_file rw_file_perms; -# allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms; -# allow cameraserver MAINAF_device:chr_file rw_file_perms; -# allow cameraserver MAIN2AF_device:chr_file rw_file_perms; -# allow cameraserver SUBAF_device:chr_file rw_file_perms; - -# Data : WK14.38 -# Operation : Migration -# Purpose : for boot animation. -# allow cameraserver bootanim:binder { transfer call }; - -# allow cameraserver mtkbootanimation:binder { transfer call }; -# Data : WK14.38 -# Operation : Migration -# Purpose : dump for debug -# allow cameraserver sdcard_type:file append; - -# Date : WK14.39 -# Operation : Migration -# Purpose : FDVT Driver -# allow cameraserver camera_fdvt_device:chr_file rw_file_perms; - -# Date : WK14.39 -# Operation : Migration -# Purpose : APE PLAYBACK -# binder_call(cameraserver, MtkCodecService) - -# Data : WK14.39 -# Operation : Migration -# Purpose : HW encrypt SW codec -# allow cameraserver sec_device:chr_file r_file_perms; - -# Date : WK14.40 -# Operation : Migration -# Purpose : HDMI driver access -allow cameraserver graphics_device:chr_file rw_file_perms; - -# Date : WK14.40 -# Operation : Migration -# Purpose : Smartpa -# allow cameraserver smartpa_device:chr_file rw_file_perms; - -# Date : WK14.40 -# Operation : Migration -# Purpose : mtk_jpeg -# allow cameraserver mtk_jpeg_device:chr_file r_file_perms; - -# Date : WK14.41 -# Operation : Migration -# Purpose : WFD HID Driver -# allow cameraserver uhid_device:chr_file rw_file_perms; - -# Date : WK14.41 -# Operation : Migration -# Purpose : Camera EEPROM Calibration -# allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms; -# allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms; -# allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms; - -# Date : WK14.43 -# Operation : Migration -# Purpose : VOW -# allow cameraserver vow_device:chr_file rw_file_perms; - -# Date: WK14.44 -# Operation : Migration -# Purpose : EVDO -# allow cameraserver rpc_socket:sock_file write; -# allow cameraserver ttySDIO_device:chr_file rw_file_perms; - -# Data: WK14.44 -# Operation : Migration -# Purpose : VP -# allow cameraserver surfaceflinger:file getattr; - -# Data: WK14.44 -# Operation : Migration -# Purpose : for low SD card latency issue -# allow cameraserver sysfs_lowmemorykiller:file { read open }; - -# Date : WK14.46 -# Operation : Migration -# Purpose : for MTK Emulator HW GPU -# allow cameraserver qemu_pipe_device:chr_file rw_file_perms; - -# Date : WK14.46 -# Operation : Migration -# Purpose : for camera init -# allow cameraserver system_server:unix_stream_socket { read write }; - -# Data : WK14.46 -# Operation : Migration -# Purpose : for SMS app -# allow cameraserver radio_data_file:dir search; -# allow cameraserver radio_data_file:file open; - -# Data : WK14.47 -# Operation : Launch camcorder from MMS -# Purpose : Camcorder -# allow cameraserver radio_data_file:file open; - -# Data : WK14.47 -# Operation : CTS -# Purpose : cts search strange app -# allow cameraserver untrusted_app:dir search; - -# Date : WK15.03 -# Operation : Migration -# Purpose : offloadservice -# allow cameraserver offloadservice_device:chr_file rw_file_perms; - -# Date : WK15.32 -# Operation : Pre-sanity -# Purpose : 3A algorithm need to access sensor service -# allow cameraserver sensorservice_service:service_manager find; - -# Date : WK15.34 -# Operation : Migration -# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -# allow cameraserver storage_file:lnk_file {read write}; -# allow cameraserver mnt_user_file:dir {write read search}; -# allow cameraserver mnt_user_file:lnk_file {read write}; - -# Date : WK15.35 -# Operation : Migration -# Purpose: Allow cameraserver to read binder from surfaceflinger -# allow cameraserver surfaceflinger:fifo_file {read write}; - -# Date : WK15.46 -# Operation : Migration -# Purpose : DPE Driver -# allow cameraserver camera_dpe_device:chr_file rw_file_perms; - -# Date : WK15.46 -# Operation : Migration -# Purpose : TSF Driver -# allow cameraserver camera_tsf_device:chr_file rw_file_perms; - -# Date : WK16.20 -# Operation : Migration -# Purpose: research root dir "/" -allow cameraserver tmpfs:dir search; - -# Date : WK16.21 -# Operation : Migration -# Purpose : EGL file access -allow cameraserver system_file:dir { read open }; -allow cameraserver gpu_device:chr_file rw_file_perms; -allow cameraserver gpu_device:dir search; - -# Date : WK16.32 -# Operation : Migration -# Purpose : RSC Driver -# allow cameraserver camera_rsc_device:chr_file rw_file_perms; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow cameraserver proc_ged:file rw_file_perms; -allowxperm cameraserver proc_ged:file ioctl { proc_ged_ioctls }; - -# Date : WK16.33 -# Operation : Migration -# Purpose : GEPF Driver -# allow cameraserver camera_gepf_device:chr_file rw_file_perms; - -# Date : WK16.35 -# Operation : Migration -# Purpose : Update camera flashlight driver device file -# allow cameraserver flashlight_device:chr_file rw_file_perms; - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -# allow cameraserver surfaceflinger:fifo_file rw_file_perms; - -# Date : WK16.43 -# Operation : Migration -# Purpose : WPE Driver -# allow cameraserver camera_wpe_device:chr_file rw_file_perms; - -# Date : WK16.49 -# Operation : label aee_aed sockets -# Purpose : Engineering mode need access for aee commmand -# userdebug_or_eng(` -# allow cameraserver aee_aed:unix_stream_socket connectto; -# ') - -# Date : WK17.19 -# Operation : Migration -# Purpose : OWE Driver -# allow cameraserver camera_owe_device:chr_file rw_file_perms; - -# Date : WK17.25 -# Operation : Migration -allow cameraserver debugfs_ion:dir search; - -# Date : WK17.30 -# Operation : O Migration -# Purpose: Allow to access cmdq driver -# allow cameraserver mtk_cmdq_device:chr_file { read ioctl open }; - -# Date : WK17.44 -# Operation : Migration -# Purpose : DIP Driver -# allow cameraserver camera_dip_device:chr_file rw_file_perms; - -# Date : WK17.44 -# Operation : Migration -# Purpose : MFB Driver -# allow cameraserver camera_mfb_device:chr_file rw_file_perms; - -# Date : WK17.49 -# Operation : MT6771 SQC -# Purpose: Allow permgr access -allow cameraserver proc_perfmgr:dir {read search}; -allow cameraserver proc_perfmgr:file r_file_perms; -allowxperm cameraserver proc_perfmgr:file ioctl { - PERFMGR_FPSGO_QUEUE - PERFMGR_FPSGO_DEQUEUE - PERFMGR_FPSGO_QUEUE_CONNECT - PERFMGR_FPSGO_BQID -}; - diff --git a/r_non_plat/ccci_fsd.te b/r_non_plat/ccci_fsd.te deleted file mode 100644 index 1b7dd94..0000000 --- a/r_non_plat/ccci_fsd.te +++ /dev/null @@ -1,67 +0,0 @@ -# ============================================== -# Policy File of /system/bin/ccci_fsd Executable File - -# ============================================== -# Type Declaration -# ============================================== -type ccci_fsd_exec, exec_type, file_type, vendor_file_type; -type ccci_fsd, domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(ccci_fsd) - -wakelock_use(ccci_fsd) - -#============= ccci_fsd MD NVRAM============== -allow ccci_fsd nvram_data_file:dir create_dir_perms; -allow ccci_fsd nvram_data_file:file create_file_perms; -allow ccci_fsd nvram_data_file:lnk_file read; -allow ccci_fsd nvdata_file:lnk_file read; -allow ccci_fsd nvdata_file:dir create_dir_perms; -allow ccci_fsd nvdata_file:file create_file_perms; -allow ccci_fsd nvram_device:chr_file rw_file_perms; -allow ccci_fsd vendor_configs_file:file r_file_perms; -allow ccci_fsd vendor_configs_file:dir r_dir_perms; - -#============= ccci_fsd device/path/data access============== -allow ccci_fsd ccci_device:chr_file rw_file_perms; -allow ccci_fsd ccci_cfg_file:dir create_dir_perms; -allow ccci_fsd ccci_cfg_file:file create_file_perms; -#============= ccci_fsd MD Data============== -allow ccci_fsd protect_f_data_file:dir create_dir_perms; -allow ccci_fsd protect_f_data_file:file create_file_perms; - -allow ccci_fsd protect_s_data_file:dir create_dir_perms; -allow ccci_fsd protect_s_data_file:file create_file_perms; -#============= ccci_fsd MD3 related============== -allow ccci_fsd c2k_file:dir create_dir_perms; -allow ccci_fsd c2k_file:file create_file_perms; -allow ccci_fsd otp_part_block_device:blk_file rw_file_perms; -allow ccci_fsd otp_device:chr_file rw_file_perms; -allow ccci_fsd sysfs_boot_type:file { read open }; -#============= ccci_fsd MD block data============== -##restore>NVM_GetDeviceInfo>open /dev/block/platform/bootdevice/by-name/nvram -allow ccci_fsd block_device:dir search; -allow ccci_fsd nvram_device:blk_file rw_file_perms; -allow ccci_fsd nvdata_device:blk_file rw_file_perms; -#============= ccci_fsd cryption related ============== -allow ccci_fsd rawfs:dir create_dir_perms; -allow ccci_fsd rawfs:file create_file_perms; -#============= ccci_fsd sysfs related ============== -allow ccci_fsd sysfs_ccci:dir search; -allow ccci_fsd sysfs_ccci:file r_file_perms; - -#============= ccci_fsd ============== -allow ccci_fsd mnt_vendor_file:dir search; - -# Purpose: for fstab parser -allow ccci_fsd kmsg_device:chr_file w_file_perms; -allow ccci_fsd proc_lk_env:file rw_file_perms; - -#============= ccci_fsd MD Low Power Monitor Related ============== -allow ccci_fsd ccci_data_md1_file:dir create_dir_perms; -allow ccci_fsd ccci_data_md1_file:file create_file_perms; -allow ccci_fsd sysfs_mmcblk:dir search; -allow ccci_fsd sysfs_mmcblk:file { read getattr open }; diff --git a/r_non_plat/ccci_mdinit.te b/r_non_plat/ccci_mdinit.te deleted file mode 100644 index 0c81c3a..0000000 --- a/r_non_plat/ccci_mdinit.te +++ /dev/null @@ -1,107 +0,0 @@ -# ============================================== -# Policy File of /system/bin/ccci_mdinit Executable File - -# ============================================== -# Type Declaration -# ============================================== -type ccci_mdinit_exec , exec_type, file_type, vendor_file_type; -type ccci_mdinit ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(ccci_mdinit) -wakelock_use(ccci_mdinit) -#=============allow ccci_mdinit to start gsm0710muxd============== -set_prop(ccci_mdinit, ctl_gsm0710muxd_prop) -#=============allow ccci_mdinit to start emcsmdlogger============== -set_prop(ccci_mdinit, ctl_mdlogger_prop) -#=============allow ccci_mdinit to start c2krild============== -set_prop(ccci_mdinit, ctl_viarild_prop) -#=============allow ccci_mdinit to start/stop rild, mdlogger============== -set_prop(ccci_mdinit, ctl_mdlogger_prop) -set_prop(ccci_mdinit, ctl_emdlogger1_prop) -set_prop(ccci_mdinit, ctl_emdlogger2_prop) -set_prop(ccci_mdinit, ctl_emdlogger3_prop) -set_prop(ccci_mdinit, ctl_dualmdlogger_prop) -set_prop(ccci_mdinit, ctl_gsm0710muxd_prop) -set_prop(ccci_mdinit, ctl_gsm0710muxd-s_prop) -set_prop(ccci_mdinit, ctl_gsm0710muxd-d_prop) -set_prop(ccci_mdinit, ctl_rildaemon_prop) -set_prop(ccci_mdinit, ctl_ril-daemon-mtk_prop) -set_prop(ccci_mdinit, ctl_fusion_ril_mtk_prop) -set_prop(ccci_mdinit, ctl_ril-daemon-s_prop) -set_prop(ccci_mdinit, ctl_ril-daemon-d_prop) -set_prop(ccci_mdinit, ctl_ril-proxy_prop) -set_prop(ccci_mdinit, ril_active_md_prop) -set_prop(ccci_mdinit, mtk_md_prop) -#set_prop(ccci_mdinit, radio_prop) -set_prop(ccci_mdinit, net_cdma_mdmstat) -set_prop(ccci_mdinit, ctl_start_prop) -#=============allow ccci_mdinit to get tel_switch_prop============== -get_prop(ccci_mdinit, tel_switch_prop) - -#=============allow ccci_mdinit to start/stop fsd============== -set_prop(ccci_mdinit, ctl_ccci_fsd_prop) -set_prop(ccci_mdinit, ctl_ccci2_fsd_prop) -set_prop(ccci_mdinit, ctl_ccci3_fsd_prop) - -get_prop(ccci_mdinit, vendor_default_prop) -get_prop(ccci_mdinit, init_svc_emdlogger1_prop) -get_prop(ccci_mdinit, init_svc_aee_aedv_prop) - -allow ccci_mdinit ccci_device:chr_file rw_file_perms; -allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms; - -#=============allow ccci_mdinit to access MD NVRAM============== -allow ccci_mdinit nvram_data_file:dir rw_dir_perms; -allow ccci_mdinit nvram_data_file:file create_file_perms; -allow ccci_mdinit nvram_data_file:lnk_file read; -allow ccci_mdinit nvdata_file:lnk_file read; -allow ccci_mdinit nvdata_file:dir rw_dir_perms; -allow ccci_mdinit nvdata_file:file create_file_perms; -allow ccci_mdinit nvram_device:chr_file rw_file_perms; - -#=============allow ccci_mdinit to access ccci config============== -allow ccci_mdinit protect_f_data_file:dir rw_dir_perms; -allow ccci_mdinit protect_f_data_file:file create_file_perms; -#=============allow ccci_mdinit to property============== -allow ccci_mdinit protect_s_data_file:dir rw_dir_perms; -allow ccci_mdinit protect_s_data_file:file create_file_perms; -allow ccci_mdinit nvram_device:blk_file rw_file_perms; -allow ccci_mdinit nvdata_device:blk_file rw_file_perms; - -set_prop(ccci_mdinit, ril_mux_report_case_prop) - -allow ccci_mdinit ccci_cfg_file:dir create_dir_perms; -allow ccci_mdinit ccci_cfg_file:file create_file_perms; -#===============security relate ========================== -allow ccci_mdinit preloader_device:chr_file rw_file_perms; -allow ccci_mdinit misc_sd_device:chr_file r_file_perms; -allow ccci_mdinit sec_ro_device:chr_file r_file_perms; - -allow ccci_mdinit custom_file:dir r_dir_perms; -allow ccci_mdinit custom_file:file r_file_perms; - -# Purpose : for nand partition access -allow ccci_mdinit mtd_device:dir search; -allow ccci_mdinit mtd_device:chr_file rw_file_perms; -allow ccci_mdinit devmap_device:chr_file r_file_perms; -# Purpose : for device bring up, not to block early migration/sanity -allow ccci_mdinit proc_lk_env:file rw_file_perms; -allow ccci_mdinit para_block_device:blk_file rw_file_perms; -#============= ccci_mdinit sysfs related ============== -allow ccci_mdinit sysfs_ccci:dir search; -allow ccci_mdinit sysfs_ccci:file rw_file_perms; -allow ccci_mdinit sysfs_ssw:dir search; -allow ccci_mdinit sysfs_ssw:file r_file_perms; -allow ccci_mdinit sysfs_boot_mode:file { read open }; - -# Purpose : Allow ccci_mdinit to open and read/write /proc/bootprof -allow ccci_mdinit proc_bootprof:file rw_file_perms; - -# Date : WK18.21 -# Operation: P migration -# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() -allow ccci_mdinit mnt_vendor_file:dir search; - diff --git a/r_non_plat/cmddumper.te b/r_non_plat/cmddumper.te deleted file mode 100644 index d1ee1f6..0000000 --- a/r_non_plat/cmddumper.te +++ /dev/null @@ -1,31 +0,0 @@ -#cmddumper access external modem ttySDIO2 -allow cmddumper ttySDIO_device:chr_file { read write ioctl open }; - -# for modem logging sdcard access -allow cmddumper sdcard_type:dir create_dir_perms; -allow cmddumper sdcard_type:file create_file_perms; - -# cmddumper access on /data/mdlog -allow cmddumper mdlog_data_file:fifo_file create_file_perms; -allow cmddumper mdlog_data_file:file create_file_perms; -allow cmddumper mdlog_data_file:dir { create_dir_perms relabelto }; - -#allow emdlogger to set property -allow cmddumper debug_mdlogger_prop:property_service set; -allow cmddumper debug_prop:property_service set; - -# purpose: allow cmddumper to access storage in N version -allow cmddumper media_rw_data_file:file { create_file_perms }; -allow cmddumper media_rw_data_file:dir { create_dir_perms }; - -# purpose: access plat_file_contexts -allow cmddumper file_contexts_file:file { read getattr open }; - -# purpose: access /sys/devices/virtual/BOOT/BOOT/boot/boot_mode -allow cmddumper sysfs_boot_mode:file { read open }; - -# Android P migration -set_prop(cmddumper, persist_mtklog_prop) -set_prop(cmddumper, vendor_mdl_prop) -allow cmddumper tmpfs:lnk_file read; -allow cmddumper vmodem_device:chr_file { read write ioctl open };
\ No newline at end of file diff --git a/r_non_plat/connsyslogger.te b/r_non_plat/connsyslogger.te deleted file mode 100644 index 59f8f07..0000000 --- a/r_non_plat/connsyslogger.te +++ /dev/null @@ -1,82 +0,0 @@ - -# Policy File of /system/bin/connsyslogger Executable File - -# ============================================== -# Type Declaration -# ============================================== -# Purpose : for create hidl server -#hal_server_domain(connsyslogger, mtk_hal_log) -# ============================================== -# MTK Policy Rule -# ============================================== - -#for logging sdcard access -allow connsyslogger fuse:dir { create_dir_perms }; -allow connsyslogger fuse:file { create_file_perms }; - -#consys logger access on /data/consyslog -allow connsyslogger consyslog_data_file:dir { create_dir_perms relabelto }; -allow connsyslogger consyslog_data_file:fifo_file { create_file_perms }; -allow connsyslogger consyslog_data_file:file { create_file_perms }; - -#consys logger socket access -allow connsyslogger property_socket:sock_file write; -allow connsyslogger init:unix_stream_socket connectto; - -allow connsyslogger tmpfs:lnk_file { create_file_perms }; - -# purpose: avc: denied { read } for name="plat_file_contexts" -allow connsyslogger file_contexts_file:file { read getattr open map}; - -#logger SD logging in factory mode -allow connsyslogger vfat:dir create_dir_perms; -allow connsyslogger vfat:file create_file_perms; - -#logger permission in storage in android M version -allow connsyslogger mnt_user_file:dir search; -allow connsyslogger mnt_user_file:lnk_file read; -allow connsyslogger storage_file:lnk_file read; - -#permission for use SELinux API -allow connsyslogger rootfs:file r_file_perms; - -#permission for storage access storage -allow connsyslogger storage_file:dir { create_dir_perms }; -allow connsyslogger storage_file:file { create_file_perms }; - -#permission for read boot mode -allow connsyslogger sysfs_boot_mode:file { read open }; - -allow connsyslogger fw_log_wifi_device:chr_file {read write open ioctl}; -allow connsyslogger fw_log_bt_device:chr_file {read write open ioctl}; -allow connsyslogger fw_log_gps_device:chr_file {read write open ioctl}; -allow connsyslogger fw_log_wmt_device:chr_file {read write open ioctl}; - -allow connsyslogger sdcardfs:dir { create_dir_perms }; -allow connsyslogger sdcardfs:file { create_file_perms }; -allow connsyslogger rootfs:lnk_file getattr; - -allow connsyslogger media_rw_data_file:file { create_file_perms }; -allow connsyslogger media_rw_data_file:dir { create_dir_perms }; - -set_prop(connsyslogger, vendor_connsysfw_prop) - -allow connsyslogger vendor_configs_file:file map; -#permission to get driver ready status -get_prop(connsyslogger, wmt_prop) - -#Date:2019/03/25 -# purpose: allow connsyslogger to access persist.meta.connecttype -get_prop(connsyslogger, meta_connecttype_prop); - -#Date:2019/03/25 -# purpose: allow emdlogger to create socket -allow connsyslogger port:tcp_socket { name_connect name_bind }; -allow connsyslogger connsyslogger:tcp_socket { create_stream_socket_perms }; -allow connsyslogger node:tcp_socket node_bind; - -#Date:2019/03/25 -# usb device ttyGSx for modem logger usb logging -allow connsyslogger ttyGS_device:chr_file { rw_file_perms}; - - diff --git a/r_non_plat/device.te b/r_non_plat/device.te deleted file mode 100644 index 702a58d..0000000 --- a/r_non_plat/device.te +++ /dev/null @@ -1,274 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -type devmap_device, dev_type; -type ttyMT_device, dev_type; -type ttyS_device, dev_type; -type ttySDIO_device, dev_type; -type vmodem_device, dev_type; -type stpwmt_device, dev_type; -type wmtdetect_device, dev_type; -type wmtWifi_device, dev_type; -type stpbt_device, dev_type; -type fw_log_bt_device, dev_type; -type stpant_device, dev_type; -type fm_device, dev_type; -type stpgps_device, dev_type; -type gpsdl_device, dev_type; -type fw_log_gps_device, dev_type; -type fw_log_wmt_device, dev_type; -type fw_log_wifi_device, dev_type; -type pmem_multimedia_device, dev_type; -type mt6516_isp_device, dev_type; -type mt6516_IDP_device, dev_type; -type mt9p012_device, dev_type; -type mt6516_jpeg_device, dev_type; -type FM50AF_device, dev_type; -type DW9714AF_device, dev_type; -type DW9814AF_device, dev_type; -type AK7345AF_device, dev_type; -type DW9714A_device, dev_type; -type LC898122AF_device, dev_type; -type LC898212AF_device, dev_type; -type BU6429AF_device, dev_type; -type AD5820AF_device, dev_type; -type DW9718AF_device, dev_type; -type BU64745GWZAF_device, dev_type; -type MAINAF_device, dev_type; -type MAIN2AF_device, dev_type; -type SUBAF_device, dev_type; -type M4U_device_device, dev_type; -type Vcodec_device, dev_type; -type MJC_device, dev_type; -type smartpa_device, dev_type; -type smartpa1_device, dev_type; -type uio0_device, dev_type; -type xt_qtaguid_device, dev_type; -type rfkill_device, dev_type; -type sw_sync_device, dev_type, mlstrustedobject; -type sec_device, dev_type; -type hid_keyboard_device, dev_type; -type btn_device, dev_type; -type uinput_device, dev_type; -type TV_out_device, dev_type; -type gz_device, dev_type; -type camera_sysram_device, dev_type; -type camera_isp_device, dev_type; -type camera_dip_device, dev_type; -type camera_dpe_device, dev_type; -type camera_tsf_device, dev_type; -type camera_fdvt_device, dev_type; -type camera_rsc_device, dev_type; -type camera_gepf_device, dev_type; -type camera_wpe_device, dev_type; -type camera_owe_device, dev_type; -type camera_mfb_device, dev_type; -type camera_pipemgr_device, dev_type; -type ccu_device, dev_type; -type vpu_device, dev_type, mlstrustedobject; -type mdla_device, dev_type, mlstrustedobject; -type mtk_jpeg_device, dev_type; -type kd_camera_hw_device, dev_type; -type seninf_device, dev_type; -type kd_camera_flashlight_device, dev_type; -type flashlight_device, dev_type; -type kd_camera_hw_bus2_device, dev_type; -type MATV_device, dev_type; -type mt_otg_test_device, dev_type; -type mt_mdp_device, dev_type; -type mtkg2d_device, dev_type; -type misc_sd_device, dev_type; -type mtk_sched_device, dev_type; -type ampc0_device, dev_type; -type mmp_device, dev_type; -type ttyGS_device, dev_type; -type CAM_CAL_DRV_device, dev_type; -type CAM_CAL_DRV1_device, dev_type; -type CAM_CAL_DRV2_device, dev_type; -type MTK_SMI_device, dev_type; -type mtk_cmdq_device, dev_type; -type mtk_mdp_device, dev_type; -type mtk_rrc_device, dev_type; -type ebc_device, dev_type; -type vow_device, dev_type; -type MT6516_H264_DEC_device, dev_type; -type MT6516_Int_SRAM_device, dev_type; -type MT6516_MM_QUEUE_device, dev_type; -type MT6516_MP4_DEC_device, dev_type; -type MT6516_MP4_ENC_device, dev_type; -type sensor_device, dev_type; -type aed_device, dev_type; -type ccci_device, dev_type; -type ccci_monitor_device, dev_type; -type gsm0710muxd_device, dev_type; -type eemcs_device, dev_type; -type emd_device, dev_type; -type mt6605_device, dev_type; -type st21nfc_device, dev_type; -type st54spi_device, dev_type; -type exm0_device, dev_type; -type mmcblk_device, dev_type; -type BOOT_device, dev_type; -type MT_pmic_device, dev_type; -type aal_als_device, dev_type; -type accdet_device, dev_type; -type android_device, dev_type; -type bmtpool_device, dev_type; -type bootimg_device, dev_type; -type btif_device, dev_type; -type cache_device, dev_type; -type cpu_dma_latency_device, dev_type; -type dummy_cam_cal_device, dev_type; -type ebr_device, dev_type; -type expdb_device, dev_type; -type fat_device, dev_type; -type logo_device, dev_type; -type loop-control_device, dev_type; -type mbr_device, dev_type; -type met_device, dev_type; -type misc_device, dev_type; -type misc2_device, dev_type; -type mtfreqhopping_device, dev_type; -type mtgpio_device, dev_type; -type mtk_kpd_device, dev_type; -type network_device, dev_type; -type nvram_device, dev_type; -type pmt_device, dev_type; -type preloader_device, dev_type; -type pro_info_device, dev_type; -type protect_f_device, dev_type; -type protect_s_device, dev_type; -type psaux_device, dev_type; -type ptyp_device, dev_type; -type recovery_device, dev_type; -type sec_ro_device, dev_type; -type seccfg_device, dev_type; -type tee_part_device, dev_type; -type snapshot_device, dev_type; -type tgt_device, dev_type; -type touch_device, dev_type; -type tpd_em_log_device, dev_type; -type ttyp_device, dev_type; -type uboot_device, dev_type; -type uibc_device, dev_type; -type usrdata_device, dev_type; -type zram0_device, dev_type; -type hwzram0_device, dev_type; -type RT_Monitor_device, dev_type; -type kick_powerkey_device, dev_type; -type agps_device, dev_type; -type mnld_device, dev_type; -type geo_device, dev_type; -type mdlog_device, dev_type; -type md32_device, dev_type; -type scp_device, dev_type; -type adsp_device, dev_type; -type audio_scp_device, dev_type; -type sspm_device, dev_type; -type etb_device, dev_type; -type MT_pmic_adc_cali_device, dev_type; -type mtk-adc-cali_device, dev_type; -type MT_pmic_cali_device,dev_type; -type otp_device, dev_type; -type otp_part_block_device, dev_type; -type qemu_pipe_device, dev_type; -type icusb_device, dev_type; -type nlop_device, dev_type; -type irtx_device, dev_type; -type pmic_ftm_device, dev_type; -type charger_ftm_device, dev_type; -type shf_device, dev_type; -type keyblock_device, dev_type; -type offloadservice_device, dev_type; -type ttyACM_device, dev_type; -type hrm_device, dev_type; -type lens_device, dev_type; -type nvdata_device, dev_type; -type nvcfg_device, dev_type; -type expdb_block_device, dev_type; -type misc2_block_device, dev_type; -type logo_block_device, dev_type; -type para_block_device, dev_type; -type tee_block_device, dev_type; -type seccfg_block_device, dev_type; -type secro_block_device, dev_type; -type preloader_block_device, dev_type; -type lk_block_device, dev_type; -type protect1_block_device, dev_type; -type protect2_block_device, dev_type; -type keystore_block_device, dev_type; -type oemkeystore_block_device, dev_type; -type sec1_block_device, dev_type; -type md1img_block_device, dev_type; -type md1dsp_block_device, dev_type; -type md1arm7_block_device, dev_type; -type md3img_block_device, dev_type; -type mmcblk1_block_device, dev_type; -type mmcblk1p1_block_device, dev_type; -type bootdevice_block_device, dev_type; -type odm_block_device, dev_type; -type oem_block_device, dev_type; -type vendor_block_device, dev_type; -type dtbo_block_device, dev_type; -type loader_ext_block_device, dev_type; -type spm_device, dev_type; -type persist_block_device, dev_type; -type md_block_device, dev_type; -type spmfw_block_device, dev_type; -type mcupmfw_block_device, dev_type; -type scp_block_device, dev_type; -type sspm_block_device, dev_type; -type dsp_block_device, dev_type; -type ppl_block_device, dev_type; -type nvcfg_block_device, dev_type; -type ancservice_device, dev_type; -type mbim_device, dev_type; -type audio_ipi_device, dev_type; -type cam_vpu_block_device,dev_type; -type boot_para_block_device,dev_type; -type mtk_dfrc_device, dev_type; -type vbmeta_block_device, dev_type; -type alarm_device, dev_type; -type mdp_device, dev_type; -type mrdump_device, dev_type; -type kb_block_device,dev_type; -type dkb_block_device,dev_type; - -########################## -# Sensor common Devices Start -# -type hwmsensor_device, dev_type; -type msensor_device, dev_type; -type gsensor_device, dev_type; -type als_ps_device, dev_type; -type gyroscope_device, dev_type; -type barometer_device,dev_type; -type humidity_device,dev_type; -type biometric_device,dev_type; -type sensorlist_device,dev_type; -########################## -# Sensor Devices Start -# -type m_batch_misc_device, dev_type; -########################## -# Sensor bio Devices Start -# -type m_als_misc_device, dev_type; -type m_ps_misc_device, dev_type; -type m_baro_misc_device, dev_type; -type m_hmdy_misc_device, dev_type; -type m_acc_misc_device, dev_type; -type m_mag_misc_device, dev_type; -type m_gyro_misc_device, dev_type; -type m_act_misc_device, dev_type; -type m_pedo_misc_device, dev_type; -type m_situ_misc_device, dev_type; -type m_step_c_misc_device, dev_type; -type m_fusion_misc_device, dev_type; -type m_bio_misc_device, dev_type; - -# Date : 2016/07/11 -# Operation : Migration -# Purpose : Add permission for gpu access -type dri_device, dev_type, mlstrustedobject; diff --git a/r_non_plat/domain.te b/r_non_plat/domain.te deleted file mode 100644 index f1877f7..0000000 --- a/r_non_plat/domain.te +++ /dev/null @@ -1,30 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Grant read access to mtk core property type which represents all -# mtk properties except those with ctl_xxx prefix. -# Align Google change: f01453ad453b29dd723838984ea03978167491e5 -get_prop(domain, mtk_core_property_type) - -# Allow all processes to search /sys/kernel/debug/binder/ since it's has been -# labeled with specific debugfs label and many violations to dir search debugfs_binder -# are observed. Grant domain to suppress the violations as originally "debugfs:dir search" -# is also allowed to domain as well in Google default domain.te -allow domain debugfs_binder:dir search; - -# Allow all processes to read /sys/bus/platform/drivers/dev_info/dev_info -# as it is a public interface for all processes to read some OTP data. -allow { - domain - -isolated_app -} sysfs_devinfo:file r_file_perms; - -# Date:20170630 -# Purpose: allow trusted process to connect aee daemon -#allow { -# coredomain -# -untrusted_app_all -#} aee_aed:unix_stream_socket connectto; -allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto; - diff --git a/r_non_plat/drmserver.te b/r_non_plat/drmserver.te deleted file mode 100644 index 6086c27..0000000 --- a/r_non_plat/drmserver.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow drmserver proc_ged:file rw_file_perms; diff --git a/r_non_plat/dumpstate.te b/r_non_plat/dumpstate.te deleted file mode 100644 index 01343a5..0000000 --- a/r_non_plat/dumpstate.te +++ /dev/null @@ -1,181 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Purpose: aee_dumpstate set surfaceflinger property -set_prop(dumpstate, debug_bq_dump_prop); - -# Purpose: access dev/aed0 -allow dumpstate aed_device:chr_file { read getattr }; - -# Purpose: data/dumpsys/* -allow dumpstate aee_dumpsys_data_file:dir { w_dir_perms }; -allow dumpstate aee_dumpsys_data_file:file { create_file_perms }; - -# Purpose: data/aee_exp/* -allow dumpstate aee_exp_data_file:dir { w_dir_perms }; -allow dumpstate aee_exp_data_file:file { create_file_perms }; - -# Purpose: debugfs files -allow dumpstate debugfs_binder:dir { read open }; -allow dumpstate debugfs_binder:file { read open }; -allow dumpstate debugfs_blockio:file { read open }; -allow dumpstate debugfs_fb:dir search; -allow dumpstate debugfs_fb:file { read open }; -allow dumpstate debugfs_fuseio:dir search; -allow dumpstate debugfs_fuseio:file { read open }; -allow dumpstate debugfs_ged:dir search; -allow dumpstate debugfs_ged:file { read open }; -allow dumpstate debugfs_rcu:dir search; -allow dumpstate debugfs_shrinker_debug:file { read open }; -allow dumpstate debugfs_wakeup_sources:file { read open }; -allow dumpstate debugfs_dmlog_debug:file { read open }; -allow dumpstate debugfs_page_owner_slim_debug:file { read open }; -allow dumpstate debugfs_ion_mm_heap:dir search; -allow dumpstate debugfs_ion_mm_heap:file { read open }; -allow dumpstate debugfs_ion_mm_heap:lnk_file read; -allow dumpstate debugfs_cpuhvfs:dir search; -allow dumpstate debugfs_cpuhvfs:file { read open }; -allow dumpstate debugfs_vpu_device_dbg:file { read open }; - -# Purpose: /sys/kernel/ccci/md_chn -allow dumpstate sysfs_ccci:dir search; -allow dumpstate sysfs_ccci:file { read open }; - -# Purpose: leds status -allow dumpstate sysfs_leds:lnk_file read; - -# Purpose: /sys/module/lowmemorykiller/parameters/adj -allow dumpstate sysfs_lowmemorykiller:file { read open }; -allow dumpstate sysfs_lowmemorykiller:dir search; - -# Purpose: /dev/block/mmcblk0p10 -allow dumpstate expdb_block_device:blk_file { read write ioctl open }; - -#/data/anr/SF_RTT -allow dumpstate sf_rtt_file:dir { search getattr }; - -# Data : 2017/03/22 -# Operation : add fd use selinux rule -# Purpose : type=1400 audit(0.0:81356): avc: denied { use } for path="/system/bin/linker" -# dev="mmcblk0p26" ino=250 scontext=u:r:dumpstate:s0 -# tcontext=u:r:aee_aed:s0 tclass=fd permissive=0 -allow dumpstate aee_aed:fd use; -allow dumpstate aee_aed:unix_stream_socket { read write ioctl }; - -# private define -# allow dumpstate config_gz:file read; - -allow dumpstate sysfs_leds:dir r_dir_perms; - -# Purpose: 01-01 08:30:57.260 3070 3070 W aee_dumpstate: type=1400 audit(0.0:13196): avc: denied -# { read } for name="SF_dump" dev="dm-0" ino=352257 scontext=u:r:dumpstate:s0 tcontext=u:object_r: -# sf_bqdump_data_file:s0 tclass=dir permissive=0 -allow dumpstate sf_bqdump_data_file:dir r_dir_perms; -allow dumpstate sf_bqdump_data_file:file r_file_perms; - -# Purpose: -# 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497): -# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev= -# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r: -# tracing_shell_writable:s0 tclass=file permissive=1 -allow dumpstate debugfs_tracing:file rw_file_perms; - -# Data : WK17.03 -# Purpose: Allow to access gpu -allow dumpstate gpu_device:dir search; - -# Purpose: Allow aee_dumpstate to invoke "lshal debug <interface>", where <interface> is "ICameraProvider". -allow dumpstate mtk_hal_camera:binder { call }; - -# Purpose: Allow aee_dumpstate to read /proc/slabinfo -allow dumpstate proc_slabinfo:file r_file_perms; - -# Purpose: Allow aee_dumpstate to read /proc/zraminfo -allow dumpstate proc_zraminfo:file r_file_perms; - -# Purpose: Allow aee_dumpstate to read /proc/gpulog -allow dumpstate proc_gpulog:file r_file_perms; - -# Purpose: Allow aee_dumpstate to read /proc/sched_debug -allow dumpstate proc_sched_debug:file r_file_perms; - -# Purpose: Allow aee_dumpstate to read /proc/chip/hw_ver -allow dumpstate proc_chip:file r_file_perms; - -# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable -allow dumpstate sysfs_vibrator_setting:file write; - -# Purpose: Allow dumpstate to read /sys/kernel/debug/rcu/rcu_callback_log -allow dumpstate debugfs_rcu:file r_file_perms; - -# Purpose: Allow dumpstate to read /proc/ufs_debug -allow dumpstate proc_ufs_debug:file rw_file_perms; - -# Purpose: Allow dumpstate to read /proc/msdc_debug -allow dumpstate proc_msdc_debug:file r_file_perms; - -# Purpose: Allow dumpstate to r/w /proc/pidmap -allow dumpstate proc_pidmap:file rw_file_perms; - -# Purpose: Allow dumpstate to read /sys/power/vcorefs/vcore_debug -allow dumpstate sysfs_vcore_debug:file r_file_perms; - -# Purpose: Allow dumpstate to read /data/anr/SF_RTT/rtt_dump.txt -allow dumpstate sf_rtt_file:file r_file_perms; - -#Purpose: Allow dumpstate to read/write /sys/mtk_memcfg/slabtrace -allow dumpstate proc_slabtrace:file r_file_perms; - -#Purpose: Allow dumpstate to read /proc/mtk_cmdq_debug/status -allow dumpstate proc_cmdq_debug:file r_file_perms; - -#Purpose: Allow dumpstate to read /proc/cpuhvfs/dbg_repo -allow dumpstate proc_dbg_repo:file r_file_perms; - -#Purpose: Allow dumpstate to read /proc/isp_p2/isp_p2_dump -allow dumpstate proc_isp_p2_dump:file r_file_perms; - -#Purpose: Allow dumpstate to read /proc/isp_p2/isp_p2_kedump -allow dumpstate proc_isp_p2_kedump:file r_file_perms; - -#Purpose: Allow dumpstate to read /proc/mali/memory_usage -allow dumpstate proc_memory_usage:file r_file_perms; - -#Purpose: Allow dumpstate to read /proc/mtk_es_reg_dump -allow dumpstate proc_mtk_es_reg_dump:file r_file_perms; - -#Purpose: Allow dumpstate to read /sys/power/mtkpasr/execstate -allow dumpstate sysfs_execstate:file r_file_perms; - -allow dumpstate proc_isp_p2:dir r_dir_perms; -allow dumpstate proc_isp_p2:file r_file_perms; - -# Date : W19.26 -# Operation : Migration -# Purpose : fix google dumpstate avc error in xTS -allow dumpstate debugfs_mmc:dir search; -allow dumpstate mnt_media_rw_file:dir getattr; - -# Date: 19/07/15 -# Purpose: fix google dumpstate avc error in xTs -allow dumpstate sysfs_devices_block:file r_file_perms; -allow dumpstate proc_last_kmsg:file r_file_perms; - -# Date: 19/07/15 -# Purpose: Allow dumpstate to read /sys/kernel/debug/kmemleak -allow dumpstate debugfs_kmemleak:file r_file_perms; - -#Purpose: Allow dumpstate to read /sys/class/misc/adsp/adsp_last_log -allow dumpstate sysfs_adsp:file r_file_perms; - -#Purpose: Allow dumpstate to read /sys/kernel/debug/smi_mon -allow dumpstate debugfs_smi_mon:file r_file_perms; - -# MTEE Trusty -allow dumpstate mtee_trusty_file:file rw_file_perms; - -# 09-05 15:58:31.552000 9693 9693 W df : type=1400 audit(0.0:990): -# avc: denied { search } for name="expand" dev="tmpfs" ino=10779 scontext=u:r:dumpstate:s0 -# tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0 -allow dumpstate mnt_expand_file:dir search; diff --git a/r_non_plat/e2fs.te b/r_non_plat/e2fs.te deleted file mode 100644 index f927a21..0000000 --- a/r_non_plat/e2fs.te +++ /dev/null @@ -1,34 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK17.32 -# Operation : Migration -# Purpose : create ext4 images for protect1/protect2/persist/nvdata/nvcfg block devices. -allow e2fs protect1_block_device:blk_file rw_file_perms; -allow e2fs protect2_block_device:blk_file rw_file_perms; -allow e2fs persist_block_device:blk_file rw_file_perms; -allow e2fs nvdata_device:blk_file rw_file_perms; -allow e2fs nvcfg_block_device:blk_file rw_file_perms; - -allow e2fs devpts:chr_file {read write}; - -# Date : WK18.23 -# Operation: P migration -# Purpose : Allow mke2fs to format userdata and cache partition -allow e2fs cache_block_device:blk_file rw_file_perms; -allow e2fs userdata_block_device:blk_file rw_file_perms; - -# Date : WK19.23 -# Operation: Q migration -# Purpose : Allow format /metadata for UDC -allow e2fs metadata_block_device:blk_file rw_file_perms; - -# Date : WK19.34 -# Operation: Q migration -# Purpose : Allow mke2fs to use ioctl/ioctlcmd -allowxperm e2fs protect1_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; -allowxperm e2fs protect2_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; -allowxperm e2fs nvdata_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; -allowxperm e2fs nvcfg_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; -allowxperm e2fs persist_block_device:blk_file ioctl { BLKPBSZGET BLKROGET BLKDISCARD BLKDISCARDZEROES BLKSECDISCARD }; diff --git a/r_non_plat/em_hidl.te b/r_non_plat/em_hidl.te deleted file mode 100644 index fcf6abf..0000000 --- a/r_non_plat/em_hidl.te +++ /dev/null @@ -1,130 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/em_hidi Executable File -# ============================================== -type em_hidl, domain; -type em_hidl_exec, exec_type, file_type, vendor_file_type; - -# Date : 2018/06/28 -init_daemon_domain(em_hidl) - -# Date : 2018/06/28 -# Purpose: EM_HILD -hal_server_domain(em_hidl, mtk_hal_em) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set ims operator -set_prop(em_hidl, mtk_operator_id_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set mtk_simswitch_emmode_prop -set_prop(em_hidl, mtk_simswitch_emmode_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set mtk_dsbp_support_prop -set_prop(em_hidl, mtk_dsbp_support_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set mtk_imstestmode_prop -set_prop(em_hidl, mtk_imstestmode_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set mtk_smsformat_prop -set_prop(em_hidl, mtk_smsformat_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set mtk_gprs_prefer_prop -set_prop(em_hidl, mtk_gprs_prefer_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set mtk_testsim_cardtype_prop -set_prop(em_hidl, mtk_testsim_cardtype_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should set mtk_ct_ir_engmode_prop -set_prop(em_hidl, mtk_ct_ir_engmode_prop) - -# Date : 2018/06/28 -# Operation : EM DEBUG -# Purpose: EM should mtk_disable_c2k_cap_prop -set_prop(em_hidl, mtk_disable_c2k_cap_prop) - -# Date : 2018/06/29 -# Operation : EM DEBUG -# Purpose: EM should mtk_debug_md_reset_prop -set_prop(em_hidl, mtk_debug_md_reset_prop) - - -# Date : 2018/06/29 -# Operation : EM DEBUG -# Purpose: EM should video log mtk_omx_log_prop -set_prop(em_hidl, mtk_omx_log_prop) - -# Date : 2018/06/29 -# Operation : EM DEBUG -# Purpose: EM should video log mtk_vdec_log_prop -set_prop(em_hidl, mtk_vdec_log_prop) - -# Date : 2018/06/29 -# Operation : EM DEBUG -# Purpose: EM should video log mtk_vdectlc_log_prop -set_prop(em_hidl, mtk_vdectlc_log_prop) - -# Date : 2018/06/29 -# Operation : EM DEBUG -# Purpose: EM should video log mtk_venc_h264_showlog_prop -set_prop(em_hidl, mtk_venc_h264_showlog_prop) - -# Date : 2018/06/29 -# Operation : EM DEBUG -# Purpose: EM should video log mtk_modem_warning_prop -set_prop(em_hidl, mtk_modem_warning_prop) - -# Date : 2018/07/06 -# Operation : EM DEBUG -# Purpose: EM allow usb vendor_em_usb_prop -set_prop(em_hidl, vendor_em_usb_prop) - -# Date : 2018/07/06 -# Operation : EM DEBUG -# Purpose: for setting usb otg enable property -set_prop(em_hidl, vendor_usb_otg_switch) - -# Data : 2018/07/06 -# Purpose : EM MCF read nvdata dir and file -allow em_hidl nvdata_file:dir { read open add_name search getattr}; -allow em_hidl nvdata_file:file { getattr read open }; - -# Data : 2018/07/06 -# Purpose : EM MCF search vendor dir -allow em_hidl mnt_vendor_file:dir search; -allow em_hidl vendor_default_prop:file read; - -# Data : 2018/08/10 -# Purpose : EM BT usage -allow em_hidl stpbt_device:chr_file { read write open }; -allow em_hidl sysfs_boot_mode:file { read open }; -allow em_hidl ttyGS_device:chr_file { read write ioctl open }; -allow em_hidl vendor_usb_prop:file { read getattr open }; -set_prop(em_hidl, vendor_usb_prop) - -# Date : 2018/08/28 -# Operation : EM DEBUG -# Purpose: for em set hidl configure -set_prop(em_hidl, mtk_em_hidl_prop) - -# Date : 2019/08/22 -# Operation : EM AAL -# Purpose: for em set aal property -set_prop(em_hidl, mtk_pq_prop) -# Date : 2019/09/10 -# Operation : EM wcn coredump -# Purpose: for em set wcn coredump property -set_prop(em_hidl, coredump_prop) diff --git a/r_non_plat/em_svr.te b/r_non_plat/em_svr.te deleted file mode 100644 index 5c00360..0000000 --- a/r_non_plat/em_svr.te +++ /dev/null @@ -1,77 +0,0 @@ -# Date: WK1812 -# Purpose: add for sensor calibration -allow em_svr als_ps_device:chr_file { read open ioctl }; -allow em_svr gsensor_device:chr_file { read open ioctl }; - -# Date: WK1812 -# Purpose: add for MD log filter -allow em_svr md_block_device:blk_file { read open }; - -# Date: WK1812 -# Purpose: add for SIB capture -allow em_svr para_block_device:blk_file { read open write}; -allow em_svr proc_lk_env:file { read write ioctl open }; - -# Date: WK1812 -# Purpose: add for MSDC get/set -allow em_svr misc_sd_device:chr_file { read open ioctl }; - -# Date: WK1812 -# Purpose: add for battery log -allow em_svr proc_battery_cmd:dir { search }; -allow em_svr proc_battery_cmd:file { create write open }; - -# Date: WK1812 -# Purpose: add for light/proximity sensor -allow em_svr nvram_device:blk_file { open read write }; - -# Date: WK1812 -# Purpose: add for Gyroscope sensor -allow em_svr gyroscope_device:chr_file { read ioctl open }; - -# Date : 2018/06/15 -# Purpose : Allow EM access touchscreen settings -allow em_svr sysfs_tpd_debug:dir { search }; -allow em_svr sysfs_tpd_setting:dir { search }; -allow em_svr sysfs_tpd_debug:file { rw_file_perms }; -allow em_svr sysfs_tpd_setting:file { rw_file_perms }; - -# Date : 2018/06/15 -# Purpose : EM FreqHopping setting -allow em_svr proc_freqhop:file { open read write }; - -# Date : 2018/06/15 -# Purpose : EM flash reading -allow em_svr proc_flash:file { open read }; -allow em_svr proc_partition:file { open read }; - -# Date : 2018/06/15 -# Purpose : EM Power PMU reading/setting -allow em_svr sysfs_pmu:dir { search }; -allow em_svr sysfs_pmu:file { rw_file_perms }; -allow em_svr sysfs_pmu:lnk_file { read }; - -# Date : 2018/06/15 -# Purpose : EM Power debug_log setting -allow em_svr sysfs_spm:dir { search }; -allow em_svr sysfs_spm:file { open read write }; - -# Date: 2019/04/09 -# Purpose: battery temprature setting -allow em_svr sysfs_battery_temp:file w_file_perms; -allow em_svr sysfs_battery_consumption:file r_file_perms; -allow em_svr sysfs_power_on_vol:file r_file_perms; -allow em_svr sysfs_power_off_vol:file r_file_perms; -allow em_svr sysfs_fg_disable:file w_file_perms; -allow em_svr sysfs_dis_nafg:file w_file_perms; - - - -# Date : 2018/10/12 -# Purpose : EM Power PMU register reading/setting -allow em_svr debugfs_regmap:dir { search }; -allow em_svr debugfs_regmap:file { rw_file_perms }; - -# Date:2019/04/15 -# Purpose: EM Power -allow em_svr toolbox_exec:file { map }; diff --git a/r_non_plat/emdlogger.te b/r_non_plat/emdlogger.te deleted file mode 100644 index 28525e9..0000000 --- a/r_non_plat/emdlogger.te +++ /dev/null @@ -1,124 +0,0 @@ -#allow emdlogger to set property -allow emdlogger debug_prop:property_service set; -allow emdlogger persist_mtklog_prop:property_service set; -allow emdlogger system_radio_prop:property_service set; - -# ccci device for internal modem -allow emdlogger ccci_device:chr_file { rw_file_perms }; - -# eemcs device for external modem -allow emdlogger eemcs_device:chr_file { rw_file_perms }; - -# C2K project SDIO device for external modem ttySDIO2 control port, ttySDIO8 log port -allow emdlogger ttySDIO_device:chr_file { rw_file_perms }; - -# C2K project modem device for external modem vmodem start/stop/ioctl modem -allow emdlogger vmodem_device:chr_file { rw_file_perms }; - -# usb device ttyGSx for modem logger usb logging -allow emdlogger ttyGS_device:chr_file { rw_file_perms}; - -# for modem logging sdcard access -allow emdlogger sdcard_type:dir { create_dir_perms }; -allow emdlogger sdcard_type:file { create_file_perms }; - -# modem logger access on /data/mdlog -allow emdlogger mdlog_data_file:dir { create_dir_perms relabelto }; -allow emdlogger mdlog_data_file:fifo_file { create_file_perms }; -allow emdlogger mdlog_data_file:file { create_file_perms }; - -# modem logger control port access /dev/ttyC1 -allow emdlogger mdlog_device:chr_file { rw_file_perms}; - -#modem logger SD logging in factory mode -allow emdlogger vfat:dir create_dir_perms; -allow emdlogger vfat:file create_file_perms; - -#modem logger permission in storage in android M version -allow emdlogger mnt_user_file:dir search; -allow emdlogger mnt_user_file:lnk_file read; -allow emdlogger storage_file:lnk_file read; - -#permission for storage link access in vzw Project -allow emdlogger mnt_media_rw_file:dir search; - - -#permission for use SELinux API -#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs" -allow emdlogger rootfs:file r_file_perms; - -#permission for storage access storage -allow emdlogger storage_file:dir { create_dir_perms }; -allow emdlogger tmpfs:lnk_file read; -allow emdlogger storage_file:file { create_file_perms }; - -#permission for read boot mode -#avc: denied { open } path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs" -allow emdlogger sysfs_boot_mode:file { read open }; - -# Allow read to sys/kernel/ccci/* files -allow emdlogger sysfs_ccci:dir search; -allow emdlogger sysfs_ccci:file r_file_perms; - -allow emdlogger sysfs_mdinfo:file r_file_perms; -allow emdlogger sysfs_mdinfo:dir search; - -# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 -# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 -allow emdlogger system_file:dir read; - - -# purpose: allow emdlogger to access storage in N version -allow emdlogger media_rw_data_file:file { create_file_perms }; -allow emdlogger media_rw_data_file:dir { create_dir_perms }; - -#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:emdlogger:s0 -#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0 -#security issue control -allow emdlogger aee_aed:unix_stream_socket connectto; - -# For dynamic CCB buffer feature -#avc: denied { read write } for name="lk_env" dev="proc" ino=4026532192 -#scontext=u:r:emdlogger:s0 tcontext=u:object_r:proc_lk_env:s0 tclass=file permissive=0 -#avc: denied { read } for name="mmcblk0p3" dev="tmpfs" ino=8493 scontext=u:r:emdlogger:s0 -# tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0 -allow emdlogger para_block_device:blk_file { read open write }; -allow emdlogger proc_lk_env:file { read write ioctl open }; - -## purpose: avc: denied { read } for name="plat_file_contexts" -allow emdlogger file_contexts_file:file { read getattr open map}; - -allow emdlogger block_device:dir search; -allow emdlogger md_block_device:blk_file { read open }; -allow emdlogger self:capability { chown }; - - -# purpose: allow emdlogger to access persist.meta.connecttype -get_prop(emdlogger, meta_connecttype_prop); - -# purpose: allow emdlogger to create socket -allow emdlogger port:tcp_socket { name_connect name_bind }; -allow emdlogger emdlogger:tcp_socket { create connect setopt bind }; -allow emdlogger emdlogger:tcp_socket { bind setopt listen accept read write }; -allow emdlogger node:tcp_socket node_bind; - -# Android P migration -set_prop(emdlogger, persist_mtklog_prop) -set_prop(emdlogger, vendor_mdl_prop) -set_prop(emdlogger, vendor_mdl_start_prop) -set_prop(emdlogger, debug_mdlogger_prop) -get_prop(emdlogger, vendor_usb_prop) -set_prop(emdlogger, persist_mdlog_prop) -set_prop(emdlogger, vendor_mdl_pulllog_prop) -set_prop(emdlogger, exported_system_radio_prop) - -allow emdlogger vendor_configs_file:file map; -allow emdlogger vendor_default_prop:file map; - -# Date : WK19.12 -# Operation: add permission to catch logs -# Purpose : get kernel and radio logs when modem exception -allow emdlogger kernel:system syslog_read; -allow emdlogger logcat_exec:file {rx_file_perms}; -allow emdlogger logdr_socket:sock_file write; - diff --git a/r_non_plat/factory.te b/r_non_plat/factory.te deleted file mode 100644 index 5695bf1..0000000 --- a/r_non_plat/factory.te +++ /dev/null @@ -1,389 +0,0 @@ -# ============================================== -# Policy File of /system/bin/factory Executable File - -# ============================================== -# Type Declaration -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== -type factory, domain; -type factory_exec, exec_type, file_type, vendor_file_type; -init_daemon_domain(factory) - -#============= factory ============== -allow factory MTK_SMI_device:chr_file r_file_perms; -allow factory ashmem_device:chr_file execute; -allow factory ebc_device:chr_file rw_file_perms; -allow factory stpbt_device:chr_file rw_file_perms; - -# Date: WK14.47 -# Operation : Migration -# Purpose : CCCI -allow factory eemcs_device:chr_file rw_file_perms; -allow factory ccci_device:chr_file rw_file_perms; -allow factory gsm0710muxd_device:chr_file rw_file_perms; - -#Purpose: file system requirement -allow factory debugfs_usb:file rw_file_perms; -allow factory debugfs_usb:dir search; -allow factory devpts:chr_file rw_file_perms; -allow factory vfat:dir w_dir_perms; -allow factory labeledfs:filesystem unmount; -allow factory rootfs:dir mounton; -allow factory vfat:dir { read open search mounton }; -allow factory vfat:filesystem { mount unmount }; - -# Purpose : SDIO -allow factory ttySDIO_device:chr_file rw_file_perms; - -#Purpose: USB -allow factory ttyMT_device:chr_file rw_file_perms; -allow factory ttyS_device:chr_file rw_file_perms; -allow factory ttyGS_device:chr_file rw_file_perms; - -# Purpose: OTG -allow factory usb_device:chr_file rw_file_perms; -allow factory usb_device:dir r_dir_perms; - -# Date: WK15.01 -# Purpose : OTG Mount -allow factory sdcard_type:dir mounton; -# Date: WK15.07 -# Purpose : use c2k flight mode; -allow factory vmodem_device:chr_file rw_file_perms; - -# Date: WK15.13 -# Purpose: for nand project -allow factory mtd_device:dir search; -allow factory mtd_device:chr_file rw_file_perms; -allow factory self:capability sys_resource; -allow factory pro_info_device:chr_file rw_file_perms; - -# Data: WK15.28 -# Purpose: for mt-ramdump reset -allow factory proc_mrdump_rst:file w_file_perms; - -#Date: WK15.31 -#Purpose: define factory_data_file instead of system_data_file -# because system_data_file is sensitive partition from M -wakelock_use(factory); -allow factory storage_file:dir { write create add_name search mounton }; - -# Date: WK15.44 -# Purpose: factory idle current status -allow factory vendor_factory_idle_state_prop:property_service set; - -# Date: WK15.46 -# Purpose: gps factory mode -allow factory agpsd_data_file:dir search; -allow factory gps_data_file:dir { write add_name search remove_name unlink}; -allow factory gps_data_file:file { read write open create getattr append setattr unlink lock}; -allow factory gps_data_file:lnk_file read; -allow factory storage_file:lnk_file r_file_perms; - -#Date: WK15.48 -#Purpose: capture for factory mode -allow factory devmap_device:chr_file r_file_perms; -allow factory sdcard_type:dir create_dir_perms; -allow factory sdcard_type:file create_file_perms; -allow factory mnt_user_file:dir search; -allow factory mnt_user_file:lnk_file read; -allow factory storage_file:lnk_file read; - -#Date: WK16.05 -#Purpose: For access NVRAM -allow factory factory:capability chown; -allow factory nvram_data_file:dir create_dir_perms; -allow factory nvram_data_file:file create_file_perms; -allow factory nvram_data_file:lnk_file r_file_perms; -allow factory nvdata_file:lnk_file r_file_perms; -allow factory nvram_device:chr_file rw_file_perms; -allow factory nvram_device:blk_file rw_file_perms; -allow factory nvdata_device:blk_file rw_file_perms; - -#Date: WK16.12 -#Purpose: For sensor test -allow factory als_ps_device:chr_file r_file_perms; -allow factory barometer_device:chr_file r_file_perms; -allow factory gsensor_device:chr_file r_file_perms; -allow factory gyroscope_device:chr_file r_file_perms; -allow factory msensor_device:chr_file r_file_perms; -allow factory biometric_device:chr_file r_file_perms; - -#Purpose: For camera Test -allow factory kd_camera_flashlight_device:chr_file rw_file_perms; -allow factory kd_camera_hw_device:chr_file rw_file_perms; -allow factory seninf_device:chr_file rw_file_perms; -allow factory CAM_CAL_DRV_device:chr_file rw_file_perms; - -#Purpose: For reboot the target -allow factory powerctl_prop:property_service set; - -#Purpose: For memory card test -allow factory misc_sd_device:chr_file r_file_perms; -allow factory mmcblk1_block_device:blk_file rw_file_perms; -allow factory bootdevice_block_device:blk_file rw_file_perms; -allow factory mmcblk1p1_block_device:blk_file rw_file_perms; -allow factory block_device:dir w_dir_perms; -allowxperm factory mmcblk1_block_device:blk_file ioctl BLKGETSIZE; -allowxperm factory bootdevice_block_device:blk_file ioctl BLKGETSIZE; - -#Purpose: For EMMC test -allow factory nvdata_file:dir create_dir_perms; -allow factory nvdata_file:file create_file_perms; - -#Purpose: For HRM test -allow factory hrm_device:chr_file r_file_perms; - -#Purpose: For IrTx LED test -allow factory irtx_device:chr_file rw_file_perms; - -#Purpose: For battery test, ext_buck test and ext_vbat_boost test -allow factory pmic_ftm_device:chr_file rw_file_perms; -allow factory MT_pmic_adc_cali_device:chr_file rw_file_perms; -allow factory MT_pmic_cali_device:chr_file r_file_perms; -allow factory charger_ftm_device:chr_file r_file_perms; - -#Purpose: For HDMI test -allow factory graphics_device:dir w_dir_perms; -allow factory graphics_device:chr_file rw_file_perms; - -#Purpose: For WIFI test -allow factory wmtWifi_device:chr_file rw_file_perms; - -#Purpose: For rtc test -allow factory rtc_device:chr_file rw_file_perms; - -#Purpose: For nfc test -allow factory mt6605_device:chr_file rwx_file_perms; - -#Purpose: For gps test -allow factory mnld_device:chr_file rw_file_perms; -allow factory mnld_exec:file rx_file_perms; - -#Purpose: For keypad test -allow factory mtk_kpd_device:chr_file r_file_perms; - -#Purpose: For Humidity test -allow factory humidity_device:chr_file r_file_perms; - -#Purpose: For camera test -allow factory camera_isp_device:chr_file rw_file_perms; -allow factory camera_dip_device:chr_file rw_file_perms; -allow factory camera_pipemgr_device:chr_file r_file_perms; -allow factory camera_sysram_device:chr_file r_file_perms; -allow factory ccu_device:chr_file rw_file_perms; -allow factory vpu_device:chr_file rw_file_perms; -allow factory MAINAF_device:chr_file rw_file_perms; -allow factory MAIN2AF_device:chr_file rw_file_perms; -allow factory SUBAF_device:chr_file rw_file_perms; -allow factory FM50AF_device:chr_file rw_file_perms; -allow factory AD5820AF_device:chr_file rw_file_perms; -allow factory DW9714AF_device:chr_file rw_file_perms; -allow factory DW9714A_device:chr_file rw_file_perms; -allow factory LC898122AF_device:chr_file rw_file_perms; -allow factory LC898212AF_device:chr_file rw_file_perms; -allow factory BU6429AF_device:chr_file rw_file_perms; -allow factory DW9718AF_device:chr_file rw_file_perms; -allow factory BU64745GWZAF_device:chr_file rw_file_perms; -allow factory cct_data_file:dir create_dir_perms; -allow factory cct_data_file:file create_file_perms; -allow factory camera_tsf_device:chr_file rw_file_perms; -allow factory camera_rsc_device:chr_file rw_file_perms; -allow factory camera_gepf_device:chr_file rw_file_perms; -allow factory camera_fdvt_device:chr_file rw_file_perms; -allow factory camera_wpe_device:chr_file rw_file_perms; -allow factory camera_owe_device:chr_file rw_file_perms; -allow factory camera_mfb_device:chr_file rw_file_perms; -allow factory mtk_hal_power_hwservice:hwservice_manager find; -allow factory mtk_hal_power:binder call; -get_prop(factory,mediatek_prop); -#Purpose: For FM test and headset test -allow factory accdet_device:chr_file r_file_perms; -allow factory fm_device:chr_file rw_file_perms; - -#Purpose: For audio test -allow factory audio_device:chr_file rw_file_perms; -allow factory audio_device:dir w_dir_perms; -allow factory audiohal_prop:property_service set; -allow factory audio_ipi_device:chr_file { read write ioctl open }; -allow factory audio_scp_device:chr_file r_file_perms; - -#Purpose: For key and touch event -allow factory input_device:chr_file r_file_perms; -allow factory input_device:dir rw_dir_perms; - -# Date: WK16.17 -# Purpose: N Migration For ccci sysfs node -# Allow read to sys/kernel/ccci/* files -allow factory sysfs_ccci:dir search; -allow factory sysfs_ccci:file r_file_perms; - -# Date: WK16.18 -# Purpose: N Migration For boot_mode -# Allow to read boot mode -# avc: denied { read } for name="boot_mode" dev="sysfs" ino=117 -# scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 -# tclass=file permissive=0 -allow factory sysfs_boot_mode:file { read open }; -allow factory sysfs_boot_type:file { read open }; - -#TODO:: MTK need to remove later -not_full_treble(` - allow factory mnld:unix_dgram_socket sendto; -') - -# Date: WK16.31 -#Purpose: For gps test -allow factory mnld_prop:property_service set; - -# Date: WK16.33 -#Purpose: for unmount sdcardfs and stop services which are using data partition -allow factory sdcard_type:filesystem unmount; -allow factory ctl_default_prop:property_service set; - -# Date : WK16.35 -# Operation : Migration -# Purpose : Update camera flashlight driver device file -allow factory flashlight_device:chr_file rw_file_perms; - - -# Date: WK15.25 -#Purpose: for unmount sdcardfs and stop services which are using data partition -allow factory ctl_emdlogger1_prop:property_service set; -# Date: WK17.07 -# Purpose: Clear bootdevice (eMMC/UFS) may need to unmount tmpfs -allow factory tmpfs:filesystem unmount; -allow factory sysfs:dir { read open }; -allow factory sysfs_leds:dir search; -allow factory sysfs_leds:lnk_file read; -allow factory sysfs_leds:file rw_file_perms; -allow factory sysfs_leds:dir r_dir_perms; -allow factory sysfs_power:file rw_file_perms; -allow factory sysfs_power:dir r_dir_perms; -allow factory self:capability2 {block_suspend}; -allow factory sysfs_vibrator:file {open read write}; -allow factory ion_device:chr_file { read open ioctl }; -allow factory debugfs_ion:dir search; -# Date: WK17.27 -# Purpose: STMicro NFC solution integration -allow factory st21nfc_device:chr_file { open read getattr write ioctl }; -set_prop(factory,hwservicemanager_prop); -hwbinder_use(factory); -hal_client_domain(factory, hal_nfc); - -# Date : WK17.32 -# Operation : O Migration -# Purpose: Allow to access cmdq driver -allow factory mtk_cmdq_device:chr_file { read ioctl open }; -allow factory mtk_mdp_device:chr_file rw_file_perms; -allow factory sw_sync_device:chr_file rw_file_perms; - -# Date: WK1733 -# Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode -set_prop(factory,ctl_ccci_fsd_prop); - -# Date : WK17.38 -# Operation : O Migration -# Purpose: Allow to access sysfs -allow factory sysfs_therm:dir search; -allow factory sysfs_therm:file {open read write}; - -#Date: W18.22 -# Purpose: P Migration for factory get com port type and uart port info -# detail avc log: [ 11.751803] <1>.(1)[227:logd.auditd]type=1400 audit(1262304016.560:10): -#avc: denied { read } for pid=203 comm="factory" name="meta_com_type_info" dev= -#"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 -allow factory sysfs_comport_type:file rw_file_perms; -allow factory sysfs_uart_info:file rw_file_perms; - - -# from private -allow factory property_socket:sock_file write; -allow factory init:unix_stream_socket connectto; -allow factory kernel:system module_request; -allow factory node:tcp_socket node_bind; -allow factory userdata_block_device:blk_file rw_file_perms; -allow factory port:tcp_socket { name_bind name_connect }; -allow factory self:capability { sys_module ipc_lock sys_nice net_raw fsetid net_admin sys_time sys_boot sys_admin }; -allow factory sdcard_type:dir r_dir_perms; -allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write }; -allow factory proc_net:file { read getattr open }; -allowxperm factory self:udp_socket ioctl priv_sock_ioctls; -allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID}; - -allow factory self:process execmem; -allow factory self:tcp_socket create_stream_socket_perms; -allow factory self:udp_socket create_socket_perms; - -allow factory sysfs_wake_lock:file rw_file_perms; -#allow factory system_file:file x_file_perms; - -# For Light HIDL permission -hal_client_domain(factory, hal_light); -allow factory hal_light_hwservice:hwservice_manager find; -allow factory mtk_hal_light:binder call; -allow factory merged_hal_service:binder call; -# For vibrator test permission -allow factory sysfs_vibrator:file rw_file_perms; -allow factory sysfs_vibrator:dir search; - -# For Audio device permission -allow factory proc_asound:dir { read search open }; -allow factory proc_asound:file { read open getattr write }; -allow factory audiohal_prop:property_service set; - -# For Accdet data permission -allow factory sysfs_headset:file { read open }; - -# For touch auto test -allow factory sysfs_tpd_setting:dir search; -allow factory sysfs_tpd_setting:file { read getattr open }; - -# Date : WK18.23 -# Operation: P migration -# Purpose : Allow factory to unmount partition, stop service, and then erase partition -allow factory vendor_shell_exec:file { read execute open execute_no_trans }; -allow factory vendor_toolbox_exec:file { execute_no_trans }; -allow factory labeledfs:filesystem { unmount }; -allow factory proc_cmdline:file { read open getattr }; -allow factory factory:capability { sys_boot sys_admin}; -allow factory sysfs_dt_firmware_android:file { read open getattr }; -allow factory sysfs_dt_firmware_android:dir { read open search }; -# Purpose : Allow factory to communicate with driver thru socket -allow factory factory:capability { sys_module net_admin net_raw }; - -# For power_supply and switch permission -r_dir_file(factory, sysfs_batteryinfo) -r_dir_file(factory, sysfs_switch) - -# Date : WK18.31 -# Operation: P migration -# Purpose : Refine policy -allow factory sysfs_mmcblk:dir { search }; -allow factory sysfs_mmcblk:file { read getattr open }; - -# Date : WK18.37 -# Operation: P migration -# Purpose : ADSP SmartPA calibration -allow factory vendor_file:file execute_no_trans; -allow factory mtk_audiohal_data_file:dir create_dir_perms; -allow factory mtk_audiohal_data_file:file { write create unlink r_file_perms }; - -#Date : WK18.37 -# Operation: P migration -# Purpose : Allow factory to open /proc/version -allow factory proc_version:file {read open getattr}; - -# Purpose : adsp -allow factory adsp_device:chr_file rw_file_perms; - -# Purpose : NFC -allow factory vendor_nfc_socket:dir { write add_name remove_name search }; -allow factory vendor_nfc_socket:sock_file { create write unlink setattr }; - -# Allow to get AOSP property persist.radio.multisim.config -get_prop(factory, exported3_radio_prop) - diff --git a/r_non_plat/fastbootd.te b/r_non_plat/fastbootd.te deleted file mode 100644 index cb6708d..0000000 --- a/r_non_plat/fastbootd.te +++ /dev/null @@ -1,25 +0,0 @@ -# fastbootd (used in recovery init.rc for /sbin/fastbootd) - - -allow fastbootd { - bootdevice_block_device - cache_block_device - logo_block_device - para_block_device - }:blk_file { rw_file_perms }; - -allow fastbootd { - sysfs_boot_type -}:file { rw_file_perms }; - -allowxperm fastbootd { - bootdevice_block_device - cache_block_device - logo_block_device - para_block_device - }:blk_file ioctl { - BLKSECDISCARD - BLKDISCARD - MMC_IOCTLCMD - }; - diff --git a/r_non_plat/file.te b/r_non_plat/file.te deleted file mode 100644 index d43727c..0000000 --- a/r_non_plat/file.te +++ /dev/null @@ -1,416 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -type custom_file, file_type, data_file_type; -type lost_found_data_file, file_type, data_file_type; -type dontpanic_data_file, file_type, data_file_type; -type resource_cache_data_file, file_type, data_file_type; -type http_proxy_cfg_data_file, file_type, data_file_type; -type acdapi_data_file, file_type, data_file_type; -type ppp_data_file, file_type, data_file_type; -type wpa_supplicant_data_file, file_type, data_file_type; -type radvd_data_file, file_type, data_file_type; -type volte_vt_socket, file_type; -type dfo_socket, file_type; -type gsmrild_socket, file_type; -type rild2_socket, file_type; -type rild3_socket, file_type; -type rild4_socket, file_type; -type rild_mal_socket, file_type; -type rild_mal_at_socket, file_type; -type rild_mal_md2_socket, file_type; -type rild_mal_at_md2_socket, file_type; -type rild_ims_socket, file_type; -type rild_imsm_socket, file_type; -type rild_oem_socket, file_type; -type rild_mtk_ut_socket, file_type; -type rild_mtk_ut_2_socket, file_type; -type rild_mtk_modem_socket, file_type; -type rild_md2_socket, file_type; -type rild2_md2_socket, file_type; -type rild_debug_md2_socket, file_type; -type rild_oem_md2_socket, file_type; -type rild_mtk_ut_md2_socket, file_type; -type rild_mtk_ut_2_md2_socket, file_type; -type rild_mtk_modem_md2_socket, file_type; -type rild_vsim_socket, file_type; -type rild_vsim_md2_socket, file_type; -type mal_mfi_socket, file_type; -type mal_data_file, file_type, data_file_type; -type netdiag_socket, file_type; -type wpa_wlan0_socket, file_type; -type soc_vt_imcb_socket, file_type; -type soc_vt_tcv_socket, file_type; -type soc_vt_stk_socket, file_type; -type soc_vt_svc_socket, file_type; -type dbus_bluetooth_socket, file_type; -type bt_int_adp_socket, file_type; -type bt_a2dp_stream_socket, file_type; -type bt_data_file, file_type, data_file_type; -type proc_thermal, fs_type, proc_type; -type proc_mtkcooler, fs_type, proc_type; -type proc_mtktz, fs_type, proc_type; -type proc_mtd, fs_type, proc_type; -type proc_slogger, fs_type, proc_type; -type proc_lk_env, fs_type, proc_type; -type proc_ged, fs_type, proc_type; -type proc_mtk_jpeg, fs_type, proc_type; -type proc_perfmgr, fs_type, proc_type; -type proc_wmtdbg, fs_type, proc_type; -type proc_zraminfo, fs_type, proc_type; -type proc_cpu_alignment, fs_type, proc_type; -type proc_gpulog, fs_type, proc_type; -type proc_sched_debug, fs_type, proc_type; -type proc_chip, fs_type, proc_type; -type proc_atf_log, fs_type, proc_type; -type proc_gz_log, fs_type, proc_type; -type proc_last_kmsg, fs_type, proc_type; -type proc_bootprof, fs_type, proc_type; -type proc_pl_lk, fs_type, proc_type; -type proc_msdc_debug, fs_type, proc_type; -type proc_ufs_debug, fs_type, proc_type; -type proc_pidmap, fs_type, proc_type; -type proc_slabtrace, fs_type, proc_type; -type proc_cmdq_debug, fs_type, proc_type; -type proc_isp_p2, fs_type, proc_type; -type proc_dbg_repo, fs_type, proc_type; -type proc_isp_p2_dump, fs_type, proc_type; -type proc_isp_p2_kedump, fs_type, proc_type; -type proc_memory_usage, fs_type, proc_type; -type proc_mtk_es_reg_dump, fs_type, proc_type; -type sysfs_execstate, fs_type, sysfs_type; -type sysfs_therm, fs_type, sysfs_type; -type sysfs_fps, fs_type, sysfs_type; -type sysfs_ccci, fs_type, sysfs_type; -type sysfs_mdinfo, fs_type,sysfs_type; -type sysfs_ssw, fs_type,sysfs_type; -type sysfs_vcorefs_pwrctrl, fs_type, sysfs_type; -type sysfs_md32, fs_type, sysfs_type; -type sysfs_scp, fs_type, sysfs_type; -type sysfs_adsp, fs_type, sysfs_type; -type sysfs_sspm, fs_type, sysfs_type; -type sysfs_devinfo, fs_type, sysfs_type, mlstrustedobject; -type sysfs_dcm, fs_type, sysfs_type; -type sysfs_dcs, fs_type, sysfs_type; -type sysfs_vcore_debug, fs_type, sysfs_type; -type agpsd_socket, file_type; -type agpsd_data_file, file_type, data_file_type; -type mnld_socket, file_type; -type mnld_data_file, file_type, data_file_type; -type gps_data_file, file_type, data_file_type; -type MPED_socket, file_type; -type MPED_data_file, file_type, data_file_type; -type sysctl_socket, file_type; -type backuprestore_socket, file_type; -type protect_f_data_file, file_type, data_file_type; -type protect_s_data_file, file_type, data_file_type; -type persist_data_file, file_type, data_file_type; -type nvram_data_file, file_type, data_file_type; -type nvdata_file, file_type, data_file_type; -type nvcfg_file, file_type, data_file_type; -type cct_data_file, file_type, data_file_type; -type mediaserver_data_file, file_type, data_file_type; -type mediacodec_data_file, file_type, data_file_type; -type connsyslog_data_vendor_file, file_type, data_file_type; - -#mobilelog data/misc/mblog -type logmisc_data_file, file_type, data_file_type, core_data_file_type; - -#mobilelog data/log_temp -type logtemp_data_file, file_type, data_file_type, core_data_file_type; - -# NE core_forwarder -type aee_core_data_file, file_type, data_file_type, core_data_file_type; -type aee_core_vendor_file, file_type, data_file_type; - -# AEE exp -type aee_exp_data_file, file_type, data_file_type, core_data_file_type; -type aee_exp_vendor_file, file_type, data_file_type; -type aee_dumpsys_data_file, file_type, data_file_type, core_data_file_type; -type aee_dumpsys_vendor_file, file_type, data_file_type; - -# SF rtt dump -type sf_rtt_file, file_type, data_file_type, core_data_file_type; - -#for 3Gdongle -type rild-dongle_socket, file_type; - -type ccci_cfg_file, file_type, data_file_type; -type ccci_data_md1_file, file_type, data_file_type; -type c2k_file, file_type, data_file_type; -#For sensor -type sensor_data_file, file_type, data_file_type; -type stp_dump_data_file, file_type, data_file_type; -type sysfs_keypad_file, fs_type, sysfs_type; -type rild_via_socket, file_type; -type rpc_socket, file_type; -type rild_ctclient_socket, file_type; -#For icusb -type proc_icusb, fs_type, proc_type; - -# for labeling /mnt/cd-rom as iso9660 -type iso9660, fs_type; - -# data_tmpfs_log -type data_tmpfs_log_file, file_type, data_file_type, core_data_file_type; -type vendor_tmpfs_log_file, file_type, data_file_type; - -# rawfs for /protect_f on NAND projects -type rawfs, fs_type, mlstrustedobject; - -# fat on nand fat.img -type fon_image_data_file, file_type, data_file_type; - -# ims ipsec config file -type ims_ipsec_data_file, file_type, data_file_type; - -# thermal manager config file -type thermal_manager_data_file, file_type, data_file_type; - -# adbd config file -type adbd_data_file, file_type, data_file_type, core_data_file_type; - -#autokd data file -type autokd_data_file, file_type, data_file_type; - -#fuse -type fuseblk,sdcard_type,fs_type,mlstrustedobject; - -# for mt-ramdump reset -type proc_mrdump_rst, fs_type, proc_type; - -# battery_cmd file -type proc_battery_cmd, fs_type, proc_type; - -# binder debugfs file -type debugfs_binder, fs_type, debugfs_type; - -# blockio debugfs file -type debugfs_blockio, fs_type, debugfs_type; - -# fuseio debugfs file -type debugfs_fuseio, fs_type, debugfs_type; - -# usb debugfs file -type debugfs_usb, fs_type, debugfs_type; - -# display debugfs file -type debugfs_fb, fs_type, debugfs_type; - -# cpuhvfs debugfs file -type debugfs_cpuhvfs, fs_type, debugfs_type; - -#for engineermode Usb PHY Tuning -type debugfs_usb20_phy, fs_type, debugfs_type; - -# dynamic_debug debugfs file -type debugfs_dynamic_debug, fs_type, debugfs_type; - -# shrinker debugfs file -type debugfs_shrinker_debug, fs_type, debugfs_type; - -# dmlog debugfs file -type debugfs_dmlog_debug, fs_type, debugfs_type; - -# page_owner_slim debugfs file -type debugfs_page_owner_slim_debug, fs_type, debugfs_type; - -# rcu debugfs file -type debugfs_rcu, fs_type, debugfs_type; - -# gpu debugfs file -type debugfs_ged, fs_type, debugfs_type; - -# fpsgo debugfs file -type debugfs_fpsgo, fs_type, debugfs_type; - -# eara_thermal debugfs file -type debugfs_eara_thermal, fs_type, debugfs_type; - -# vpu debugfs file -type debugfs_vpu_power, fs_type, debugfs_type; -type debugfs_vpu_memory, fs_type, debugfs_type; - -# mdla debugfs file -type debugfs_mdla_power, fs_type, debugfs_type; - -# memtrack debugfs file -type debugfs_gpu_mali_midgard, fs_type, debugfs_type; -type debugfs_gpu_mali_utgard, fs_type, debugfs_type; -type debugfs_gpu_img, fs_type, debugfs_type; -type debugfs_ion, fs_type, debugfs_type; - -# /sys/kernel/debug/ion/ion_mm_heap -type debugfs_ion_mm_heap, fs_type, debugfs_type; - -# /sys/kernel/debug/emi_mbw/dump_buf -type debugfs_emi_mbw_buf, fs_type, debugfs_type; - -# /sys/kernel/debug/vpu/device_dbg -type debugfs_vpu_device_dbg, fs_type, debugfs_type; - -# /sys/kernel/debug/kmemleak -type debugfs_kmemleak, fs_type, debugfs_type; - -###################################### -# core domain file data - -# SF bqdump -type sf_bqdump_data_file, file_type, data_file_type, core_data_file_type; -type nfc_socket, file_type, data_file_type, core_data_file_type; -type vendor_nfc_socket, file_type, data_file_type; -# factory data file -type factory_data_file, file_type, data_file_type, core_data_file_type; -# Modem Log folder -type mdlog_data_file, file_type, data_file_type, core_data_file_type; - -# MTK audio HAL folder -type mtk_audiohal_data_file, file_type, data_file_type; - -# MTK Power HAL folder -type mtk_powerhal_data_file, file_type, data_file_type; - -# Date : WK1743 -# Purpose : for meta_tst copy MD DB from MD image -type mddb_data_file, file_type, data_file_type; - -# Date : WK1814 -# Purpose : for factory to get boot mode and type -type sysfs_boot_mode, fs_type, sysfs_type; -type sysfs_boot_type, fs_type, sysfs_type; - -# consys Log folder -type consyslog_data_file, file_type, data_file_type, core_data_file_type; - -# Date : WK1817 -# Purpose : for meta to get com port type and uart port info -type sysfs_comport_type, fs_type, sysfs_type; -type sysfs_uart_info, fs_type, sysfs_type; -type sysfs_usb_cmode, fs_type, sysfs_type; - -# Date : WK1820 -# Purpose : for charger to access vbus info and pump_express -type sysfs_vbus, fs_type, sysfs_type; -type sysfs_pump_express, fs_type, sysfs_type; - -# Widevine move data/mediadrm folder from system to vendor -type mediadrm_vendor_data_file, file_type, data_file_type; - -# mtk usb hal -type sysfs_dual_role_usb20, fs_type, sysfs_type; - -# lbs debug file -#type lbs_dbg_data_file, file_type, data_file_type, core_data_file_type; - -# Touch parameters file -type sysfs_tpd_setting, fs_type, sysfs_type; -type sysfs_tpd_debug, fs_type, sysfs_type; - -# Date : 2018/06/11 -# Purpose : mtk EM FreqHopping setting -type proc_freqhop, fs_type, proc_type; - -# Date : 2018/06/11 -# Purpose : mtk EM flash reading -type proc_flash, fs_type, proc_type; -type proc_partition, fs_type, proc_type; - -# Date : 2018/06/11 -# Purpose : mtk EM PMU reading/setting -type sysfs_pmu, fs_type, sysfs_type; - -# Date : 2018/06/11 -# Purpose : mtk EM Power debug_log setting -type sysfs_spm, fs_type, sysfs_type; - -# Date : 2018/06/11 -# Purpose : mtk EM Audio headset detect -type sysfs_headset, fs_type, sysfs_type; - -# socket between atci_service and audio-daemon -type atci-audio_socket, file_type; - -# ATCI socket types -type rild_atci_socket, file_type; -type rilproxy_atci_socket, file_type; -type atci_service_socket, file_type; -type adb_atci_socket, file_type; - -# EM Power PMU register reading/setting -type debugfs_regmap, fs_type, debugfs_type; - -# Date : 2018/11/01 -# Purpose : mtk EM c2k bypass read usb file -type sys_usb_rawbulk, fs_type, sysfs_type; - -# Backlight brightness file -type sysfs_leds_setting, fs_type, sysfs_type; - -# Vibrator vibrate file -type sysfs_vibrator_setting, fs_type, sysfs_type; - -# Date : 2019/04/09 -# Purpose: mtk EM battery settings -type sysfs_battery_temp, fs_type, sysfs_type; -type sysfs_battery_consumption, fs_type, sysfs_type; -type sysfs_power_on_vol, fs_type, sysfs_type; -type sysfs_power_off_vol, fs_type, sysfs_type; -type sysfs_fg_disable, fs_type, sysfs_type; -type sysfs_dis_nafg, fs_type, sysfs_type; - -# drm key manager -type provision_file, file_type, data_file_type; -type key_install_data_file, file_type, data_file_type; - -# Date : WK18.16 -# Purpose: Android Migration -type sysfs_mmcblk, fs_type, sysfs_type; -type sysfs_mmcblk1, fs_type, sysfs_type; - -type aee_dipdebug_vendor_file, file_type, data_file_type; - -type netd_socket, file_type, coredomain_socket; - -# Date : WK19.27 -# Purpose: Android Migration for SVP -type proc_m4u, fs_type, proc_type; - -# Date : 2019/08/15 -type debugfs_smi_mon, fs_type, debugfs_type; - -# Date : WK19.34 -# Purpose: Android Migration for video codec driver -type vcodec_file, file_type, data_file_type; - -# Date : 2019/08/24 -type sysfs_sensor, fs_type, sysfs_type; - -#MTEE trusty -type mtee_trusty_file, fs_type, sysfs_type; - -# Date : 2019/08/29 -# Purpose: Allow rild access proc/aed/reboot-reason -type proc_aed_reboot_reason, fs_type, proc_type; - -# Date : 2019/09/05 -# Purpose: Allow powerhal to control kernel resources -type proc_ppm, fs_type, proc_type; -type proc_cpufreq, fs_type, proc_type; -type proc_hps, fs_type, proc_type; -type proc_cm_mgr, fs_type, proc_type; -type proc_ca_drv, fs_type, proc_type; -type sysfs_ged, fs_type, sysfs_type; -type sysfs_fbt_cpu, fs_type, sysfs_type; -type sysfs_fbt_fteh, fs_type, sysfs_type; - -# Date : WK19.38 -# Purpose: Android Migration for video codec driver -type sysfs_device_tree_model, fs_type, sysfs_type; - -# Date : 2019/10/22 -# Purpose : allow aee_aedv write /sys/module/mrdump/parameters/lbaooo -type sysfs_mrdump_lbaooo, fs_type, sysfs_type; -# Date : 2019/12/12 -# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/* -type sysfs_concurrency_scenario, fs_type, sysfs_type; diff --git a/r_non_plat/file_contexts b/r_non_plat/file_contexts deleted file mode 100644 index 5b8bf0c..0000000 --- a/r_non_plat/file_contexts +++ /dev/null @@ -1,686 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -############################ -# A/B system -/enableswap.sh u:object_r:rootfs:s0 -/factory_init\..* u:object_r:rootfs:s0 -/meta_init\..* u:object_r:rootfs:s0 -/multi_init\..* u:object_r:rootfs:s0 - -############################# -# Custom files -(/vendor)?/custom(/.*)? u:object_r:custom_file:s0 -/dev/socket/netd u:object_r:netd_socket:s0 - - -############################# -# Data files -# -/data/vendor/.tp(/.*)? u:object_r:thermal_manager_data_file:s0 -/data/vendor_de/meta(/.*)? u:object_r:mddb_data_file:s0 -/data/aee_exp(/.*)? u:object_r:aee_exp_data_file:s0 -/data/vendor/aee_exp(/.*)? u:object_r:aee_exp_vendor_file:s0 -/data/vendor/agps_supl(/.*)? u:object_r:agpsd_data_file:s0 -#/data/mnl_flp(/.*)? u:object_r:mnld_data_file:s0 -#/data/mnl_gfc(/.*)? u:object_r:mnld_data_file:s0 -/data/vendor/gps(/.*)? u:object_r:gps_data_file:s0 -/data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0 -/data/vendor/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0 -/data/vendor/mdlpm(/.*)? u:object_r:ccci_data_md1_file:s0 -/data/vendor/flashless(/.*)? u:object_r:c2k_file:s0 -/data/core(/.*)? u:object_r:aee_core_data_file:s0 -/data/vendor/core(/.*)? u:object_r:aee_core_vendor_file:s0 -#/data/dontpanic(/.*)? u:object_r:dontpanic_data_file:s0 -/data/dumpsys(/.*)? u:object_r:aee_dumpsys_data_file:s0 -/data/vendor/dumpsys(/.*)? u:object_r:aee_dumpsys_vendor_file:s0 -/data/extmdl(/.*)? u:object_r:mdlog_data_file:s0 -#/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0 -/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0 -#/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0 -/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0 -/data/mdl(/.*)? u:object_r:mdlog_data_file:s0 -/data/mdl3(/.*)? u:object_r:mdlog_data_file:s0 -#/data/mediaserver(/.*)? u:object_r:mediaserver_data_file:s0 -#/data/mediacodec(/.*)? u:object_r:mediacodec_data_file:s0 -#/data/.tp(/.*)? u:object_r:thermal_manager_data_file:s0 -/data/nfc_socket(/.*)? u:object_r:nfc_socket:s0 -/data/vendor/nfc_socket(/.*)? u:object_r:vendor_nfc_socket:s0 -#/data/nvram(/.*)? u:object_r:nvram_data_file:s0 -#/data/cct(/.*)? u:object_r:cct_data_file:s0 -/data/vendor/md3(/.*)? u:object_r:c2k_file:s0 -#/data/mal(/.*)? u:object_r:mal_data_file:s0 -/data/SF_dump(./*)? u:object_r:sf_bqdump_data_file:s0 -/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 -/data/vendor/data_tmpfs_log(/.*)? u:object_r:vendor_tmpfs_log_file:s0 -#/data/tmp_mnt/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 -#/data/tmp_mnt/vendor/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 -#/data/setkey.conf u:object_r:ims_ipsec_data_file:s0 -#/data/setkey_bak.conf u:object_r:ims_ipsec_data_file:s0 -#/data/setkey_latest.conf u:object_r:ims_ipsec_data_file:s0 -/data/vendor/audiohal(/.*)? u:object_r:mtk_audiohal_data_file:s0 -/data/vendor/powerhal(/.*)? u:object_r:mtk_powerhal_data_file:s0 -#/data/vendor/nfc(/.*)? u:object_r:nfc_data_file:s0 -/data/connsyslog(/.*)? u:object_r:consyslog_data_file:s0 -/data/vendor/stp_dump(/.*)? u:object_r:stp_dump_data_file:s0 -/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 -/data/vendor/dipdebug(/.*)? u:object_r:aee_dipdebug_vendor_file:s0 -/data/vendor/key_provisioning(/.*)? u:object_r:key_install_data_file:s0 -/data/vendor/vcodec(/.*)? u:object_r:vcodec_file:s0 - -# Misc data -#/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0 -/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0 -#/data/misc/ppp(/.*)? u:object_r:ppp_data_file:s0 -#/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0 -/data/vendor/sensor(/.*)? u:object_r:sensor_data_file:s0 -#/data/misc/wpa_supplicant(/.*)? u:object_r:wpa_supplicant_data_file:s0 - -# Wallpaper file for smartbook -/data/system/users/[0-9]+/smartbook_wallpaper u:object_r:wallpaper_file:s0 - -/data/vendor/connsyslog(/.*)? u:object_r:connsyslog_data_vendor_file:s0 - -# nvdata -/mnt/vendor/nvdata(/.*)? u:object_r:nvdata_file:s0 -/mnt/vendor/nvcfg(/.*)? u:object_r:nvcfg_file:s0 - -# protected data file -/mnt/vendor/protect_f(/.*)? u:object_r:protect_f_data_file:s0 -/mnt/vendor/protect_s(/.*)? u:object_r:protect_s_data_file:s0 -/mnt/vendor/persist(/.*)? u:object_r:persist_data_file:s0 - -#fat on nand image -/fat(/.*)? u:object_r:fon_image_data_file:s0 - -########################## -# Devices -# -/dev/aal_als(/.*)? u:object_r:aal_als_device:s0 -/dev/accdet(/.*)? u:object_r:accdet_device:s0 -/dev/AD5820AF(/.*)? u:object_r:AD5820AF_device:s0 -/dev/aed[0-9]+ u:object_r:aed_device:s0 -/dev/ampc0(/.*)? u:object_r:ampc0_device:s0 -/dev/android(/.*)? u:object_r:android_device:s0 -/dev/block/zram0 u:object_r:swap_block_device:s0 -/dev/block/platform/bootdevice/by-name/otp u:object_r:otp_part_block_device:s0 -/dev/bmtpool(/.*)? u:object_r:bmtpool_device:s0 -/dev/bootimg(/.*)? u:object_r:bootimg_device:s0 -/dev/BOOT(/.*)? u:object_r:BOOT_device:s0 -/dev/btif(/.*)? u:object_r:btif_device:s0 -/dev/btn(/.*)? u:object_r:btn_device:s0 -/dev/BU6429AF(/.*)? u:object_r:BU6429AF_device:s0 -/dev/BU64745GWZAF(/.*)? u:object_r:BU64745GWZAF_device:s0 -/dev/MAINAF(/.*)? u:object_r:MAINAF_device:s0 -/dev/MAIN2AF(/.*)? u:object_r:MAIN2AF_device:s0 -/dev/SUBAF(/.*)? u:object_r:SUBAF_device:s0 -/dev/cache(/.*)? u:object_r:cache_device:s0 -/dev/CAM_CAL_DRV(/.*)? u:object_r:CAM_CAL_DRV_device:s0 -/dev/CAM_CAL_DRV1(/.*)? u:object_r:CAM_CAL_DRV1_device:s0 -/dev/CAM_CAL_DRV2(/.*)? u:object_r:CAM_CAL_DRV2_device:s0 -/dev/gz_kree(/.*)? u:object_r:gz_device:s0 -/dev/camera-fdvt(/.*)? u:object_r:camera_fdvt_device:s0 -/dev/camera-isp(/.*)? u:object_r:camera_isp_device:s0 -/dev/camera-dip(/.*)? u:object_r:camera_dip_device:s0 -/dev/camera-dpe(/.*)? u:object_r:camera_dpe_device:s0 -/dev/camera-tsf(/.*)? u:object_r:camera_tsf_device:s0 -/dev/camera-rsc(/.*)? u:object_r:camera_rsc_device:s0 -/dev/camera-gepf(/.*)? u:object_r:camera_gepf_device:s0 -/dev/camera-wpe(/.*)? u:object_r:camera_wpe_device:s0 -/dev/camera-owe(/.*)? u:object_r:camera_owe_device:s0 -/dev/camera-mfb(/.*)? u:object_r:camera_mfb_device:s0 -/dev/camera-pipemgr(/.*)? u:object_r:camera_pipemgr_device:s0 -/dev/camera-sysram(/.*)? u:object_r:camera_sysram_device:s0 -/dev/ccu(/.*)? u:object_r:ccu_device:s0 -/dev/vpu(/.*)? u:object_r:vpu_device:s0 -/dev/mdlactl(/.*)? u:object_r:mdla_device:s0 -/dev/ccci_monitor u:object_r:ccci_monitor_device:s0 -/dev/ccci.* u:object_r:ccci_device:s0 -/dev/cpu_dma_latency(/.*)? u:object_r:cpu_dma_latency_device:s0 -/dev/devmap(/.*)? u:object_r:devmap_device:s0 -/dev/dri(/.*)? u:object_r:gpu_device:s0 -/dev/dummy_cam_cal(/.*)? u:object_r:dummy_cam_cal_device:s0 -/dev/DW9714AF(/.*)? u:object_r:DW9714AF_device:s0 -/dev/DW9814AF(/.*)? u:object_r:DW9814AF_device:s0 -/dev/AK7345AF(/.*)? u:object_r:AK7345AF_device:s0 -/dev/DW9714A(/.*)? u:object_r:DW9714A_device:s0 -/dev/DW9718AF(/.*)? u:object_r:DW9718AF_device:s0 -/dev/WV511AAF(/.*)? u:object_r:lens_device:s0 -/dev/ebc(/.*)? u:object_r:ebc_device:s0 -/dev/usip(/.*)? u:object_r:ebc_device:s0 -/dev/ebr[0-9]+ u:object_r:ebr_device:s0 -/dev/eemcs.* u:object_r:eemcs_device:s0 -/dev/emd.* u:object_r:emd_device:s0 -/dev/etb u:object_r:etb_device:s0 -/dev/exm0(/.*)? u:object_r:exm0_device:s0 -/dev/expdb(/.*)? u:object_r:expdb_device:s0 -/dev/fat(/.*)? u:object_r:fat_device:s0 -/dev/FM50AF(/.*)? u:object_r:FM50AF_device:s0 -/dev/fm(/.*)? u:object_r:fm_device:s0 -/dev/fw_log_wmt u:object_r:fw_log_wmt_device:s0 -/dev/fw_log_wifi u:object_r:fw_log_wifi_device:s0 -#/dev/gps(/.*)? u:object_r:gps_device:s0 -/dev/geofence(/.*)? u:object_r:geo_device:s0 -/dev/fw_log_gps u:object_r:fw_log_gps_device:s0 -#/dev/mt3337_gpsonly u:object_r:gps_device:s0 -/dev/hdmitx(/.*)? u:object_r:graphics_device:s0 -/dev/hid-keyboard(/.*)? u:object_r:hid_keyboard_device:s0 -/dev/ion(/.*)? u:object_r:ion_device:s0 -/dev/kd_camera_flashlight(/.*)? u:object_r:kd_camera_flashlight_device:s0 -/dev/flashlight(/.*)? u:object_r:flashlight_device:s0 -/dev/kd_camera_hw_bus2(/.*)? u:object_r:kd_camera_hw_bus2_device:s0 -/dev/kd_camera_hw(/.*)? u:object_r:kd_camera_hw_device:s0 -/dev/seninf(/.*)? u:object_r:seninf_device:s0 -/dev/LC898122AF(/.*)? u:object_r:LC898122AF_device:s0 -/dev/LC898212AF(/.*)? u:object_r:LC898212AF_device:s0 -/dev/logo(/.*)? u:object_r:logo_device:s0 -/dev/loop-control(/.*)? u:object_r:loop-control_device:s0 -/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0 -/dev/mali.* u:object_r:gpu_device:s0 -/dev/MATV(/.*)? u:object_r:MATV_device:s0 -/dev/mbr(/.*)? u:object_r:mbr_device:s0 -/dev/md32(/.*)? u:object_r:md32_device:s0 -/dev/scp(/.*)? u:object_r:scp_device:s0 -/dev/scp_B(/.*)? u:object_r:scp_device:s0 -/dev/sspm(/.*)? u:object_r:sspm_device:s0 -/dev/misc-sd(/.*)? u:object_r:misc_sd_device:s0 -/dev/misc(/.*)? u:object_r:misc_device:s0 -/dev/misc2(/.*)? u:object_r:misc2_device:s0 -/dev/MJC(/.*)? u:object_r:MJC_device:s0 -/dev/mmp(/.*)? u:object_r:mmp_device:s0 -/dev/MT6516_H264_DEC(/.*)? u:object_r:MT6516_H264_DEC_device:s0 -/dev/mt6516-IDP(/.*)? u:object_r:mt6516_IDP_device:s0 -/dev/MT6516_Int_SRAM(/.*)? u:object_r:MT6516_Int_SRAM_device:s0 -/dev/mt6516-isp(/.*)? u:object_r:mt6516_isp_device:s0 -/dev/mt6516_jpeg(/.*)? u:object_r:mt6516_jpeg_device:s0 -/dev/MT6516_MM_QUEUE(/.*)? u:object_r:MT6516_MM_QUEUE_device:s0 -/dev/MT6516_MP4_DEC(/.*)? u:object_r:MT6516_MP4_DEC_device:s0 -/dev/MT6516_MP4_ENC(/.*)? u:object_r:MT6516_MP4_ENC_device:s0 -/dev/mt6605 u:object_r:mt6605_device:s0 -/dev/st21nfc u:object_r:st21nfc_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/mt9p012(/.*)? u:object_r:mt9p012_device:s0 -/dev/mtfreqhopping(/.*)? u:object_r:mtfreqhopping_device:s0 -/dev/mtgpio(/.*)? u:object_r:mtgpio_device:s0 -/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0 -/dev/mtk_disp.* u:object_r:graphics_device:s0 -/dev/mtkfb_vsync(/.*)? u:object_r:graphics_device:s0 -/dev/mtkg2d(/.*)? u:object_r:mtkg2d_device:s0 -/dev/mtk_jpeg(/.*)? u:object_r:mtk_jpeg_device:s0 -/dev/mtk-kpd(/.*)? u:object_r:mtk_kpd_device:s0 -/dev/mtk_sched(/.*)? u:object_r:mtk_sched_device:s0 -/dev/MTK_SMI(/.*)? u:object_r:MTK_SMI_device:s0 -/dev/mtk_cmdq(/.*)? u:object_r:mtk_cmdq_device:s0 -/dev/mdp_device(/.*)? u:object_r:mdp_device:s0 -/dev/mdp_sync(/.*)? u:object_r:mtk_mdp_device:s0 -/dev/mtk_rrc(/.*)? u:object_r:mtk_rrc_device:s0 -/dev/mtk_dfrc(/.*)? u:object_r:mtk_dfrc_device:s0 -/dev/mt-mdp(/.*)? u:object_r:mt_mdp_device:s0 -/dev/mt_otg_test(/.*)? u:object_r:mt_otg_test_device:s0 -/dev/MT_pmic_adc_cali u:object_r:MT_pmic_adc_cali_device:s0 -/dev/MT_pmic_adc_cali(/.*)? u:object_r:MT_pmic_cali_device:s0 -/dev/MT_pmic(/.*)? u:object_r:MT_pmic_device:s0 -/dev/network.* u:object_r:network_device:s0 -/dev/nvram(/.*)? u:object_r:nvram_device:s0 -/dev/nxpspk(/.*)? u:object_r:smartpa_device:s0 -/dev/otp u:object_r:otp_device:s0 -/dev/pmem_multimedia(/.*)? u:object_r:pmem_multimedia_device:s0 -/dev/pmt(/.*)? u:object_r:pmt_device:s0 -/dev/preloader(/.*)? u:object_r:preloader_device:s0 -/dev/pro_info(/.*)? u:object_r:pro_info_device:s0 -/dev/protect_f(/.*)? u:object_r:protect_f_device:s0 -/dev/protect_s(/.*)? u:object_r:protect_s_device:s0 -/dev/psaux(/.*)? u:object_r:psaux_device:s0 -/dev/ptmx(/.*)? u:object_r:ptmx_device:s0 -/dev/ptyp.* u:object_r:ptyp_device:s0 -/dev/pvr_sync(/.*)? u:object_r:gpu_device:s0 -/dev/qemu_pipe(/.*)? u:object_r:qemu_pipe_device:s0 -/dev/recovery(/.*)? u:object_r:recovery_device:s0 -/dev/rfkill(/.*)? u:object_r:rfkill_device:s0 -/dev/rtc[0-9]+ u:object_r:rtc_device:s0 -/dev/RT_Monitor(/.*)? u:object_r:RT_Monitor_device:s0 -/dev/kick_powerkey(/.*)? u:object_r:kick_powerkey_device:s0 -/dev/seccfg(/.*)? u:object_r:seccfg_device:s0 -/dev/sec_ro(/.*)? u:object_r:sec_ro_device:s0 -/dev/sec(/.*)? u:object_r:sec_device:s0 -/dev/tee1 u:object_r:tee_part_device:s0 -/dev/tee2 u:object_r:tee_part_device:s0 -/dev/sensor(/.*)? u:object_r:sensor_device:s0 -/dev/smartpa_i2c(/.*)? u:object_r:smartpa1_device:s0 -/dev/snapshot(/.*)? u:object_r:snapshot_device:s0 -/dev/socket/adbd(/.*)? u:object_r:adbd_socket:s0 -/dev/socket/agpsd2(/.*)? u:object_r:agpsd_socket:s0 -/dev/socket/agpsd3(/.*)? u:object_r:agpsd_socket:s0 -/dev/socket/agpsd(/.*)? u:object_r:agpsd_socket:s0 -/dev/socket/atci-audio(/.*)? u:object_r:atci-audio_socket:s0 -/dev/socket/backuprestore(/.*)? u:object_r:backuprestore_socket:s0 -/dev/socket/dfo(/.*)? u:object_r:dfo_socket:s0 -/dev/socket/dnsproxyd(/.*)? u:object_r:dnsproxyd_socket:s0 -/dev/socket/dumpstate(/.*)? u:object_r:dumpstate_socket:s0 -/dev/socket/mdnsd(/.*)? u:object_r:mdnsd_socket:s0 -/dev/socket/mdns(/.*)? u:object_r:mdns_socket:s0 -/dev/socket/mnld(/.*)? u:object_r:mnld_socket:s0 -/dev/socket/netdiag(/.*)? u:object_r:netdiag_socket:s0 -/dev/socket/netd(/.*)? u:object_r:netd_socket:s0 -/dev/socket/mrild(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/mrild2(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/mrild3(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/rild-atci u:object_r:gsmrild_socket:s0 -/dev/socket/rild-mbim(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/msap_uim_socket1(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/msap_uim_socket2(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/sap_uim_socket(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/msap_c2k_socket1(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/msap_c2k_socket2(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/msap_c2k_socket3(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/msap_c2k_socket4(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/sap_uim_socket1(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/sap_uim_socket2(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/sap_uim_socket3(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/sap_uim_socket4(/.*)? u:object_r:gsmrild_socket:s0 -/dev/socket/rild2-md2(/.*)? u:object_r:rild2_md2_socket:s0 -/dev/socket/rild2(/.*)? u:object_r:rild2_socket:s0 -/dev/socket/rild3(/.*)? u:object_r:rild3_socket:s0 -/dev/socket/rild4(/.*)? u:object_r:rild4_socket:s0 -/dev/socket/rild-mal(/.*)? u:object_r:rild_mal_socket:s0 -/dev/socket/rild-mal-at(/.*)? u:object_r:rild_mal_at_socket:s0 -/dev/socket/rild-mal-md2(/.*)? u:object_r:rild_mal_md2_socket:s0 -/dev/socket/rild-mal-at-md2(/.*)? u:object_r:rild_mal_at_md2_socket:s0 -/dev/socket/rild-ims(/.*)? u:object_r:rild_ims_socket:s0 -/dev/socket/volte_imsm_dongle(/.*)? u:object_r:rild_imsm_socket:s0 -/dev/socket/rild-vsim(/.*)? u:object_r:rild_vsim_socket:s0 -/dev/socket/rild-vsim2(/.*)? u:object_r:rild_vsim_socket:s0 -/dev/socket/rild-vsim3(/.*)? u:object_r:rild_vsim_socket:s0 -/dev/socket/rild-vsim-md2(/.*)? u:object_r:rild_vsim_md2_socket:s0 -/dev/socket/rild-ctclient u:object_r:rild_ctclient_socket:s0 -/dev/socket/rild-debug-md2(/.*)? u:object_r:rild_debug_md2_socket:s0 -/dev/socket/rild-debug(/.*)? u:object_r:rild_debug_socket:s0 -/dev/socket/rild-dongle(/.*)? u:object_r:rild-dongle_socket:s0 -/dev/socket/rild-md2(/.*)? u:object_r:rild_md2_socket:s0 -/dev/socket/rild-mtk-modem-md2(/.*)? u:object_r:rild_mtk_modem_md2_socket:s0 -/dev/socket/rild-mtk-modem(/.*)? u:object_r:rild_mtk_modem_socket:s0 -/dev/socket/rild-mtk-ut-2-md2(/.*)? u:object_r:rild_mtk_ut_2_md2_socket:s0 -/dev/socket/rild-mtk-ut-2(/.*)? u:object_r:rild_mtk_ut_2_socket:s0 -/dev/socket/rild-mtk-ut-md2(/.*)? u:object_r:rild_mtk_ut_md2_socket:s0 -/dev/socket/rild-mtk-ut(/.*)? u:object_r:rild_mtk_ut_socket:s0 -/dev/socket/rild-oem-md2(/.*)? u:object_r:rild_oem_md2_socket:s0 -/dev/socket/rild-oem(/.*)? u:object_r:rild_oem_socket:s0 -/dev/socket/rild(/.*)? u:object_r:rild_socket:s0 -/dev/socket/rild-via u:object_r:rild_via_socket:s0 -/dev/socket/rildc-debug u:object_r:rild_via_socket:s0 -/dev/socket/rild-atci-c2k u:object_r:rild_via_socket:s0 -/dev/socket/mal-mfi(/.*)? u:object_r:mal_mfi_socket:s0 -/dev/socket/mal-mfi-dongle(/.*)? u:object_r:mal_mfi_socket:s0 -/dev/socket/rpc u:object_r:rpc_socket:s0 -/dev/socket/soc_vt_stk(/.*)? u:object_r:soc_vt_stk_socket:s0 -/dev/socket/soc_vt_svc(/.*)? u:object_r:soc_vt_svc_socket:s0 -/dev/socket/soc_vt_tcv(/.*)? u:object_r:soc_vt_tcv_socket:s0 -/dev/socket/sysctl(/.*)? u:object_r:sysctl_socket:s0 -/dev/socket/volte_vt(/.*)? u:object_r:volte_vt_socket:s0 -/dev/socket/wpa_wlan0(/.*)? u:object_r:wpa_wlan0_socket:s0 -/dev/stpant(/.*)? u:object_r:stpant_device:s0 -/dev/stpbt(/.*)? u:object_r:stpbt_device:s0 -/dev/fw_log_bt u:object_r:fw_log_bt_device:s0 -/dev/stpgps u:object_r:mnld_device:s0 -/dev/stpgps(/.*)? u:object_r:stpgps_device:s0 -/dev/gpsdl0 u:object_r:mnld_device:s0 -/dev/gpsdl0(/.*)? u:object_r:gpsdl_device:s0 -/dev/gpsdl1 u:object_r:mnld_device:s0 -/dev/gpsdl1(/.*)? u:object_r:gpsdl_device:s0 -/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0 -/dev/sw_sync(/.*)? u:object_r:sw_sync_device:s0 -/dev/tgt(/.*)? u:object_r:tgt_device:s0 -/dev/touch(/.*)? u:object_r:touch_device:s0 -/dev/tpd_em_log(/.*)? u:object_r:tpd_em_log_device:s0 -/dev/ttyC0 u:object_r:gsm0710muxd_device:s0 -/dev/ttyC1 u:object_r:mdlog_device:s0 -/dev/ttyC2 u:object_r:agps_device:s0 -/dev/ttyC3 u:object_r:icusb_device:s0 -/dev/ttyC6 u:object_r:nlop_device:s0 -/dev/ttyGS.* u:object_r:ttyGS_device:s0 -/dev/ttyMT.* u:object_r:ttyMT_device:s0 -/dev/ttyS.* u:object_r:ttyS_device:s0 -/dev/ttyp.* u:object_r:ttyp_device:s0 -/dev/ttySDIO.* u:object_r:ttySDIO_device:s0 -/dev/ttyUSB0 u:object_r:tty_device:s0 -/dev/ttyUSB1 u:object_r:tty_device:s0 -/dev/ttyUSB2 u:object_r:tty_device:s0 -/dev/ttyUSB3 u:object_r:tty_device:s0 -/dev/ttyUSB4 u:object_r:tty_device:s0 -/dev/TV-out(/.*)? u:object_r:TV_out_device:s0 -/dev/uboot(/.*)? u:object_r:uboot_device:s0 -/dev/uibc(/.*)? u:object_r:uibc_device:s0 -/dev/uinput(/.*)? u:object_r:uinput_device:s0 -/dev/uio0(/.*)? u:object_r:uio0_device:s0 -/dev/usrdata(/.*)? u:object_r:usrdata_device:s0 -/dev/Vcodec(/.*)? u:object_r:Vcodec_device:s0 -/dev/vmodem u:object_r:vmodem_device:s0 -/dev/vow(/.*)? u:object_r:vow_device:s0 -/dev/wmtdetect(/.*)? u:object_r:wmtdetect_device:s0 -/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0 -/dev/ancservice(/.*)? u:object_r:ancservice_device:s0 -/dev/offloadservice(/.*)? u:object_r:offloadservice_device:s0 -/dev/audio_ipi(/.*)? u:object_r:audio_ipi_device:s0 -/dev/adsp(/.*)? u:object_r:adsp_device:s0 -/dev/audio_scp(/.*)? u:object_r:audio_scp_device:s0 -/dev/irtx u:object_r:irtx_device:s0 -/dev/spm(/.*)? u:object_r:spm_device:s0 -/dev/xt_qtaguid(/.*)? u:object_r:xt_qtaguid_device:s0 -/dev/pmic_ftm(/.*)? u:object_r:pmic_ftm_device:s0 -/dev/charger_ftm(/.*)? u:object_r:charger_ftm_device:s0 -/dev/shf u:object_r:shf_device:s0 -/dev/ttyACM0 u:object_r:ttyACM_device:s0 -/dev/hrm u:object_r:hrm_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/nebula-ipc-dev0 u:object_r:tee_device:s0 -/dev/mbim u:object_r:mbim_device:s0 -/dev/alarm(/.*)? u:object_r:alarm_device:s0 -########################## -# Sensor common Devices Start -# -/dev/als_ps(/.*)? u:object_r:als_ps_device:s0 -/dev/barometer(/.*)? u:object_r:barometer_device:s0 -/dev/humidity(/.*)? u:object_r:humidity_device:s0 -/dev/gsensor(/.*)? u:object_r:gsensor_device:s0 -/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0 -/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0 -/dev/msensor(/.*)? u:object_r:msensor_device:s0 -/dev/biometric(/.*)? u:object_r:biometric_device:s0 -/dev/sensorlist(/.*)? u:object_r:sensorlist_device:s0 -########################## -# Sensor Devices Start -# -/dev/m_batch_misc(/.*)? u:object_r:m_batch_misc_device:s0 -########################## -# Sensor bio Devices Start -# -/dev/m_als_misc(/.*)? u:object_r:m_als_misc_device:s0 -/dev/m_ps_misc(/.*)? u:object_r:m_ps_misc_device:s0 -/dev/m_baro_misc(/.*)? u:object_r:m_baro_misc_device:s0 -/dev/m_hmdy_misc(/.*)? u:object_r:m_hmdy_misc_device:s0 -/dev/m_acc_misc(/.*)? u:object_r:m_acc_misc_device:s0 -/dev/m_mag_misc(/.*)? u:object_r:m_mag_misc_device:s0 -/dev/m_gyro_misc(/.*)? u:object_r:m_gyro_misc_device:s0 -/dev/m_act_misc(/.*)? u:object_r:m_act_misc_device:s0 -/dev/m_pedo_misc(/.*)? u:object_r:m_pedo_misc_device:s0 -/dev/m_situ_misc(/.*)? u:object_r:m_situ_misc_device:s0 -/dev/m_step_c_misc(/.*)? u:object_r:m_step_c_misc_device:s0 -/dev/m_fusion_misc(/.*)? u:object_r:m_fusion_misc_device:s0 -/dev/m_bio_misc(/.*)? u:object_r:m_bio_misc_device:s0 - -# block partition definitions -/dev/block/mmcblk0boot0 u:object_r:preloader_block_device:s0 -/dev/block/mmcblk0boot1 u:object_r:preloader_block_device:s0 -/dev/block/sda u:object_r:preloader_block_device:s0 -/dev/block/sdb u:object_r:preloader_block_device:s0 -/dev/block/mmcblk0 u:object_r:bootdevice_block_device:s0 -/dev/block/sdc u:object_r:bootdevice_block_device:s0 -/dev/block/mmcblk1 u:object_r:mmcblk1_block_device:s0 -/dev/block/mmcblk1p1 u:object_r:mmcblk1p1_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/proinfo u:object_r:nvram_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvram u:object_r:nvram_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvdata u:object_r:nvdata_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/expdb u:object_r:expdb_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/misc2 u:object_r:misc2_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/logo u:object_r:logo_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/para u:object_r:para_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/seccfg u:object_r:seccfg_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/secro u:object_r:secro_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/system u:object_r:system_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/cache u:object_r:cache_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/recovery u:object_r:recovery_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/protect1 u:object_r:protect1_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/protect2 u:object_r:protect2_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/keystore u:object_r:keystore_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/oemkeystore u:object_r:oemkeystore_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/boot u:object_r:boot_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvcfg u:object_r:nvcfg_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/ppl u:object_r:ppl_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/sec1 u:object_r:sec1_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/boot_para u:object_r:boot_para_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/boot(_[ab])? u:object_r:boot_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/system(_[ab])? u:object_r:system_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/odm(_[ab])? u:object_r:odm_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/oem(_[ab])? u:object_r:oem_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/vendor(_[ab])? u:object_r:vendor_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/lk(_[ab])? u:object_r:lk_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/odmdtbo(_[ab])? u:object_r:dtbo_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/dtbo(_[ab])? u:object_r:dtbo_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/tee([12]|_[ab]) u:object_r:tee_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md1img(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md1dsp(_[ab])? u:object_r:dsp_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md1arm7(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/md3img(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/scp(_[ab])? u:object_r:scp_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/sspm(_[ab])? u:object_r:sspm_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/spmfw(_[ab])? u:object_r:spmfw_block_device:s0 -/dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/vbmeta(_system|_vendor)?(_[ab])? u:object_r:vbmeta_block_device:s0 - -/dev/block/platform/bootdevice/by-name/proinfo u:object_r:nvram_device:s0 -/dev/block/platform/bootdevice/by-name/nvram u:object_r:nvram_device:s0 -/dev/block/platform/bootdevice/by-name/nvdata u:object_r:nvdata_device:s0 -/dev/block/platform/bootdevice/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/bootdevice/by-name/expdb u:object_r:expdb_block_device:s0 -/dev/block/platform/bootdevice/by-name/misc2 u:object_r:misc2_block_device:s0 -/dev/block/platform/bootdevice/by-name/logo u:object_r:logo_block_device:s0 -/dev/block/platform/bootdevice/by-name/para u:object_r:para_block_device:s0 -/dev/block/platform/bootdevice/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/bootdevice/by-name/seccfg u:object_r:seccfg_block_device:s0 -/dev/block/platform/bootdevice/by-name/secro u:object_r:secro_block_device:s0 -/dev/block/platform/bootdevice/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/bootdevice/by-name/cache u:object_r:cache_block_device:s0 -/dev/block/platform/bootdevice/by-name/recovery u:object_r:recovery_block_device:s0 -/dev/block/platform/bootdevice/by-name/protect1 u:object_r:protect1_block_device:s0 -/dev/block/platform/bootdevice/by-name/protect2 u:object_r:protect2_block_device:s0 -/dev/block/platform/bootdevice/by-name/keystore u:object_r:keystore_block_device:s0 -/dev/block/platform/bootdevice/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/bootdevice/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/bootdevice/by-name/nvcfg u:object_r:nvcfg_block_device:s0 -/dev/block/platform/bootdevice/by-name/sec1 u:object_r:sec1_block_device:s0 -/dev/block/platform/bootdevice/by-name/boot_para u:object_r:boot_para_block_device:s0 -/dev/block/platform/bootdevice/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/bootdevice/by-name/cam_vpu[1-3](_[ab])? u:object_r:cam_vpu_block_device:s0 -/dev/block/platform/bootdevice/by-name/system(_[ab])? u:object_r:system_block_device:s0 -/dev/block/platform/bootdevice/by-name/boot(_[ab])? u:object_r:boot_block_device:s0 -/dev/block/platform/bootdevice/by-name/odm(_[ab])? u:object_r:odm_block_device:s0 -/dev/block/platform/bootdevice/by-name/oem(_[ab])? u:object_r:oem_block_device:s0 -/dev/block/platform/bootdevice/by-name/vendor(_[ab])? u:object_r:vendor_block_device:s0 -/dev/block/platform/bootdevice/by-name/lk(_[ab])? u:object_r:lk_block_device:s0 -/dev/block/platform/bootdevice/by-name/odmdtbo(_[ab])? u:object_r:dtbo_block_device:s0 -/dev/block/platform/bootdevice/by-name/dtbo(_[ab])? u:object_r:dtbo_block_device:s0 -/dev/block/platform/bootdevice/by-name/tee([12]|_[ab]) u:object_r:tee_block_device:s0 -/dev/block/platform/bootdevice/by-name/md1img(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/bootdevice/by-name/md1dsp(_[ab])? u:object_r:dsp_block_device:s0 -/dev/block/platform/bootdevice/by-name/md1arm7(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/bootdevice/by-name/md3img(_[ab])? u:object_r:md_block_device:s0 -/dev/block/platform/bootdevice/by-name/scp(_[ab])? u:object_r:scp_block_device:s0 -/dev/block/platform/bootdevice/by-name/sspm(_[ab])? u:object_r:sspm_block_device:s0 -/dev/block/platform/bootdevice/by-name/spmfw(_[ab])? u:object_r:spmfw_block_device:s0 -/dev/block/platform/bootdevice/by-name/mcupmfw(_[ab])? u:object_r:mcupmfw_block_device:s0 -/dev/block/platform/bootdevice/by-name/loader_ext(_[ab])? u:object_r:loader_ext_block_device:s0 -/dev/block/platform/bootdevice/by-name/vbmeta(_system|_vendor)?(_[ab])? u:object_r:vbmeta_block_device:s0 - -# Key manager -/dev/block/platform/soc/[0-9]+\.mmc/by-name/kb u:object_r:kb_block_device:s0 -/dev/block/platform/soc/[0-9]+\.mmc/by-name/dkb u:object_r:dkb_block_device:s0 - -# W19.23 Q new feature - Userdata Checkpoint -/dev/block/by-name/md_udc u:object_r:metadata_block_device:s0 - -############################# -# System files -# -/(system\/vendor|vendor)/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0 -/(system\/vendor|vendor)/bin/stp_dump3 u:object_r:stp_dump3_exec:s0 -/(system\/vendor|vendor)/bin/wmt_launcher u:object_r:mtk_wmt_launcher_exec:s0 -/(system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0 -/(system\/vendor|vendor)/bin/fuelgauged u:object_r:fuelgauged_exec:s0 -/(system\/vendor|vendor)/bin/fuelgauged_nvram u:object_r:fuelgauged_nvram_exec:s0 -/(system\/vendor|vendor)/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0 -/(system\/vendor|vendor)/bin/mmc_ffu u:object_r:mmc_ffu_exec:s0 -/(system\/vendor|vendor)/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0 -/(system\/vendor|vendor)/bin/MtkCodecService u:object_r:MtkCodecService_exec:s0 -/(system\/vendor|vendor)/bin/mtkrild u:object_r:mtkrild_exec:s0 -/(system\/vendor|vendor)/bin/muxreport u:object_r:muxreport_exec:s0 -/(system\/vendor|vendor)/bin/nvram_agent_binder u:object_r:nvram_agent_binder_exec:s0 -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.nvram@(.*)-service u:object_r:nvram_agent_binder_exec:s0 -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.nvram@(.*)-service-lazy u:object_r:nvram_agent_binder_exec:s0 -/(system\/vendor|vendor)/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0 -/(system\/vendor|vendor)/bin/slpd u:object_r:slpd_exec:s0 -/(system\/vendor|vendor)/bin/thermal_manager u:object_r:thermal_manager_exec:s0 -/(system\/vendor|vendor)/bin/thermalloadalgod u:object_r:thermalloadalgod_exec:s0 -/(system\/vendor|vendor)/bin/lbs_hidl_service u:object_r:lbs_hidl_service_exec:s0 -/(system\/vendor|vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0 -/(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0 - -/(system\/vendor|vendor)/bin/fm_hidl_service u:object_r:fm_hidl_service_exec:s0 -/(system\/vendor|vendor)/bin/wlan_assistant u:object_r:wlan_assistant_exec:s0 -/(system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0 -/(system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0 -/(system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0 -/(system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0 - -/(system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0 -#/system/bin/connsyslogger u:object_r:connsyslogger_exec:s0 - -/(system\/vendor|vendor)/bin/biosensord_nvram u:object_r:biosensord_nvram_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-mediatek u:object_r:mtk_hal_bluetooth_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.gnss@2\.0-service-mediatek u:object_r:mtk_hal_gnss_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.audio@5\.0-service-mediatek u:object_r:mtk_hal_audio_exec:s0 -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkpower@1\.0-service u:object_r:mtk_hal_power_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.sensors@1\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.sensors@2\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0 -/(system\/vendor|vendor)/bin/hw/rilproxy u:object_r:rild_exec:s0 -/(system\/vendor|vendor)/bin/hw/mtkfusionrild u:object_r:rild_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.light@2\.0-service-mediatek u:object_r:mtk_hal_light_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.light@2\.0-service-mediatek-lazy u:object_r:mtk_hal_light_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek u:object_r:hal_vibrator_default_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek-lazy u:object_r:hal_vibrator_default_exec:s0 -/(system\/vendor|vendor)/bin/hw/camerahalserver u:object_r:mtk_hal_camera_exec:s0 -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.imsa@1\.0-service u:object_r:mtk_hal_imsa_exec:s0 - -# Google Trusty system files -/(vendor|system\/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0 - -#PQ hal -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.pq@2\.2-service u:object_r:mtk_hal_pq_exec:s0 -#MMS hal -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.3-service u:object_r:mtk_hal_mms_exec:s0 -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.mms@1\.3-service-lazy u:object_r:mtk_hal_mms_exec:s0 -# Keymaster Attestation Hal -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.keymaster_attestation@1\.1-service u:object_r:hal_keymaster_attestation_exec:s0 -#ST NFC 1.2 hidl service -/(system\/vendor|vendor)/bin/hw/android\.hardware\.nfc@1\.2-service-st u:object_r:hal_nfc_default_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service-st54spi u:object_r:st54spi_hal_secure_element_exec:s0 -# MTK Wifi Hal -/(system\/vendor|vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-mediatek u:object_r:mtk_hal_wifi_exec:s0 -/(system\/vendor|vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-lazy-mediatek u:object_r:mtk_hal_wifi_exec:s0 -# MTK USB hal -/(system\/vendor|vendor)/bin/hw/android\.hardware\.usb@1\.1-service-mediatek u:object_r:mtk_hal_usb_exec:s0 -# MTK OMAPI for UICC -/(system\/vendor|vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service-mediatek u:object_r:mtk_hal_secure_element_exec:s0 - -#gpu hal -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.gpu@1\.0-service u:object_r:mtk_hal_gpu_exec:s0 - -############################# -# System/bin files - -#hidl process merging -/(system\/vendor|vendor)/bin/hw/merged_hal_service u:object_r:merged_hal_service_exec:s0 - - -############################################### -# same-process HAL files and their dependencies -# -/vendor/lib(64)?/hw/gralloc\.mt[0-9]+[a-z]*\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/hw/vulkan\.mt[0-9]+\.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/libIMGegl\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libglslcompiler\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libPVRScopeServices\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libsrv_um\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libmpvr\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libusc\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libtqvalidate\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libPVROCL\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libufwriter\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libmemtrack_GL\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libPVRTrace\.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/libGLES_mali\.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/libgralloc_extra\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libgpu_aux\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libgpud\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libged\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libion_mtk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libion_ulit\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/mtk_cache\.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2\.1\.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/libdpframework\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libpq_cust_base\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/vendor\.mediatek\.hardware\.pq@[0-9]\.[0-9]\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libpq_prot\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libhdrvideo\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libscltm\.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/vendor\.mediatek\.hardware\.gpu@1\.0.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/libladder\.so u:object_r:same_process_hal_file:s0 - -/vendor/lib(64)?/libtflite_mtk.so u:object_r:same_process_hal_file:s0 - -/vendor/bin/hw/vendor\.mediatek\.hardware\.log@1\.0-service u:object_r:aee_hal_exec:s0 - -/vendor/bin/loghidlvendorservice u:object_r:loghidlvendorservice_exec:s0 - -/vendor/bin/em_hidl u:object_r:em_hidl_exec:s0 - -/vendor/bin/hw/modemdbfilter_service u:object_r:modemdbfilter_service_exec:s0 - -# Date: 2018/07/06 -# Purpose for same-process HAL files and their dependencies: libGLES_mali.so need libm4u.so on mali GPU. -/vendor/lib(64)?/libm4u\.so u:object_r:same_process_hal_file:s0 - -# Date: 2018/12/04 -# Purpose: Neuron runtime API and the dependencies -/vendor/lib(64)?/libneuron_platform.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libion_mtk.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/mtk_cache.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libvpu.so u:object_r:same_process_hal_file:s0 - -# Date: 2019/01/21 -# Purpose: OpenCL feature requirments -/vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0 - -#MRDUMP -/dev/block/platform/bootdevice/by-name/mrdump(/.*)? u:object_r:mrdump_device:s0 - -# Date: 2019/07/16 -# hdmi hal -/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.hdmi@1\.0-service u:object_r:mtk_hal_hdmi_exec:s0 - -#Widevine drm hal(include lazy hal) -/vendor/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0 -/vendor/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service-lazy\.widevine u:object_r:hal_drm_widevine_exec:s0 -#Cleaarkey hal(include lazy hal) -/vendor/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 -/vendor/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service-lazy\.clearkey u:object_r:hal_drm_clearkey_exec:s0 - - -# Date : 2019/10/28 -# Purpose : move these contexts from plat_private/file_contexts -/(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0 -/(system\/vendor|vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0 -/vendor/bin/aeev u:object_r:aee_aedv_exec:s0 diff --git a/r_non_plat/fm_hidl_service.te b/r_non_plat/fm_hidl_service.te deleted file mode 100644 index 30509ca..0000000 --- a/r_non_plat/fm_hidl_service.te +++ /dev/null @@ -1,19 +0,0 @@ -# Set a new domain -type fm_hidl_service, domain; - -# Set domain as server domain of mtk_hal_fm -hal_server_domain(fm_hidl_service, mtk_hal_fm) - -# Set exec file type -type fm_hidl_service_exec, exec_type, vendor_file_type, file_type; - -# Setup for domain transition -init_daemon_domain(fm_hidl_service) - -#add_hwservice(hal_fm_server, mtk_hal_fm_service) - -vndbinder_use(fm_hidl_service) - -#r_dir_file(fm_hidl_service, system_file) - -allow fm_hidl_service fm_device:chr_file { rw_file_perms };
\ No newline at end of file diff --git a/r_non_plat/fsck.te b/r_non_plat/fsck.te deleted file mode 100644 index 635d3c7..0000000 --- a/r_non_plat/fsck.te +++ /dev/null @@ -1,18 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK15.29 -# Operation : Migration -# Purpose : file system check for protect1/protect2/nvdata/persist/nvcfg block devices. -allow fsck protect1_block_device:blk_file rw_file_perms; -allow fsck protect2_block_device:blk_file rw_file_perms; -allow fsck nvdata_device:blk_file rw_file_perms; -allow fsck persist_block_device:blk_file rw_file_perms; -allow fsck nvcfg_block_device:blk_file rw_file_perms; -allow fsck odm_block_device:blk_file rw_file_perms; -allow fsck oem_block_device:blk_file rw_file_perms; - -# Date : WK17.12 -# Purpose: Fix bootup fail -allow fsck system_block_device:blk_file getattr; diff --git a/r_non_plat/fuelgauged.te b/r_non_plat/fuelgauged.te deleted file mode 100644 index 332043a..0000000 --- a/r_non_plat/fuelgauged.te +++ /dev/null @@ -1,71 +0,0 @@ -# ============================================== -# Policy File of /system/bin/fuelgauged Executable File - -# ============================================== -# Type Declaration -# ============================================== -type fuelgauged ,domain; -type fuelgauged_exec , exec_type, file_type, vendor_file_type; -type fuelgauged_file, file_type, data_file_type; - -# ============================================== -# Android Policy Rule -# ============================================== - -# ============================================== -# NSA Policy Rule -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(fuelgauged) - -# Data : WK14.43 -# Operation : Migration -# Purpose : Fuel Gauge daemon for access driver node -allow fuelgauged input_device:dir rw_dir_perms; -allow fuelgauged input_device:file r_file_perms; - -# Data : WK14.43 -# Operation : Migration -# Purpose : For meta tool calibration -allow fuelgauged mtk-adc-cali_device:chr_file rw_file_perms; - -# Data : WK14.43 -# Operation : Migration -# Purpose : For fg.log can be printed with kernel log -allow fuelgauged kmsg_device:chr_file w_file_perms; - -# Data : WK14.43 -# Operation : Migration -# Purpose : For fg daemon can comminucate with kernel -allow fuelgauged self:netlink_socket create; -allow fuelgauged self:netlink_socket create_socket_perms_no_ioctl; -allow fuelgauged self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write }; - -# Data : WK16.39 -allow fuelgauged self:capability { chown fsetid }; - -# Date: W17.22 -# Operation : New Feature -# Purpose : Add for A/B system -allow fuelgauged kernel:system module_request; - -# Date: W18.03 -# Operation : change fuelgagued access from cache to nvcfg -# Purpose : add fuelgauged to nvcfg read write permit -allow fuelgauged nvcfg_file:dir { search write open read add_name create getattr}; -allow fuelgauged nvcfg_file:file { read write getattr open create }; - -# Date: W18.17 -# Operation : add label for /sys/devices/platform/battery(/.*) -# Purpose : add fuelgauged could access -r_dir_file(fuelgauged, sysfs_batteryinfo); - -# Date : WK18.21 -# Operation: P migration -# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() -allow fuelgauged mnt_vendor_file:dir search; - diff --git a/r_non_plat/fuelgauged_nvram.te b/r_non_plat/fuelgauged_nvram.te deleted file mode 100644 index 96862d9..0000000 --- a/r_non_plat/fuelgauged_nvram.te +++ /dev/null @@ -1,66 +0,0 @@ -# ============================================== -# Policy File of /system/bin/fuelgauged_nvram Executable File - -# ============================================== -# Type Declaration -# ============================================== -type fuelgauged_nvram ,domain; -type fuelgauged_nvram_exec , exec_type, file_type, vendor_file_type; -type fuelgauged_nvram_file, file_type, data_file_type; - -# ============================================== -# Android Policy Rule -# ============================================== - -# ============================================== -# NSA Policy Rule -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(fuelgauged_nvram) - -# Data : WK16.21 -# Operation : New Feature -# Purpose : For fg daemon can do nvram r/w to save car_tune_value -allow fuelgauged_nvram nvdata_file:dir rw_dir_perms; -allow fuelgauged_nvram nvdata_file:file {rw_file_perms create_file_perms}; -allow fuelgauged_nvram nvram_data_file:lnk_file rw_file_perms; -allow fuelgauged_nvram nvdata_file:lnk_file rw_file_perms; - -allow fuelgauged_nvram fuelgauged_file:dir rw_dir_perms; -allow fuelgauged_nvram fuelgauged_file:file {rw_file_perms create_file_perms}; - -# Data : W16.43 -# Operation : New Feature -# Purpose : Change from /data to /cache -allow fuelgauged_nvram self:capability { chown }; -allow fuelgauged_nvram kmsg_device:chr_file { write open }; -allow fuelgauged_nvram self:capability fsetid; - -# Data : W17.34 -# Operation : New Feature -# Purpose : fgauge_nvram could use IOCTL -allow fuelgauged_nvram MT_pmic_adc_cali_device:chr_file rw_file_perms; - -# Date: W18.03 -# Operation : change fuelgagued_nvram access from cache to nvcfg -# Purpose : add fuelgauged to nvcfg read write permit -# need add label -allow fuelgauged_nvram nvcfg_file:dir { search write open read add_name create getattr}; -allow fuelgauged_nvram nvcfg_file:file { read write getattr open create }; - -# Date: W18.17 -# Operation : add label for /sys/devices/platform/battery(/.*) -# Purpose : add fuelgauged could access -r_dir_file(fuelgauged_nvram, sysfs_batteryinfo) - - -# Date : WK18.21 -# Operation: P migration -# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() -allow fuelgauged_nvram mnt_vendor_file:dir search; - -allow fuelgauged_nvram sysfs_boot_mode:file { open read }; diff --git a/r_non_plat/genfs_contexts b/r_non_plat/genfs_contexts deleted file mode 100644 index 003aa24..0000000 --- a/r_non_plat/genfs_contexts +++ /dev/null @@ -1,254 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -############################# -# proc files -# -genfscon proc /driver/thermal u:object_r:proc_thermal:s0 -genfscon proc /thermlmt u:object_r:proc_thermal:s0 -genfscon proc /fps_tm u:object_r:proc_thermal:s0 -genfscon proc /wmt_tm u:object_r:proc_thermal:s0 -genfscon proc /mobile_tm u:object_r:proc_thermal:s0 -genfscon proc /bcctlmt u:object_r:proc_thermal:s0 -genfscon proc /battery_status u:object_r:proc_thermal:s0 -genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0 -genfscon proc /mtktz u:object_r:proc_mtktz:s0 -genfscon proc /lk_env u:object_r:proc_lk_env:s0 -genfscon proc /driver/storage_logger u:object_r:proc_slogger:s0 -genfscon proc /driver/icusb u:object_r:proc_icusb:s0 -genfscon proc /mrdump_rst u:object_r:proc_mrdump_rst:s0 -genfscon proc /mtk_battery_cmd u:object_r:proc_battery_cmd:s0 -genfscon proc /mtd u:object_r:proc_mtd:s0 -genfscon proc /ged u:object_r:proc_ged:s0 -genfscon proc /mtk_jpeg u:object_r:proc_mtk_jpeg:s0 -genfscon proc /perfmgr u:object_r:proc_perfmgr:s0 -genfscon proc /driver/wmt_dbg u:object_r:proc_wmtdbg:s0 -genfscon proc /zraminfo u:object_r:proc_zraminfo:s0 -genfscon proc /gpulog u:object_r:proc_gpulog:s0 -genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0 -genfscon proc /sched_debug u:object_r:proc_sched_debug:s0 -genfscon proc /chip/hw_ver u:object_r:proc_chip:s0 -genfscon proc /chip/info u:object_r:proc_chip:s0 -genfscon proc /atf_log u:object_r:proc_atf_log:s0 -genfscon proc /gz_log u:object_r:proc_gz_log:s0 -genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0 -genfscon proc /bootprof u:object_r:proc_bootprof:s0 -genfscon proc /pl_lk u:object_r:proc_pl_lk:s0 -genfscon proc /msdc_debug u:object_r:proc_msdc_debug:s0 -genfscon proc /ufs_debug u:object_r:proc_ufs_debug:s0 -genfscon proc /pidmap u:object_r:proc_pidmap:s0 -genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0 -genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmdq_debug:s0 -genfscon proc /cpuhvfs/dbg_repo u:object_r:proc_dbg_repo:s0 - -# mtk EM FreqHopping setting -genfscon proc /freqhopping/freqhopping_debug u:object_r:proc_freqhop:s0 -genfscon proc /freqhopping/status u:object_r:proc_freqhop:s0 -genfscon proc /freqhopping/dumpregs u:object_r:proc_freqhop:s0 - -# mtk EM flash reading -genfscon proc /partitions u:object_r:proc_partition:s0 - -# Purpose dump not exit file -genfscon proc /isp_p2/isp_p2_dump u:object_r:proc_isp_p2_dump:s0 -genfscon proc /isp_p2/isp_p2_kedump u:object_r:proc_isp_p2_kedump:s0 -genfscon proc /mali/memory_usage u:object_r:proc_memory_usage:s0 -genfscon proc /mtk_es_reg_dump u:object_r:proc_mtk_es_reg_dump:s0 - -# Date : 2018/11/01 -# Purpose : mtk EM c2k bypass read usb file -genfscon proc /isp_p2 u:object_r:proc_isp_p2:s0 - -# Date : WK19.27 -# Purpose: Android Migration for SVP -genfscon proc /m4u u:object_r:proc_m4u:s0 - - -############################# -# sysfs files -# -genfscon sysfs /bus/platform/drivers/mtk-kpd u:object_r:sysfs_keypad_file:s0 -genfscon sysfs /power/vcorefs/pwr_ctrl u:object_r:sysfs_vcorefs_pwrctrl:s0 -genfscon sysfs /power/dcm_state u:object_r:sysfs_dcm:s0 -genfscon sysfs /power/mtkdcs/mode u:object_r:sysfs_dcs:s0 -genfscon sysfs /power/mtkpasr/execstate u:object_r:sysfs_execstate:s0 -genfscon sysfs /mtk_ssw u:object_r:sysfs_ssw:s0 - -# Date : 2018/06/15 -# Purpose : mtk EM Audio headset detect -genfscon sysfs /bus/platform/drivers/Accdet_Driver/state u:object_r:sysfs_headset:s0 -genfscon sysfs /bus/platform/drivers/dev_info/dev_info u:object_r:sysfs_devinfo:s0 -genfscon sysfs /bus/platform/drivers/meta_com_type_info/meta_com_type_info u:object_r:sysfs_comport_type:s0 -genfscon sysfs /bus/platform/drivers/meta_uart_port_info/meta_uart_port_info u:object_r:sysfs_uart_info:s0 - -genfscon sysfs /devices/platform/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/charger/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0 -genfscon sysfs /devices/platform/battery/ADC_Charger_Voltage u:object_r:sysfs_vbus:s0 -genfscon sysfs /devices/platform/charger/Pump_Express u:object_r:sysfs_pump_express:s0 -genfscon sysfs /devices/platform/battery/Pump_Express u:object_r:sysfs_pump_express:s0 -genfscon sysfs /devices/platform/mt_charger/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/mt-rtc/rtc u:object_r:sysfs_rtc:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6359-pmic/mt6359-rtc/rtc u:object_r:sysfs_rtc:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6358-pmic/mt6358-rtc/rtc u:object_r:sysfs_rtc:s0 -genfscon sysfs /devices/platform/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6358-pmic/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/1000d000.pwrap/1000d000.pwrap:mt6359-pmic/mt-pmic u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/mt6333-user u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/mt6311-user u:object_r:sysfs_pmu:s0 -genfscon sysfs /devices/platform/mt_usb/musb-hdrc/dual_role_usb u:object_r:sysfs_dual_role_usb20:s0 -genfscon sysfs /devices/platform/mt_usb/musb-hdrc/cmode u:object_r:sysfs_usb_cmode:s0 - -genfscon sysfs /devices/virtual/BOOT/BOOT/boot/boot_mode u:object_r:sysfs_boot_mode:s0 -genfscon sysfs /devices/virtual/BOOT/BOOT/boot/boot_type u:object_r:sysfs_boot_type:s0 - -genfscon sysfs /devices/virtual/misc/md32 u:object_r:sysfs_md32:s0 -genfscon sysfs /devices/virtual/misc/scp u:object_r:sysfs_scp:s0 -genfscon sysfs /devices/virtual/misc/scp_B u:object_r:sysfs_scp:s0 -genfscon sysfs /devices/virtual/misc/sspm u:object_r:sysfs_sspm:s0 -genfscon sysfs /devices/virtual/misc/adsp u:object_r:sysfs_adsp:s0 - -# Date : 2019/09/12 -genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_therm:s0 -genfscon sysfs /devices/class/thermal u:object_r:sysfs_therm:s0 - -genfscon sysfs /devices/virtual/switch/fps u:object_r:sysfs_fps:s0 - -genfscon sysfs /firmware/devicetree/base/chosen/atag,devinfo u:object_r:sysfs_devinfo:s0 - -genfscon sysfs /kernel/ccci u:object_r:sysfs_ccci:s0 - -# Date : 2018/06/15 -# Purpose : mtk EM touchscreen settings -genfscon sysfs /module/tpd_debug u:object_r:sysfs_tpd_debug:s0 -genfscon sysfs /module/tpd_setting u:object_r:sysfs_tpd_setting:s0 -genfscon sysfs /power/vcorefs/vcore_debug u:object_r:sysfs_vcore_debug:s0 -genfscon sysfs /power/vcorefs/opp_table u:object_r:sysfs_vcore_debug:s0 - -# Date: 2018/08/09 -#Purpose : MTK Vibrator -genfscon sysfs /devices/virtual/timed_output/vibrator u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/odm/odm:vibrator@0/leds/vibrator u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/leds-mt65xx/leds u:object_r:sysfs_leds:s0 -# Date : 2018/08/109 -# Purpose : mtk EM Power debug_log setting -genfscon sysfs /devices/platform/spm u:object_r:sysfs_spm:s0 - -# Date : 2018/11/01 -# Purpose : mtk EM c2k bypass read usb file -genfscon sysfs /devices/virtual/usb_rawbulk u:object_r:sys_usb_rawbulk:s0 - -#Date : 2018/11/22 -#Purpose: allow mdlogger to read mdinfo file -genfscon sysfs /kernel/md/mdee u:object_r:sysfs_mdinfo:s0 - -# Date : 2019/04/09 -# Purpose: mtk EM battery temprature settings -genfscon sysfs /devices/platform/battery/Battery_Temperature u:object_r:sysfs_battery_temp:s0 -genfscon sysfs /devices/platform/battery/FG_Battery_CurrentConsumption u:object_r:sysfs_battery_consumption:s0 -genfscon sysfs /devices/platform/battery/Power_On_Voltage u:object_r:sysfs_power_on_vol:s0 -genfscon sysfs /devices/platform/battery/Power_Off_Voltage u:object_r:sysfs_power_off_vol:s0 -genfscon sysfs /devices/platform/battery/FG_daemon_disable u:object_r:sysfs_fg_disable:s0 -genfscon sysfs /devices/platform/battery/disable_nafg u:object_r:sysfs_dis_nafg:s0 - -# Date : 2019/07/03 -# Purpose: SIU update mmcblk access -genfscon sysfs /devices/platform/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0 -#genfscon sysfs /devices/platform/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:0/block/sda u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:1/block/sdb u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:2/block/sdc u:object_r:sysfs_mmcblk:s0 - -# Date : 2019/07/12 -# Purpose:dumpstate mmcblk1 access -genfscon sysfs /devices/platform/externdevice/mmc_host/mmc0 u:object_r:sysfs_devices_block:s0 -genfscon sysfs /devices/platform/externdevice/mmc_host/mmc1 u:object_r:sysfs_devices_block:s0 - -# Date : 2019/10/22 -# Purpose : mrdump_tool(copy_process by aee_aedv) need to write data to lbaooo -genfscon sysfs /module/mrdump/parameters/lbaooo u:object_r:sysfs_mrdump_lbaooo:s0 - -############################# -# debugfs files -# -genfscon debugfs /binder u:object_r:debugfs_binder:s0 -genfscon debugfs /blockio u:object_r:debugfs_blockio:s0 -genfscon debugfs /cpuhvfs u:object_r:debugfs_cpuhvfs:s0 -genfscon debugfs /displowpower u:object_r:debugfs_fb:s0 -genfscon debugfs /disp u:object_r:debugfs_fb:s0 -genfscon debugfs /dispsys u:object_r:debugfs_fb:s0 -genfscon debugfs /dmlog u:object_r:debugfs_dmlog_debug:s0 -genfscon debugfs /dynamic_debug u:object_r:debugfs_dynamic_debug:s0 -genfscon debugfs /emi_mbw/dump_buf u:object_r:debugfs_emi_mbw_buf:s0 -genfscon debugfs /fbconfig u:object_r:debugfs_fb:s0 -genfscon debugfs /fpsgo u:object_r:debugfs_fpsgo:s0 -genfscon debugfs /fuseio u:object_r:debugfs_fuseio:s0 -genfscon debugfs /ged u:object_r:debugfs_ged:s0 -genfscon debugfs /ion/client_history u:object_r:debugfs_ion_mm_heap:s0 -genfscon debugfs /ion/clients u:object_r:debugfs_ion:s0 -genfscon debugfs /ion/heaps u:object_r:debugfs_ion_mm_heap:s0 -genfscon debugfs /ion/ion_mm_heap u:object_r:debugfs_ion_mm_heap:s0 -genfscon debugfs /kmemleak u:object_r:debugfs_kmemleak:s0 -genfscon debugfs /mali0/gpu_memory u:object_r:debugfs_gpu_mali_midgard:s0 -genfscon debugfs /mali/gpu_memory u:object_r:debugfs_gpu_mali_utgard:s0 -genfscon debugfs /mtkfb u:object_r:debugfs_fb:s0 -genfscon debugfs /mmprofile u:object_r:debugfs_fb:s0 -genfscon debugfs /musb-hdrc u:object_r:debugfs_usb:s0 -genfscon debugfs /page_owner_slim u:object_r:debugfs_page_owner_slim_debug:s0 -genfscon debugfs /pvr u:object_r:debugfs_gpu_img:s0 -genfscon debugfs /rcu u:object_r:debugfs_rcu:s0 -genfscon debugfs /shrinker u:object_r:debugfs_shrinker_debug:s0 -genfscon debugfs /usb20_phy u:object_r:debugfs_usb20_phy:s0 -genfscon debugfs /usb_c u:object_r:debugfs_usb:s0 -genfscon debugfs /vpu/device_dbg u:object_r:debugfs_vpu_device_dbg:s0 - -# mtk VPU/MDLA power reading -genfscon debugfs /vpu/power u:object_r:debugfs_vpu_power:s0 -genfscon debugfs /mdla/power u:object_r:debugfs_mdla_power:s0 -genfscon debugfs /vpu/vpu_memory u:object_r:debugfs_vpu_memory:s0 - -# mtk eara thermal reading -genfscon debugfs /eara_thermal/enable u:object_r:debugfs_eara_thermal:s0 - -# mtk EM power PMU register -genfscon debugfs /rt-regmap u:object_r:debugfs_regmap:s0 - -# 2019/08/15 -genfscon debugfs /smi_mon u:object_r:debugfs_smi_mon:s0 - -genfscon iso9660 / u:object_r:iso9660:s0 -genfscon rawfs / u:object_r:rawfs:s0 -genfscon fuseblk / u:object_r:fuseblk:s0 - -# 2019/08/24 -genfscon sysfs /class/sensor u:object_r:sysfs_sensor:s0 -genfscon sysfs /devices/virtual/sensor u:object_r:sysfs_sensor:s0 - -# MTEE trusty -genfscon sysfs /devices/platform/trusty u:object_r:mtee_trusty_file:s0 - -# Date : 2019/08/29 -# Purpose: allow rild to access /proc/aed/reboot-reason -genfscon proc /aed/reboot-reason u:object_r:proc_aed_reboot_reason:s0 - - -# 2019/09/05 -# Purpose: Allow powerhal to control kernel resources -genfscon proc /ppm u:object_r:proc_ppm:s0 -genfscon proc /cpufreq u:object_r:proc_cpufreq:s0 -genfscon proc /hps u:object_r:proc_hps:s0 -genfscon proc /cm_mgr u:object_r:proc_cm_mgr:s0 -genfscon proc /ca_drv u:object_r:proc_ca_drv:s0 -genfscon sysfs /module/ged u:object_r:sysfs_ged:s0 -genfscon sysfs /module/fbt_cpu u:object_r:sysfs_fbt_cpu:s0 -genfscon sysfs /module/fbt_fteh u:object_r:sysfs_fbt_fteh:s0 - -# Date : WK19.38 -# Purpose: Android Migration for video codec driver -genfscon sysfs /firmware/devicetree/base/model u:object_r:sysfs_device_tree_model:s0 - -# Date : 2019/12/12 -# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/* -genfscon sysfs /bus/platform/drivers/mem_bw_ctrl/concurrency_scenario u:object_r:sysfs_concurrency_scenario:s0 diff --git a/r_non_plat/gpuservice.te b/r_non_plat/gpuservice.te deleted file mode 100644 index 0fa7d06..0000000 --- a/r_non_plat/gpuservice.te +++ /dev/null @@ -1,8 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK19.31 -# Operation : Migration -# Purpose : [ALPS04685294] com.google.android.graphics.gts.VulkanTest#checkVulkan1_1Requirements-fail -allow gpuservice gpu_device:dir search; diff --git a/r_non_plat/gsm0710muxd.te b/r_non_plat/gsm0710muxd.te deleted file mode 100644 index 2596e18..0000000 --- a/r_non_plat/gsm0710muxd.te +++ /dev/null @@ -1,41 +0,0 @@ -# ============================================== -# Policy File of /system/bin/gsm0710muxd Executable File - -# ============================================== -# Type Declaration -# ============================================== -type gsm0710muxd, domain; -type gsm0710muxd_exec , exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(gsm0710muxd) - -# Capabilities assigned for gsm0710muxd -allow gsm0710muxd self:capability { chown fowner setuid }; - -# Property service -# Set ctl.ril-daemon property -#set_prop(gsm0710muxd, ctl_rildaemon_prop) -set_prop(gsm0710muxd, ctl_ril-daemon-mtk_prop) -set_prop(gsm0710muxd, ctl_fusion_ril_mtk_prop) -set_prop(gsm0710muxd, gsm0710muxd_prop) -set_prop(gsm0710muxd, vendor_radio_prop) -# allow set muxreport control properties -set_prop(gsm0710muxd, ril_mux_report_case_prop) - -# Allow read/write to devices/files -allow gsm0710muxd gsm0710muxd_device:chr_file rw_file_perms; -allow gsm0710muxd device:dir rw_dir_perms; -allow gsm0710muxd device:lnk_file { create unlink }; -allow gsm0710muxd devpts:chr_file setattr; -allow gsm0710muxd eemcs_device:chr_file rw_file_perms; - -# Allow read to sys/kernel/ccci/* files -allow gsm0710muxd sysfs_ccci:dir search; -allow gsm0710muxd sysfs_ccci:file r_file_perms; - -#Date: W1818 -#Purpose: allow rild access property of vendor_radio_prop -set_prop(rild, vendor_radio_prop) diff --git a/r_non_plat/hal_audio.te b/r_non_plat/hal_audio.te deleted file mode 100644 index 9245891..0000000 --- a/r_non_plat/hal_audio.te +++ /dev/null @@ -1,10 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date: 2019/06/14 -# Operation : Migration -# Purpose : interface=android.hardware.audio::IDevicesFactory for hal_audio_hwservice -binder_call(hal_audio_client, hal_audio_server) -binder_call(hal_audio_server, hal_audio_client) -hal_attribute_hwservice(hal_audio, hal_audio_hwservice) diff --git a/r_non_plat/hal_bootctl_default.te b/r_non_plat/hal_bootctl_default.te deleted file mode 100644 index 5c2afda..0000000 --- a/r_non_plat/hal_bootctl_default.te +++ /dev/null @@ -1,14 +0,0 @@ -# Add for bootctl -#============= hal_bootctl_default ============== -allow hal_bootctl_default para_block_device:blk_file { read open write}; -allow hal_bootctl_default rootfs:file { read getattr open }; -allow hal_bootctl_default sysfs:dir { read open }; -allow hal_bootctl_default sysfs_boot_type:file { read open }; -allow hal_bootctl_default block_device:dir search; -allow hal_bootctl_default misc_sd_device:chr_file rw_file_perms; -allow hal_bootctl_default bootdevice_block_device:blk_file rw_file_perms; -allowxperm hal_bootctl_default bootdevice_block_device:blk_file ioctl MMC_IOCTLCMD; -allowxperm hal_bootctl_default bootdevice_block_device:blk_file ioctl UFS_IOCTLCMD; -allow hal_bootctl_default proc_cmdline:file r_file_perms; -allow hal_bootctl_default sysfs_boot_type:file r_file_perms; -allow hal_bootctl_default self:capability sys_rawio;
\ No newline at end of file diff --git a/r_non_plat/hal_cas_default.te b/r_non_plat/hal_cas_default.te deleted file mode 100644 index 4e23d6b..0000000 --- a/r_non_plat/hal_cas_default.te +++ /dev/null @@ -1,5 +0,0 @@ -# Date : 2017/08/14 -# Operation : O1 Migration -# Purpose : hal_cas_default needs to use vendor binder to communicate -vndbinder_use(hal_cas_default); - diff --git a/r_non_plat/hal_drm_clearkey.te b/r_non_plat/hal_drm_clearkey.te deleted file mode 100644 index 2445adb..0000000 --- a/r_non_plat/hal_drm_clearkey.te +++ /dev/null @@ -1,12 +0,0 @@ -# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey -type hal_drm_clearkey, domain; -type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(hal_drm_clearkey) - -hal_server_domain(hal_drm_clearkey, hal_drm) - -vndbinder_use(hal_drm_clearkey); - -allow hal_drm_clearkey { appdomain -isolated_app }:fd use; -allow hal_drm_clearkey hal_allocator_server:fd use; diff --git a/r_non_plat/hal_drm_default.te b/r_non_plat/hal_drm_default.te deleted file mode 100644 index 465ec55..0000000 --- a/r_non_plat/hal_drm_default.te +++ /dev/null @@ -1,6 +0,0 @@ -vndbinder_use(hal_drm_default); - -#============= hal_drm_default ============== -allow hal_drm_default debugfs_tracing:file write; -allow hal_drm_default debugfs_ion:dir search; - diff --git a/r_non_plat/hal_drm_widevine.te b/r_non_plat/hal_drm_widevine.te deleted file mode 100644 index c3705ba..0000000 --- a/r_non_plat/hal_drm_widevine.te +++ /dev/null @@ -1,16 +0,0 @@ -# define SELinux domain -type hal_drm_widevine, domain; -hal_server_domain(hal_drm_widevine, hal_drm) - -type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_drm_widevine) - -allow hal_drm_widevine mediacodec:fd use; -allow hal_drm_widevine { appdomain -isolated_app }:fd use; - -vndbinder_use(hal_drm_widevine); -hal_client_domain(hal_drm_widevine, hal_graphics_composer); -allow hal_drm_widevine hal_allocator_server:fd use; -allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms; -allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms; - diff --git a/r_non_plat/hal_gnss.te b/r_non_plat/hal_gnss.te deleted file mode 100644 index eee7a92..0000000 --- a/r_non_plat/hal_gnss.te +++ /dev/null @@ -1,2 +0,0 @@ -#TODO:: work around solution, wait for correct solution from google -vndbinder_use(hal_gnss) diff --git a/r_non_plat/hal_gnss_default.te b/r_non_plat/hal_gnss_default.te deleted file mode 100644 index 884aacf..0000000 --- a/r_non_plat/hal_gnss_default.te +++ /dev/null @@ -1,7 +0,0 @@ -# Communicate over a socket created by mnld process. -allow hal_gnss_default mnld_data_file:sock_file create_file_perms; -allow hal_gnss_default mnld_data_file:sock_file rw_file_perms; -allow hal_gnss_default mnld_data_file:dir create_file_perms; -allow hal_gnss_default mnld_data_file:dir rw_dir_perms; - -allow hal_gnss_default mnld:unix_dgram_socket sendto; diff --git a/r_non_plat/hal_gpu.te b/r_non_plat/hal_gpu.te deleted file mode 100644 index 6020588..0000000 --- a/r_non_plat/hal_gpu.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from clients into server, and callbacks -binder_call(hal_gpu_client, hal_gpu_server) -binder_call(hal_gpu_server, hal_gpu_client) - -# give permission for hal client -allow hal_gpu_client mtk_hal_gpu_hwservice :hwservice_manager find; diff --git a/r_non_plat/hal_graphics_allocator.te b/r_non_plat/hal_graphics_allocator.te deleted file mode 100644 index 6da702d..0000000 --- a/r_non_plat/hal_graphics_allocator.te +++ /dev/null @@ -1,5 +0,0 @@ -# Date : WK17.13 -# Operation : Add sepolicy -# Purpose : Add policy for gralloc HIDL - -allow hal_graphics_allocator proc_ged:file r_file_perms; diff --git a/r_non_plat/hal_graphics_allocator_default.te b/r_non_plat/hal_graphics_allocator_default.te deleted file mode 100644 index a968437..0000000 --- a/r_non_plat/hal_graphics_allocator_default.te +++ /dev/null @@ -1,24 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -#============= hal_graphics_allocator_default ============== -allow hal_graphics_allocator_default gpu_device:dir search; - -#============= hal_graphics_allocator_default ============== -allow hal_graphics_allocator_default sw_sync_device:chr_file { open read write getattr ioctl }; - -#============= hal_graphics_allocator_default ============== -allow hal_graphics_allocator_default debugfs_ion:dir search; - -#============= hal_graphics_allocator_default ============== -allow hal_graphics_allocator_default debugfs_tracing:file write; - -#============= hal_graphics_allocator_default ============== -allow hal_graphics_allocator_default debugfs_tracing:file open; - -#============= hal_graphics_allocator_default ============== -allow hal_graphics_allocator_default proc_ged:file r_file_perms; -allowxperm hal_graphics_allocator_default proc_ged:file ioctl { proc_ged_ioctls }; - -#============= hal_graphics_allocator_default ============== diff --git a/r_non_plat/hal_graphics_composer_default.te b/r_non_plat/hal_graphics_composer_default.te deleted file mode 100644 index 6f54e9f..0000000 --- a/r_non_plat/hal_graphics_composer_default.te +++ /dev/null @@ -1,53 +0,0 @@ -vndbinder_use(hal_graphics_composer_default) - -allow hal_graphics_composer_default debugfs_ged:dir search; - -# Date : WK17.09 -# Operation : Add sepolicy -# Purpose : Add polivy for hwc HIDL - -allow hal_graphics_composer_default proc_ged:file r_file_perms; -allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read bind create setopt }; - -# Date : WK17.21 -# Purpose: GPU driver required -allow hal_graphics_composer_default sw_sync_device:chr_file rw_file_perms; -allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find; - -# Date : W17.24 -# Purpose: GPU driver required -allow hal_graphics_composer_default gpu_device:dir search; - -allow hal_graphics_composer_default debugfs_ion:dir search; -allow hal_graphics_composer_default debugfs_tracing:file write; -allow hal_graphics_composer_default debugfs_tracing:file open; - -# Date : WK17.30 -# Operation : O Migration -# Purpose: Allow to access cmdq driver -allow hal_graphics_composer_default mtk_cmdq_device:chr_file { read ioctl open }; - -# Date : W17.30 -# Add for control PowerHAL -allow hal_graphics_composer_default mtk_hal_power_hwservice:hwservice_manager find; -binder_call(hal_graphics_composer_default, mtk_hal_power) - -# Date : WK17.32 -# Operation : O Migration -# Purpose: Allow to access property -set_prop(hal_graphics_composer_default, graphics_hwc_pid_prop) -get_prop(hal_graphics_composer_default, graphics_hwc_pid_prop) -set_prop(hal_graphics_composer_default, graphics_hwc_latch_unsignaled_prop) -set_prop(hal_graphics_composer_default, graphics_hwc_hdr_prop) - -# Date : WK18.03 -# Purpose: Allow to access property dev/mdp_sync -allow hal_graphics_composer_default mtk_mdp_device:chr_file rw_file_perms; -allow hal_graphics_composer_default mdp_device:chr_file rw_file_perms; -allow hal_graphics_composer_default tee_device:chr_file rw_file_perms; -allowxperm hal_graphics_composer_default proc_ged:file ioctl { proc_ged_ioctls }; - -# Date: 2018/11/08 -# Operation : JPEG -# Purpose : JPEG need to use PQ via MMS HIDL -allow hal_graphics_composer_default sysfs_boot_mode:file r_file_perms; diff --git a/r_non_plat/hal_hdmi.te b/r_non_plat/hal_hdmi.te deleted file mode 100644 index ea8e0c5..0000000 --- a/r_non_plat/hal_hdmi.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from clients into server, and callbacks -binder_call(hal_hdmi_client, hal_hdmi_server) -binder_call(hal_hdmi_server, hal_hdmi_client) - -# give permission for hal client -allow hal_hdmi_client mtk_hal_hdmi_hwservice :hwservice_manager find; diff --git a/r_non_plat/hal_imsa.te b/r_non_plat/hal_imsa.te deleted file mode 100644 index d517344..0000000 --- a/r_non_plat/hal_imsa.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from clients into server, and callbacks -binder_call(hal_imsa_client, hal_imsa_server) -binder_call(hal_imsa_server, hal_imsa_client) - -# give permission for hal client -allow hal_imsa_client mtk_hal_imsa_hwservice :hwservice_manager find;
\ No newline at end of file diff --git a/r_non_plat/hal_ir.te b/r_non_plat/hal_ir.te deleted file mode 100644 index 2a01403..0000000 --- a/r_non_plat/hal_ir.te +++ /dev/null @@ -1,4 +0,0 @@ -#============= hal_ir_default ============== -allow hal_ir_default irtx_device:chr_file rw_file_perms; -allow hal_ir_default irtx_device:chr_file { ioctl open }; -allow hal_ir_default irtx_device:chr_file { read write };
\ No newline at end of file diff --git a/r_non_plat/hal_keymaster_attestation.te b/r_non_plat/hal_keymaster_attestation.te deleted file mode 100644 index 35b9b71..0000000 --- a/r_non_plat/hal_keymaster_attestation.te +++ /dev/null @@ -1,17 +0,0 @@ -type hal_keymaster_attestation, domain; -hal_server_domain(hal_keymaster_attestation, mtk_hal_keyattestation) - -type hal_keymaster_attestation_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_keymaster_attestation) - -hwbinder_use(hal_keymaster_attestation); - -#============= hal_keymaster_attestation ============== -allow hal_keymaster_attestation tee_device:chr_file { read write open ioctl }; - -# Date : WK17.42 2017/10/19 -# Operation: Keymaster 3.0 -# Purpose: Access attestation key in persist partition -allow hal_keymaster_attestation mnt_vendor_file:dir search; -allow hal_keymaster_attestation persist_data_file:dir { write search add_name }; -allow hal_keymaster_attestation persist_data_file:file { write create open getattr }; diff --git a/r_non_plat/hal_memtrack_default.te b/r_non_plat/hal_memtrack_default.te deleted file mode 100644 index 8594ac3..0000000 --- a/r_non_plat/hal_memtrack_default.te +++ /dev/null @@ -1,9 +0,0 @@ -# Date : WK16.52 -# Operation : HIDL Migration -# Purpose : For memtrack related service access -allow hal_memtrack debugfs_gpu_mali_midgard:file {open read getattr }; -allow hal_memtrack debugfs_gpu_mali_utgard:file {open read getattr }; -allow hal_memtrack debugfs_gpu_img:dir search; -allow hal_memtrack debugfs_gpu_img:file {open read getattr }; -allow hal_memtrack debugfs_ion:dir rw_dir_perms; -allow hal_memtrack debugfs_ion:file {open read getattr }; diff --git a/r_non_plat/hal_mms.te b/r_non_plat/hal_mms.te deleted file mode 100644 index 766ccac..0000000 --- a/r_non_plat/hal_mms.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from clients into server, and callbacks -binder_call(hal_mms_client, hal_mms_server) -binder_call(hal_mms_server, hal_mms_client) - -# give permission for hal client -allow hal_mms_client mtk_hal_mms_hwservice :hwservice_manager find; diff --git a/r_non_plat/hal_nfc.te b/r_non_plat/hal_nfc.te deleted file mode 100644 index e9683be..0000000 --- a/r_non_plat/hal_nfc.te +++ /dev/null @@ -1,5 +0,0 @@ -# ============================================== -# ST NFC HAL rule -# ============================================== - -allow hal_nfc st21nfc_device:chr_file { read write getattr open ioctl }; diff --git a/r_non_plat/hal_nvramagent.te b/r_non_plat/hal_nvramagent.te deleted file mode 100644 index 680a031..0000000 --- a/r_non_plat/hal_nvramagent.te +++ /dev/null @@ -1,6 +0,0 @@ -#for nvram hidl client support -binder_call(hal_nvramagent_client, hal_nvramagent_server) -allow hal_nvramagent_client nvram_agent_binder_hwservice:hwservice_manager find; - -# add/find permission rule to hwservicemanager -add_hwservice(hal_nvramagent_server, nvram_agent_binder_hwservice) diff --git a/r_non_plat/hal_pq.te b/r_non_plat/hal_pq.te deleted file mode 100644 index 30eaf0e..0000000 --- a/r_non_plat/hal_pq.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from clients into server, and callbacks -binder_call(hal_pq_client, hal_pq_server) -binder_call(hal_pq_server, hal_pq_client) - -# give permission for hal client -allow hal_pq_client mtk_hal_pq_hwservice :hwservice_manager find; diff --git a/r_non_plat/hal_thermal_default.te b/r_non_plat/hal_thermal_default.te deleted file mode 100644 index 2a648fb..0000000 --- a/r_non_plat/hal_thermal_default.te +++ /dev/null @@ -1,8 +0,0 @@ - -# Date : WK18.23 -# Operation : P Migration -# Purpose : add grant permission for Thermal HAL mtktz and proc - -allow hal_thermal_default proc_mtktz:dir search; -allow hal_thermal_default proc_mtktz:file {open read getattr}; -allow hal_thermal_default proc_stat:file {open read getattr }; diff --git a/r_non_plat/hal_usb.te b/r_non_plat/hal_usb.te deleted file mode 100644 index b1f7134..0000000 --- a/r_non_plat/hal_usb.te +++ /dev/null @@ -1,11 +0,0 @@ -type mtk_hal_usb, domain; -hal_server_domain(mtk_hal_usb, hal_usb) - -type mtk_hal_usb_exec, exec_type, file_type, vendor_file_type; -init_daemon_domain(mtk_hal_usb) - -allow hal_usb_default sysfs_dual_role_usb20:dir {search read}; -allow hal_usb_default sysfs_dual_role_usb20:file {open read getattr}; - -allow mtk_hal_usb sysfs_dual_role_usb20:dir {search read open}; -allow mtk_hal_usb sysfs_dual_role_usb20:file {open read getattr}; diff --git a/r_non_plat/hal_vibrator.te b/r_non_plat/hal_vibrator.te deleted file mode 100644 index c88619d..0000000 --- a/r_non_plat/hal_vibrator.te +++ /dev/null @@ -1,5 +0,0 @@ -# vibrator sysfs rw access -allow hal_vibrator sysfs_vibrator:dir r_dir_perms; -allow hal_vibrator sysfs_leds:file rw_file_perms; -allow hal_vibrator sysfs_leds:dir r_dir_perms; -allow hal_vibrator sysfs_leds:lnk_file read; diff --git a/r_non_plat/hal_wifi.te b/r_non_plat/hal_wifi.te deleted file mode 100644 index 4a2d8f5..0000000 --- a/r_non_plat/hal_wifi.te +++ /dev/null @@ -1,8 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Allow hal wifi service to open/read/setattr wifi device. -# wmtWifi is wifi char device file to control wifi driver. -allow hal_wifi wmtWifi_device:chr_file w_file_perms; - diff --git a/r_non_plat/hwservice.te b/r_non_plat/hwservice.te deleted file mode 100644 index 6a7304a..0000000 --- a/r_non_plat/hwservice.te +++ /dev/null @@ -1,63 +0,0 @@ -type mtk_hal_bluetooth_hwservice, hwservice_manager_type; - -# Date: 2017/05/9 -type mtk_hal_rild_hwservice, hwservice_manager_type; - -# Date: 2017/06/07 -# power hidl -type mtk_hal_power_hwservice, hwservice_manager_type; - -# Date: 2017/06/12 -# LBS HIDL -type mtk_hal_lbs_hwservice, hwservice_manager_type; - -# Date: 2017/06/27 -# IMSA HIDL -type mtk_hal_imsa_hwservice, hwservice_manager_type; - -# Date: 2017/07/12 -# NVRAM HIDL -type nvram_agent_binder_hwservice, hwservice_manager_type; - -# Date: 2017/07/19 -# PQ HIDL -type mtk_hal_pq_hwservice, hwservice_manager_type; - -# Date: 2017/07/20 -# keymaster attestation hidl -type mtk_hal_keyattestation_hwservice, hwservice_manager_type; - -# Date: 2018/05/25 -# FM HIDL -type mtk_hal_fm_hwservice, hwservice_manager_type; - -# Date: 2018/03/23 -# log hidl -type mtk_hal_log_hwservice, hwservice_manager_type; - -# Date: 2018/06/26 -# em hidl -type mtk_hal_em_hwservice, hwservice_manager_type; - -# Date: 2018/07/02 -# MMS HIDL -type mtk_hal_mms_hwservice, hwservice_manager_type; - -type hal_atci_hwservice, hwservice_manager_type; -type mtk_hal_keymanage_hwservice, hwservice_manager_type; - -# Date: 2019/04/26 -# GPU HIDL -type mtk_hal_gpu_hwservice, hwservice_manager_type; - -# Date: 2019/06/12 -# modem db filter hidl -type mtk_hal_md_dbfilter_hwservice, hwservice_manager_type; - -# Date: 2019/07/16 -# HDMI HIDL -type mtk_hal_hdmi_hwservice, hwservice_manager_type; - -# Date: 2019/09/06 -# BGService HIDL -type mtk_hal_bgs_hwservice, hwservice_manager_type; diff --git a/r_non_plat/hwservice_contexts b/r_non_plat/hwservice_contexts deleted file mode 100644 index e3e2b34..0000000 --- a/r_non_plat/hwservice_contexts +++ /dev/null @@ -1,69 +0,0 @@ -vendor.mediatek.hardware.bluetooth::IMtkBluetoothHci u:object_r:mtk_hal_bluetooth_hwservice:s0 - -# Date: 2017/05/9 -vendor.mediatek.hardware.mtkradioex::IMtkRadioEx u:object_r:mtk_hal_rild_hwservice:s0 -vendor.mediatek.hardware.radio::ISap u:object_r:mtk_hal_rild_hwservice:s0 -vendor.mediatek.hardware.interfaces_tc1.mtkradioex_tc1::IMtkRadioEx u:object_r:mtk_hal_rild_hwservice:s0 -vendor.mediatek.hardware.radio_op::IRadioOp u:object_r:mtk_hal_rild_hwservice:s0 - -# Date: 2017/06/07 -# power hidl -vendor.mediatek.hardware.mtkpower::IMtkPerf u:object_r:mtk_hal_power_hwservice:s0 -vendor.mediatek.hardware.mtkpower::IMtkPower u:object_r:mtk_hal_power_hwservice:s0 -vendor.mediatek.hardware.power::IPerf u:object_r:mtk_hal_power_hwservice:s0 -vendor.mediatek.hardware.power::IPower u:object_r:mtk_hal_power_hwservice:s0 - - - -# Date: 2017/06/12 -# LBS HIDL -vendor.mediatek.hardware.lbs::ILbs u:object_r:mtk_hal_lbs_hwservice:s0 - -# Date : 2017/06/27 -# IMSA HIDL -vendor.mediatek.hardware.imsa::IImsa u:object_r:mtk_hal_imsa_hwservice:s0 - -# Date : 2017/07/12 -#nvram hidl -vendor.mediatek.hardware.nvram::INvram u:object_r:nvram_agent_binder_hwservice:s0 - -# Date : 2017/07/19 -# PQ HIDL -vendor.mediatek.hardware.pq::IPictureQuality u:object_r:mtk_hal_pq_hwservice:s0 - -# Date: 2017/07/20 -# keymaster attestation hidl -vendor.mediatek.hardware.keymaster_attestation::IKeymasterDevice u:object_r:mtk_hal_keyattestation_hwservice:s0 - -# Date: 2018/05/25 -# FM HIDL -vendor.mediatek.hardware.fm::IFmRadio u:object_r:mtk_hal_fm_hwservice:s0 - -# Date: 2018/03/23 -# log hidl -vendor.mediatek.hardware.log::ILog u:object_r:mtk_hal_log_hwservice:s0 - -# Date: 2018/06/26 -# em hidl -vendor.mediatek.hardware.engineermode::IEmd u:object_r:mtk_hal_em_hwservice:s0 - -# Date : 2018/07/02 -# MMS HIDL -vendor.mediatek.hardware.mms::IMms u:object_r:mtk_hal_mms_hwservice:s0 - -# Date : 2019/04/19 -# GPU HIDL -vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0 - -# Date: 2019/06/12 -# modem db filter hidl -vendor.mediatek.hardware.modemdbfilter::ICopyDBFilter u:object_r:mtk_hal_md_dbfilter_hwservice:s0 - -# Date: 2019/07/04 -vendor.mediatek.hardware.camera.lomoeffect::ILomoEffect u:object_r:hal_camera_hwservice:s0 -vendor.mediatek.hardware.camera.ccap::ICCAPControl u:object_r:hal_camera_hwservice:s0 -vendor.mediatek.hardware.camera.bgservice::IBGService u:object_r:mtk_hal_bgs_hwservice:s0 - -# Date : 2019/07/16 -# HDMI HIDL -vendor.mediatek.hardware.hdmi::IMtkHdmiService u:object_r:mtk_hal_hdmi_hwservice:s0 diff --git a/r_non_plat/init.te b/r_non_plat/init.te deleted file mode 100644 index 6ccdd74..0000000 --- a/r_non_plat/init.te +++ /dev/null @@ -1,142 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date : WK14.34 -# Operation : Migration -# Purpose : for L early bring up: add for nvram command in init rc files -allow init nvram_data_file:dir create_dir_perms; -allow init nvram_data_file:lnk_file r_file_perms; -allow init nvdata_file:lnk_file r_file_perms; -allow init nvdata_file:dir create_file_perms; - -#============= init ============== -# Date : W14.42 -# Operation : Migration -# Purpose : for L : add for partition (chown/chmod) -allow init block_device:blk_file setattr; -allow init system_block_device:blk_file setattr; -allow init nvram_device:blk_file setattr; -allow init seccfg_block_device:blk_file setattr; -allow init secro_block_device:blk_file setattr; -allow init frp_block_device:blk_file setattr; -allow init logo_block_device:blk_file setattr; -allow init para_block_device:blk_file setattr; -allow init recovery_block_device:blk_file setattr; - -# Date : WK15.30 -# Operation : Migration -# Purpose : format wiped partition with "formattable" and "check" flag in fstab file -allow init protect1_block_device:blk_file rw_file_perms; -allow init protect2_block_device:blk_file rw_file_perms; -allow init userdata_block_device:blk_file rw_file_perms; -allow init cache_block_device:blk_file rw_file_perms; -allow init nvdata_device:blk_file w_file_perms; -allow init persist_block_device:blk_file rw_file_perms; -allow init nvcfg_block_device:blk_file rw_file_perms; -allow init odm_block_device:blk_file rw_file_perms; -allow init oem_block_device:blk_file rw_file_perms; -allow init para_block_device:blk_file w_file_perms; - -# Date : WK15.32 -# Operation : Migration -# Purpose : disable AT_SECURE for LD_PRELOAD -#userdebug_or_eng(` -# allow init { domain -lmkd -crash_dump -llkd -mediaswcodec }:process noatsecure; -#') - -# Date : WK16.26 -# Operation : Access dynamic_debug control file -# Purpose : For MobileLog on/off pr_debug on user/userdebug load -allow init debugfs_dynamic_debug:file write; - -# Date : W16.28 -# Operation : Migration -# Purpose : enable modules capability -allow init self:capability sys_module; -allow init kernel:system module_request; - -# Date : WK16.35 -# Operation : Migration -# Purpose : create symbolic link from /mnt/sdcard to /sdcard -allow init tmpfs:lnk_file create; - -# Date:W17.07 -# Operation : bt hal -# Purpose : bt hal interface permission -allow init mtk_hal_bluetooth_exec:file getattr; - -# Date : WK17.02 -# Purpose: Fix audio hal service fail -allow init mtk_hal_audio_exec:file getattr; - -# Date : W17.20 -# Purpose: Enable PRODUCT_FULL_TREBLE -allow init vendor_block_device:lnk_file relabelto; - -# Date : WK17.21 -# Purpose: Fix gnss hal service fail -allow init mtk_hal_gnss_exec:file getattr; - -# Fix boot up violation -allow init debugfs_tracing_instances:file relabelfrom; - -# Date: W17.22 -# Operation : New Feature -# Purpose : Add for A/B system -allow init kernel:system module_request; -allow init nvdata_file:dir mounton; -allow init oemfs:dir mounton; -allow init protect_f_data_file:dir mounton; -allow init protect_s_data_file:dir mounton; -allow init nvcfg_file:dir mounton; -allow init persist_data_file:dir mounton; -allow init tmpfs:lnk_file create; - -# boot process denial clean up -allow init debugfs_ged:file w_file_perms; - - - -# Date : WK17.39 -# Operation : able to relabel mntl block device link -# Purpose : Correct permission for mntl -allow init block_device:lnk_file relabelfrom; -allow init expdb_block_device:lnk_file relabelto; -allow init mcupmfw_block_device:lnk_file relabelto; -allow init tee_block_device:lnk_file relabelto; - -# Date : WK17.43 -# Operation : able to insert fpsgo kernel module -# Purpose : Correct permission for fpsgo -allow init rootfs:system module_load; - -# Date: W17.43 -# Operation : module load -# Purpose : insmod LKM under /vendor (connsys module KO) -allow init vendor_file:system module_load; - -# Date : WK17.46 -# Operation : feature porting -# Purpose : kernel module verification -allow init kernel:key search; - -# Date : WK17.50 -# Operation : boost cpu while booting -# Purpose : enhance boottime -allow init proc_perfmgr:file write; -allow init proc_wmtdbg:file w_file_perms; - -# Date : W18.20 -# Operation : mount soc vendor's partition when booting -allow init mnt_vendor_file:dir mounton; - -# Date : W19.28 -# Purpose: Allow to setattr /proc/last_kmsg -allow init proc_last_kmsg:file setattr; -# Purpose: Allow to write /proc/cpu/alignment -allow init proc_cpu_alignment:file w_file_perms; - -# Purpose: Allow to relabelto for selinux_android_restorecon -allow init boot_block_device:lnk_file relabelto; -allow init vbmeta_block_device:lnk_file relabelto; diff --git a/r_non_plat/installd.te b/r_non_plat/installd.te deleted file mode 100644 index 88c6b54..0000000 --- a/r_non_plat/installd.te +++ /dev/null @@ -1,7 +0,0 @@ -# ================================== -# MTK Policy Rule -# ================================== - -# Kernel-4.14 migration, fix boot fail. -allow installd vendor_configs_file:file map; - diff --git a/r_non_plat/ioctl_defines b/r_non_plat/ioctl_defines deleted file mode 100644 index d227aab..0000000 --- a/r_non_plat/ioctl_defines +++ /dev/null @@ -1,64 +0,0 @@ -##################################### -# ged_bridge_id.h -# -define(`GED_BRIDGE_IO_LOG_BUF_GET', `0x6700') -define(`GED_BRIDGE_IO_LOG_BUF_WRITE', `0x6701') -define(`GED_BRIDGE_IO_LOG_BUF_RESET', `0x6702') -define(`GED_BRIDGE_IO_BOOST_GPU_FREQ', `0x6703') -define(`GED_BRIDGE_IO_MONITOR_3D_FENCE', `0x6704') -define(`GED_BRIDGE_IO_QUERY_INFO', `0x6705') -define(`GED_BRIDGE_IO_NOTIFY_VSYNC', `0x6706') -define(`GED_BRIDGE_IO_DVFS_PROBE', `0x6707') -define(`GED_BRIDGE_IO_DVFS_UM_RETURN', `0x6708') -define(`GED_BRIDGE_IO_EVENT_NOTIFY', `0x6709') -define(`GED_BRIDGE_IO_WAIT_HW_VSYNC', `0x670a') -define(`GED_BRIDGE_IO_QUERY_TARGET_FPS', `0x670b') -define(`GED_BRIDGE_IO_VSYNC_WAIT', `0x670c') -define(`GED_BRIDGE_IO_GPU_HINT_TO_CPU', `0x670d') -define(`GED_BRIDGE_IO_HINT_FORCE_MDP', `0x670e') - -define(`GED_BRIDGE_IO_GE_ALLOC', `0x6764') -define(`GED_BRIDGE_IO_GE_GET', `0x6765') -define(`GED_BRIDGE_IO_GE_SET', `0x6766') -define(`GED_BRIDGE_IO_GPU_TIMESTAMP', `0x6767') -define(`GED_BRIDGE_IO_TARGET_FPS', `0x6768') -define(`GED_BRIDGE_IO_GE_INFO', `0x6769') -define(`GED_BRIDGE_IO_GPU_TUNER_STATUS', `0x676a') - -##################################### -# perf_ioctl.h : FPSGO -# -define(`PERFMGR_FPSGO_QUEUE', `0x6701') -define(`PERFMGR_FPSGO_DEQUEUE', `0x6703') -define(`PERFMGR_FPSGO_VSYNC', `0x6705') -define(`PERFMGR_FPSGO_TOUCH', `0x670a') -define(`PERFMGR_FPSGO_QUEUE_CONNECT', `0x670f') -define(`PERFMGR_FPSGO_BQID', `0x6710') - -# perf_ioctl.h : EARA -define(`PERFMGR_EARA_NN_BEGIN', `0x6701') -define(`PERFMGR_EARA_NN_END', `0x6702') -define(`PERFMGR_EARA_GETUSAGE', `0x6703') - -# perf_ioctl.h : others -define(`PERFMGR_CPU_PREFER', `0x6701') - -##################################### -# -# -define(`MMC_IOCTLCMD', `0xb300') -define(`MMC_IOC_MULTI_CMD', `0xb301') -define(`UFS_IOCTLCMD', `0x5388') -define(`UFS_IOCTL_RPMB', `0x5391') - -##################################### -# -# -define(`JPG_BRIDGE_ENC_IO_INIT', `0x780b') -define(`JPG_BRIDGE_ENC_IO_CONFIG', `0x780c') -define(`JPG_BRIDGE_ENC_IO_WAIT', `0x780d') -define(`JPG_BRIDGE_ENC_IO_DEINIT', `0x780e') -define(`JPG_BRIDGE_ENC_IO_START', `0x780f') -##################################### -# m4u_priv.h -define(`MTK_M4U_T_SEC_INIT', `0x6732') diff --git a/r_non_plat/ioctl_macros b/r_non_plat/ioctl_macros deleted file mode 100644 index bf86503..0000000 --- a/r_non_plat/ioctl_macros +++ /dev/null @@ -1,25 +0,0 @@ -# proc_ged ioctls -define(`proc_ged_ioctls', `{ - GED_BRIDGE_IO_LOG_BUF_GET - GED_BRIDGE_IO_LOG_BUF_WRITE - GED_BRIDGE_IO_LOG_BUF_RESET - GED_BRIDGE_IO_BOOST_GPU_FREQ - GED_BRIDGE_IO_MONITOR_3D_FENCE - GED_BRIDGE_IO_QUERY_INFO - GED_BRIDGE_IO_NOTIFY_VSYNC - GED_BRIDGE_IO_DVFS_PROBE - GED_BRIDGE_IO_DVFS_UM_RETURN - GED_BRIDGE_IO_EVENT_NOTIFY - GED_BRIDGE_IO_WAIT_HW_VSYNC - GED_BRIDGE_IO_QUERY_TARGET_FPS - GED_BRIDGE_IO_VSYNC_WAIT - GED_BRIDGE_IO_GPU_HINT_TO_CPU - GED_BRIDGE_IO_HINT_FORCE_MDP - GED_BRIDGE_IO_GE_ALLOC - GED_BRIDGE_IO_GE_GET - GED_BRIDGE_IO_GE_SET - GED_BRIDGE_IO_GPU_TIMESTAMP - GED_BRIDGE_IO_TARGET_FPS - GED_BRIDGE_IO_GE_INFO - GED_BRIDGE_IO_GPU_TUNER_STATUS -}') diff --git a/r_non_plat/kernel.te b/r_non_plat/kernel.te deleted file mode 100644 index 15b2430..0000000 --- a/r_non_plat/kernel.te +++ /dev/null @@ -1,84 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ -# Date : WK14.38 -# Operation : Migration -# Purpose : run guitar_update for touch F/W upgrade. -allow kernel sdcard_type:dir search; - -# Date : WK14.39 -# Operation : Migration -# Purpose : ums driver can access blk_file -allow kernel block_device:blk_file rw_file_perms; -allow kernel loop_device:blk_file r_file_perms; -allow kernel vold_device:blk_file rw_file_perms; - -# Date : WK15.35 -# Operation : Migration -# Purpose : grant fon_image_data_file read permission for loop device -allow kernel fon_image_data_file:file read; - -# Date : WK15.38 -# Operation : Migration -# Purpose : grant proc_thermal for dir search -allow kernel proc_thermal:dir search; - -# Date : WK16.11 -# Operation : Migration -# Purpose : grant storage_file and wifi_data_file for kernel thread mtk_wmtd to access /sdcard/wifi.cfg -# and /data/misc/wifi/wifi.cfg to access wifi.cfg, in which, some wifi driver configuations are there. -allow kernel mnt_user_file:dir search; -allow kernel mnt_user_file:lnk_file read; -allow kernel wifi_data_file:file r_file_perms; -allow kernel wifi_data_file:dir search; -allow kernel storage_file:lnk_file read; -allow kernel sdcard_type:file open; - -# Data : WK16.16 -# Operation : Migration -# Purpose : Access to TC1 partition for reading MEID -allow kernel block_device:dir search; - -# Data : WK16.16 -# Operation : Migration -# Purpose : Access to TC1 partition for reading MEID -allow kernel misc2_block_device:blk_file rw_file_perms; - -# Date : WK16.30 -# Operation: SQC -# Purpose: Allow sdcardfs workqueue to access lower file systems -allow kernel { fuseblk }:dir create_dir_perms; -allow kernel { fuseblk }:file create_file_perms; - -# Date : WK16.30 -# Operation: SQC -# Purpose: Allow sdcardfs workqueue to access lower file systems -allow kernel {vfat mnt_media_rw_file}:dir create_dir_perms; -allow kernel {vfat mnt_media_rw_file}:file create_file_perms; -allow kernel kernel:key { write search setattr }; - -# Date : WK16.42 -# Operation: SQC -# Purpose: Allow task of cpuset cgroup can migration to parent cgroup when cpus is NULL -allow kernel platform_app:process setsched; - -# Date : WK17.01 -# Operation: SQC -# Purpose: Allow OpenDSP kthread to write debug dump to sdcard -allow kernel audioserver:fd use; - -# Date : WK18.02 -# Operation: SQC -# Purpose: Allow SCP SmartPA kthread to write debug dump to sdcard -allow kernel mtk_hal_audio:fd use; -allow kernel factory:fd use; - -# Date : WK18.29 -# Operation: SQC -# Purpose: Allow kernel read firmware binary on vendor partition -allow kernel vendor_file:file r_file_perms; - -# Date : WK18.35 -# Operation: SQC -# Purpose: Allow VOW kthread to write debug PCM dump -allow kernel mtk_audiohal_data_file:file write; diff --git a/r_non_plat/keystore.te b/r_non_plat/keystore.te deleted file mode 100644 index 174c8f5..0000000 --- a/r_non_plat/keystore.te +++ /dev/null @@ -1,13 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date : WK14.40 2014/12/26 -# Operation : CTS 5.0_r1 -# Purpose : allow access to /data/data for full CTS -allow keystore app_data_file:file write; - -# Date : WK17.30 2017/07/25 -# Operation : keystore -# Purpose : Fix keystore boot selinux violation -allow hal_keymaster_default debugfs_tracing:file write; diff --git a/r_non_plat/kisd.te b/r_non_plat/kisd.te deleted file mode 100644 index b0ed180..0000000 --- a/r_non_plat/kisd.te +++ /dev/null @@ -1,32 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/kisd Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type kisd ,domain; -type kisd_exec, exec_type, file_type, vendor_file_type; -typeattribute kisd mlstrustedsubject; - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(kisd) - -allow kisd tee_device:chr_file {read write open ioctl}; -allow kisd provision_file:dir {read write open ioctl add_name search remove_name}; -allow kisd provision_file:file {create read write open getattr unlink}; -allow kisd block_device:dir {read write open ioctl search}; -allow kisd kb_block_device:blk_file {read write open ioctl getattr}; -allow kisd dkb_block_device:blk_file {read write open ioctl getattr}; -allow kisd key_install_data_file:dir {write remove_name add_name}; -allow kisd key_install_data_file:file {write getattr read create unlink open}; -allow kisd key_install_data_file:dir search; -allow kisd mtd_device:chr_file { open read write }; -allow kisd mtd_device:blk_file { open read write ioctl getattr}; -allow kisd mtd_device:dir { search }; -allow kisd kb_block_device:chr_file {read write open ioctl getattr}; -allow kisd dkb_block_device:chr_file {read write open ioctl getattr}; diff --git a/r_non_plat/lbs_hidl_service.te b/r_non_plat/lbs_hidl_service.te deleted file mode 100644 index 36ccad0..0000000 --- a/r_non_plat/lbs_hidl_service.te +++ /dev/null @@ -1,11 +0,0 @@ -type lbs_hidl_service, domain; -hal_server_domain(lbs_hidl_service, mtk_hal_lbs) - -type lbs_hidl_service_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(lbs_hidl_service) -vndbinder_use(lbs_hidl_service) - -#r_dir_file(lbs_hidl_service, system_file) -unix_socket_connect(lbs_hidl_service, agpsd, mtk_agpsd); -allow lbs_hidl_service mtk_agpsd:unix_dgram_socket sendto; -allow lbs_hidl_service mnld:unix_dgram_socket sendto; diff --git a/r_non_plat/lmkd.te b/r_non_plat/lmkd.te deleted file mode 100644 index 3ba12e2..0000000 --- a/r_non_plat/lmkd.te +++ /dev/null @@ -1,23 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - - -# Data : 2015/01/14 -# Operation : MT6735 SQC bug fix -# Purpose : ALPS01905960 - selinux_warning: audit(1420845354.752:91): avc: denied { search } -# for pid=194 comm="lmkd" name="23573" dev="proc" -# ino=915740 scontext=u:r:lmkd:s0 tcontext=u:r:zygote:s0 tclass=dir permissive=0 -dontaudit lmkd zygote:dir rw_dir_perms; - -# Data : 2015/04/17 -# Operation : tb8163p1 low memory selinux warning -# Purpose : ALPS02038466 audit(1429079840.646:7): avc: denied { use } -# for pid=170 comm="lmkd" -# path=2F6465762F6173686D656D2F4469736361726461626C654D656D6F72794173686D656D416C6C6F6361746F72202864656C6574656429 -# dev="tmpfs" ino=14475 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=fd permissive=0 -dontaudit lmkd platform_app:fd use; - -# Data : 2018/05/25 -# Operation : Add for duraSpeed socket -allow lmkd system_server:unix_stream_socket connectto; diff --git a/r_non_plat/loghidlsysservice.te b/r_non_plat/loghidlsysservice.te deleted file mode 100644 index 5af0e39..0000000 --- a/r_non_plat/loghidlsysservice.te +++ /dev/null @@ -1,6 +0,0 @@ -# ============================================== -# Policy File of /system/bin/loghidlsysservice Executable File - -# Purpose : for create hidl server -hal_client_domain(loghidlsysservice, mtk_hal_log) -allow loghidlsysservice connsyslogger:unix_stream_socket connectto;
\ No newline at end of file diff --git a/r_non_plat/loghidlvendorservice.te b/r_non_plat/loghidlvendorservice.te deleted file mode 100644 index 9b97bed..0000000 --- a/r_non_plat/loghidlvendorservice.te +++ /dev/null @@ -1,14 +0,0 @@ -# ============================================== -# Policy File of /system/bin/loghidlvendorservice Executable File - -# ============================================== -# Type Declaration -# ============================================== - -type loghidlvendorservice ,domain; -type loghidlvendorservice_exec, exec_type, file_type, vendor_file_type; -typeattribute loghidlvendorservice mlstrustedsubject; - -hal_server_domain(loghidlvendorservice, mtk_hal_log) -init_daemon_domain(loghidlvendorservice) -# allow loghidlvendorservice self:capability dac_override; diff --git a/r_non_plat/mdlogger.te b/r_non_plat/mdlogger.te deleted file mode 100644 index 5c34491..0000000 --- a/r_non_plat/mdlogger.te +++ /dev/null @@ -1,62 +0,0 @@ -#allow mdlogger to set property -allow mdlogger debug_mdlogger_prop:property_service set; -allow mdlogger debug_prop:property_service set; - -# ccci device for internal modem -allow mdlogger ccci_device:chr_file { rw_file_perms }; - -# usb device ttyGSx for modem logger usb logging -allow mdlogger ttyGS_device:chr_file { rw_file_perms}; - -# modem logger access on /data/mdlog -allow mdlogger mdlog_data_file:dir { create_dir_perms relabelto}; -allow mdlogger mdlog_data_file:fifo_file { create_file_perms}; -allow mdlogger mdlog_data_file:file { create_file_perms }; - -# modem logger control port access /dev/ttyC1 -allow mdlogger mdlog_device:chr_file { rw_file_perms}; - - -#modem logger SD logging in factory mode -allow mdlogger vfat:dir create_dir_perms; -allow mdlogger vfat:file create_file_perms; - -#mdlogger for read /sdcard -allow mdlogger tmpfs:lnk_file read; -allow mdlogger storage_file:lnk_file rw_file_perms; -allow mdlogger mnt_user_file:dir search; -allow mdlogger mnt_user_file:lnk_file rw_file_perms; -allow mdlogger sdcard_type:file create_file_perms; -allow mdlogger sdcard_type:dir { create_dir_perms }; -allow mdlogger storage_file:dir { create_dir_perms }; -allow mdlogger storage_file:file { create_file_perms }; - - -# Allow read to sys/kernel/ccci/* files -allow mdlogger sysfs_ccci:dir search; -allow mdlogger sysfs_ccci:file r_file_perms; - -# purpose: allow mdlogger to access storage in new version -allow mdlogger media_rw_data_file:file { create_file_perms }; -allow mdlogger media_rw_data_file:dir { create_dir_perms }; - -#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:mdlogger:s0 -#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0 -#security issue control -allow mdlogger aee_aed:unix_stream_socket connectto; - -## purpose: avc: denied { read } for name="plat_file_contexts" -allow emdlogger file_contexts_file:file { read getattr open}; - -#permission for read boot mode -#avc: denied { open } path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs" -allow mdlogger sysfs_boot_mode:file { read open }; - -# avc: denied { open } for path="system/etc/mddb" dev="mmcblk0p21" scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 -allow mdlogger system_file:dir { read open }; - -# Android P migration -set_prop(mdlogger, vendor_mdl_prop) -set_prop(mdlogger, debug_mdlogger_prop) -set_prop(mdlogger, persist_mdlog_prop) -set_prop(mdlogger, persist_mtklog_prop) diff --git a/r_non_plat/mediacodec.te b/r_non_plat/mediacodec.te deleted file mode 100644 index 48c14d7..0000000 --- a/r_non_plat/mediacodec.te +++ /dev/null @@ -1,153 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK14.34 -# Operation : Migration -# Purpose : VP/VR -allow mediacodec devmap_device:chr_file { ioctl }; - -# Date : WK14.36 -# Operation : Migration -# Purpose : VDEC/VENC device node -allow mediacodec Vcodec_device:chr_file rw_file_perms; - -# Date : WK16.21 -# Operation : Migration -# Purpose : VP & VR dump and debug -allow mediacodec M4U_device_device:chr_file rw_file_perms; -allow mediacodec debugfs_binder:dir search; -allow mediacodec MTK_SMI_device:chr_file { ioctl read open }; -allow mediacodec storage_file:lnk_file {read write open}; -allow mediacodec tmpfs:dir search; -allow mediacodec mnt_user_file:dir {write read search}; -allow mediacodec mnt_user_file:lnk_file {read write}; -allow mediacodec sdcard_type:dir {write read search add_name remove_name}; -allow mediacodec sdcard_type:file {getattr write read create open append unlink}; -allow mediacodec nvram_data_file:dir w_dir_perms; -allow mediacodec nvram_data_file:file create_file_perms; -allow mediacodec nvram_data_file:lnk_file read; -allow mediacodec nvdata_file:lnk_file read; -allow mediacodec nvdata_file:dir w_dir_perms; -allow mediacodec nvdata_file:file create_file_perms; -allow mediacodec devmap_device:chr_file r_file_perms; -allow mediacodec proc_meminfo:file {read getattr open}; - -# Date : WK14.36 -# Operation : Migration -# Purpose : for SW codec VP/VR -allow mediacodec mtk_sched_device:chr_file { read write ioctl open }; - -# Data : WK14.39 -# Operation : Migration -# Purpose : HW encrypt SW codec -allow mediacodec mediacodec_data_file:file create_file_perms; -allow mediacodec mediacodec_data_file:dir create_dir_perms; -allow mediacodec sec_device:chr_file r_file_perms; - -# Data: WK14.44 -# Operation : Migration -# Purpose : VP -allow mediacodec surfaceflinger:file getattr; - -# Data: WK14.44 -# Operation : Migration -# Purpose : for low SD card latency issue -allow mediacodec sysfs_lowmemorykiller:file { read open }; - -# Data: WK14.45 -# Operation : Migration -# Purpose : for change thermal policy when needed -allow mediacodec proc_mtkcooler:dir search; -allow mediacodec proc_mtktz:dir search; -allow mediacodec proc_thermal:dir search; -allow mediacodec proc_mtkcooler:file { read write open }; -allow mediacodec proc_mtktz:file { read write open getattr }; -allow mediacodec proc_thermal:file { read write open getattr}; -allow mediacodec thermal_manager_data_file:file create_file_perms; -allow mediacodec thermal_manager_data_file:dir { rw_dir_perms setattr }; -allow mediacodec thermal_manager_data_file:dir search; - -# Data : WK14.47 -# Operation : CTS -# Purpose : cts search strange app -allow mediacodec untrusted_app:dir search; - -# Date : WK14.39 -# Operation : Migration -# Purpose : MJC Driver -allow mediacodec MJC_device:chr_file { read write ioctl open }; - -# Date : WK16.27 -# Operation : APE SQC -# Purpose : for APE file playback -allow mediacodec MtkCodecService:binder call; -allow mediacodec MtkCodecService:binder transfer; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow mediacodec proc_ged:file rw_file_perms; -allowxperm mediacodec proc_ged:file ioctl { proc_ged_ioctls }; - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow mediacodec surfaceflinger:fifo_file rw_file_perms; - -# Date: WK16.43 -# Operator: Whitney SQC -# Purpose: mediacodec use gpu -allow mediacodec gpu_device:dir search; - -# Date : W18.01 -# Add for turn on SElinux in enforcing mode -allow mediacodec vndbinder_device:chr_file rw_file_perms; - -vndbinder_use(mediacodec) - -# Date : WK1721 -# Purpose: For FULL TREBLE -allow mediacodec system_file:dir r_dir_perms; -allow mediacodec debugfs_ion:dir search; - - -# Date : WK17.30 -# Operation : O Migration -# Purpose: Allow mediacodec to access cmdq driver -allow mediacodec mtk_cmdq_device:chr_file { read ioctl open }; -allow mediacodec mtk_mdp_device:chr_file rw_file_perms; -allow mediacodec sw_sync_device:chr_file rw_file_perms; - -# Date : WK17.28 -# Operation : MT6757 SQC -# Purpose : Change thermal config - - -# Date : WK17.30 -# Purpose : For Power Hal -allow mediacodec mtk_hal_power_hwservice:hwservice_manager find; -allow mediacodec mtk_hal_power:binder call; -allow mediacodec mtk_hal_power:unix_stream_socket connectto; - - -# Date : WK17.12 -# Operation : MT6799 SQC -# Purpose : Change thermal config -set_prop(mediacodec, mtk_thermal_config_prop) - -# Date : WK17.43 -# Operation : Migration -# Purpose : DISP access -allow mediacodec graphics_device:chr_file { ioctl open read }; -allow mediacodec graphics_device:dir search; - -# Date : WK19.27 -# Purpose: Android Migration for SVP -allow mediacodec proc_m4u:file r_file_perms; -allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_SEC_INIT; - - -# Date : 2019/12/12 -# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/* -allow mediacodec sysfs_concurrency_scenario:file rw_file_perms; -allow mediacodec sysfs_concurrency_scenario:dir search; diff --git a/r_non_plat/mediadrmserver.te b/r_non_plat/mediadrmserver.te deleted file mode 100644 index 70f5178..0000000 --- a/r_non_plat/mediadrmserver.te +++ /dev/null @@ -1,9 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow mediadrmserver proc_ged:file rw_file_perms; - - diff --git a/r_non_plat/mediaextractor.te b/r_non_plat/mediaextractor.te deleted file mode 100644 index 1ce425f..0000000 --- a/r_non_plat/mediaextractor.te +++ /dev/null @@ -1,15 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow mediaextractor proc_ged:file rw_file_perms; - -#============= mediaextractor ============== -allow mediaextractor vfat:file r_file_perms; - -allow mediaextractor mediaserver_service:service_manager find; - -allow mediaextractor platform_app:dir search; -allow mediaextractor platform_app:file r_file_perms; diff --git a/r_non_plat/mediaserver.te b/r_non_plat/mediaserver.te deleted file mode 100644 index ff75df1..0000000 --- a/r_non_plat/mediaserver.te +++ /dev/null @@ -1,329 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK14.31 -# Operation : Migration -# Purpose : camera devices access. -allow mediaserver camera_isp_device:chr_file rw_file_perms; -allow mediaserver ccu_device:chr_file rw_file_perms; -allow mediaserver vpu_device:chr_file rw_file_perms; -allow mediaserver kd_camera_hw_device:chr_file rw_file_perms; -allow mediaserver seninf_device:chr_file rw_file_perms; -allow mediaserver self:capability { setuid ipc_lock sys_nice }; -allow mediaserver sysfs_wake_lock:file rw_file_perms; -allow mediaserver MTK_SMI_device:chr_file r_file_perms; -allow mediaserver camera_pipemgr_device:chr_file r_file_perms; -allow mediaserver kd_camera_flashlight_device:chr_file rw_file_perms; -allow mediaserver lens_device:chr_file rw_file_perms; - -# Date : WK14.32 -# Operation : Migration -# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. -allow mediaserver sdcard_type:dir { w_dir_perms create }; -allow mediaserver sdcard_type:file create; -allow mediaserver nvram_data_file:lnk_file read; -allow mediaserver nvdata_file:lnk_file read; -allow mediaserver sdcard_type:dir remove_name; -allow mediaserver sdcard_type:file unlink; - -# Date : WK14.34 -# Operation : Migration -# Purpose : nvram access (dumchar case for nand and legacy chip) -allow mediaserver nvram_device:chr_file rw_file_perms; -allow mediaserver self:capability { net_admin }; - -# Date : WK14.34 -# Operation : Migration -# Purpose : VP/VR -allow mediaserver devmap_device:chr_file { ioctl }; - -# Date : WK14.36 -# Operation : Migration -# Purpose : media server and bt process communication for A2DP data.and other control flow -allow mediaserver bluetooth:unix_dgram_socket sendto; -allow mediaserver bt_a2dp_stream_socket:sock_file write; -allow mediaserver bt_int_adp_socket:sock_file write; - -# Date : WK14.37 -# Operation : Migration -# Purpose : camera ioctl -allow mediaserver camera_sysram_device:chr_file r_file_perms; - -# Date : WK14.36 -# Operation : Migration -# Purpose : VDEC/VENC device node -allow mediaserver Vcodec_device:chr_file rw_file_perms; - -# Date : WK14.36 -# Operation : Migration -# Purpose : access nvram, otp, ccci cdoec devices. -allow mediaserver MtkCodecService:binder call; -allow mediaserver ccci_device:chr_file rw_file_perms; -allow mediaserver eemcs_device:chr_file rw_file_perms; -allow mediaserver devmap_device:chr_file r_file_perms; -allow mediaserver ebc_device:chr_file rw_file_perms; -allow mediaserver nvram_device:blk_file rw_file_perms; -allow mediaserver bootdevice_block_device:blk_file rw_file_perms; - -# Date : WK14.36 -# Operation : Migration -# Purpose : for SW codec VP/VR -allow mediaserver mtk_sched_device:chr_file rw_file_perms; - -# Date : WK14.38 -# Operation : Migration -# Purpose : NVRam access -allow mediaserver block_device:dir { write search }; - -# Date : WK14.38 -# Operation : Migration -# Purpose : FM driver access -allow mediaserver fm_device:chr_file rw_file_perms; - -# Data : WK14.38 -# Operation : Migration -# Purpose : for VP/VR -allow mediaserver block_device:dir search; -allow mediaserver FM50AF_device:chr_file rw_file_perms; -allow mediaserver AD5820AF_device:chr_file rw_file_perms; -allow mediaserver DW9714AF_device:chr_file rw_file_perms; -allow mediaserver DW9814AF_device:chr_file rw_file_perms; -allow mediaserver AK7345AF_device:chr_file rw_file_perms; -allow mediaserver DW9714A_device:chr_file rw_file_perms; -allow mediaserver LC898122AF_device:chr_file rw_file_perms; -allow mediaserver LC898212AF_device:chr_file rw_file_perms; -allow mediaserver BU6429AF_device:chr_file rw_file_perms; -allow mediaserver DW9718AF_device:chr_file rw_file_perms; -allow mediaserver BU64745GWZAF_device:chr_file rw_file_perms; -allow mediaserver MAINAF_device:chr_file rw_file_perms; -allow mediaserver MAIN2AF_device:chr_file rw_file_perms; -allow mediaserver SUBAF_device:chr_file rw_file_perms; - - -# Data : WK14.38 -# Operation : Migration -# Purpose : for boot animation. -allow mediaserver bootanim:binder { transfer call }; - -allow mediaserver mtkbootanimation:binder { transfer call }; - -# Data : WK14.38 -# Operation : Migration -# Purpose : dump for debug -allow mediaserver sdcard_type:file append; - -# Date : WK14.39 -# Operation : Migration -# Purpose : FDVT Driver -allow mediaserver camera_fdvt_device:chr_file rw_file_perms; - -# Date : WK14.39 -# Operation : Migration -# Purpose : APE PLAYBACK -binder_call(mediaserver,MtkCodecService) - -# Date : WK14.40 -# Operation : Migration -# Purpose : HDMI driver access -allow mediaserver graphics_device:chr_file rw_file_perms; - -# Date : WK14.40 -# Operation : Migration -# Purpose : Smartpa -allow mediaserver smartpa_device:chr_file rw_file_perms; - -# Data : WK14.40 -# Operation : Migration -# Purpose : permit 'call' by audio tunning tool audiocmdservice_atci -allow mediaserver audiocmdservice_atci:binder call; -binder_call(mediaserver,audiocmdservice_atci) - -# Date : WK14.40 -# Operation : Migration -# Purpose : mtk_jpeg -allow mediaserver mtk_jpeg_device:chr_file r_file_perms; - -# Date : WK14.41 -# Operation : Migration -# Purpose : WFD HID Driver -allow mediaserver uhid_device:chr_file rw_file_perms; - -# Date : WK14.41 -# Operation : Migration -# Purpose : Camera EEPROM Calibration -allow mediaserver CAM_CAL_DRV_device:chr_file rw_file_perms; -allow mediaserver CAM_CAL_DRV1_device:chr_file rw_file_perms; -allow mediaserver CAM_CAL_DRV2_device:chr_file rw_file_perms; - -# Date : WK14.43 -# Operation : Migration -# Purpose : VOW -allow mediaserver vow_device:chr_file rw_file_perms; - -# Date: WK14.44 -# Operation : Migration -# Purpose : EVDO -allow mediaserver rpc_socket:sock_file write; -allow mediaserver ttySDIO_device:chr_file rw_file_perms; - -# Data: WK14.44 -# Operation : Migration -# Purpose : VP -allow mediaserver surfaceflinger:file getattr; - -# Data: WK14.44 -# Operation : Migration -# Purpose : for low SD card latency issue -allow mediaserver sysfs_lowmemorykiller:file { read open }; - -# Data: WK14.45 -# Operation : Migration -# Purpose : for change thermal policy when needed -allow mediaserver proc_mtkcooler:dir search; -allow mediaserver proc_mtktz:dir search; -allow mediaserver proc_thermal:dir search; - -# Date : WK14.46 -# Operation : Migration -# Purpose : for MTK Emulator HW GPU -allow mediaserver qemu_pipe_device:chr_file rw_file_perms; - -# Date : WK14.46 -# Operation : Migration -# Purpose : for camera init -allow mediaserver system_server:unix_stream_socket { read write }; - -# Data : WK14.46 -# Operation : Migration -# Purpose : for SMS app -allow mediaserver radio_data_file:dir search; -allow mediaserver radio_data_file:file open; - -# Data : WK14.47 -# Operation : Audio playback -# Purpose : Music as ringtone -allow mediaserver radio:dir { search read }; -allow mediaserver radio:file r_file_perms; - -# Data : WK14.47 -# Operation : Launch camcorder from MMS -# Purpose : Camcorder -allow mediaserver radio_data_file:file open; - -# Data : WK14.47 -# Operation : CTS -# Purpose : cts search strange app -allow mediaserver untrusted_app:dir search; - -# Date : WK15.03 -# Operation : Migration -# Purpose : offloadservice -allow mediaserver offloadservice_device:chr_file rw_file_perms; - -# Date : WK15.32 -# Operation : Pre-sanity -# Purpose : 3A algorithm need to access sensor service -allow mediaserver sensorservice_service:service_manager find; - -# Date : WK15.34 -# Operation : Migration -# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -allow mediaserver storage_file:lnk_file {read write}; -allow mediaserver mnt_user_file:dir {write read search}; -allow mediaserver mnt_user_file:lnk_file {read write}; - -# Date : WK15.35 -# Operation : Migration -# Purpose: Allow mediaserver to read binder from surfaceflinger -allow mediaserver surfaceflinger:fifo_file {read write}; - -# Date : WK15.46 -# Operation : Migration -# Purpose : DPE Driver -allow mediaserver camera_dpe_device:chr_file rw_file_perms; - -# Date : WK15.46 -# Operation : Migration -# Purpose : TSF Driver -allow mediaserver camera_tsf_device:chr_file rw_file_perms; - -# Date : WK16.32 -# Operation : N Migration -# Purpose : RSC Driver -allow mediaserver camera_rsc_device:chr_file rw_file_perms; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow mediaserver proc_ged:file rw_file_perms; -allowxperm mediaserver proc_ged:file ioctl { proc_ged_ioctls }; - -# Date : WK16.33 -# Operation : N Migration -# Purpose : GEPF Driver -allow mediaserver camera_gepf_device:chr_file rw_file_perms; - -# Date : WK16.35 -# Operation : Migration -# Purpose : Update camera flashlight driver device file -allow mediaserver flashlight_device:chr_file rw_file_perms; - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow dumpstate surfaceflinger:fifo_file rw_file_perms; - -# Date : WK16.43 -# Operation : N Migration -# Purpose : WPE Driver -allow mediaserver camera_wpe_device:chr_file rw_file_perms; -allow mediaserver gpu_device:dir search; -allow mediaserver sw_sync_device:chr_file rw_file_perms; - -# Date : WK17.19 -# Operation : N Migration -# Purpose : OWE Driver -allow mediaserver camera_owe_device:chr_file rw_file_perms; - -# Date : WK17.30 -# Operation : O Migration -# Purpose: Allow to access cmdq driver -allow mediaserver mtk_cmdq_device:chr_file { read ioctl open }; -allow mediaserver mtk_mdp_device:chr_file rw_file_perms; - -# Date : WK17.43 -# Operation : Migration -# Purpose : DISP access -allow mediaserver graphics_device:chr_file { ioctl open read }; -allow mediaserver graphics_device:dir search; - -# Date : WK17.44 -# Operation : Migration -# Purpose : DIP Driver -allow mediaserver camera_dip_device:chr_file rw_file_perms; - -# Date : WK17.44 -# Operation : Migration -# Purpose : MFB Driver -allow mediaserver camera_mfb_device:chr_file rw_file_perms; - -# Date : WK17.49 -# Operation : MT6771 SQC -# Purpose : Allow permgr access -allow mediaserver proc_perfmgr:dir {read search}; -allow mediaserver proc_perfmgr:file r_file_perms; -allowxperm mediaserver proc_perfmgr:file ioctl { - PERFMGR_FPSGO_DEQUEUE - PERFMGR_FPSGO_QUEUE_CONNECT - PERFMGR_FPSGO_QUEUE - PERFMGR_FPSGO_BQID -}; - -# Date : WK18.18 -# Operation : Migration -# Purpose : wifidisplay hdcp -# DRM Key Manage HIDL -allow mediaserver mtk_hal_keymanage:binder call; -# Purpose : Allow mediadrmserver to call vendor.mediatek.hardware.keymanage@1.0-service. -hal_client_domain(mediaserver , hal_keymaster) -allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find; diff --git a/r_non_plat/mediaswcodec.te b/r_non_plat/mediaswcodec.te deleted file mode 100644 index ca64913..0000000 --- a/r_non_plat/mediaswcodec.te +++ /dev/null @@ -1,11 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK19.25 -# Operation : Migration -# Purpose : [ALPS04669482] DRTS failed due to avc denied -allow mediaswcodec debugfs_ion:dir rw_dir_perms; -allow mediaswcodec gpu_device:dir rw_dir_perms; -allow mediaswcodec dri_device:chr_file rw_file_perms; -allow mediaswcodec gpu_device:chr_file rw_file_perms; diff --git a/r_non_plat/merged_hal_service.te b/r_non_plat/merged_hal_service.te deleted file mode 100644 index fea6d78..0000000 --- a/r_non_plat/merged_hal_service.te +++ /dev/null @@ -1,90 +0,0 @@ -# ============================================================================== -# Type Declaration -# ============================================================================== -type merged_hal_service, domain; -#type merged_hal_service, domain; -type merged_hal_service_exec, exec_type, file_type, vendor_file_type; - -init_daemon_domain(merged_hal_service) - -hwbinder_use(merged_hal_service) -hal_server_domain(merged_hal_service, hal_vibrator) -hal_server_domain(merged_hal_service, hal_light) -hal_server_domain(merged_hal_service, hal_power) -hal_server_domain(merged_hal_service, hal_thermal) -hal_server_domain(merged_hal_service, hal_memtrack) - -#mtk libs_hidl_service permissions -hal_server_domain(merged_hal_service, mtk_hal_lbs) -vndbinder_use(merged_hal_service) -#r_dir_file(merged_hal_service, system_file) -unix_socket_connect(merged_hal_service, agpsd, mtk_agpsd); -allow merged_hal_service mtk_agpsd:unix_dgram_socket sendto; - -#mtk_gnss permissions -hal_server_domain(merged_hal_service, hal_gnss); -allow merged_hal_service mnld_data_file:sock_file create_file_perms; -allow merged_hal_service mnld_data_file:sock_file rw_file_perms; -allow merged_hal_service mnld_data_file:dir create_file_perms; -allow merged_hal_service mnld_data_file:dir rw_dir_perms; -allow merged_hal_service mnld:unix_dgram_socket sendto; - -#graphics allocator permissions -hal_server_domain(merged_hal_service, hal_graphics_allocator) -allow merged_hal_service gpu_device:dir search; -allow merged_hal_service sw_sync_device:chr_file rw_file_perms; -allow merged_hal_service debugfs_ion:dir search; -allow merged_hal_service debugfs_tracing:file write; -allow merged_hal_service debugfs_tracing:file open; - -#for ape hidl permissions -hal_server_domain(merged_hal_service,hal_mtkcodecservice) -allow merged_hal_service hidl_allocator_hwservice:hwservice_manager find; -allow merged_hal_service hidl_memory_hwservice:hwservice_manager find; -hal_client_domain(merged_hal_service, hal_allocator) - -#for default drm permissions -hal_server_domain(merged_hal_service, hal_drm) -allow merged_hal_service mediacodec:fd use; -allow merged_hal_service { appdomain -isolated_app }:fd use; -allow merged_hal_service debugfs_tracing:file write; - -#power permissions -allow merged_hal_service proc:dir {search getattr}; -allow merged_hal_service debugfs_ged:dir search; -allow merged_hal_service debugfs_ged:file { getattr open read write }; -allow merged_hal_service proc_thermal:file { write open }; -allow merged_hal_service proc_thermal:dir search; -allow merged_hal_service proc_perfmgr:dir search; -allow merged_hal_service proc_perfmgr:file rw_file_perms; -allow merged_hal_service sdcard_type:dir create_dir_perms; -allow merged_hal_service sdcard_type:file create_file_perms; -allow merged_hal_service eemcs_device:chr_file rw_file_perms; -allow merged_hal_service mnt_user_file:dir create_dir_perms; -allow merged_hal_service debugfs_fb:dir search; -allow merged_hal_service debugfs_fb:file { getattr open read write }; -allow merged_hal_service debugfs_fpsgo:dir search; -allow merged_hal_service debugfs_fpsgo:file { getattr open read write }; -allow merged_hal_service mtk_hal_camera:dir search; -allow merged_hal_service mtk_hal_camera:file { open read }; -allow merged_hal_service sysfs_devices_system_cpu:file write; - -allow merged_hal_service mtk_powerhal_data_file:dir {create_dir_perms rw_dir_perms}; -allow merged_hal_service mtk_powerhal_data_file:file {create_file_perms rw_file_perms}; -allow merged_hal_service mtk_powerhal_data_file:sock_file {create_file_perms rw_file_perms}; - - -# Date : WK18.23 -# Operation : P Migration -# Purpose : add grant permission for Thermal HAL mtktz and proc -allow merged_hal_service proc_mtktz:dir search; -allow merged_hal_service proc_mtktz:file {open read getattr}; -allow merged_hal_service proc_stat:file {open read getattr }; - -# Date : WK19.11 -# Operation : Q Migration -allowxperm merged_hal_service proc_ged:file ioctl { proc_ged_ioctls }; - -# Date: 2019/06/14 -# Operation : Migration -allow merged_hal_service nvram_agent_binder_hwservice:hwservice_manager find; diff --git a/r_non_plat/meta_tst.te b/r_non_plat/meta_tst.te deleted file mode 100644 index ead7145..0000000 --- a/r_non_plat/meta_tst.te +++ /dev/null @@ -1,419 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/meta_tst Executable File - - - -# ============================================== -# Type Declaration -# ============================================== -type meta_tst, domain; -type meta_tst_exec , exec_type, file_type, vendor_file_type; -init_daemon_domain(meta_tst) - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode device node USB -allow meta_tst ttyGS_device:chr_file rw_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode device node UART -allow meta_tst ttyMT_device:chr_file rw_file_perms; - -# Date: WK17.12 -# Operation : Migration -# Purpose : for meta mode device node UART -allow meta_tst ttyS_device:chr_file rw_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode device node CCCI -allow meta_tst ccci_device:chr_file rw_file_perms; -allow meta_tst eemcs_device:chr_file rw_file_perms; -allow meta_tst emd_device:chr_file rw_file_perms; -allow meta_tst ttyACM_device:chr_file rw_file_perms; -allow meta_tst mdlog_device:chr_file rw_file_perms; - -# Data: WK15.07 -# Purpose : SDIO -allow meta_tst ttySDIO_device:chr_file rw_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode file system -allow meta_tst bootdevice_block_device:blk_file rw_file_perms; -allow meta_tst mmcblk1_block_device:blk_file rw_file_perms; -allow meta_tst userdata_block_device:blk_file rw_file_perms; -allow meta_tst cache_block_device:blk_file rw_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode nvram -allow meta_tst nvram_data_file:dir create_dir_perms; -allow meta_tst nvram_data_file:file create_file_perms; -allow meta_tst nvram_data_file:lnk_file r_file_perms; -allow meta_tst nvdata_file:lnk_file r_file_perms; -allow meta_tst nvdata_file:dir create_dir_perms; -allow meta_tst nvdata_file:file create_file_perms; -allow meta_tst nvram_device:chr_file rw_file_perms; -allow meta_tst nvram_device:blk_file rw_file_perms; -allow meta_tst nvdata_device:blk_file rw_file_perms; - -# Date: WK14.47 -# Operation : Migration -# Purpose : for meta mode audio -allow meta_tst audio_device:chr_file rw_file_perms; -allow meta_tst audio_device:dir r_dir_perms; -allow meta_tst audio_ipi_device:chr_file rw_file_perms; -set_prop(meta_tst, audiohal_prop); - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode RTC and PMIC -allow meta_tst rtc_device:chr_file r_file_perms; -allow meta_tst MT_pmic_adc_cali_device:chr_file rw_file_perms; - -# Date: WK14.45 -# Operation : Migration -# Purpose : HDCP -allow meta_tst persist_data_file:dir create_dir_perms; -allow meta_tst persist_data_file:file create_file_perms; - - -# Date: WK14.46 -# Operation : Migration -# Purpose : Camera -allow meta_tst devmap_device:chr_file rw_file_perms; -allow meta_tst camera_pipemgr_device:chr_file rw_file_perms; -allow meta_tst MTK_SMI_device:chr_file rw_file_perms; -allow meta_tst camera_isp_device:chr_file rw_file_perms; -allow meta_tst camera_sysram_device:chr_file r_file_perms; -allow meta_tst kd_camera_flashlight_device:chr_file rw_file_perms; -allow meta_tst kd_camera_hw_device:chr_file rw_file_perms; -allow meta_tst AD5820AF_device:chr_file rw_file_perms; -allow meta_tst DW9714AF_device:chr_file rw_file_perms; -allow meta_tst DW9714A_device:chr_file rw_file_perms; -allow meta_tst LC898122AF_device:chr_file rw_file_perms; -allow meta_tst LC898212AF_device:chr_file rw_file_perms; -allow meta_tst BU6429AF_device:chr_file rw_file_perms; -allow meta_tst DW9718AF_device:chr_file rw_file_perms; -allow meta_tst BU64745GWZAF_device:chr_file rw_file_perms; -allow meta_tst MAINAF_device:chr_file rw_file_perms; -allow meta_tst MAIN2AF_device:chr_file rw_file_perms; -allow meta_tst SUBAF_device:chr_file rw_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode LCM -allow meta_tst graphics_device:chr_file rw_file_perms; -allow meta_tst graphics_device:dir search; - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode sensor -allow meta_tst als_ps_device:chr_file r_file_perms; -allow meta_tst gsensor_device:chr_file r_file_perms; -allow meta_tst msensor_device:chr_file r_file_perms; -allow meta_tst gyroscope_device:chr_file r_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode FM -allow meta_tst fm_device:chr_file rw_file_perms; -allow meta_tst FM50AF_device:chr_file rw_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode wifi -allow meta_tst wmtWifi_device:chr_file w_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode BT -allow meta_tst stpbt_device:chr_file rw_file_perms; - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode GPS -allow meta_tst gps_data_file:dir { write add_name search remove_name unlink}; -allow meta_tst gps_data_file:file { read write open create getattr append setattr unlink lock}; -allow meta_tst gps_data_file:lnk_file read; -allow meta_tst tmpfs:lnk_file read; -allow meta_tst agpsd_data_file:dir search; -allow meta_tst agpsd_data_file:sock_file write; -allow meta_tst mnld_device:chr_file rw_file_perms; -allow meta_tst mnld_exec:file rx_file_perms; -set_prop(meta_tst, mnld_prop); - -# Date: WK16.12 -# Operation : Migration -# Purpose : meta mode NFC -allow meta_tst mt6605_device:chr_file rw_file_perms; - -#Date WK14.49 -#Operation : Migration -#Purpose : DRM key installation -allow meta_tst key_install_data_file:dir w_dir_perms; -allow meta_tst key_install_data_file:file create_file_perms; - -# Date: WK14.51 -# Purpose : set/get cryptfs cfg in sys env -allow meta_tst misc_device:chr_file rw_file_perms; -allow meta_tst proc_lk_env:file rw_file_perms; - -# Purpose : FT_EMMC_OP_FORMAT_TCARD -allow meta_tst block_device:blk_file getattr; -allow meta_tst system_block_device:blk_file getattr; - -# Date: WK15.52 -# Purpose : NVRAM related LID -allow meta_tst pro_info_device:chr_file rw_file_perms; - -# Date: WK15.13 -# Purpose: for nand project -allow meta_tst mtd_device:dir search; -allow meta_tst mtd_device:chr_file rw_file_perms; - -# Date: WK16.17 -# Purpose: N Migration For ccci sysfs node -allow meta_tst sysfs_ccci:dir search; -allow meta_tst sysfs_ccci:file r_file_perms; - -#Date: W18.22 -# Purpose: P Migration meta_tst get com port type/uart port info/boot mode/usb state/usb close -allow meta_tst sysfs_comport_type:file rw_file_perms; -allow meta_tst sysfs_uart_info:file rw_file_perms; -allow meta_tst sysfs_boot_mode:file rw_file_perms; -allow meta_tst sysfs_boot_type:file r_file_perms; -allow meta_tst sysfs_android_usb:file rw_file_perms; -allow meta_tst sysfs_android_usb:dir search; -allow meta_tst sysfs_usb_cmode:file rw_file_perms; -allow meta_tst sysfs_usb_cmode:dir search; -allow meta_tst sysfs_batteryinfo:file rw_file_perms; -allow meta_tst sysfs_batteryinfo:dir search; - -#Date: W16.17 -# Purpose: N Migration For meta_tst load MD NVRAM database -# Detail avc log: [04-23-20:41:58][ 160.687655] <1>.(1)[230:logd.auditd]type= -#1400 audit(1262304165.560:24): avc: denied { read } for pid=228 comm= -#"meta_tst" name="mddb" dev="mmcblk0p20" ino=664 scontext=u:r:meta_tst: -#s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 -allow meta_tst system_file:dir r_dir_perms; - -# Date: WK16.18 -# Purpose: for CCCI reboot modem -allow meta_tst gsm0710muxd_device:chr_file rw_file_perms; - -# Date : WK16.35 -# Purpose : Update camera flashlight driver device file -allow meta_tst flashlight_device:chr_file rw_file_perms; - -#Date: W16.36 -# Purpose: meta_tst use libmeta_rat to write libsysenv -# Detail avc log:[ 25.307141] .(5)[264:logd.auditd]type=1400 audit(1469438818.570:7): -#avc: denied { read write } for pid=312 comm="meta_tst" name="mmcblk0p2" dev="tmpfs" -#ino=4561 scontext=u:r:meta_tst:s0 tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0 -allow meta_tst para_block_device:blk_file { read write open }; - -#Date: W16.44 -allow meta_tst nvcfg_file:dir { search read open }; - -#Date: W16.45 -# Purpose : Allow unmount sdcardfs mounted on /data/media -allow meta_tst sdcard_type:filesystem unmount; -allow meta_tst storage_stub_file:dir search; - -# Date : WK16.19 -# Operation: meta_tst set persist.meta.connecttype property -# Purpose: Switch meta connect type, set persist.meta.connecttype as "wifi" or "usb". -set_prop(meta_tst, meta_connecttype_prop); - -# Date : WK16.23 -# Purpose: support meta_tst check key event -allow meta_tst input_device:dir r_dir_perms; -allow meta_tst input_device:chr_file r_file_perms; - -# Date : WK16.29 -# Purpose: support meta mode show string on screen -allow meta_tst ashmem_device:chr_file execute; - -#Date: W16.50 -# Purpose : Allow meta_tst stop service which occupy data partition. -allow meta_tst ctl_default_prop:property_service set; - -#Date: W17.25 -# Purpose : Allow meta_tst stop service which occupy data partition. -allow meta_tst ctl_emdlogger1_prop:property_service set; - -#Date: W17.27 -# Purpose: STMicro NFC solution integration -allow meta_tst st21nfc_device:chr_file { open read write ioctl }; -allow meta_tst vendor_file:file { getattr execute execute_no_trans read open }; -set_prop(meta_tst,hwservicemanager_prop); -hwbinder_use(meta_tst); -hal_client_domain(meta_tst, hal_nfc); -allow meta_tst debugfs_tracing:file { open write }; - -# Date: W17.29 -# Purpose : Allow meta_tst to call vendor.mediatek.hardware.keymaster_attestation@1.0-service. -hal_client_domain(meta_tst, mtk_hal_keyattestation) - -# Date : WK17.30 -# Operation : Android O migration -# Purpose : add sepolicy for accessing sysfs_leds -allow meta_tst sysfs_leds:lnk_file read; -allow meta_tst sysfs_leds:file rw_file_perms; -allow meta_tst sysfs_leds:dir r_dir_perms; - -# Date: WK17.43 -# Purpose: add permission for meta_tst access md image -allow meta_tst md_block_device:blk_file { read open }; -allow meta_tst mddb_data_file:file { create open write read getattr}; -allow meta_tst mddb_data_file:dir { search write add_name create getattr read open }; - -# Date: W17.43 -# Purpose : Allow meta_tst to call Audio HAL service -binder_call(meta_tst, mtk_hal_audio) -allow meta_tst mtk_hal_audio:binder call; -#allow meta_tst hal_audio_hwservice:hwservice_manager find; -allow meta_tst mtk_audiohal_data_file:dir {read search open}; -allow meta_tst audio_device:chr_file rw_file_perms; -allow meta_tst audio_device:dir w_dir_perms; -allow meta_tst audiohal_prop:property_service set; - -#Data:W1745 -# Purpose : Allow meta_tst to open and read proc/bootprof -allow meta_tst proc_bootprof:file {write open read}; - -# Date:W17.51 -# Operation : lbs hal -# Purpose : lbs hidl interface permission -hal_client_domain(meta_tst, mtk_hal_lbs) - -# Data:W1750 -# Purpose : Allow meta_tst to access mtd device -allow meta_tst mtd_device:blk_file rw_file_perms; - -#Date: W17.51 -#Purpose : Allow meta_tst to access pesist.atm.mdmode in ATM. -set_prop(meta_tst, atm_mdmode_prop); - -#Date: W17.51 -#Purpose : Allow meta_tst to access pesist.atm.ipaddress in ATM. -set_prop(meta_tst, atm_ipaddr_prop); - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow meta_tst to get tel_switch_prop -get_prop(meta_tst, tel_switch_prop); - -# Date : WK18.21 -# Operation: P migration -# Purpose : Allow meta_tst to call nvram hal -allow meta_tst nvram_agent_binder_hwservice:hwservice_manager find; -allow meta_tst nvram_agent_binder:binder call; - -# Date : WK18.21 -# Operation: P migration -# Purpose : Allow meta_tst to write misc partition -allow meta_tst block_device:dir search; - -# Date : W18.24 -# Operation: P migration -# Purpose : Allow meta_tst to access tpd sysfs nodes for CTP test -allow meta_tst sysfs_tpd_setting:dir search; -allow meta_tst sysfs_tpd_setting:file { read getattr open }; - -# Date : WK18.24 -# Operation: P migration -# Purpose : Allow meta_tst to unmount partition, stop service, and then erase partition -allow meta_tst vendor_shell_exec:file { read execute open execute_no_trans }; -allow meta_tst vendor_toolbox_exec:file { execute_no_trans }; -allow meta_tst labeledfs:filesystem { unmount }; -allow meta_tst proc_cmdline:file { read open getattr }; -allow meta_tst meta_tst:capability { sys_admin }; -allow meta_tst sysfs_dt_firmware_android:file { read open getattr }; -allow meta_tst sysfs_dt_firmware_android:dir { read open search }; -# Purpose : Allow meta_tst to communicate with driver thru socket -allow meta_tst meta_tst:capability { sys_module net_admin net_raw }; -allow meta_tst self:udp_socket { create ioctl }; -allowxperm meta_tst self:udp_socket ioctl priv_sock_ioctls; - -# Date : WK18.25 -# Operation: P migration -# Purpose : GPS test, Allow meta_tst to write/connect tcp socket -allow meta_tst node:tcp_socket node_bind; -allow meta_tst port:tcp_socket { name_bind name_connect }; -allow meta_tst self:capability net_raw; -allow meta_tst self:tcp_socket { setopt bind create listen accept connect }; -allow meta_tst self:tcp_socket { read write }; -allow meta_tst self:udp_socket { write connect }; - -# Date : WK18.28 -# Operation: P migration -# Purpose : AUDIO test, Allow meta_tst to write/read asound -allow meta_tst proc_asound:dir { read search open }; -allow meta_tst proc_asound:file { read open getattr write }; -allow meta_tst mtk_audiohal_data_file:dir { read search open }; -allow meta_tst audiohal_prop:property_service set; -allow meta_tst sysfs_headset:file { read open }; - -# Date: W18.05 -# Purpose : Allow meta_tst to use socket for listening uevent -allow meta_tst meta_tst:netlink_kobject_uevent_socket { read bind create setopt }; - -# Date : WK18.28 -# Operation: P migration -# Purpose : -set_prop(meta_tst, vendor_usb_prop); - -# Date: W18.29 -# Operation: Catch log -# Purpose : meta connect with loghidlserver by socket. -allow meta_tst loghidlvendorservice:unix_stream_socket connectto; - -# Date: W18.32 -# Operation: Android P migration -# Purpose : Allow meta_tst to set powerctl property -# avc: denied { set } for property=sys.powerctl pid=330 uid=0 gid=1001 scontext=u:r:meta_tst:s0 -# tcontext=u:object_r:powerctl_prop:s0 tclass=property_service permissive=0 -set_prop(meta_tst, powerctl_prop); - -# Date: W18.33 -# Operation: Android P migration -# Purpose : Allow meta_tst to set system clock -# avc: denied { sys_time } for capability=25 scontext=u:r:meta_tst:s0 tcontext=u:r:meta_tst:s0 tclass=capability permissive=0 -allow meta_tst self:capability sys_time; - -# Data: W18.35 -# Operation: Android P migration -# Purpose : check usb online status -# avc: denied { search } for name="power_supply" dev="sysfs" ino=8712 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 -# avc: denied { read } for name="online" dev="sysfs" ino=8764 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0 -# avc: denied { open } for path="/sys/devices/platform/mt_charger/power_supply/usb/online" dev="sysfs" ino=8764 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0 -allow meta_tst sysfs_batteryinfo:dir search; -allow meta_tst sysfs_batteryinfo:file {read open}; - -# Data: W18.42 -# Operation: Android P migration -# Purpose : add socket permission for meta -allow meta_tst fwmarkd_socket:sock_file write; - -#Date: W18.42 -# Operation: Android P migration -# Purpose : Add ATM meta mvram sepolicy -allow meta_tst mnt_vendor_file:dir search; - -# Date : WK18.44 -# Operation: P migration -# Purpose : adsp -allow meta_tst adsp_device:chr_file rw_file_perms; - -# Date : WK19.08 -# Operation: P migration -# Purpose : audio scp recovery -allow meta_tst audio_scp_device:chr_file r_file_perms; diff --git a/r_non_plat/mmc_ffu.te b/r_non_plat/mmc_ffu.te deleted file mode 100644 index 1206991..0000000 --- a/r_non_plat/mmc_ffu.te +++ /dev/null @@ -1,21 +0,0 @@ -# ============================================== -# Policy File of /system/bin/mmc_ffu Executable File - -# ============================================== -# Type Declaration -# ============================================== -type mmc_ffu, domain; -type mmc_ffu_exec, exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(mmc_ffu) -# Purpose: For seek file size -allow mmc_ffu block_device:dir r_dir_perms; - -# Purpose: ioctl to /dev/misc-sd and for obtaining emmc vendor id and firmware revision -allow mmc_ffu misc_sd_device:chr_file r_file_perms; - -#Purpose: Write eMMC firmware data to /dev/block/mmcblk0 for upgrade firmware -allow mmc_ffu bootdevice_block_device:blk_file rw_file_perms; diff --git a/r_non_plat/mnld.te b/r_non_plat/mnld.te deleted file mode 100644 index 11fe7a4..0000000 --- a/r_non_plat/mnld.te +++ /dev/null @@ -1,102 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/mnld Executable File - -# ============================================== -# Type Declaration -# ============================================== -type mnld, domain; -type mnld_exec, exec_type, file_type, vendor_file_type; -typeattribute mnld mlstrustedsubject; - -# ============================================== -# MTK Policy Rule -# ============================================== -# STOPSHIP: Permissive is not allowed. CTS violation! -init_daemon_domain(mnld) - -net_domain(mnld) -# Purpose : For communicate with AGPSD by socket -allow mnld agpsd_data_file:dir create_dir_perms; -allow mnld agpsd_data_file:sock_file create_file_perms; -allow mnld mtk_agpsd:unix_dgram_socket sendto; -allow mnld sysfs_wake_lock:file rw_file_perms; -# Purpose : For access NVRAM data -allow mnld nvram_data_file:dir create_dir_perms; -allow mnld nvram_data_file:file create_file_perms; -allow mnld nvram_data_file:lnk_file read; -allow mnld nvdata_file:lnk_file read; -allow mnld nvram_device:blk_file rw_file_perms; -allow mnld nvram_device:chr_file rw_file_perms; -allow mnld nvdata_file:dir create_dir_perms; -allow mnld nvdata_file:file create_file_perms; -# Purpose : For access kernel device -allow mnld mnld_data_file:dir rw_dir_perms; -allow mnld mnld_data_file:sock_file create_file_perms; -allow mnld mnld_device:chr_file rw_file_perms; -allow mnld mnld_data_file:file rw_file_perms; -allow mnld mnld_data_file:file create_file_perms; -allow mnld mnld_data_file:fifo_file create_file_perms; -# Purpose : For init process -allow mnld init:unix_stream_socket connectto; -allow mnld init:udp_socket { read write }; - -# Send the message to the LBS HIDL Service to forward to applications -allow mnld lbs_hidl_service:unix_dgram_socket sendto; - -# Send the message to the merged hal Service to forward to applications -allow mnld merged_hal_service:unix_dgram_socket sendto; - -# Purpose : For access system data -allow mnld bootdevice_block_device:blk_file rw_file_perms; -allow mnld block_device:dir search; -allow mnld mnld_prop:property_service set; -allow mnld property_socket:sock_file write; -allow mnld mdlog_device:chr_file { read write }; -allow mnld self:capability { fsetid }; -allow mnld stpbt_device:chr_file { read write }; -allow mnld gpsdl_device:chr_file { read write }; -allow mnld ttyGS_device:chr_file { read write }; -# Purpose : For file system operations -allow mnld sdcard_type:dir search; -allow mnld sdcard_type:dir write; -allow mnld sdcard_type:dir add_name; -allow mnld sdcard_type:file create; -allow mnld sdcard_type:file rw_file_perms; -allow mnld sdcard_type:file create_file_perms; -allow mnld sdcard_type:dir { read remove_name create open }; -allow mnld tmpfs:lnk_file { read create open }; -allow mnld mtd_device:dir search; -allow mnld mnt_user_file:lnk_file read; -allow mnld mnt_user_file:dir search; -allow mnld gps_data_file:dir { write add_name search remove_name unlink}; -allow mnld gps_data_file:file { read write open create getattr append setattr unlink lock rename }; -allow mnld gps_data_file:lnk_file read; - -allow mnld storage_file:lnk_file read; -allow mnld nvcfg_file:dir search; - -# Date : WK15.30 -# Operation : Migration -# Purpose : for device bring up, not to block early migration/sanity -allow mnld proc_lk_env:file rw_file_perms; - -# For HIDL, communicate mtk_hal_gnss instead of system_server -allow mnld mtk_hal_gnss:unix_dgram_socket sendto; - -# Purpose : MPE sensor HIDL policy -hwbinder_use(mnld); -binder_call(mnld, system_server) -allow mnld fwk_sensor_hwservice:hwservice_manager find; -#allow mnld hwservicemanager_prop:file { read open getattr }; -get_prop(mnld, hwservicemanager_prop); -allow mnld debugfs_tracing:file { open write }; - -allow mnld mnt_vendor_file:dir search; - -# Date : WK18.26 -# Purpose : for atci gps test -allow mnld atci_service:unix_dgram_socket sendto; - -allow mnld sysfs_boot_mode:file { read open }; - -set_prop(mnld, vendor_radio_prop); diff --git a/r_non_plat/mobile_log_d.te b/r_non_plat/mobile_log_d.te deleted file mode 100644 index 0caa870..0000000 --- a/r_non_plat/mobile_log_d.te +++ /dev/null @@ -1,64 +0,0 @@ -# boot_mdoe file access -allow mobile_log_d sysfs_boot_mode:file { open read }; - -#proc/ access -allow mobile_log_d proc_kmsg:file r_file_perms; -allow mobile_log_d proc_cmdline:file r_file_perms; -allow mobile_log_d proc_atf_log:dir search; -allow mobile_log_d proc_atf_log:file r_file_perms; -allow mobile_log_d proc_gz_log:file r_file_perms; -allow mobile_log_d proc_last_kmsg:file r_file_perms; -allow mobile_log_d proc_bootprof:file r_file_perms; -allow mobile_log_d proc_pl_lk:file r_file_perms; - -#scp -allow mobile_log_d sysfs_scp:file { open write }; -allow mobile_log_d sysfs_scp:dir search; -allow mobile_log_d scp_device:chr_file { read open }; - -#adsp -allow mobile_log_d sysfs_adsp:file { open write }; -allow mobile_log_d sysfs_adsp:dir search; -allow mobile_log_d adsp_device:chr_file r_file_perms; - -#sspm -allow mobile_log_d sysfs_sspm:file { open write }; -allow mobile_log_d sysfs_sspm:dir search; -allow mobile_log_d sspm_device:chr_file { read open }; - -#data/misc/mblog -allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms }; -allow mobile_log_d logmisc_data_file:file create_file_perms; - -#data/log_temp -allow mobile_log_d logtemp_data_file:dir { relabelto create_dir_perms }; -allow mobile_log_d logtemp_data_file:file create_file_perms; - -#data/data_tmpfs_log -allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms; -allow mobile_log_d data_tmpfs_log_file:file create_file_perms; - -#mobile itself property -set_prop(mobile_log_d, mobile_log_prop) - -# Date: 2016/11/11 -# purpose: allow MobileLog to access aee socket -allow mobile_log_d aee_aed:unix_stream_socket connectto; - -# purpose: send log to com port -allow mobile_log_d ttyGS_device:chr_file { read write ioctl open }; - -# purpose: allow mobile_log_d to access persist.meta.connecttype -get_prop(mobile_log_d, meta_connecttype_prop); - -# purpose: allow mobile_log_d to create socket -allow mobile_log_d port:tcp_socket { name_connect name_bind }; -allow mobile_log_d mobile_log_d:tcp_socket { create connect setopt bind }; -allow mobile_log_d mobile_log_d:tcp_socket { bind setopt listen accept read write }; -allow mobile_log_d node:tcp_socket node_bind; - -# purpose: allow mobile_log_d to read system property init.svc.vendor. -get_prop(mobile_log_d, vendor_default_prop) - -# purpose: allow mobile_log_d to read persist.vendor.mtk.aee -get_prop(mobile_log_d, persist_mtk_aee_prop) diff --git a/r_non_plat/modemdbfilter_service.te b/r_non_plat/modemdbfilter_service.te deleted file mode 100644 index e1c1090..0000000 --- a/r_non_plat/modemdbfilter_service.te +++ /dev/null @@ -1,18 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/hw/modemdbfilter_service Executable File - -# ============================================== -# Type Declaration -# ============================================== - -type modemdbfilter_service ,domain; -type modemdbfilter_service_exec, exec_type, file_type, vendor_file_type; -typeattribute modemdbfilter_service mlstrustedsubject; - -#Purpose : for create hidl server -hal_server_domain(modemdbfilter_service, mtk_hal_md_dbfilter) -init_daemon_domain(modemdbfilter_service) - -# ============================================== -# MTK Policy Rule -# ============================================== diff --git a/r_non_plat/mtk_agpsd.te b/r_non_plat/mtk_agpsd.te deleted file mode 100644 index 5c71128..0000000 --- a/r_non_plat/mtk_agpsd.te +++ /dev/null @@ -1,70 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/mtk_agpsd Executable File - -# ============================================== -# Type Declaration -# ============================================== -type mtk_agpsd_exec, exec_type, file_type, vendor_file_type; -type mtk_agpsd, domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(mtk_agpsd) - -net_domain(mtk_agpsd) - -# Access channels to modem for E-CID, RRLP, and LPP -allow mtk_agpsd agps_device:chr_file rw_file_perms; -allow mtk_agpsd ttySDIO_device:chr_file { create setattr unlink rw_file_perms }; -allow mtk_agpsd ccci_device:chr_file { create setattr unlink rw_file_perms }; - -# Access folders, files, and sockets in /data/agps_supl -allow mtk_agpsd agpsd_data_file:dir create_dir_perms; -allow mtk_agpsd agpsd_data_file:file create_file_perms; -allow mtk_agpsd agpsd_data_file:sock_file create_file_perms; - -# Access file system partitions like /system, /data and SD Card -allow mtk_agpsd sdcard_type:dir create_dir_perms; -allow mtk_agpsd sdcard_type:file create_file_perms; -allow mtk_agpsd eemcs_device:chr_file rw_file_perms; -allow mtk_agpsd mnt_user_file:dir create_dir_perms; -allow mtk_agpsd mnt_vendor_file:dir create_dir_perms; -allow mtk_agpsd mnt_vendor_file:file create_file_perms; -allow mtk_agpsd gps_data_file:dir create_dir_perms; -allow mtk_agpsd gps_data_file:file create_file_perms; - -# Access symbolic link files like /etc and /sdcard -allow mtk_agpsd tmpfs:lnk_file create_file_perms; -allow mtk_agpsd mnt_user_file:lnk_file create_file_perms; -allow mtk_agpsd storage_file:dir create_dir_perms; -allow mtk_agpsd storage_file:file create_file_perms; - -# Send supl profile configuration to SLPD (to get SUPL Reference Location for HW Fused Location) -allow mtk_agpsd slpd:unix_dgram_socket sendto; - -# Operators will send agps settings via OMADM. -# Operators ask UE to save these settings into NVRAM. -allow mtk_agpsd nvcfg_file:dir create_dir_perms; -allow mtk_agpsd nvcfg_file:file create_file_perms; - -# Send GNSS assistance data and AGPS commands to MTK's GPS module 'mnld' -allow mtk_agpsd mnld:unix_dgram_socket sendto; - -# Send the message to the LBS HIDL Service to forward to system partitions -allow mtk_agpsd lbs_hidl_service:unix_dgram_socket sendto; - -# Send the message to the merged hal Service to forward to system partitions -allow mtk_agpsd merged_hal_service:unix_dgram_socket sendto; - -# Allow send socket to fusion rild -allow mtk_agpsd rild:unix_dgram_socket sendto; - -# Allow libapmonitor to read the property of hwservicemanager.ready -get_prop(mtk_agpsd,hwservicemanager_prop) - -# Read the property of vendor.debug.gps.mnld.ne -get_prop(mtk_agpsd,mnld_prop) - -# Read the property of ro.vendor.mtk_log_hide_gps -get_prop(mtk_agpsd,mtk_gps_support_prop) diff --git a/r_non_plat/mtk_hal_audio.te b/r_non_plat/mtk_hal_audio.te deleted file mode 100644 index ffd5c7c..0000000 --- a/r_non_plat/mtk_hal_audio.te +++ /dev/null @@ -1,233 +0,0 @@ -type mtk_hal_audio, domain; -hal_server_domain(mtk_hal_audio, hal_audio) - -type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(mtk_hal_audio) - -hal_client_domain(mtk_hal_audio, hal_allocator) - -hwbinder_use(mtk_hal_audio) -wakelock_use(mtk_hal_audio); - -allow mtk_hal_audio ion_device:chr_file r_file_perms; - -allow mtk_hal_audio system_file:dir { open read }; - -r_dir_file(mtk_hal_audio, proc) -allow mtk_hal_audio audio_device:dir r_dir_perms; -allow mtk_hal_audio audio_device:chr_file rw_file_perms; - -### -### neverallow rules -### - -# mtk_hal_audio should never execute any executable without -# a domain transition -neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans; - -# mtk_hal_audio should never need network access. -# Disallow network sockets. -neverallow mtk_hal_audio domain:{ tcp_socket udp_socket rawip_socket } *; - -# Date : WK14.32 -# Operation : Migration -# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. -allow mtk_hal_audio sdcard_type:dir { w_dir_perms create }; -allow mtk_hal_audio sdcard_type:file create; -allow mtk_hal_audio nvram_data_file:dir w_dir_perms; -allow mtk_hal_audio nvram_data_file:file create_file_perms; -allow mtk_hal_audio nvram_data_file:lnk_file read; -allow mtk_hal_audio nvdata_file:lnk_file read; -allow mtk_hal_audio nvdata_file:dir w_dir_perms; -allow mtk_hal_audio nvdata_file:file create_file_perms; -allow mtk_hal_audio sdcard_type:dir remove_name; -allow mtk_hal_audio sdcard_type:file unlink; - -# Date : WK14.34 -# Operation : Migration -# Purpose : nvram access (dumchar case for nand and legacy chip) -allow mtk_hal_audio nvram_device:chr_file rw_file_perms; -allow mtk_hal_audio self:netlink_kobject_uevent_socket { create setopt bind }; - -# Date : WK14.34 -# Operation : Migration -# Purpose : Smartcard Service -allow mtk_hal_audio self:netlink_kobject_uevent_socket read; - -# Date : WK14.36 -# Operation : Migration -# Purpose : media server and bt process communication for A2DP data.and other control flow -allow mtk_hal_audio bt_a2dp_stream_socket:sock_file write; -allow mtk_hal_audio bt_int_adp_socket:sock_file write; - -# Date : WK14.36 -# Operation : Migration -# Purpose : access nvram, otp, ccci cdoec devices. -allow mtk_hal_audio MtkCodecService:binder call; -allow mtk_hal_audio ccci_device:chr_file rw_file_perms; -allow mtk_hal_audio eemcs_device:chr_file rw_file_perms; -allow mtk_hal_audio devmap_device:chr_file r_file_perms; -allow mtk_hal_audio ebc_device:chr_file rw_file_perms; -allow mtk_hal_audio nvram_device:blk_file rw_file_perms; - -# Date : WK14.38 -# Operation : Migration -# Purpose : NVRam access -allow mtk_hal_audio block_device:dir { write search }; - -# Date : WK14.38 -# Operation : Migration -# Purpose : FM driver access -allow mtk_hal_audio fm_device:chr_file rw_file_perms; - -# Data : WK14.38 -# Operation : Migration -# Purpose : dump for debug -allow mtk_hal_audio sdcard_type:file append; - -# Data : WK14.39 -# Operation : Migration -# Purpose : dump for debug -allow mtk_hal_audio audiohal_prop:property_service set; - -# Date : WK14.40 -# Operation : Migration -# Purpose : HDMI driver access -allow mtk_hal_audio graphics_device:chr_file rw_file_perms; - -# Date : WK14.40 -# Operation : Migration -# Purpose : Smartpa -allow mtk_hal_audio smartpa_device:chr_file rw_file_perms; - -# Date : WK14.41 -# Operation : Migration -# Purpose : WFD HID Driver -allow mtk_hal_audio uhid_device:chr_file rw_file_perms; - -# Date : WK14.43 -# Operation : Migration -# Purpose : VOW -allow mtk_hal_audio vow_device:chr_file rw_file_perms; - -# Date: WK14.44 -# Operation : Migration -# Purpose : EVDO -allow mtk_hal_audio rpc_socket:sock_file write; -allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms; - -# Data: WK14.44 -# Operation : Migration -# Purpose : for low SD card latency issue -allow mtk_hal_audio sysfs_lowmemorykiller:file { read open }; - -# Data: WK14.45 -# Operation : Migration -# Purpose : for change thermal policy when needed -allow mtk_hal_audio proc_mtkcooler:dir search; -allow mtk_hal_audio proc_mtktz:dir search; -allow mtk_hal_audio proc_thermal:dir search; -allow mtk_hal_audio thermal_manager_data_file:file create_file_perms; -allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr }; - -# Data : WK14.47 -# Operation : Audio playback -# Purpose : Music as ringtone -allow mtk_hal_audio radio:dir { search read }; -allow mtk_hal_audio radio:file r_file_perms; - -# Data : WK14.47 -# Operation : CTS -# Purpose : cts search strange app -allow mtk_hal_audio untrusted_app:dir search; - -# Date : WK15.03 -# Operation : Migration -# Purpose : offloadservice -allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms; - -# Date : WK15.34 -# Operation : Migration -# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -allow mtk_hal_audio storage_file:dir search; -allow mtk_hal_audio storage_file:lnk_file {read write}; -allow mtk_hal_audio mnt_user_file:dir {write read search}; -allow mtk_hal_audio mnt_user_file:lnk_file {read write}; - -# Date : WK16.17 -# Operation : Migration -# Purpose: read/open sysfs node -allow mtk_hal_audio sysfs_ccci:file r_file_perms; -allow mtk_hal_audio sysfs_ccci:dir search; - -# Date : WK16.18 -# Operation : Migration -# Purpose: research root dir "/" -allow mtk_hal_audio tmpfs:dir search; - -# Purpose: Dump debug info -allow mtk_hal_audio debugfs_binder:dir search; -allow mtk_hal_audio kmsg_device:chr_file { open write }; -allow mtk_hal_audio property_socket:sock_file write; -allow mtk_hal_audio fuse:file rw_file_perms; -allow mtk_hal_audio init:unix_stream_socket connectto; - -# Date : WK16.27 -# Operation : Migration -# Purpose: tunning tool update parameters -binder_call(mtk_hal_audio,radio) -allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms; -allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms; - -# Date : WK16.28 -# Operation : Migration -# Purpose: Write audio dump files to external SDCard. -allow mtk_hal_audio sdcard_type:file { create_file_perms }; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow mtk_hal_audio proc_ged:file rw_file_perms; - -set_prop(mtk_hal_audio,hwservicemanager_prop); -allow mtk_hal_audio storage_file:dir search; - -# Fix bootup violation -allow mtk_hal_audio fuse:dir read; - -# for usb phone call, allow sys_nice -allow mtk_hal_audio self:capability sys_nice; - -# Date : W17.29 -# Boot for opening trace file: Permission denied (13) -allow mtk_hal_audio debugfs_tracing:file { write open }; - -# for usb phone call, allow sys_nice -allow mtk_hal_audio self:capability sys_nice; - -# Audio Tuning Tool Android O porting -binder_call(mtk_hal_audio,audiocmdservice_atci); - - -# Add for control PowerHAL -allow mtk_hal_audio mtk_hal_power_hwservice:hwservice_manager find; -binder_call(mtk_hal_audio, mtk_hal_power) -binder_call(mtk_hal_audio, merged_hal_service) -# cm4 smartpa -allow mtk_hal_audio audio_ipi_device:chr_file { read write ioctl open }; -allow mtk_hal_audio audio_scp_device:chr_file r_file_perms; - -# Date : WK18.21 -# Operation: P migration -# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() -allow mtk_hal_audio mnt_vendor_file:dir search; - -# Date: 2019/06/14 -# Operation : Migration -allow mtk_hal_audio audioserver:fifo_file w_file_perms; -allow mtk_hal_audio sysfs_boot_mode:file r_file_perms; -allow mtk_hal_audio sysfs_dt_firmware_android:dir search; - -# Date : WK18.44 -# Operation: adsp -allow mtk_hal_audio adsp_device:file rw_file_perms; -allow mtk_hal_audio adsp_device:chr_file rw_file_perms; diff --git a/r_non_plat/mtk_hal_bgs.te b/r_non_plat/mtk_hal_bgs.te deleted file mode 100644 index c93342f..0000000 --- a/r_non_plat/mtk_hal_bgs.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from client to server, and callbacks -binder_call(mtk_hal_bgs_client, mtk_hal_bgs_server) -binder_call(mtk_hal_bgs_server, mtk_hal_bgs_client) - -add_hwservice(mtk_hal_bgs_server, mtk_hal_bgs_hwservice) -allow mtk_hal_bgs_client mtk_hal_bgs_hwservice:hwservice_manager find;
\ No newline at end of file diff --git a/r_non_plat/mtk_hal_bluetooth.te b/r_non_plat/mtk_hal_bluetooth.te deleted file mode 100644 index d51b29b..0000000 --- a/r_non_plat/mtk_hal_bluetooth.te +++ /dev/null @@ -1,49 +0,0 @@ -type mtk_hal_bluetooth, domain; -type mtk_hal_bluetooth_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(mtk_hal_bluetooth) - -#r_dir_file(mtk_hal_bluetooth, system_file) -# call into the Bluetooth process (callbacks) -binder_call(mtk_hal_bluetooth, bluetooth) -hwbinder_use(mtk_hal_bluetooth); - -wakelock_use(mtk_hal_bluetooth); - -# bluetooth factory file accesses. -r_dir_file(mtk_hal_bluetooth, bluetooth_efs_file) - -allow mtk_hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms; - -# sysfs access. -allow mtk_hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms; -allow mtk_hal_bluetooth self:capability2 wake_alarm; - -# Allow write access to bluetooth-specific properties -set_prop(mtk_hal_bluetooth, bluetooth_prop) - -# /proc access (bluesleep etc.). -allow mtk_hal_bluetooth proc_bluetooth_writable:file rw_file_perms; - -# VTS tests need to be able to toggle rfkill -allow mtk_hal_bluetooth self:capability net_admin; - -# Purpose : Set to access stpbt driver & NVRAM -allow mtk_hal_bluetooth stpbt_device:chr_file rw_file_perms; - -allow mtk_hal_bluetooth nvdata_file:dir search; -allow mtk_hal_bluetooth nvdata_file:file rw_file_perms; -allow mtk_hal_bluetooth nvram_data_file:lnk_file read; -allow mtk_hal_bluetooth nvdata_file:lnk_file read; - -# Purpose: Allow to search /mnt/vendor/* for fstab when using NVM_Init() -allow mtk_hal_bluetooth mnt_vendor_file:dir search; - -get_prop(mtk_hal_bluetooth, hwservicemanager_prop) - -#add_hwservice(hal_bluetooth, mtk_hal_bluetooth_hwservice) -allow hal_bluetooth_client mtk_hal_bluetooth_hwservice:hwservice_manager find; - -hal_server_domain(mtk_hal_bluetooth,hal_bluetooth); - -# Purpose: Allow BT Driver to insmod -allow mtk_hal_bluetooth wmt_prop:property_service set; diff --git a/r_non_plat/mtk_hal_camera.te b/r_non_plat/mtk_hal_camera.te deleted file mode 100644 index f428efb..0000000 --- a/r_non_plat/mtk_hal_camera.te +++ /dev/null @@ -1,341 +0,0 @@ -# ============================================================================== -# Policy File of /vendor/bin/camerahalserver Executable File - -# ============================================================================== -# Type Declaration -# ============================================================================== - -type mtk_hal_camera, domain; -type mtk_hal_camera_exec, exec_type, file_type, vendor_file_type; - -# ============================================================================== -# MTK Policy Rule -# ============================================================================== - -# ----------------------------------- -# Purpose: Binderized HAL Server -# ----------------------------------- - -# Set up a transition from init to the camerahalserver upon executing its binary. -init_daemon_domain(mtk_hal_camera) - -# Allow a base set of permissions required for a domain to offer a -# HAL implementation of the specified type over HwBinder. -hal_server_domain(mtk_hal_camera, hal_camera) - -hal_server_domain(mtk_hal_camera, mtk_hal_bgs) - -# Allow camerahalserver to use HwBinder and vendor binder IPC. -hwbinder_use(mtk_hal_camera) -vndbinder_use(mtk_hal_camera) - -allow mtk_hal_camera hwservicemanager_prop:file { open read getattr }; - -# ----------------------------------- -# Purpose: Allow camerahalserver to perform binder IPC to servers and callbacks. -# ----------------------------------- - -# callback to cameraserver -binder_call(mtk_hal_camera, cameraserver) - -# callback to shell for debugging -binder_call(mtk_hal_camera, shell) - -# callback to /vendor/bin/aee_aedv for aee debugging -binder_call(mtk_hal_camera, aee_aedv) - -# call the graphics allocator hal -binder_call(mtk_hal_camera, hal_graphics_allocator) - -# call PowerHal -binder_call(mtk_hal_camera, mtk_hal_power) - -# ----------------------------------- -# Purpose: Allow camerahalserver to find a service from hwservice_manager -# ----------------------------------- -allow mtk_hal_camera hal_graphics_mapper_hwservice:hwservice_manager find; -#allow mtk_hal_camera hal_graphics_allocator_hwservice:hwservice_manager find; -allow mtk_hal_camera fwk_sensor_hwservice:hwservice_manager find; -allow mtk_hal_camera mtk_hal_power_hwservice:hwservice_manager find; -allow mtk_hal_camera nvram_data_file:lnk_file { read write getattr setattr read create open }; -allow mtk_hal_camera nvdata_file:lnk_file { read write getattr setattr read create open }; -hal_client_domain(mtk_hal_camera, hal_graphics_allocator) - -# ----------------------------------- -# Purpose: Camera-related devices (driver) -# ----------------------------------- -allow mtk_hal_camera proc_mtk_jpeg:file r_file_perms; -allowxperm mtk_hal_camera proc_mtk_jpeg:file ioctl { - JPG_BRIDGE_ENC_IO_INIT - JPG_BRIDGE_ENC_IO_CONFIG - JPG_BRIDGE_ENC_IO_WAIT - JPG_BRIDGE_ENC_IO_DEINIT - JPG_BRIDGE_ENC_IO_START - }; - -allow mtk_hal_camera camera_sysram_device:chr_file r_file_perms; -allow mtk_hal_camera camera_pipemgr_device:chr_file r_file_perms; -allow mtk_hal_camera camera_isp_device:chr_file rw_file_perms; -allow mtk_hal_camera camera_dip_device:chr_file rw_file_perms; -allow mtk_hal_camera camera_tsf_device:chr_file rw_file_perms; -allow mtk_hal_camera kd_camera_hw_device:chr_file rw_file_perms; -allow mtk_hal_camera kd_camera_flashlight_device:chr_file rw_file_perms; -allow mtk_hal_camera flashlight_device:chr_file rw_file_perms; -allow mtk_hal_camera lens_device:chr_file rw_file_perms; - -# FDVT Driver -allow mtk_hal_camera camera_fdvt_device:chr_file rw_file_perms; - -# DPE Driver -allow mtk_hal_camera camera_dpe_device:chr_file rw_file_perms; - -# MFB Driver -allow mtk_hal_camera camera_mfb_device:chr_file rw_file_perms; - -# WPE Driver -allow mtk_hal_camera camera_wpe_device:chr_file rw_file_perms; - -# mtk_jpeg -allow mtk_hal_camera mtk_jpeg_device:chr_file r_file_perms; - -allow mtk_hal_camera ccu_device:chr_file rw_file_perms; -allow mtk_hal_camera vpu_device:chr_file rw_file_perms; - -# Purpose: RSC driver -allow mtk_hal_camera camera_rsc_device:chr_file rw_file_perms; - -# Purpose: OWE driver -allow mtk_hal_camera camera_owe_device:chr_file rw_file_perms; - -# Purpose: AF related -allow mtk_hal_camera MAINAF_device:chr_file rw_file_perms; -allow mtk_hal_camera MAIN2AF_device:chr_file rw_file_perms; -allow mtk_hal_camera SUBAF_device:chr_file rw_file_perms; -allow mtk_hal_camera FM50AF_device:chr_file rw_file_perms; -allow mtk_hal_camera AD5820AF_device:chr_file rw_file_perms; -allow mtk_hal_camera DW9714AF_device:chr_file rw_file_perms; -allow mtk_hal_camera DW9814AF_device:chr_file rw_file_perms; -allow mtk_hal_camera AK7345AF_device:chr_file rw_file_perms; -allow mtk_hal_camera DW9714A_device:chr_file rw_file_perms; -allow mtk_hal_camera LC898122AF_device:chr_file rw_file_perms; -allow mtk_hal_camera LC898212AF_device:chr_file rw_file_perms; -allow mtk_hal_camera BU6429AF_device:chr_file rw_file_perms; -allow mtk_hal_camera DW9718AF_device:chr_file rw_file_perms; -allow mtk_hal_camera BU64745GWZAF_device:chr_file rw_file_perms; - -# Purpose: Camera EEPROM Calibration -allow mtk_hal_camera CAM_CAL_DRV_device:chr_file rw_file_perms; -allow mtk_hal_camera CAM_CAL_DRV1_device:chr_file rw_file_perms; -allow mtk_hal_camera CAM_CAL_DRV2_device:chr_file rw_file_perms; - -# ----------------------------------- -# Purpose: Other device drivers used by camera -# ----------------------------------- -allow mtk_hal_camera ion_device:chr_file rw_file_perms; -allow mtk_hal_camera sw_sync_device:chr_file rw_file_perms; -allow mtk_hal_camera MTK_SMI_device:chr_file r_file_perms; - -# ----------------------------------- -# Purpose: Filesystem in Userspace (FUSE) -# - sdcard access (buffer dump for EM mode) -# ----------------------------------- -allow mtk_hal_camera fuse:dir { search read write }; -allow mtk_hal_camera fuse:file rw_file_perms; - -# ----------------------------------- -# Purpose: Storage access -# ----------------------------------- -## Date : WK14.XX-15.XX -## nvram access -allow mtk_hal_camera block_device:dir { write search }; -allow mtk_hal_camera nvram_data_file:dir { search add_name write create}; -allow mtk_hal_camera nvram_data_file:file { write getattr setattr read create open }; -## nvram access (dumchar case for nand and legacy chip) -allow mtk_hal_camera nvram_device:chr_file rw_file_perms; -allow mtk_hal_camera self:netlink_kobject_uevent_socket { create setopt bind }; - -## Date : WK14.XX-15.XX -## sdcard access - dump for debug -allow mtk_hal_camera sdcard_type:dir { write add_name create }; -allow mtk_hal_camera sdcard_type:file { append create getattr }; - -# ----------------------------------- -# Purpose: property access -# ----------------------------------- -allow mtk_hal_camera mtkcam_prop:file { open read getattr }; - -# ----------------------------------- -# Android O -# Purpose: Shell Debugging -# ----------------------------------- -# Purpose: Allow shell to invoke "lshal debug <interface>", where <interface> is "ICameraProvider". -# (used in user build) -allow mtk_hal_camera shell:unix_stream_socket { read write }; -allow mtk_hal_camera shell:fifo_file write; - -# ----------------------------------- -# Android O -# Purpose: AEE Debugging -# ----------------------------------- -# Purpose: Allow aee_dumpstate to invoke "lshal debug <interface>", where <interface> is "ICameraProvider". -allow mtk_hal_camera dumpstate:binder { call }; -allow mtk_hal_camera dumpstate:unix_stream_socket { read write }; -allow mtk_hal_camera dumpstate:fd { use }; -allow mtk_hal_camera dumpstate:fifo_file write; - -# Purpose: Allow camerahalserver to dump debug info to SYS_DEBUG_MTKCAM via aee_aedv. -# avc: denied { write } for path="/data/vendor/mtklog/aee_exp/temp/db.9oRG8O/SYS_DEBUG_MTKCAM" -# dev="dm-2" ino=1458278 scontext=u:r:mtk_hal_camera:s0 tcontext=u:object_r:aee_exp_vendor_file:s0 -# tclass=file permissive=0 -allow mtk_hal_camera aee_exp_vendor_file:dir { w_dir_perms }; -allow mtk_hal_camera aee_exp_vendor_file:file { create_file_perms }; - -# ----------------------------------- -# Android O -# Purpose: Debugging -# ----------------------------------- -# Purpose: libmemunreachable.so/GetUnreachableMemory() -allow mtk_hal_camera self:process { ptrace }; - -################################################################################ -# Date : WK14.XX-15.XX -# Operation : Copy from Media server -allow mtk_hal_camera self:capability { setuid ipc_lock sys_nice }; -allow mtk_hal_camera sysfs_wake_lock:file rw_file_perms; -allow mtk_hal_camera nvdata_file:dir { write search add_name }; -allow mtk_hal_camera nvdata_file:file { read write getattr setattr open create }; -allow mtk_hal_camera proc_meminfo:file { read getattr open }; - -## Purpose : for low SD card latency issue -allow mtk_hal_camera sysfs_lowmemorykiller:file { read open }; - -## Purpose : for change thermal policy when needed -allow mtk_hal_camera proc_mtkcooler:dir search; -allow mtk_hal_camera proc_mtktz:dir search; -allow mtk_hal_camera proc_thermal:dir search; -allow mtk_hal_camera thermal_manager_data_file:file create_file_perms; -allow mtk_hal_camera thermal_manager_data_file:dir { rw_dir_perms setattr }; - -## Purpose : cts search strange app -allow mtk_hal_camera untrusted_app:dir search; - -## Purpose : offloadservice -allow mtk_hal_camera offloadservice_device:chr_file rw_file_perms; - -## Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -allow mtk_hal_camera storage_file:lnk_file {read write}; -allow mtk_hal_camera mnt_user_file:dir {write read search}; -allow mtk_hal_camera mnt_user_file:lnk_file {read write}; - -## Purpose: Allow mtk_hal_camera to read binder from surfaceflinger -allow mtk_hal_camera surfaceflinger:fifo_file {read write}; - -## Purpose : camera read/write /nvcfg/camera data -allow mtk_hal_camera nvcfg_file:dir create_dir_perms; -allow mtk_hal_camera nvcfg_file:file create_file_perms; - -# Purpose : for camera init -allow mtk_hal_camera system_server:unix_stream_socket { read write }; - -################################################################################ -# Date : WK16 -# Operation : N Migration -## Purpose: research root dir "/" -allow mtk_hal_camera tmpfs:dir search; - -## Purpose : EGL file access -allow mtk_hal_camera system_file:dir { read open }; -allow mtk_hal_camera gpu_device:dir search; -allow mtk_hal_camera gpu_device:chr_file rw_file_perms; - -## Purpose: Allow to access ged for gralloc_extra functions -allow mtk_hal_camera proc_ged:file rw_file_perms; -allowxperm mtk_hal_camera proc_ged:file ioctl { proc_ged_ioctls }; - -allow mtk_hal_camera debugfs_tracing:file { write open }; - -## Purpose : camera3 IT/CTS -allow mtk_hal_camera debugfs_ion:dir search; -allow mtk_hal_camera hal_graphics_composer_default:fd use; -allow mtk_hal_camera property_socket:sock_file write; - -# Date : WK17.30 -# Operation : O Migration -# Purpose: Allow to access cmdq driver -allow mtk_hal_camera mtk_cmdq_device:chr_file { read ioctl open }; -allow mtk_hal_camera mtk_mdp_device:chr_file rw_file_perms; - -# Date : WK17.36 -# Operation : O Migration -# Purpose: Allow to access battery status -allow mtk_hal_camera sysfs_batteryinfo:dir search; -allow mtk_hal_camera sysfs_batteryinfo:file { getattr open read }; - -# Date : WK17.39 -# Operation : O Migration -# Purpose: Change thermal config -allow mtk_hal_camera mtk_thermal_config_prop:property_service set; - -# Date : WK18.31 -# Stage: P Migration -# Purpose: CCT -allow mtk_hal_camera graphics_device:chr_file { read write ioctl open }; -allow mtk_hal_camera graphics_device:dir search; -allow mtk_hal_camera cct_data_file:dir create_dir_perms; -allow mtk_hal_camera cct_data_file:file create_file_perms; -allow mtk_hal_camera cct_data_file:fifo_file create_file_perms; -allow mtk_hal_camera sysfs_boot_mode:file { read open }; -allow mtk_hal_camera mnt_vendor_file:dir create_dir_perms; -allow mtk_hal_camera mnt_vendor_file:fifo_file create_file_perms; - -# Date : WK18.01 -# Operation : label aee_aed sockets -# Purpose : Engineering mode need access for aee commmand -userdebug_or_eng(` -allow mtk_hal_camera aee_aedv:unix_stream_socket connectto; -') - -# Date : WK18.02 -# Stage: O Migration -# Purpose: ISP tuning remapping -allow mtk_hal_camera mediatek_prop:property_service set; - -# Date : WK18.22 -# Stage: p Migration -# Purpose: NVRAM -allow mtk_hal_camera nvram_data_file:dir search; -allow mtk_hal_camera nvram_data_file:file rw_file_perms; -allow mtk_hal_camera nvram_data_file:lnk_file read; -allow mtk_hal_camera nvdata_file:lnk_file read; -allow mtk_hal_camera nvdata_file:dir create_dir_perms; -allow mtk_hal_camera nvdata_file:file { read write getattr setattr open create }; -allow mtk_hal_camera nvcfg_file:lnk_file read; -allow mtk_hal_camera nvcfg_file:dir create_dir_perms; -allow mtk_hal_camera nvcfg_file:file { read write getattr setattr open create }; -allow mtk_hal_camera mnt_vendor_file:dir search; -allow mtk_hal_camera mnt_vendor_file:file create_file_perms; - -# Date : WK18.35 -# Purpose: allow mtk_hal_camera to access gz_device node -allow mtk_hal_camera gz_device:chr_file rw_file_perms; - -#data/dipdebug -allow mtk_hal_camera aee_dipdebug_vendor_file:dir rw_dir_perms; -allow mtk_hal_camera aee_dipdebug_vendor_file:file { create_file_perms }; - -allow mtk_hal_camera proc_isp_p2:dir search; -allow mtk_hal_camera proc_isp_p2:file {create_file_perms}; - -# Date: 2019/06/14 -# Operation : Migration -allow mtk_hal_camera sysfs_dt_firmware_android:dir search; - -# Date: 2019/07/09 -# Operation : For M4U security -allow mtk_hal_camera proc_m4u:file r_file_perms; -allowxperm mtk_hal_camera proc_m4u:file ioctl MTK_M4U_T_SEC_INIT; - -# Date: 2019/08/27 -# Operation : For android Q allowing ioctl -allow mtk_hal_camera mtk_hal_camera:unix_stream_socket { ioctl }; -allowxperm mtk_hal_camera mtk_hal_camera:unix_stream_socket ioctl IIOCNETAIF; diff --git a/r_non_plat/mtk_hal_em.te b/r_non_plat/mtk_hal_em.te deleted file mode 100644 index 6d3b6a8..0000000 --- a/r_non_plat/mtk_hal_em.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from client to server, and callbacks -binder_call(mtk_hal_em_client, mtk_hal_em_server) -binder_call(mtk_hal_em_server, mtk_hal_em_client) - -add_hwservice(mtk_hal_em_server, mtk_hal_em_hwservice) -allow mtk_hal_em_client mtk_hal_em_hwservice:hwservice_manager find; diff --git a/r_non_plat/mtk_hal_fm.te b/r_non_plat/mtk_hal_fm.te deleted file mode 100644 index ccd0894..0000000 --- a/r_non_plat/mtk_hal_fm.te +++ /dev/null @@ -1,8 +0,0 @@ -# HwBinder IPC from client to server, and callbacks -binder_call(mtk_hal_fm_client, mtk_hal_fm_server) -binder_call(mtk_hal_fm_server, mtk_hal_fm_client) - -add_hwservice(mtk_hal_fm_server, mtk_hal_fm_hwservice) -allow mtk_hal_fm_client mtk_hal_fm_hwservice:hwservice_manager find; - -vndbinder_use(mtk_hal_fm)
\ No newline at end of file diff --git a/r_non_plat/mtk_hal_gnss.te b/r_non_plat/mtk_hal_gnss.te deleted file mode 100644 index 175ff10..0000000 --- a/r_non_plat/mtk_hal_gnss.te +++ /dev/null @@ -1,19 +0,0 @@ -type mtk_hal_gnss, domain; -hal_server_domain(mtk_hal_gnss, hal_gnss); - -type mtk_hal_gnss_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(mtk_hal_gnss) - -#TODO:: work around solution, wait for correct solution from google -vndbinder_use(mtk_hal_gnss) - -#r_dir_file(mtk_hal_gnss, system_file) - -# Communicate over a socket created by mnld process. -allow mtk_hal_gnss mnld_data_file:sock_file create_file_perms; -allow mtk_hal_gnss mnld_data_file:sock_file rw_file_perms; -allow mtk_hal_gnss mnld_data_file:dir create_file_perms; -allow mtk_hal_gnss mnld_data_file:dir rw_dir_perms; - -allow mtk_hal_gnss mnld:unix_dgram_socket sendto; - diff --git a/r_non_plat/mtk_hal_gpu.te b/r_non_plat/mtk_hal_gpu.te deleted file mode 100644 index ab08bdd..0000000 --- a/r_non_plat/mtk_hal_gpu.te +++ /dev/null @@ -1,47 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.gpu@1.0-service Executable File - -# ============================================== -# Type Declaration -# ============================================== - -type mtk_hal_gpu, domain; -type mtk_hal_gpu_exec, exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Setup for domain transition -init_daemon_domain(mtk_hal_gpu) - -# Allow to use HWBinder IPC -hwbinder_use(mtk_hal_gpu); - -# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. -hal_server_domain(mtk_hal_gpu, hal_gpu) - -# add/find permission rule to hwservicemanager -add_hwservice(hal_gpu, mtk_hal_gpu_hwservice) -allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find; - -# Allow to allocate hidl memory -hal_client_domain(mtk_hal_gpu, hal_allocator) - -# Purpose : Allow to use kernel driver -allow mtk_hal_gpu graphics_device:chr_file rw_file_perms; - -# Purpose : Allow permission to set pq property -#set_prop(mtk_hal_gpu, mtk_gpu_prop) - -allow mtk_hal_gpu debugfs_ged:dir rw_dir_perms; -allow mtk_hal_gpu debugfs_ged:file rw_file_perms; -allow mtk_hal_gpu proc_ged:file rw_file_perms; -allowxperm mtk_hal_gpu proc_ged:file ioctl { proc_ged_ioctls }; - -allow mtk_hal_gpu hal_graphics_allocator_default:fd use; -allow mtk_hal_gpu ion_device:chr_file r_file_perms; -allow mtk_hal_gpu debugfs_ion:dir search; - -allow mtk_hal_gpu merged_hal_service:fd use; - diff --git a/r_non_plat/mtk_hal_hdmi.te b/r_non_plat/mtk_hal_hdmi.te deleted file mode 100644 index a1995ca..0000000 --- a/r_non_plat/mtk_hal_hdmi.te +++ /dev/null @@ -1,48 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.hdmi@1.0-service Executable File - -# ============================================== -# Type Declaration -# ============================================== - -type mtk_hal_hdmi, domain; -type mtk_hal_hdmi_exec, exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Setup for domain transition -init_daemon_domain(mtk_hal_hdmi) - -# Allow to use HWBinder IPC -hwbinder_use(mtk_hal_hdmi); - -# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. -hal_server_domain(mtk_hal_hdmi, hal_hdmi) - -# add/find permission rule to hwservicemanager -add_hwservice(hal_hdmi_server, mtk_hal_hdmi_hwservice) - -# Allow to allocate hidl memory -#hal_client_domain(mtk_hal_hdmi, hal_allocator) - -# Purpose : Allow to use kernel driver -allow mtk_hal_hdmi graphics_device:chr_file rw_file_perms; - -# Purpose : Allow permission to get AmbientLux from hwservice_manager -allow mtk_hal_hdmi fwk_sensor_hwservice:hwservice_manager find; - -#for hdmi uevent -allow mtk_hal_hdmi self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; - -#============= Key Manager HIDL Service ============== -allow mtk_hal_hdmi mtk_hal_keymanage:binder call; - -# Purpose : Allow hdmi to call vendor.mediatek.hardware.keymanage@1.0-service. -hal_client_domain(mtk_hal_hdmi, hal_keymaster) - -allow mtk_hal_hdmi mtk_hal_keymanage_hwservice:hwservice_manager find; - -# Purpose : Allow permission to set hdmi property -set_prop(mtk_hal_hdmi, mtk_hdmi_prop); diff --git a/r_non_plat/mtk_hal_imsa.te b/r_non_plat/mtk_hal_imsa.te deleted file mode 100644 index bb04277..0000000 --- a/r_non_plat/mtk_hal_imsa.te +++ /dev/null @@ -1,35 +0,0 @@ -# ============================================================================== -# Type Declaration -# ============================================================================== -type mtk_hal_imsa, domain, mtkimsapdomain; -type mtk_hal_imsa_exec, exec_type, vendor_file_type, file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(mtk_hal_imsa) - -# hwbinder access -hwbinder_use(mtk_hal_imsa) -hal_server_domain(mtk_hal_imsa, hal_imsa) -add_hwservice(hal_imsa_server, mtk_hal_imsa_hwservice) - -# call into system_server process (callbacks) -binder_call(mtk_hal_imsa, system_server) - -# Date : 2017/05/18 -# Operation : VoLTE sanity -# Purpose : Add permission for IMSA connect to IMSM -allow mtk_hal_imsa rild_imsm_socket:sock_file write; - -# Date : 2017/06/08 -# Operation : IMSA sanity -# Purpose : Add permission for IMSA connect to hwservicemanager -allow mtk_hal_imsa hwservicemanager_prop:file { read open }; -allow mtk_hal_imsa hwservicemanager_prop:file getattr; - -# Date : 2017/06/13 -# Operation : IMSA sanity -# Purpose : Add permission for IMSA to access radio -allow mtk_hal_imsa radio:binder call; -allow mtk_hal_imsa debugfs_tracing:file { write open };
\ No newline at end of file diff --git a/r_non_plat/mtk_hal_keyattestation.te b/r_non_plat/mtk_hal_keyattestation.te deleted file mode 100644 index 901f837..0000000 --- a/r_non_plat/mtk_hal_keyattestation.te +++ /dev/null @@ -1,7 +0,0 @@ -# HwBinder IPC from client to server -binder_call(mtk_hal_keyattestation_client, mtk_hal_keyattestation_server); - -add_hwservice(mtk_hal_keyattestation_server, mtk_hal_keyattestation_hwservice) -allow mtk_hal_keyattestation_client mtk_hal_keyattestation_hwservice:hwservice_manager find; - -# allow hal_keymaster tee_device:chr_file rw_file_perms; diff --git a/r_non_plat/mtk_hal_keymanage.te b/r_non_plat/mtk_hal_keymanage.te deleted file mode 100644 index d3efa88..0000000 --- a/r_non_plat/mtk_hal_keymanage.te +++ /dev/null @@ -1,27 +0,0 @@ -# Set a new domain -type mtk_hal_keymanage, domain; - -# Set mtk_hal_keymanage as server domain of hal_keymaster -hal_server_domain(mtk_hal_keymanage, hal_keymaster) - -# Set exec file type -type mtk_hal_keymanage_exec, exec_type, file_type, vendor_file_type; - -# Setup for domain transition -init_daemon_domain(mtk_hal_keymanage) - -# Associate mtk_hal_keymanage_hwservice with all server domain -add_hwservice(hal_keymaster_server, mtk_hal_keymanage_hwservice) - -# Give permission for hal_keymaster_client to find mtk_hal_keymanage_hwservice via hwservice_manager -allow hal_keymaster_client mtk_hal_keymanage_hwservice:hwservice_manager find; - -# Give permission for hal_key_manage to access kisd service - -allow mtk_hal_keymanage kisd:unix_stream_socket connectto; - -# Allow mtk_hal_keyinstall to access /data/key_provisioning -allow mtk_hal_keymanage key_install_data_file:dir { write add_name remove_name search }; -allow mtk_hal_keymanage key_install_data_file:file { write create setattr read getattr unlink open append }; - -allow mtk_hal_keymanage debugfs_tracing:file { write }; diff --git a/r_non_plat/mtk_hal_lbs.te b/r_non_plat/mtk_hal_lbs.te deleted file mode 100644 index 55a9cc7..0000000 --- a/r_non_plat/mtk_hal_lbs.te +++ /dev/null @@ -1,8 +0,0 @@ -# HwBinder IPC from client to server, and callbacks -binder_call(mtk_hal_lbs_client, mtk_hal_lbs_server) -binder_call(mtk_hal_lbs_server, mtk_hal_lbs_client) - -add_hwservice(mtk_hal_lbs_server, mtk_hal_lbs_hwservice) -allow mtk_hal_lbs_client mtk_hal_lbs_hwservice:hwservice_manager find; - -vndbinder_use(mtk_hal_lbs)
\ No newline at end of file diff --git a/r_non_plat/mtk_hal_light.te b/r_non_plat/mtk_hal_light.te deleted file mode 100644 index de88326..0000000 --- a/r_non_plat/mtk_hal_light.te +++ /dev/null @@ -1,23 +0,0 @@ -# ============================================================================== -# Type Declaration -# ============================================================================== -type mtk_hal_light, domain; -type mtk_hal_light_exec, exec_type, file_type, vendor_file_type; - -# hwbinder access -init_daemon_domain(mtk_hal_light) -hwbinder_use(mtk_hal_light) - -# call into system_server process (callbacks) -binder_call(mtk_hal_light, system_server) - -# system file -allow mtk_hal_light system_file:dir read; -allow mtk_hal_light system_file:dir open; - -allow mtk_hal_light sysfs_leds:lnk_file read; -allow mtk_hal_light sysfs_leds:file rw_file_perms; -allow mtk_hal_light sysfs_leds:dir r_dir_perms; - -get_prop(mtk_hal_light, hwservicemanager_prop) -hal_server_domain(mtk_hal_light,hal_light); diff --git a/r_non_plat/mtk_hal_log.te b/r_non_plat/mtk_hal_log.te deleted file mode 100644 index 6db3cd0..0000000 --- a/r_non_plat/mtk_hal_log.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from client to server, and callbacks -binder_call(mtk_hal_log_client, mtk_hal_log_server) -binder_call(mtk_hal_log_server, mtk_hal_log_client) - -add_hwservice(mtk_hal_log_server, mtk_hal_log_hwservice) -allow mtk_hal_log_client mtk_hal_log_hwservice:hwservice_manager find; diff --git a/r_non_plat/mtk_hal_md_dbfilter.te b/r_non_plat/mtk_hal_md_dbfilter.te deleted file mode 100644 index 2b8a4e6..0000000 --- a/r_non_plat/mtk_hal_md_dbfilter.te +++ /dev/null @@ -1,6 +0,0 @@ -# HwBinder IPC from client to server, and callbacks -binder_call(mtk_hal_md_dbfilter_client, mtk_hal_md_dbfilter_server) -binder_call(mtk_hal_md_dbfilter_server, mtk_hal_md_dbfilter_client) - -add_hwservice(mtk_hal_md_dbfilter_server, mtk_hal_md_dbfilter_hwservice) -allow mtk_hal_md_dbfilter_client mtk_hal_md_dbfilter_hwservice:hwservice_manager find; diff --git a/r_non_plat/mtk_hal_mms.te b/r_non_plat/mtk_hal_mms.te deleted file mode 100644 index 5609e97..0000000 --- a/r_non_plat/mtk_hal_mms.te +++ /dev/null @@ -1,55 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.mms@1.0-service Executable File - -# ============================================== -# Type Declaration -# ============================================== - -type mtk_hal_mms, domain; -type mtk_hal_mms_exec, exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Setup for domain transition -init_daemon_domain(mtk_hal_mms) - -# Allow to use HWBinder IPC -hwbinder_use(mtk_hal_mms); - -# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. -hal_server_domain(mtk_hal_mms, hal_mms) - -# add/find permission rule to hwservicemanager -add_hwservice(hal_mms_server, mtk_hal_mms_hwservice) - -# Purpose : Allow to use kernel driver -allow mtk_hal_mms graphics_device:chr_file { read write open ioctl }; -allow mtk_hal_mms ion_device:chr_file { read open ioctl }; -allow mtk_hal_mms mtk_cmdq_device:chr_file { read open ioctl }; -allow mtk_hal_mms mtk_mdp_device:chr_file rw_file_perms; -allow mtk_hal_mms sw_sync_device:chr_file rw_file_perms; -allow mtk_hal_mms mtk_hal_pq_hwservice:hwservice_manager find; - -# Purpose : Allow to use allocator for JPEG -hal_client_domain(mtk_hal_mms, hal_allocator) -allow mtk_hal_mms mtk_hal_pq:binder call; - -# Purpose : Allow to use graphics allocator fd for gralloc_extra -allow mtk_hal_mms hal_graphics_allocator_default:fd use; -allow mtk_hal_mms debugfs_ion:dir search; -allow mtk_hal_mms merged_hal_service:fd use; - -# Purpose : VDEC/VENC device node -allow mtk_hal_mms Vcodec_device:chr_file rw_file_perms; -allow mtk_hal_mms proc_mtk_jpeg:file r_file_perms; -allowxperm mtk_hal_mms proc_mtk_jpeg:file ioctl { - JPG_BRIDGE_ENC_IO_INIT - JPG_BRIDGE_ENC_IO_CONFIG - JPG_BRIDGE_ENC_IO_WAIT - JPG_BRIDGE_ENC_IO_DEINIT - JPG_BRIDGE_ENC_IO_START - }; -# Allow to use mms by JPEG with handle -allow mtk_hal_mms platform_app:fd use; diff --git a/r_non_plat/mtk_hal_power.te b/r_non_plat/mtk_hal_power.te deleted file mode 100644 index fa52542..0000000 --- a/r_non_plat/mtk_hal_power.te +++ /dev/null @@ -1,161 +0,0 @@ -# ============================================================================== -# Type Declaration -# ============================================================================== -type mtk_hal_power, domain; -type mtk_hal_power_exec, exec_type, file_type, vendor_file_type; - -# hwbinder access -init_daemon_domain(mtk_hal_power) -hwbinder_use(mtk_hal_power); - -get_prop(mtk_hal_power, hwservicemanager_prop) -allow mtk_hal_power hal_power_hwservice:hwservice_manager { add find }; -allow mtk_hal_power hidl_base_hwservice:hwservice_manager add; - -add_hwservice(mtk_hal_power, mtk_hal_power_hwservice) -allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find; - -hal_server_domain(mtk_hal_power, hal_power); -hal_server_domain(mtk_hal_power, hal_wifi); - -# sysfs -allow mtk_hal_power sysfs_devices_system_cpu:file rw_file_perms; - -# debugfs -allow mtk_hal_power debugfs_ged:dir r_dir_perms; -allow mtk_hal_power debugfs_ged:file rw_file_perms; - -# proc_thermal -allow mtk_hal_power proc_thermal:file w_file_perms; - -# proc info -allow mtk_hal_power mtk_hal_audio:dir r_dir_perms; - -# Date : 2017/10/02 -# Operation: SQC -# Purpose : Allow powerHAL to access perfmgr -allow mtk_hal_power proc_perfmgr:dir r_dir_perms; -allow mtk_hal_power proc_perfmgr:file rw_file_perms; -allowxperm mtk_hal_power proc_perfmgr:file ioctl PERFMGR_FPSGO_TOUCH; - -# Date : 2017/10/11 -# Operation: SQC -# Purpose : Allow powerHAL to access powerhal folder -allow mtk_hal_power sdcard_type:dir create_dir_perms; -allow mtk_hal_power sdcard_type:file create_file_perms; -allow mtk_hal_power eemcs_device:chr_file rw_file_perms; -allow mtk_hal_power mnt_user_file:dir create_dir_perms; - -allow mtk_hal_power mtk_powerhal_data_file:dir {create_dir_perms rw_dir_perms}; -allow mtk_hal_power mtk_powerhal_data_file:file {create_file_perms rw_file_perms}; -allow mtk_hal_power mtk_powerhal_data_file:sock_file {create_file_perms rw_file_perms}; - -#camera contorl cpu -allow mtk_hal_power mtk_hal_camera:dir r_dir_perms; -allow mtk_hal_power mtk_hal_camera:file r_file_perms; - -# Date : 2017/10/24 -# Operation: SQC -# Purpose : Allow powerHAL to access thermal -allow mtk_hal_power proc_thermal:dir r_dir_perms; -allow mtk_hal_power debugfs_fpsgo:dir r_dir_perms; -allow mtk_hal_power debugfs_fpsgo:file rw_file_perms; - -# Date : 2017/12/19 -# Operation: SQC -# Purpose : Allow powerHAL to access wlan -allow mtk_hal_power proc_net:file w_file_perms; - -# Date : 2017/12/21 -# Operation: SQC -# Purpose : Allow powerHAL to access mediacodec -allow mtk_hal_power mediacodec:dir r_dir_perms; -allow mtk_hal_power mediacodec:file r_file_perms; - -set_prop(mtk_hal_power, mtk_thermal_config_prop) - -# Date : 2018/03/16 -# Operation: SQC -# Purpose : Allow powerHAL to access /d/mtkfb -allow mtk_hal_power debugfs_fb:dir r_dir_perms; -allow mtk_hal_power debugfs_fb:file rw_file_perms; - -# Date : 2018/06/26 -# Operation: Thermal change policy in perfservice - -allow mtk_hal_power proc_thermal:file r_file_perms; -allow mtk_hal_power thermal_manager_data_file:file create_file_perms; -allow mtk_hal_power thermal_manager_data_file:dir { rw_dir_perms setattr }; - - -allow mtk_hal_power thermalloadalgod:unix_stream_socket connectto; - -allow mtk_hal_power proc_mtkcooler:dir r_dir_perms; -allow mtk_hal_power proc_mtkcooler:file rw_file_perms; -allow mtk_hal_power proc_mtktz:dir r_dir_perms; -allow mtk_hal_power proc_mtktz:file rw_file_perms; - -# Date : 2019/05/08 -# Operation: SQC -# Purpose : Allow powerHAL to access /proc/[pid] -allow mtk_hal_power system_server:dir r_dir_perms; -allow mtk_hal_power system_server:file r_file_perms; - -# Date : 2019/07/11 -# Operation: mt6779 SQC -# Purpose : Allow powerHAL to VPU, RILD -allow mtk_hal_power debugfs_vpu_power:dir r_dir_perms; -allow mtk_hal_power debugfs_vpu_power:file rw_file_perms; - -allow mtk_hal_power debugfs_mdla_power:dir r_dir_perms; -allow mtk_hal_power debugfs_mdla_power:file rw_file_perms; - -allow mtk_hal_power rild_oem_socket:sock_file write; -allow mtk_hal_power rild:unix_stream_socket connectto; - -# Date : 2019/05/22 -# Operation: SQC -# Purpose : Allow powerHAL to access block read ahead -allow mtk_hal_power sysfs_dm:dir r_dir_perms; -allow mtk_hal_power sysfs_dm:file rw_file_perms; -allow mtk_hal_power sysfs_mmcblk:dir r_dir_perms; -allow mtk_hal_power sysfs_mmcblk:file rw_file_perms; - -allow mtk_hal_power debugfs_eara_thermal:dir search; -allow mtk_hal_power debugfs_eara_thermal:file { getattr open write read }; - -# Date : 2019/05/22 -# Operation: SQC -# Purpose : Allow powerHAL to access prop -set_prop(mtk_hal_power, mtk_powerhal_prop) - -# Date : 2019/05/29 -# Operation: SQC -# Purpose : Allow powerHAL to access wifi driver -allow mtk_hal_power self:udp_socket create; -allow mtk_hal_power kernel:system module_request; -allow mtk_hal_power self:capability sys_module; -allowxperm mtk_hal_power self:udp_socket ioctl priv_sock_ioctls; - -# Date : W19.20 -# Operation : MTK power hal migration -# Purpose : MTK power hal interface permission -set_prop(mtk_hal_power, mtk_powerhal_prop) - -# Date : 2019/09/05 -# Operation: SQC -# Purpose : Add procfs, sysfs policy -allow mtk_hal_power proc_ppm:dir r_dir_perms; -allow mtk_hal_power proc_ppm:file rw_file_perms; -allow mtk_hal_power proc_cpufreq:dir r_dir_perms; -allow mtk_hal_power proc_cpufreq:file rw_file_perms; -allow mtk_hal_power proc_hps:dir r_dir_perms; -allow mtk_hal_power proc_hps:file rw_file_perms; -allow mtk_hal_power proc_cm_mgr:dir r_dir_perms; -allow mtk_hal_power proc_cm_mgr:file rw_file_perms; -allow mtk_hal_power sysfs_ged:dir r_dir_perms; -allow mtk_hal_power sysfs_ged:file rw_file_perms; -allow mtk_hal_power sysfs_fbt_cpu:dir r_dir_perms; -allow mtk_hal_power sysfs_fbt_cpu:file rw_file_perms; -allow mtk_hal_power sysfs_fbt_fteh:dir r_dir_perms; -allow mtk_hal_power sysfs_fbt_fteh:file rw_file_perms; diff --git a/r_non_plat/mtk_hal_pq.te b/r_non_plat/mtk_hal_pq.te deleted file mode 100644 index 87b6c59..0000000 --- a/r_non_plat/mtk_hal_pq.te +++ /dev/null @@ -1,41 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.pq@2.0-service Executable File - -# ============================================== -# Type Declaration -# ============================================== - -type mtk_hal_pq, domain; -type mtk_hal_pq_exec, exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Setup for domain transition -init_daemon_domain(mtk_hal_pq) - -# Allow to use HWBinder IPC -hwbinder_use(mtk_hal_pq); - -# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. -hal_server_domain(mtk_hal_pq, hal_pq) - -# add/find permission rule to hwservicemanager -add_hwservice(hal_pq_server, mtk_hal_pq_hwservice) - -# Allow to allocate hidl memory -hal_client_domain(mtk_hal_pq, hal_allocator) - -# Purpose : Allow to use kernel driver -allow mtk_hal_pq graphics_device:chr_file { read write open ioctl }; - -# Purpose : Allow property set -allow mtk_hal_pq init:unix_stream_socket connectto; -allow mtk_hal_pq property_socket:sock_file write; - -# Purpose : Allow permission to get AmbientLux from hwservice_manager -allow mtk_hal_pq fwk_sensor_hwservice:hwservice_manager find; - -# Purpose : Allow permission to set pq property -set_prop(mtk_hal_pq, mtk_pq_prop) diff --git a/r_non_plat/mtk_hal_secure_element.te b/r_non_plat/mtk_hal_secure_element.te deleted file mode 100644 index bb51108..0000000 --- a/r_non_plat/mtk_hal_secure_element.te +++ /dev/null @@ -1,18 +0,0 @@ -type mtk_hal_secure_element, domain; -hal_server_domain(mtk_hal_secure_element, hal_secure_element) -type mtk_hal_secure_element_exec, exec_type, vendor_file_type, file_type; - -allow mtk_hal_secure_element secure_element_device:chr_file rw_file_perms; - -init_daemon_domain(mtk_hal_secure_element) - -# Allow to get vendor.mediatek.hardware.radio HIDL interface -allow mtk_hal_secure_element mtk_hal_rild_hwservice:hwservice_manager find; -binder_call(mtk_hal_secure_element, rild) - -# Allow to get android.hardware.radio HIDL interface -hal_client_domain(mtk_hal_secure_element, hal_telephony) -allow mtk_hal_secure_element hal_telephony_hwservice:hwservice_manager find; - -# Allow to use persist.radio.multisim.config -get_prop(mtk_hal_secure_element, exported3_radio_prop) diff --git a/r_non_plat/mtk_hal_sensors.te b/r_non_plat/mtk_hal_sensors.te deleted file mode 100644 index 6ecacea..0000000 --- a/r_non_plat/mtk_hal_sensors.te +++ /dev/null @@ -1,72 +0,0 @@ -# ============================================================================== -# Type Declaration -# ============================================================================== -type mtk_hal_sensors, domain; -type mtk_hal_sensors_exec, exec_type, file_type, vendor_file_type; - -# hwbinder access -init_daemon_domain(mtk_hal_sensors) -hwbinder_use(mtk_hal_sensors) - -# call into system_server process (callbacks) -binder_call(mtk_hal_sensors, system_server) - -# graphics allocator -allow mtk_hal_sensors hal_graphics_allocator_default:fd use; - -# gpu device -allow mtk_hal_sensors gpu_device:dir create_dir_perms; -allow mtk_hal_sensors gpu_device:chr_file rw_file_perms; -allow mtk_hal_sensors dri_device:chr_file rw_file_perms; - -# ion device -allow mtk_hal_sensors ion_device:dir create_dir_perms; -allow mtk_hal_sensors ion_device:chr_file rw_file_perms; -# system file -allow mtk_hal_sensors system_file:dir read; -allow mtk_hal_sensors system_file:dir open; - -# sensors input rw access -allow mtk_hal_sensors sysfs_sensor:dir r_dir_perms; -allow mtk_hal_sensors sysfs_sensor:file rw_file_perms; - -# hal sensor for chr_file -allow mtk_hal_sensors hwmsensor_device:chr_file r_file_perms; -get_prop(mtk_hal_sensors, hwservicemanager_prop) - -#hwservicemanager -hal_server_domain(mtk_hal_sensors, hal_sensors); - -# Access sensor bio devices -allow mtk_hal_sensors sensorlist_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_acc_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_als_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_ps_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_mag_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_gyro_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_baro_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_hmdy_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_act_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_pedo_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_situ_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_step_c_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_fusion_misc_device:chr_file rw_file_perms; -allow mtk_hal_sensors m_bio_misc_device:chr_file rw_file_perms; - -# Access mtk sensor setting and calibration node. -# for data -allow mtk_hal_sensors sensor_data_file:file create_file_perms; -allow mtk_hal_sensors sensor_data_file:dir create_dir_perms; -# for nvcfg -allow mtk_hal_sensors nvcfg_file:file create_file_perms; -allow mtk_hal_sensors nvcfg_file:dir create_dir_perms; - - -# Date : WK18.21 -# Operation: P migration -# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() -allow mtk_hal_sensors mnt_vendor_file:dir search; - -# Date : WK19.48 -# Purpose: fix [vts_10.0_r2]VtsHalSensorsV2_0Target fail -allow mtk_hal_sensors merged_hal_service:fd use; diff --git a/r_non_plat/mtk_hal_wifi.te b/r_non_plat/mtk_hal_wifi.te deleted file mode 100644 index 4740f38..0000000 --- a/r_non_plat/mtk_hal_wifi.te +++ /dev/null @@ -1,5 +0,0 @@ -type mtk_hal_wifi, domain; -hal_server_domain(mtk_hal_wifi, hal_wifi) - -type mtk_hal_wifi_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(mtk_hal_wifi) diff --git a/r_non_plat/mtk_wmt_launcher.te b/r_non_plat/mtk_wmt_launcher.te deleted file mode 100644 index f0bc360..0000000 --- a/r_non_plat/mtk_wmt_launcher.te +++ /dev/null @@ -1,26 +0,0 @@ -# ============================================== -# Policy File of /system/bin/mtk_wmt_launcher Executable File - - -# ============================================== -# Type Declaration -# ============================================== -type mtk_wmt_launcher ,domain; -type mtk_wmt_launcher_exec , exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(mtk_wmt_launcher) - -# set the property -set_prop(mtk_wmt_launcher, wmt_prop) - -# add ioctl/open/read/write permission for mtk_wmt_launcher with /dev/stpwmt -allow mtk_wmt_launcher stpwmt_device:chr_file rw_file_perms; -allow mtk_wmt_launcher devpts:chr_file rw_file_perms; -allow mtk_wmt_launcher system_file:dir { read open }; - -# Date : W18.01 -# Add for turn on SElinux in enforcing mode -allow mtk_wmt_launcher vendor_file:dir { read open };
\ No newline at end of file diff --git a/r_non_plat/mtkbootanimation.te b/r_non_plat/mtkbootanimation.te deleted file mode 100644 index 4c56c81..0000000 --- a/r_non_plat/mtkbootanimation.te +++ /dev/null @@ -1,50 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date : WK14.37 -# Operation : Migration -# Purpose : for opetator -allow mtkbootanimation bootani_prop:property_service set; - -# Date : WK14.46 -# Operation : Migration -# Purpose : For MTK Emulator HW GPU -allow mtkbootanimation qemu_pipe_device:chr_file rw_file_perms; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow mtkbootanimation proc_ged:file rw_file_perms; - -# ============================================== -# Type Declaration for secmem -# ============================================== -type proc_secmem, fs_type, proc_type; -# genfscon proc /secmem0 u:object_r:proc_secmem:s0; - -# Date : WK14.31 -# Operation : Migration -# Purpose : access to sec mem proc interface. -allow mtkbootanimation proc_secmem:file { read open}; - -# Date : WK14.36 -# Operation : Migration -# Purpose : for ui -# allow mtkbootanimation guiext-server:binder call; -# allow mtkbootanimation guiext-server:binder transfer; - -# Date : WK16.29 -# Operation : Migration -# Purpose : for gpu access -allow mtkbootanimation dri_device:chr_file { read write open ioctl }; - -# Date : WK17.29 -# Operation : Migration -# Purpose : for device bring up -# allow mtkbootanimation guiext-server_service:service_manager find; - -# Date : WK17.48 -# Operation : Migration -# Purpose : FPSGO integration -allow mtkbootanimation proc_perfmgr:dir {search read}; -allow mtkbootanimation proc_perfmgr:file {open read ioctl}; diff --git a/r_non_plat/mtkrild.te b/r_non_plat/mtkrild.te deleted file mode 100644 index b064169..0000000 --- a/r_non_plat/mtkrild.te +++ /dev/null @@ -1,125 +0,0 @@ -# ============================================== -# Policy File of /system/bin/mtkrild Executable File - -# ============================================== -# Type Declaration -# ============================================== -type mtkrild_exec , exec_type, file_type, vendor_file_type; -type mtkrild ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(mtkrild) -net_domain(mtkrild) - -# Trigger module auto-load. -allow mtkrild kernel:system module_request; - -# Capabilities assigned for mtkrild -allow mtkrild self:capability { setuid net_admin net_raw }; - -# Control cgroups -allow mtkrild cgroup:dir create_dir_perms; - -# Property service -# allow set RIL related properties (radio./net./system./etc) -#set_prop(mtkrild, radio_prop) -#set_prop(mtkrild, net_radio_prop) -#set_prop(mtkrild, system_radio_prop) -auditallow mtkrild net_radio_prop:property_service set; -auditallow mtkrild system_radio_prop:property_service set; -set_prop(mtkrild, ril_active_md_prop) -# allow set muxreport control properties -set_prop(mtkrild, ril_cdma_report_prop) -set_prop(mtkrild, ril_mux_report_case_prop) -set_prop(mtkrild, ctl_muxreport-daemon_prop) - -#Dat: 2017/02/14 -#Purpose: allow set telephony Sensitive property -set_prop(mtkrild, mtk_telephony_sensitive_prop) - -# Access to wake locks -wakelock_use(mtkrild) - -# Allow access permission to efs files -allow mtkrild efs_file:dir create_dir_perms; -allow mtkrild efs_file:file create_file_perms; -allow mtkrild bluetooth_efs_file:file r_file_perms; -allow mtkrild bluetooth_efs_file:dir r_dir_perms; - -# Allow access permission to dir/files -# (radio data/system data/proc/etc) -# Violate Android P rule -allow mtkrild sdcardfs:dir r_dir_perms; -allow mtkrild proc_net:file w_file_perms; - -# Set and get routes directly via netlink. -allow mtkrild self:netlink_route_socket nlmsg_write; - -# Allow read/write to devices/files -allow mtkrild radio_device:chr_file rw_file_perms; -allow mtkrild radio_device:blk_file r_file_perms; -allow mtkrild mtd_device:dir search; -# Allow read/write to tty devices -allow mtkrild tty_device:chr_file rw_file_perms; -allow mtkrild eemcs_device:chr_file { rw_file_perms }; - -#allow mtkrild Vcodec_device:chr_file { rw_file_perms }; -allow mtkrild devmap_device:chr_file { r_file_perms }; -allow mtkrild devpts:chr_file { rw_file_perms }; -allow mtkrild ccci_device:chr_file { rw_file_perms }; -allow mtkrild misc_device:chr_file { rw_file_perms }; -allow mtkrild proc_lk_env:file rw_file_perms; -#allow mtkrild bootdevice_block_device:blk_file { rw_file_perms }; -allow mtkrild para_block_device:blk_file { rw_file_perms }; - -# Allow dir search, fd uses -allow mtkrild block_device:dir search; -allow mtkrild platform_app:fd use; -allow mtkrild radio:fd use; - -# For MAL MFI -allow mtkrild mal_mfi_socket:sock_file { w_file_perms }; - -# For ccci sysfs node -allow mtkrild sysfs_ccci:dir search; -allow mtkrild sysfs_ccci:file r_file_perms; - -#For Kryptowire mtklog issue -allow mtkrild aee_aedv:unix_stream_socket connectto; -# Allow ioctl in order to control network interface -allowxperm mtkrild self:udp_socket ioctl {SIOCDELRT SIOCSIFFLAGS SIOCSIFADDR SIOCKILLADDR SIOCDEVPRIVATE SIOCDEVPRIVATE_1}; - -# Allow to use vendor binder -vndbinder_use(mtkrild) - -# Allow to trigger IPv6 RS -allow mtkrild node:rawip_socket node_bind; - -#Date : W18.15 -#Purpose: allow rild access to vendor.ril.ipo system property -set_prop(mtkrild, vendor_ril_ipo_prop) - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow mtkrild to get tel_switch_prop -get_prop(mtkrild, tel_switch_prop) - -#Date: W1817 -#Purpose: allow rild access property of vendor_radio_prop -set_prop(mtkrild, vendor_radio_prop) - -# Date : WK18.26 -# Operation: P migration -# Purpose: Allow carrier express HIDL to set vendor property -set_prop(mtkrild, mtk_cxp_vendor_prop) -allow mtkrild mnt_vendor_file:dir search; -allow mtkrild mnt_vendor_file:file create_file_perms; -allow mtkrild nvdata_file:dir create_dir_perms; -allow mtkrild nvdata_file:file create_file_perms; - -# Date : WK18.31 -# Operation: P migration -# Purpose: Allow supplementary service HIDL to set vendor property -set_prop(mtkrild, mtk_ss_vendor_prop) diff --git a/r_non_plat/muxreport.te b/r_non_plat/muxreport.te deleted file mode 100644 index 1b7243b..0000000 --- a/r_non_plat/muxreport.te +++ /dev/null @@ -1,36 +0,0 @@ -# ============================================== -# Policy File of /system/bin/muxreport Executable File - -# ============================================== -# Type Declaration -# ============================================== -type muxreport_exec , exec_type, file_type, vendor_file_type; -type muxreport ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(muxreport) - -# Property service -# allow set muxreport control properties -set_prop(muxreport, ril_mux_report_case_prop) - -# Allow read/write to devices/files -allow muxreport ccci_device:chr_file { rw_file_perms }; -allow muxreport devpts:chr_file { rw_file_perms }; -allow muxreport eemcs_device:chr_file { rw_file_perms }; -allow muxreport emd_device:chr_file { rw_file_perms }; -# Allow read to sys/kernel/ccci/* files -allow muxreport sysfs_ccci:dir search; -allow muxreport sysfs_ccci:file r_file_perms; - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow muxreport to get tel_switch_prop -get_prop(muxreport, tel_switch_prop) - -#Date: W1824 -#Purpose: allow muxreport access property of vendor_radio_prop -set_prop(muxreport, vendor_radio_prop) - diff --git a/r_non_plat/netd.te b/r_non_plat/netd.te deleted file mode 100644 index 2783d06..0000000 --- a/r_non_plat/netd.te +++ /dev/null @@ -1,65 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - - -# Date : WK14.34 -# Operation : Migration -# Purpose : For WIFI SANITY test to set FW path(STA/P2P/AP) -# Owner: TingTing Lei -allow netd wmtWifi_device:chr_file { write open }; - -# Date : WK14.34 -# Operation : Migration -# Purpose : NA -# Owner: Changqing Sun -# allow netd kernel:system module_request; -# allow netd self:capability sys_module; -allow netd self:capability fsetid; - -# Date : WK14.34 -# Operation : Migration -# Purpose: APP -allow netd platform_app:fd use; - - -# Date : WK14.37 -# Operation : Migration -# Purpose : PPPOE Test -# Owner : lina wang -allow netd ppp:process sigkill; - -# Date : WK14.39 -# Operation : Migration -# Purpose : MDLogger USB logging -# Owner : Bo shang -allow netd mdlogger:fd use; -allow netd mdlogger:tcp_socket { read write }; -allow netd mdlogger:tcp_socket { getopt setopt }; - -# Date : WK14.41 -# Operation : Migration -# Purpose : network logging -# Owner : Bo shang -allow netd netdiag:fd use; -allow netd netdiag:udp_socket { read write getopt setopt}; - -# Date : WK14.44 -# Operation : Migration -# Purpose : ALPS01789552 -#============= netd ============== -allow netd self:capability { setuid setgid }; - - -#============= netd ============== -allow netd untrusted_app:fd use; - - -# Date : W15.02 -# Operation : SQC -# Purpose : CTS for wifi -allow netd untrusted_app:unix_stream_socket { read write getopt setopt}; -allow netd isolated_app:fd use; - -# MTK support antutu feature -get_prop(netd, mtk_antutu_prop); diff --git a/r_non_plat/netdiag.te b/r_non_plat/netdiag.te deleted file mode 100644 index cb19c48..0000000 --- a/r_non_plat/netdiag.te +++ /dev/null @@ -1,28 +0,0 @@ -# Purpose : for access storage file -allow netdiag sdcard_type:dir create_dir_perms; -allow netdiag sdcard_type:file create_file_perms; -allow netdiag net_data_file:file r_file_perms; -allow netdiag net_data_file:dir search; -allow netdiag storage_file:dir search; -allow netdiag storage_file:lnk_file read; -allow netdiag mnt_user_file:dir search; -allow netdiag mnt_user_file:lnk_file read; -allow netdiag platform_app:dir search; -allow netdiag untrusted_app:dir search; -allow netdiag mnt_media_rw_file:dir search; -allow netdiag vfat:dir create_dir_perms; -allow netdiag vfat:file create_file_perms; -allow netdiag tmpfs:lnk_file read; - -#Purpose : for network log property -set_prop(netdiag, debug_netlog_prop) -set_prop(netdiag, persist_mtklog_prop) -set_prop(netdiag, debug_mtklog_prop) - -# Purpose : for acess /system/bin/toybox, mmc_prop,proc_net and safemode_prop -allow netdiag device_logging_prop:file { getattr open }; -allow netdiag mmc_prop:file { getattr open }; - -# purpose: allow netdiag to access storage in new version -allow netdiag media_rw_data_file:file { create_file_perms }; -allow netdiag media_rw_data_file:dir { create_dir_perms }; diff --git a/r_non_plat/nvram_agent_binder.te b/r_non_plat/nvram_agent_binder.te deleted file mode 100644 index 6655e6e..0000000 --- a/r_non_plat/nvram_agent_binder.te +++ /dev/null @@ -1,66 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/nvram_agent_binder Executable File - -# ============================================== -# Type Declaration -# ============================================== -type nvram_agent_binder_exec , exec_type, file_type, vendor_file_type; -type nvram_agent_binder ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(nvram_agent_binder) - -# Date : WK14.35 -# Operation : access nvram by binder -# Purpose : ensure nvram user can access nvram file normally. -#allow nvram_agent_binder nvram_agent_service:service_manager add; - -# Date : WK14.43 -# Operation : 2rd Selinux Migration -# Purpose : the role of nvram_agent_binder is same with nvram_daemon except property_set & exect permission -allow nvram_agent_binder nvram_device:blk_file rw_file_perms; -allow nvram_agent_binder nvdata_device:blk_file rw_file_perms; -allow nvram_agent_binder nvram_data_file:dir create_dir_perms; -allow nvram_agent_binder nvram_data_file:file create_file_perms; -allow nvram_agent_binder nvram_data_file:lnk_file read; -allow nvram_agent_binder nvdata_file:lnk_file read; -allow nvram_agent_binder nvdata_file:dir create_dir_perms; -allow nvram_agent_binder nvdata_file:file create_file_perms; - -allow nvram_agent_binder als_ps_device:chr_file r_file_perms; -allow nvram_agent_binder mtk-adc-cali_device:chr_file rw_file_perms; -allow nvram_agent_binder gsensor_device:chr_file r_file_perms; -allow nvram_agent_binder gyroscope_device:chr_file r_file_perms; -allow nvram_agent_binder self:capability { fowner chown fsetid }; - -# Purpose: for backup -allow nvram_agent_binder nvram_device:chr_file rw_file_perms; -allow nvram_agent_binder pro_info_device:chr_file rw_file_perms; -allow nvram_agent_binder block_device:dir search; - -# for MLC device -allow nvram_agent_binder mtd_device:dir search; -allow nvram_agent_binder mtd_device:chr_file rw_file_perms; - -#for nvram agent hidl -get_prop(nvram_agent_binder, hwservicemanager_prop) - -# Allow to use HWBinder IPC -hwbinder_use(nvram_agent_binder); - -# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder. -hal_server_domain(nvram_agent_binder, hal_nvramagent) - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow nvram_daemon to get tel_switch_prop -get_prop(nvram_daemon, tel_switch_prop) - -# Date : WK18.21 -# Operation: P migration -# Purpose: Allow to search /mnt/vendor/nvdata when using nvram function -allow nvram_agent_binder mnt_vendor_file:dir search; - -allow nvram_agent_binder sysfs_boot_mode:file r_file_perms; diff --git a/r_non_plat/nvram_daemon.te b/r_non_plat/nvram_daemon.te deleted file mode 100644 index 71db04c..0000000 --- a/r_non_plat/nvram_daemon.te +++ /dev/null @@ -1,90 +0,0 @@ -# ============================================== -# Policy File of /vendor/binnvram_daemon Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type nvram_daemon_exec , exec_type, file_type, vendor_file_type; -type nvram_daemon ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(nvram_daemon) - - - -# Date : WK14.31 -# Operation : Migration -# Purpose : the device is used to store Nvram backup data that can not be lost. -allow nvram_daemon nvram_device:blk_file rw_file_perms; -allow nvram_daemon nvdata_device:blk_file rw_file_perms; - -# Date : WK14.35 -# Operation : chown folder and file permission -# Purpose : ensure nvram user can access nvram file normally when upgrade from KK/KK.AOSP to L. -allow nvram_daemon nvram_data_file:dir create_dir_perms; -allow nvram_daemon nvram_data_file:file create_file_perms; -allow nvram_daemon nvram_data_file:lnk_file read; -allow nvram_daemon nvdata_file:lnk_file read; -allow nvram_daemon nvdata_file:dir create_dir_perms; -allow nvram_daemon nvdata_file:file create_file_perms; - -allow nvram_daemon als_ps_device:chr_file r_file_perms; -allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms; -allow nvram_daemon gsensor_device:chr_file r_file_perms; -allow nvram_daemon gyroscope_device:chr_file r_file_perms; -allow nvram_daemon init:unix_stream_socket connectto; - -# Purpose: for property set -allow nvram_daemon self:capability { fowner chown fsetid }; - -# Purpose: for backup -allow nvram_daemon nvram_device:chr_file rw_file_perms; -allow nvram_daemon pro_info_device:chr_file rw_file_perms; - -allow nvram_daemon block_device:dir search; - -# Purpose: for nand project -allow nvram_daemon mtd_device:dir search; -allow nvram_daemon mtd_device:chr_file rw_file_perms; - -# Purpose: for fstab parser -allow nvram_daemon kmsg_device:chr_file w_file_perms; -allow nvram_daemon proc_lk_env:file rw_file_perms; - -# Purpose: property set -allow nvram_daemon service_nvram_init_prop:property_service set; - -# Purpose: copy /fstab* -allow nvram_daemon rootfs:dir { read open }; -allow nvram_daemon rootfs:file r_file_perms; - -# Purpose: remove /data/nvram link -allow nvram_daemon nvram_data_file:lnk_file unlink; - -# Purpose: for setting property -# ro.wlan.mtk.wifi.5g relabel to wifi_5g_prop -# denied { set } for property=ro.wlan.mtk.wifi.5g pid=242 uid=0 gid=1000 scontext=u:r:nvram_daemon:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=1 -set_prop(nvram_daemon, service_nvram_init_prop) -set_prop(nvram_daemon, wifi_5g_prop) - -#WK17.26 camera 8163 -allow nvram_daemon sysfs:dir read; - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow nvram_daemon to get tel_switch_prop -get_prop(nvram_daemon, tel_switch_prop) - -# Date : WK18.21 -# Operation: P migration -# Purpose: Allow nvram_daemon to search /mnt/vendor/nvdata for fstab -allow nvram_daemon mnt_vendor_file:dir search; -allow nvram_daemon self:capability { fowner chown fsetid }; - -allow nvram_daemon sysfs_boot_mode:file r_file_perms; - diff --git a/r_non_plat/permissive.te b/r_non_plat/permissive.te deleted file mode 100644 index cd38fd1..0000000 --- a/r_non_plat/permissive.te +++ /dev/null @@ -1,5 +0,0 @@ -userdebug_or_eng(` - - -') - diff --git a/r_non_plat/platform_app.te b/r_non_plat/platform_app.te deleted file mode 100644 index 33178e0..0000000 --- a/r_non_plat/platform_app.te +++ /dev/null @@ -1,127 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -typeattribute platform_app mlstrustedsubject; - -# Date : 2017/07/03 -# Operation : Migration -# Purpose : get/set agps configuration via mtk_hal_lbs -hal_client_domain(platform_app, mtk_hal_lbs) - - -# Date : 2014/08/21 -# Operation : Migration -# Purpose : FMRadio enable driver access permission for fmradio hardware device -# Package: com.mediatek.fmradio -allow platform_app fm_device:chr_file rw_file_perms; - -# Date : 2014/09/11 -# Operation : Migration -# Purpose : MTKLogger need setup local socket with native daemon:mobile_logd, -# netdialog,mdlogger,emdlogger,cmddumper -# Package: com.mediatek.mtklogger -allow platform_app mobile_log_d:unix_stream_socket connectto; -allow platform_app mdlogger:unix_stream_socket connectto; -allow platform_app emdlogger:unix_stream_socket connectto; -allow platform_app cmddumper:unix_stream_socket connectto; -allow platform_app connsyslogger:unix_stream_socket connectto; -unix_socket_connect(platform_app, netdiag, netdiag) -# Date: 2018/11/17 -# purpose: allow MTKLogger to control Bluetooth HCI log via socket -allow platform_app bluetooth:unix_stream_socket connectto; - -# Date : 2014/10/17 -# Operation : Migration -# Purpose :Make MTKLogger or VIASaber apk can Access TTYSDIO_device -# Package: com.mediatek.mtklogger -allow platform_app ttySDIO_device:chr_file rw_file_perms; - -# Date : 2014/10/17 -# Operation : Migration -# Purpose :Make MTKLogger or VIASaber apk can Access storage -# Package: com.mediatek.mtklogger -allow platform_app sdcard_type:file create_file_perms; -allow platform_app sdcard_type:dir create_dir_perms; - -# Date : 2014/11/12 -# Operation : Migration -# Purpose : MTKLogger need copy exception db from data folder -# Package: com.mediatek.mtklogger -allow platform_app aee_exp_data_file:file r_file_perms; -allow platform_app aee_exp_data_file:dir r_dir_perms; - -# Date : 2014/11/14 -# Operation : Migration -# Purpose : MTKLogger need update md config file in data for mode changed -# Package: com.mediatek.mtklogger -allow platform_app mdlog_data_file:file rw_file_perms; -allow platform_app mdlog_data_file:dir rw_dir_perms; - -# Date : 2015/01/13 -# Operation : New feature for GPS Log -# Purpose : MTKLogger need setup local socket with mnld -# Package: com.mediatek.mtklogger -# TODO:: MTK need to remove later -not_full_treble(` - allow platform_app mnld:unix_stream_socket connectto; -') - -# Date : WK17.46 -# Operation : Migration -# Purpose : allow MTKLogger to read KE DB -allow platform_app aee_dumpsys_data_file:file r_file_perms; - -# Date : WK18.17 -# Operation : P Migration -# Purpose: allow platform_app to read /data/vendor/mtklog/aee_exp -allow platform_app aee_exp_vendor_file:dir search; -allow platform_app aee_exp_vendor_file:dir { read getattr open }; -allow platform_app aee_exp_vendor_file:file { read getattr open }; - -# Date : WK18.21 -# Operation : Migration -# Purpose : Do FM operation via mtk_hal_fm -hal_client_domain(platform_app, mtk_hal_fm) - -# Date: 2018/03/23 -# Operation : Migration -# Purpose : MTKLogger need connect to log hidl server -# Package: com.mediatek.mtklogger -hal_client_domain(platform_app, mtk_hal_log) - -# Date: 2018/06/08 -# Operation : Migration -# Purpose : MTKLogger need get netlog/mdlog/mobilelog property for property change -# Package: com.mediatek.mtklogger -# allow platform_app debug_mdlogger_prop:file r_file_perms; -# allow platform_app debug_mtklog_prop:file r_file_perms; -get_prop(platform_app, debug_mdlogger_prop) -get_prop(platform_app, debug_mtklog_prop) -get_prop(platform_app, vendor_bluetooth_prop) -get_prop(platform_app, mobile_log_prop) - -get_prop(platform_app, vendor_connsysfw_prop) - -# Date: 2018/11/08 -# Operation : JPEG -# Purpose : JPEG need to use PQ via MMS HIDL -allow platform_app mtk_hal_mms_hwservice:hwservice_manager find; -allow platform_app mtk_hal_mms:binder call; - -# Date: 2019/07/04 -# Stage: Migration -# Purpose: Allow to use lomo effect -# Package: com.mediatek.camera -#allow platform_app hal_camera_hwservice:hwservice_manager find; -allow platform_app mtk_hal_camera:binder call; -allow platform_app sw_sync_device:chr_file rw_file_perms; - -# Date: 2019/07/04 -# Purpose: Allow platform app to use BGService HIDL and access mtk_hal_camera -hal_client_domain(platform_app, mtk_hal_bgs) -allow platform_app mtk_hal_bgs_hwservice:hwservice_manager find; -binder_call(platform_app, mtk_hal_bgs) -binder_call(mtk_hal_bgs, platform_app) -binder_call(platform_app, mtk_hal_camera) -binder_call(mtk_hal_camera, platform_app) diff --git a/r_non_plat/property.te b/r_non_plat/property.te deleted file mode 100644 index fe5f367..0000000 --- a/r_non_plat/property.te +++ /dev/null @@ -1,320 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# MTK properties, allow all system/vendor processes to read. -type mtk_default_prop, property_type, mtk_core_property_type; - -# Date: W14.32 -# Operation: Migration -# Purpose: don't allow to use default_prop -### TBD -#neverallow { domain -init } default_prop:property_service set; -#neverallow { domain -init -system_server -recovery -system_app} ctl_default_prop:property_service set; - -#=============allow ccci_mdinit to start gsm0710muxd============== -type ctl_gsm0710muxd_prop, property_type; -type ctl_gsm0710muxd-s_prop, property_type; -type ctl_gsm0710muxd-d_prop, property_type; - -#=============allow viarild to start property============== -type ctl_viarild_prop, property_type; -#=============allow mtkrild to set persist.ril property============== -type vendor_ril_ipo_prop, property_type, mtk_core_property_type; - -#=============allow gsm0710muxd to set mux property============== -type gsm0710muxd_prop, property_type, mtk_core_property_type; - -#=============allow netlog running============== -type debug_mtklog_prop, property_type, extended_core_property_type; -type persist_mtklog_prop, property_type, extended_core_property_type; -type debug_netlog_prop, property_type, extended_core_property_type; - -#=============allow netd to set mtk_wifi.*========================= -type mtk_wifi_prop, property_type, mtk_core_property_type; - -#=============allow mdlogger============== -type debug_mdlogger_prop, property_type, extended_core_property_type; -type vendor_mdl_prop, property_type, extended_core_property_type; -type vendor_mdl_start_prop, property_type, extended_core_property_type; -type vendor_usb_prop, property_type; -type persist_mdlog_prop, property_type, extended_core_property_type; -type vendor_mdl_pulllog_prop, property_type, extended_core_property_type; - -#=============allow AEE============== -type persist_mtk_aee_prop, property_type, extended_core_property_type; -type persist_aee_prop, property_type, extended_core_property_type; -type debug_mtk_aee_prop, property_type, extended_core_property_type; - -type persist_mtk_aeev_prop, property_type, mtk_core_property_type; -type persist_aeev_prop, property_type, mtk_core_property_type; -type debug_mtk_aeev_prop, property_type, mtk_core_property_type; -type ro_mtk_aee_prop, property_type, mtk_core_property_type; - -#=============allow aee_dumpstate============== -type debug_bq_dump_prop, property_type, extended_core_property_type; - -#=============allow ccci_mdinit to stop rild============== -type ctl_ril-daemon-mtk_prop, property_type; -type ctl_fusion_ril_mtk_prop, property_type; -type ctl_ril-daemon-s_prop, property_type; -type ctl_ril-daemon-d_prop, property_type; -type ctl_ril-proxy_prop, property_type; - -#=============allow ccci_mdinit to start ccci_fsd============== -type ctl_ccci_fsd_prop, property_type; -type ctl_ccci2_fsd_prop, property_type; -type ctl_ccci3_fsd_prop, property_type; - -#=============allow ccci_mdinit to set ril_active_md_prop============== -type ril_active_md_prop, property_type, mtk_core_property_type; - -#=============allow ccci_mdinit to stop rild============== -type ril_mux_report_case_prop, property_type, mtk_core_property_type; -type ril_cdma_report_prop, property_type, mtk_core_property_type; - -#=============allow ccci_mdinit to mtk_md_prop============== -type mtk_md_prop, property_type, mtk_core_property_type; - -#=============allow mtkrild to start muxreport============== -type ctl_muxreport-daemon_prop, property_type; - -#=============allow telephony modules to set tel_switch_prop============== -type tel_switch_prop, property_type, mtk_core_property_type; - -#=============allow bootanim============== -type bootani_prop, property_type, extended_core_property_type; - -#=============allow mnld_prop============== -type mnld_prop, property_type, mtk_core_property_type; - -#=============allow audiohal============== -type audiohal_prop, property_type, mtk_core_property_type; - -#=============allow wmt============== -type wmt_prop, property_type, mtk_core_property_type; -type coredump_prop, property_type, mtk_core_property_type; - -#=============allow sensor============== -type ctl_emcsmdlogger_prop, property_type; -type ctl_eemcs_fsd_prop, property_type; - -#=============allow statusd============== -type net_cdma_mdmstat, property_type, mtk_core_property_type; - -#=============allow bt============== -type persist_bt_prop, property_type, mtk_core_property_type; - -#============= allow factory idle current prop ============== -type vendor_factory_idle_state_prop, property_type, mtk_core_property_type; - -#============= allow mobile log property =============== -type mobile_log_prop, property_type, extended_core_property_type; - -#============= allow service.nvram_init property =============== -type service_nvram_init_prop, property_type, mtk_core_property_type; - -#============= allow ro.wlan.mtk.wifi.5g property =============== -type wifi_5g_prop, property_type, mtk_core_property_type; - -#=============allow em to set client.appmode ============== -type mtk_em_prop, property_type, mtk_core_property_type; - -#=============allow mediatek_prop ============== -type mediatek_prop, property_type, mtk_core_property_type; - -#=============Property set by EM, for test/debug purpose========= -type mtk_em_sys_prop, property_type, extended_core_property_type; -type mtk_em_hidl_prop, property_type, mtk_core_property_type; - -#============= allow em set protocol =============== -type mtk_em_net_auto_tethering_prop, property_type, extended_core_property_type; - -#=============allow em set property============= -type mtk_operator_id_prop, property_type, mtk_core_property_type; - -#=============allow em set testsim.cardtype property=========== -type mtk_simswitch_emmode_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_dsbp_support_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_imstestmode_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_smsformat_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_gprs_prefer_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_testsim_cardtype_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_ct_ir_engmode_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_disable_c2k_cap_prop, property_type, mtk_core_property_type; - -#=============allow em to set modem reset delay property================ -type mtk_debug_md_reset_prop, property_type, mtk_core_property_type; - -#=============allow em to set video log omx.* property================ -type mtk_omx_log_prop, property_type, mtk_core_property_type; - -#=============allow em to set vdec log property================ -type mtk_vdec_log_prop, property_type, mtk_core_property_type; - -#=============allow em to set vdectlc log property================ -type mtk_vdectlc_log_prop, property_type, mtk_core_property_type; - -#=============allow em to set venc h264 showlog property================ -type mtk_venc_h264_showlog_prop, property_type, mtk_core_property_type; - -#=============allow em to set modem warning_prop property================ -type mtk_modem_warning_prop, property_type, mtk_core_property_type; - -#=============allow em to set bgdata disabled property================ -type mtk_bgdata_disabled, property_type, extended_core_property_type; - -#=============allow em to set telecom vibrate property================ -type mtk_telecom_vibrate, property_type, extended_core_property_type; - -#=============allow em to set gprs attach type property================ -type mtk_gprs_attach_type, property_type, extended_core_property_type; - -#=============allow em to set poweroffmd property================ -type mtk_power_off_md_type, property_type, extended_core_property_type; - -#=============allow meta_tst to stop specific service =============== -type ctl_mobile_log_d_prop, property_type; -type ctl_mnld_prop, property_type; -type ctl_mobicore_prop, property_type; - -#=============allow system server to set meta_connecttype property ============== -type meta_connecttype_prop, property_type; - -#=============Telephony Sensitive property============== -type mtk_telephony_sensitive_prop, property_type; - -#=============allow processes to change thermal config================ -type mtk_thermal_config_prop, property_type; - -#=============allow composer set property ============================ -type graphics_hwc_pid_prop, property_type; -type graphics_hwc_latch_unsignaled_prop, property_type; -type graphics_hwc_hdr_prop, property_type; - -#============= mtkcam property ============================ -type mtkcam_prop, property_type; - -#============= atm modem mode property ============== -type atm_mdmode_prop, property_type; - -#============= atm ip address property ============== -type atm_ipaddr_prop, property_type; - -#=============allow consyslogger============== -type vendor_connsysfw_prop, property_type, extended_core_property_type; - -#=============radio group property============= -type vendor_radio_prop, property_type, mtk_core_property_type; - -#=============allow bluetooth============== -type vendor_bluetooth_prop, property_type, extended_core_property_type; - -#=============allow ct volte============== -type mtk_ct_volte_prop, property_type, mtk_core_property_type; - -#=============mtk ril mode property============= -type mtk_ril_mode_prop, property_type, mtk_core_property_type; -type mtk_ss_vendor_prop, property_type, mtk_core_property_type; - -#=============GPS support properties============== -type mtk_gps_support_prop, property_type, mtk_core_property_type; - -#=============mtk rat config property============= -type mtk_rat_config_prop, property_type, mtk_core_property_type; - -#=============mtk aal property============= -type mtk_aal_ro_prop, property_type, mtk_core_property_type; - -#=============mtk pq property============= -type mtk_pq_ro_prop, property_type, mtk_core_property_type; -type mtk_pq_prop, property_type, mtk_core_property_type; - -#=============mtk emmc property============= -type mtk_emmc_support_prop, property_type, mtk_core_property_type; - -#=============sim system property============= -type vendor_sim_system_prop, property_type, extended_core_property_type; - -#=============em usb property============== -type vendor_em_usb_prop, property_type, mtk_core_property_type; - -#=============allow em to set usb otg enable property ============== -type vendor_usb_otg_switch, property_type, mtk_core_property_type; - -#=============mtk anr property============= -type mtk_anr_support_prop, property_type, mtk_core_property_type; - -#=============mtk app resolution tuner property============= -type mtk_appresolutiontuner_prop, property_type, mtk_core_property_type; - -#=============mtk fullscreen switch============= -type mtk_fullscreenswitch_prop, property_type, mtk_core_property_type; - -# MTK Antutu feature -type mtk_antutu_prop, property_type, mtk_core_property_type; - -#=============mtk malloc debug switch unwind backtrace property============= -type mtk_malloc_debug_backtrace_prop, property_type, mtk_core_property_type; - -#=============MTK Voice Recognize property=========== -type mtk_voicerecgnize_prop, property_type, mtk_core_property_type; - -#=============allow radio to set/get xcap rawurl config================ -type persist_xcap_rawurl_prop, property_type, extended_core_property_type; - -#=============allow atcid============== -type persist_service_atci_prop, property_type, mtk_core_property_type; -type mtk_atci_prop, property_type, mtk_core_property_type; - -#=============allow Netd property============== -type mtk_net_ipv6_prop, property_type, mtk_core_property_type; - -#============= allow carrier express (cxp) ============== -type usp_prop, property_type, mtk_core_property_type; -type usp_srv_prop, property_type, extended_core_property_type; -type mtk_cxp_vendor_prop, property_type, mtk_core_property_type; - -#=============allow MD to set mtk_md_version_prop============== -type mtk_md_version_prop, property_type, mtk_core_property_type; - -#=============allow radio to set mtk_volte_enable property============== -type mtk_volte_prop, property_type, mtk_core_property_type; - -#=============allow AMS dynamic enable log property=========== -type mtk_amslog_prop, property_type, extended_core_property_type; - -#=============allow android log much property============== -type logmuch_prop, property_type, extended_core_property_type; - -#=============mtk bt enable SAP profile property============= -type mtk_bt_sap_enable_prop, property_type, mtk_core_property_type; - -#=============MTK powerhal property================ -type mtk_powerhal_prop, property_type; - -#=============MTK Wifi wlan_assistant property============= -type mtk_nvram_ready_prop, property_type, mtk_core_property_type; - -#=============allow wifi hotspot to read property=========== -type mtk_wifi_hotspot_prop, property_type, mtk_core_property_type; - -#=============mtk hdmi property============= -type mtk_hdmi_prop, property_type, mtk_core_property_type; - -#=============mtk nn option property============= -type mtk_nn_option_prop, property_type; diff --git a/r_non_plat/property_contexts b/r_non_plat/property_contexts deleted file mode 100644 index a62a6f0..0000000 --- a/r_non_plat/property_contexts +++ /dev/null @@ -1,351 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== -#=============allow ccci_mdinit to start gsm0710muxd============== -ctl.vendor.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0 - - -#=============allow mtkrild to set persist.ril property============== -vendor.ril.ipo u:object_r:vendor_ril_ipo_prop:s0 - -#=============allow netlog============== -vendor.mtklog u:object_r:debug_mtklog_prop:s0 -persist.vendor.mtklog u:object_r:persist_mtklog_prop:s0 -vendor.netlog u:object_r:debug_netlog_prop:s0 - -#=============allow mdlogger============== -vendor.mdlogger u:object_r:debug_mdlogger_prop:s0 -vendor.mdl u:object_r:vendor_mdl_prop:s0 -vendor.starting.mode u:object_r:vendor_mdl_start_prop:s0 -vendor.usb. u:object_r:vendor_usb_prop:s0 -persist.vendor.usb. u:object_r:vendor_usb_prop:s0 -persist.vendor.mdl u:object_r:persist_mdlog_prop:s0 -vendor.pullmdlog u:object_r:vendor_mdl_pulllog_prop:s0 - - -#=============allow AEE============== -# persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal -persist.vendor.mtk.aee. u:object_r:persist_mtk_aee_prop:s0 -persist.vendor.mtk.aeev. u:object_r:persist_mtk_aeev_prop:s0 - -# persist.vendor.aee.core.dump && persist.vendor.aee.core.direct -persist.vendor.aee. u:object_r:persist_aee_prop:s0 -persist.vendor.aeev. u:object_r:persist_aeev_prop:s0 - -# vendor.debug.mtk.aee.db -vendor.debug.mtk.aee. u:object_r:debug_mtk_aee_prop:s0 -vendor.debug.mtk.aeev u:object_r:debug_mtk_aeev_prop:s0 - -ro.vendor.aee.build.info u:object_r:ro_mtk_aee_prop:s0 -ro.vendor.aee.enforcing u:object_r:ro_mtk_aee_prop:s0 -ro.vendor.have_aee_feature u:object_r:ro_mtk_aee_prop:s0 - -#=============allow AEE_Dumpstate============== -vendor.debug.bq.dump u:object_r:debug_bq_dump_prop:s0 - -#=============allow mux============== -vendor.ril.mux. u:object_r:gsm0710muxd_prop:s0 - -#=============allow mdinit============== -ctl.vendor.ril-daemon-mtk u:object_r:ctl_ril-daemon-mtk_prop:s0 -ctl.vendor.fusion_ril_mtk u:object_r:ctl_fusion_ril_mtk_prop:s0 -ctl.vendor.ril-proxy u:object_r:ctl_ril-proxy_prop:s0 -ctl.vendor.viarild u:object_r:ctl_viarild_prop:s0 - -ctl.vendor.muxreport-daemon u:object_r:ctl_muxreport-daemon_prop:s0 -ctl.vendor.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0 -ctl.vendor.ccci2_fsd u:object_r:ctl_ccci2_fsd_prop:s0 -ctl.vendor.ccci3_fsd u:object_r:ctl_ccci3_fsd_prop:s0 - -vendor.ril.active.md u:object_r:ril_active_md_prop:s0 -vendor.ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0 -vendor.ril.cdma.report u:object_r:ril_cdma_report_prop:s0 - -#=============allow dynamic telephony switch============== -ro.boot.opt_c2k_lte_mode u:object_r:tel_switch_prop:s0 -ro.boot.opt_c2k_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_eccci_c2k u:object_r:tel_switch_prop:s0 -ro.boot.opt_lte_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md1_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md2_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md3_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_md5_support u:object_r:tel_switch_prop:s0 -ro.boot.opt_ps1_rat u:object_r:tel_switch_prop:s0 -ro.boot.opt_sim_count u:object_r:tel_switch_prop:s0 -ro.boot.opt_using_default u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_c2k_lte_mode u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_c2k_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_eccci_c2k u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_lte_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_md1_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_md3_support u:object_r:tel_switch_prop:s0 -ro.vendor.mtk_ps1_rat u:object_r:tel_switch_prop:s0 - -#=============allow bootanim============== -persist.vendor.bootanim. u:object_r:bootani_prop:s0 - -#=============allow mnld_prop ============== -vendor.gps.clock.type u:object_r:mnld_prop:s0 -vendor.gps.gps.version u:object_r:mnld_prop:s0 -vendor.gpsdbglog.enable u:object_r:mnld_prop:s0 -vendor.gpsdbglog. u:object_r:mnld_prop:s0 -vendor.debug.gps. u:object_r:mnld_prop:s0 - -#=============allow audiohal============== -vendor.streamout. u:object_r:audiohal_prop:s0 -vendor.streamin. u:object_r:audiohal_prop:s0 -vendor.a2dp. u:object_r:audiohal_prop:s0 -vendor.audiohal. u:object_r:audiohal_prop:s0 -persist.vendor.audiohal. u:object_r:audiohal_prop:s0 -persist.vendor.vow. u:object_r:audiohal_prop:s0 - -#=============allow wmt ============== -persist.vendor.connsys.coredump.mode u:object_r:coredump_prop:s0 -persist.vendor.connsys. u:object_r:wmt_prop:s0 -vendor.connsys. u:object_r:wmt_prop:s0 - - -#=============allow c2k_prop ============== -vendor.net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0 - - -#=============allow ccci_mdinit md status ============== -vendor.mtk.md u:object_r:mtk_md_prop:s0 -#============= allow factory idle current prop ============== -vendor.debug.factory.idle_state u:object_r:vendor_factory_idle_state_prop:s0 - -#=============allow mobile log property================ -vendor.MB. u:object_r:mobile_log_prop:s0 - -#=============allow service.nvram_init property================ -vendor.service.nvram_init u:object_r:service_nvram_init_prop:s0 - - -#=============Allow EM To Set Camera APP Mode ============== -vendor.client. u:object_r:mtk_em_prop:s0 - -#=============allow mediatek_prop ============== -vendor.debug.camera.p2plug.log u:object_r:mediatek_prop:s0 -vendor.client.em.appmode u:object_r:mediatek_prop:s0 -#=============Property set by EM, for test/debug purpose========= -persist.vendor.em. u:object_r:mtk_em_sys_prop:s0 -persist.vendor.em.hidl. u:object_r:mtk_em_hidl_prop:s0 - -#=============allow em set tethering protocol================ -persist.vendor.net.auto.tethering u:object_r:mtk_em_net_auto_tethering_prop:s0 - -#=============allow em set ims operator property=========== -vendor.ril.volte.mal.pctid u:object_r:mtk_operator_id_prop:s0 - -#=============allow em set simswitch property=========== -persist.vendor.radio.simswitch.emmode u:object_r:mtk_simswitch_emmode_prop:s0 - -#=============allow em set mtk_dsbp_support property=========== -persist.vendor.radio.mtk_dsbp_support u:object_r:mtk_dsbp_support_prop:s0 - -#=============allow em set imstestmode property=========== -persist.vendor.radio.imstestmode u:object_r:mtk_imstestmode_prop:s0 - -#=============allow em set smsformat property=========== -persist.vendor.radio.smsformat u:object_r:mtk_smsformat_prop:s0 - -#=============allow em set gprs.prefer property=========== -persist.vendor.radio.gprs.prefer u:object_r:mtk_gprs_prefer_prop:s0 - -#=============allow em set testsim.cardtype property=========== -persist.vendor.radio.testsim.cardtype u:object_r:mtk_testsim_cardtype_prop:s0 - -#=============allow em set ct.ir.engmode property=========== -persist.vendor.radio.ct.ir.engmode u:object_r:mtk_ct_ir_engmode_prop:s0 - -#=============allow em set disable_c2k_cap property=========== -persist.vendor.radio.disable_c2k_cap u:object_r:mtk_disable_c2k_cap_prop:s0 - -#=============allow em to set modem reset delay property================ -vendor.mediatek.debug.md.reset.wait u:object_r:mtk_debug_md_reset_prop:s0 - -#=============allow em to set video log omx.* property================ -vendor.mtk.omx. u:object_r:mtk_omx_log_prop:s0 - -#=============allow em to set vdec log property================ -vendor.mtk.vdec.log u:object_r:mtk_vdec_log_prop:s0 - -#=============allow em to set vdectlc logproperty================ -vendor.mtk.vdectlc.log u:object_r:mtk_vdectlc_log_prop:s0 - -#=============allow em to set venc h264 showlog property================ -vendor.mtk.venc.h264.showlog u:object_r:mtk_venc_h264_showlog_prop:s0 - -#=============allow em to set modem warning property================ -persist.vendor.radio.modem.warning u:object_r:mtk_modem_warning_prop:s0 - -#=============allow em to set bgdata disabled property================ -persist.vendor.radio.bgdata.disabled u:object_r:mtk_bgdata_disabled:s0 - -#=============allow em to set telecom vibrate property================ -persist.vendor.radio.telecom.vibrate u:object_r:mtk_telecom_vibrate:s0 - -#=============allow em to set gprs attach type property================ -persist.vendor.radio.gprs.attach.type u:object_r:mtk_gprs_attach_type:s0 - -#=============allow em to set poweroffmd property================ -vendor.ril.test.poweroffmd u:object_r:mtk_power_off_md_type:s0 -vendor.ril.testmode u:object_r:mtk_power_off_md_type:s0 - - -#=============allow system server to set meta_connecttype property ============== -persist.vendor.meta.connecttype u:object_r:meta_connecttype_prop:s0 - -#=============Telephony Sensitive property============== -vendor.ril.iccid.sim u:object_r:mtk_telephony_sensitive_prop:s0 -vendor.ril.uim.subscriberid u:object_r:mtk_telephony_sensitive_prop:s0 -persist.vendor.radio.last_iccid_sim u:object_r:mtk_telephony_sensitive_prop:s0 - -#=============allow sim config property============== -vendor.gsm.sim.operator.default-name u:object_r:vendor_sim_system_prop:s0 - -#=============allow processes to change thermal config================ -vendor.thermal.manager.data u:object_r:mtk_thermal_config_prop:s0 -#=============allow composer set property ============================ -vendor.debug.sf.hwc_pid u:object_r:graphics_hwc_pid_prop:s0 -vendor.debug.sf.latch_unsignaled u:object_r:graphics_hwc_latch_unsignaled_prop:s0 -vendor.debug.sf.hdr_enable u:object_r:graphics_hwc_hdr_prop:s0 - -#============= atm modem mode property(ATM) ============== -persist.vendor.atm.mdmode u:object_r:atm_mdmode_prop:s0 - -#============= atm ip address property(ATM) ============== -persist.vendor.atm.ipaddress u:object_r:atm_ipaddr_prop:s0 - -#============= atm boot property(ATM) ============== -ro.boot.atm u:object_r:mtk_default_prop:s0 - -#=============allow consyslogger============== -vendor.connsysfw u:object_r:vendor_connsysfw_prop:s0 - -#============Label telephony property=======# -vendor.ril. u:object_r:vendor_radio_prop:s0 -ro.vendor.ril. u:object_r:vendor_radio_prop:s0 -vendor.gsm. u:object_r:vendor_radio_prop:s0 -persist.vendor.radio. u:object_r:vendor_radio_prop:s0 - -#=============allow bluetooth============== -vendor.bthcisnoop u:object_r:vendor_bluetooth_prop:s0 - -#=============allow ct volte============== -persist.vendor.mtk_ct_volte_support u:object_r:mtk_ct_volte_prop:s0 - -#============Label mtk ril mode=======# -ro.vendor.mtk_ril_mode u:object_r:mtk_ril_mode_prop:s0 - -#=============GPS support properties============== -ro.vendor.mtk_gps_support u:object_r:mtk_gps_support_prop:s0 -ro.vendor.mtk_agps_app u:object_r:mtk_gps_support_prop:s0 -ro.vendor.mtk_log_hide_gps u:object_r:mtk_gps_support_prop:s0 -ro.vendor.mtk_hidl_consolidation u:object_r:mtk_gps_support_prop:s0 - -#============allow rat config=======# -ro.vendor.mtk_protocol1_rat_config u:object_r:mtk_rat_config_prop:s0 - -#=============allow mtk aal==============# -ro.vendor.mtk_aal_support u:object_r:mtk_aal_ro_prop:s0 -ro.vendor.mtk_ultra_dimming_support u:object_r:mtk_aal_ro_prop:s0 -ro.vendor.mtk_dre30_support u:object_r:mtk_aal_ro_prop:s0 - -#=============allow mtk pq==============# -persist.vendor.sys.pq. u:object_r:mtk_pq_prop:s0 -vendor.debug.pq. u:object_r:mtk_pq_prop:s0 -persist.vendor.sys.isp. u:object_r:mtk_pq_prop:s0 -persist.vendor.sys.mtkaal. u:object_r:mtk_pq_prop:s0 -ro.vendor.mtk_pq_color_mode u:object_r:mtk_pq_ro_prop:s0 -ro.vendor.mtk_blulight_def_support u:object_r:mtk_pq_ro_prop:s0 -ro.vendor.mtk_chameleon_support u:object_r:mtk_pq_ro_prop:s0 -ro.vendor.mtk_pq_support u:object_r:mtk_pq_ro_prop:s0 - -# Mtk properties that allow all system/vendor processes to read. -# Usually they are config properties (but not limited to) -ro.vendor.mtk_tdd_data_only_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_audio_alac_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_support_mp2_playback u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_audio_ape_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_flv_playback_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_mtkps_playback_support u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_wearable_platform u:object_r:mtk_default_prop:s0 -ro.vendor.mediatek.platform u:object_r:mtk_default_prop:s0 -ro.vendor.mediatek.version.branch u:object_r:mtk_default_prop:s0 -ro.vendor.mediatek.version.release u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_exchange_support u:object_r:mtk_default_prop:s0 -vendor.met.running u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_disable_cap_switch u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_sim_card_onoff u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_perf_plus u:object_r:mtk_default_prop:s0 - -#============mtk emmc=======# -ro.vendor.mtk_emmc_support u:object_r:mtk_emmc_support_prop:s0 - -# MTK connsys log feature -ro.vendor.connsys.dedicated.log u:object_r:mtk_default_prop:s0 - -#=============em usb property============== -vendor.usb.port.mode u:object_r:vendor_em_usb_prop:s0 -vendor.em.usb. u:object_r:vendor_em_usb_prop:s0 - -#=============allow em to set usb otg switch property ============== -persist.vendor.usb.otg.switch u:object_r:vendor_usb_otg_switch:s0 - -#============mtk rsc========# -ro.boot.rsc u:object_r:mtk_default_prop:s0 - -#=============mtk anr property============= -persist.vendor.dbg.anrflow u:object_r:mtk_anr_support_prop:s0 -persist.vendor.anr. u:object_r:mtk_anr_support_prop:s0 -vendor.anr.autotest u:object_r:mtk_anr_support_prop:s0 - -#=============mtk app resolution tuner============= -ro.vendor.app_resolution_tuner u:object_r:mtk_appresolutiontuner_prop:s0 -persist.vendor.dbg.disable.art u:object_r:mtk_appresolutiontuner_prop:s0 - -#=============mtk fullscreen switch============= -ro.vendor.fullscreen_switch u:object_r:mtk_fullscreenswitch_prop:s0 - -#============= allow em set ims xcap property =============== -persist.vendor.ss. u:object_r:mtk_ss_vendor_prop:s0 - -# MTK Antutu feature -ro.vendor.net.upload.benchmark.default u:object_r:mtk_antutu_prop:s0 - -#=============malloc debug unwind backtrace switch property==============# -vendor.debug.malloc.bt.switch u:object_r:mtk_malloc_debug_backtrace_prop:s0 - -#=============allow gmo====================# -ro.vendor.gmo.ram_optimize u:object_r:mtk_default_prop:s0 -ro.vendor.gmo.rom_optimize u:object_r:mtk_default_prop:s0 -ro.vendor.mtk_config_max_dram_size u:object_r:mtk_default_prop:s0 - -#=============MTK Voice Recognize property===========# -vendor.voicerecognize.raw u:object_r:mtk_voicerecgnize_prop:s0 -vendor.voicerecognize_data.raw u:object_r:mtk_voicerecgnize_prop:s0 -vendor.voicerecognize.noDL u:object_r:mtk_voicerecgnize_prop:s0 - -#=============allow radio to set/get xcap rawurl config================ -persist.vendor.mtk.xcap.rawurl u:object_r:persist_xcap_rawurl_prop:s0 - -#=============mtk bt enable SAP profile property=============# -ro.vendor.mtk.bt_sap_enable u:object_r:mtk_bt_sap_enable_prop:s0 - -#=============allow processes to change powerhal config================ -persist.vendor.powerhal. u:object_r:mtk_powerhal_prop:s0 -vendor.powerhal. u:object_r:mtk_powerhal_prop:s0 - -#=============MTK Wifi wlan_assistant property============= -vendor.mtk.nvram.ready u:object_r:mtk_nvram_ready_prop:s0 - -#=============Wi-Fi Hotspot============== -ro.vendor.wifi.sap.interface u:object_r:mtk_wifi_hotspot_prop:s0 - -#=============allow mtk hdmi==============# -persist.vendor.sys.hdmi_hidl. u:object_r:mtk_hdmi_prop:s0 - -#=============mtk nn option==============# -ro.vendor.mtk_nn.option u:object_r:mtk_nn_option_prop:s0 - diff --git a/r_non_plat/radio.te b/r_non_plat/radio.te deleted file mode 100644 index 5d3db51..0000000 --- a/r_non_plat/radio.te +++ /dev/null @@ -1,236 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Purpose : allow to access kpd driver file -allow radio sysfs_keypad_file:dir { r_dir_perms }; -allow radio sysfs_keypad_file:file { w_file_perms }; - -# Date : WK15.34 2015/08/21 -# Operation : IT -# Purpose : for engineermode WFD IOT property -allow radio surfaceflinger:fifo_file { rw_file_perms }; - -# Date : 2016/06/11 -# Operation : IT -# Purpose : for engineermode Usb PHY Tuning -allow radio debugfs_usb20_phy:file { read open getattr }; -allow radio debugfs_usb20_phy:dir search; - -# Date : WK14.38 2016/06/28 -# Operation : Migration -# Purpose : for engineermode -allow radio mt_otg_test_device:chr_file { read write ioctl open }; -allow radio mtgpio_device:chr_file { read ioctl open }; -allow radio stpbt_device:chr_file { read write open }; -allow radio stpant_device:chr_file { read write open }; -allow radio bt_int_adp_socket:sock_file write; -allow radio mt6605_device:chr_file { read write ioctl open getattr }; -allow radio nfc_socket:dir { write add_name remove_name search }; -allow radio system_prop:property_service set; - -# Date : WK14.38 2016/06/28 -# Operation : Migration -# Purpose : for engineermode -allow radio em_svr:unix_stream_socket connectto; - -# Date : WK15.25 2016/06/28 -# Operation :N Migration -# Purpose : for engineermode WiFi test mode -# todo: in the feature Google maybe forbid this option,we should use other way -allowxperm radio self:udp_socket ioctl { SIOCIWFIRSTPRIV-SIOCIWFIRSTPRIV_09 SIOCIWFIRSTPRIV_0B SIOCSIWESSID SIOCSIWMODE }; - -# Date : 2014/12/13 -# Operation : IT -# Purpose : for bluetooth relayer mode -allow radio block_device:dir search; -allow radio ttyGS_device:chr_file { open read write ioctl }; - -# Date : 2016/07/05 -# Purpose : -# Write IMEI - presanity item write imei should read the file on storage -# Swift APK integration - access TTL scripts and logs on external storage -# eng mode camera - save iamges files and log files on external storage -# eng mode ygps - save location information on external storage -allow radio media_rw_data_file:dir { create_dir_perms }; -allow radio media_rw_data_file:file { create_file_perms }; - -# Date : 2016/08/02 -# Purpose : -# Swift APK integration - access ccci dir/file -allow radio ccci_fsd:dir { r_dir_perms }; - -# Date : 2016/07/25 -# Operation : Bluetooth access NVRAM fail in Engineer Mode -# Purpose : for Bluetooth read NVRAM data -allow radio nvdata_file:dir search; -allow radio nvdata_file:file rw_file_perms; - -#Date : 2016/11/08 -#Operation: IT -#Purpose: for EM set persist.net.auto.tethering -set_prop(radio, mtk_em_net_auto_tethering_prop) - -# Date : WK17.03 -# Operation : O Migration -# Purpose : HIDL for rilproxy -binder_call(radio, hal_telephony) - -# Date : WK17.15 -# Operation : O Migration -# Purpose : for YGPS execution -allow radio hal_graphics_composer_default:fd use; - -#Dat: 2017/02/14 -#Purpose: allow get telephony Sensitive property -get_prop(radio, mtk_telephony_sensitive_prop) - -# Date : WK17.26 -# Operation : O Migration -# Purpose : HIDL for imsa -binder_call(radio, mtk_hal_imsa) - -# Date : WK1727 2017/07/04 -# Operation : IT -# Purpose : Allow to use HAL imsa -hal_client_domain(radio, hal_imsa) - -#Dat: 2017/06/29 -#Purpose: For audio parameter tuning -#allow radio hal_audio_hwservice:hwservice_manager find; -binder_call(radio,mtk_hal_audio) - -# TODO : Will move to plat_private when SEPolicy split done -# Date : WK1727 2017/07/19 -# Operation : Migration -# Purpose : Allow EM set usb property -set_prop(radio, system_radio_prop) - -#Dat: 2017/07/20 -#Purpose: NFC EM -allow radio hal_nfc_hwservice:hwservice_manager find; -binder_call(radio, hal_nfc) -binder_call(hal_nfc, radio) -hwbinder_use(radio); -#hal_client_domain(radio, hal_nfc) -typeattribute radio halclientdomain; -typeattribute radio hal_nfc_client; -allow radio nfc_socket:sock_file { create write unlink setattr }; -set_prop(radio, system_prop) - -# Date : WK1734 2017/08/23 -# Purpose : Allow EM use power HAL -allow radio mtk_hal_power_hwservice:hwservice_manager find; -binder_call(radio, mtk_hal_power) - -# Date : 2017/10/31 -# Purpose: Policy for EM to set wcn coredump property -get_prop(radio, wmt_prop) - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow radio to get tel_switch_prop -get_prop(radio, tel_switch_prop) - -# Date : 2018/05/03 -# Operation: P migration -# Purpose: allow EM to set modem reset delay property -get_prop(radio, mtk_debug_md_reset_prop) - -# Date : 2018/06/01 -# Operation : P migration -# Purpose : For EM access battery info -allow radio sysfs_batteryinfo:dir search; -#allow radio sysfs_batteryinfo:file { read write getattr open create}; -allow radio sysfs_vbus:file { read getattr open }; -allow radio sysfs_battery_consumption:file r_file_perms; -allow radio sysfs_power_on_vol:file r_file_perms; -allow radio sysfs_power_off_vol:file r_file_perms; -allow radio sysfs_fg_disable:file w_file_perms; -allow radio sysfs_dis_nafg:file w_file_perms; - -# Date : 2018/06/15 -# Purpose : Allow EM access touchscreen settings -allow radio sysfs_tpd_debug:dir { search read open }; -allow radio sysfs_tpd_setting:dir { search read open }; - -# Date : 2018/06/15 -# Purpose : mtk EM PMU reading/setting -allow radio sysfs_pmu:dir { search }; -allow radio sysfs_pmu:file { read }; -allow radio sysfs_pmu:lnk_file { read }; - -# Date : 2018/06/15 -# Purpose : mtk EM Power debug_log setting -allow radio sysfs_spm:dir { search }; - -# Date : 2018/06/15 -# Purpose: Allow EM detect Audio headset status -allow radio sysfs_headset:file { read open }; - -# Date : 2018/06/26 -# Operation : IT -# Purpose : Allow to use HAL em -hal_client_domain(radio, mtk_hal_em) - -# Date : 2018/07/03 -# Purpose : Allow sim system to set prop -set_prop(radio, vendor_sim_system_prop) - -# Date : 2018/07/03 -# Purpose : Allow Mwi to get vendor default properties (ro.vendor.*) -get_prop(radio, vendor_default_prop) - -# Operation : DEBUG -# Purpose : Allow to use mtk_bgdata_disabled -set_prop(radio, mtk_bgdata_disabled) - -# Date : 2018/07/03 -# Operation : DEBUG -# Purpose : Allow to use mtk_telecom_vibrate -set_prop(radio, mtk_telecom_vibrate) - -# Date : 2018/07/03 -# Operation : DEBUG -# Purpose : Allow to use mtk_gprs_attach_type -set_prop(radio, mtk_gprs_attach_type) - -# Date : 2018/07/12 -# Purpose : Allow EM to use Lbs Hidl -binder_call(radio, lbs_hidl_service) -allow radio mtk_hal_lbs_hwservice:hwservice_manager find; - -# Date : 2018/08/12 -# Purpose : Allow EM to set poweroffmd property -set_prop(radio, mtk_power_off_md_type) - -get_prop(radio, persist_mtk_aeev_prop); - - -# Date : 2018/08/31 -# Purpose : Allow EM to set sys property -set_prop(radio, mtk_em_sys_prop) - -# Date : 2018/11/01 -# Purpose : mtk EM c2k bypass read usb file -allow radio sys_usb_rawbulk:file { r_file_perms }; -allow radio sys_usb_rawbulk:dir { r_dir_perms }; - -#Date : 2018/11/02 -# Operation : Allow radio persist_xcap_rawurl_prop:property_service set; -# Purpose : for set telephony xcap use raw url property in IMS SS -set_prop(radio, persist_xcap_rawurl_prop) - -# Date : 2019/05/08 -# Operation : label aee_aed sockets -# Purpose : Engineering mode need access for aee commmand -allow radio aee_aed:unix_stream_socket connectto; - -# Date : 2019/05/23 -# Operation : Get subpimc reigster status -# Purpose : Engineering mode need get subpimic register status -allow radio debugfs_regmap:dir { search }; - -# Date : 2018/09/29 -# Purpose : Allow get USB Current Speed in Engineer Mode -get_prop(radio, vendor_usb_prop);
\ No newline at end of file diff --git a/r_non_plat/recovery.te b/r_non_plat/recovery.te deleted file mode 100644 index a130f89..0000000 --- a/r_non_plat/recovery.te +++ /dev/null @@ -1,57 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== -# recovery console (used in recovery init.rc for /sbin/recovery) - -# Date : WK15.13 -# Operation : UT -# Purpose : Nand device policy -allow recovery mtd_device:dir search; -allow recovery mtd_device:chr_file rw_file_perms; -allow recovery self:capability sys_resource; - -# Date : WK18.16 -# Operation : UT -# Purpose : Refine policy -allow recovery misc_sd_device:chr_file rw_file_perms; -allow recovery vfat:dir r_dir_perms; -allow recovery vfat:file r_file_perms; -allow recovery sysfs_mmcblk:dir r_dir_perms; -allow recovery sysfs_mmcblk:file rw_file_perms; -allow recovery sysfs_mmcblk:lnk_file r_file_perms; - -# Date : WK18.25 -# Operation : UT -# Purpose : Add policy for therm, gpu, battery, and boot_type -allow recovery sysfs:dir r_dir_perms; -allow recovery sysfs_batteryinfo:dir r_dir_perms; -allow recovery sysfs_boot_type:file r_file_perms; -allow recovery sysfs_therm:dir r_dir_perms; -allow recovery sysfs_therm:file r_file_perms; -allow recovery gpu_device:dir r_dir_perms; - -# Date : WK18.09 -# Operation : UT -# Purpose : Allow recovery can update boot partition -allow recovery tmpfs:lnk_file r_file_perms; - -# Date : WK19.03 -# Operation : UT -# Purpose : Android Migration -allow recovery bootdevice_block_device:blk_file rw_file_perms; -allow recovery self:capability { sys_rawio fsetid }; -allowxperm recovery bootdevice_block_device:blk_file ioctl { - MMC_IOCTLCMD - UFS_IOCTLCMD -}; -allow recovery block_device:blk_file ioctl; -allowxperm recovery block_device:blk_file ioctl { - BLKIOMIN - BLKALIGNOFF -}; -allow recovery sysfs_dm:dir search; -allow recovery sysfs_dm:file r_file_perms; -allowxperm recovery tmpfs:file ioctl FS_IOC_FIEMAP; -allowxperm recovery cache_block_device:blk_file ioctl BLKPBSZGET; -allowxperm recovery nvdata_device:blk_file ioctl BLKPBSZGET; -allow recovery proc_filesystems:file r_file_perms; diff --git a/r_non_plat/resize.te b/r_non_plat/resize.te deleted file mode 100644 index b2e8c7c..0000000 --- a/r_non_plat/resize.te +++ /dev/null @@ -1,38 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/resize_xxx Executable File - -# ============================================== -# Type Declaration -# ============================================== -type resize, domain; -type resize_exec, exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK15.30 -# Operation : Migration -# Purpose : resize fs(ext4) partition, only run once. -init_daemon_domain(resize) - -allow resize resize_exec:file execute_no_trans; - -# Inherit and use pty created by android_fork_execvp_ext(). -allow resize devpts:chr_file { read write open getattr ioctl }; - -allow resize kmsg_device:chr_file { write open }; - -allow resize userdata_block_device:blk_file rw_file_perms; - -allow resize block_device:dir search; - -allow resize resize:capability sys_admin; - -allow resize labeledfs:filesystem unmount; - -allow resize property_socket:sock_file write; - -allow resize init:unix_stream_socket connectto; - -#allow resize system_file:file execute_no_trans; diff --git a/r_non_plat/rild.te b/r_non_plat/rild.te deleted file mode 100644 index 0d7ae35..0000000 --- a/r_non_plat/rild.te +++ /dev/null @@ -1,159 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/rild Executable File - -# ============================================== -# Type Declaration -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== -# Access to wake locks -wakelock_use(rild) -# Trigger module auto-load. -allow rild kernel:system module_request; - -# Capabilities assigned for rild -allow rild self:capability { setuid net_admin net_raw }; - -# Control cgroups -allow rild cgroup:dir create_dir_perms; - -# Property service -# allow set RIL related properties (radio./net./system./etc) -auditallow rild net_radio_prop:property_service set; -auditallow rild system_radio_prop:property_service set; -set_prop(rild, ril_active_md_prop) -# allow set muxreport control properties -set_prop(rild, ril_cdma_report_prop) -set_prop(rild, ril_mux_report_case_prop) -set_prop(rild, ctl_muxreport-daemon_prop) - -# Access to wake locks -wakelock_use(rild) - -# Allow access permission to efs files -allow rild efs_file:dir create_dir_perms; -allow rild efs_file:file create_file_perms; -allow rild bluetooth_efs_file:file r_file_perms; -allow rild bluetooth_efs_file:dir r_dir_perms; - -# Allow access permission to dir/files -# (radio data/system data/proc/etc) -# Violate Android P rule -allow rild sdcardfs:dir r_dir_perms; -#allow rild system_file:file x_file_perms; -allow rild proc_net:file w_file_perms; - -# Allow rild to create and use netlink sockets. -# Set and get routes directly via netlink. -allow rild self:netlink_route_socket nlmsg_write; - -# Allow read/write to devices/files -allow rild radio_device:chr_file rw_file_perms; -allow rild radio_device:blk_file r_file_perms; -allow rild mtd_device:dir search; -# Allow read/write to tty devices -allow rild tty_device:chr_file rw_file_perms; -allow rild eemcs_device:chr_file { rw_file_perms }; - -#allow rild Vcodec_device:chr_file { rw_file_perms }; -allow rild devmap_device:chr_file { r_file_perms }; -allow rild devpts:chr_file { rw_file_perms }; -allow rild ccci_device:chr_file { rw_file_perms }; -allow rild misc_device:chr_file { rw_file_perms }; -allow rild proc_lk_env:file rw_file_perms; -allow rild sysfs_vcorefs_pwrctrl:file { w_file_perms }; -#allow rild bootdevice_block_device:blk_file { rw_file_perms }; -allow rild para_block_device:blk_file { rw_file_perms }; - -# Allow dir search, fd uses -allow rild block_device:dir search; -allow rild platform_app:fd use; -allow rild radio:fd use; - -# For MAL MFI -allow rild mal_mfi_socket:sock_file { w_file_perms }; - -# For ccci sysfs node -allow rild sysfs_ccci:dir search; -allow rild sysfs_ccci:file r_file_perms; - -#Date : W17.18 -#Purpose: Treble SEpolicy denied clean up -add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice) -allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find; - -#Date : W17.21 -#Purpose: Grant permission to access binder dev node -vndbinder_use(rild) - -#Dat: 2017/03/27 -#Purpose: allow set telephony Sensitive property -set_prop(rild, mtk_telephony_sensitive_prop) - -# For AGPSD -allow rild mtk_agpsd:unix_stream_socket connectto; - -#Date 2017/10/12 -#Purpose: allow set MTU size -#allow rild toolbox_exec:file getattr; -allow rild mtk_net_ipv6_prop:property_service set; - -#Date: 2017/12/6 -#Purpose: allow set the RS times for /proc/sys/net/ipv6/conf/ccmniX/router_solicitations -allow rild vendor_shell_exec:file {execute_no_trans}; -allow rild vendor_toolbox_exec:file {execute_no_trans}; - -# Date : WK18.16 -# Operation: P migration -# Purpose: Allow rild to get tel_switch_prop -get_prop(rild, tel_switch_prop) - -#Date: W1817 -#Purpose: allow rild access property of vendor_radio_prop -set_prop(rild, vendor_radio_prop) - -#Date : W18.21 -#Purpose: allow rild access to vendor.ril.ipo system property -set_prop(rild, vendor_ril_ipo_prop) - -# Date : WK18.26 -# Operation: P migration -# Purpose: Allow carrier express HIDL to set vendor property -set_prop(rild, mtk_cxp_vendor_prop) -allow rild mnt_vendor_file:dir search; -allow rild mnt_vendor_file:file create_file_perms; -allow rild nvdata_file:dir create_dir_perms; -allow rild nvdata_file:file create_file_perms; - -#Date : W18.29 -#Purpose: allow rild access binder to mtk_hal_secure_element -allow rild mtk_hal_secure_element:binder call; - -# Date : WK18.31 -# Operation: P migration -# Purpose: Allow supplementary service HIDL to set vendor property -set_prop(rild, mtk_ss_vendor_prop) - -# Date : 2018/2/27 -# Purpose : for NVRAM recovery mechanism -set_prop(rild,powerctl_prop); - -# Date: 2019/06/14 -# Operation : Migration -allow rild proc_cmdline:file r_file_perms; - -# Date: 2019/07/18 -# Operation: AP wifi path -# Purpose: Allow packet can be filtered by RILD process -allow rild self:netlink_netfilter_socket { create_socket_perms_no_ioctl }; - -# Date : 2019/08/29 -# Purpose: Allow rild to access proc/aed/reboot-reason -allow rild proc_aed_reboot_reason:file rw_file_perms; - -# Date: 2019/11/15 -# Operation: RILD init flow -# Purpose: To handle illegal rild started -set_prop(rild, gsm0710muxd_prop) diff --git a/r_non_plat/rilproxy.te b/r_non_plat/rilproxy.te deleted file mode 100644 index bf1d79e..0000000 --- a/r_non_plat/rilproxy.te +++ /dev/null @@ -1,78 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/rilproxy Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== - -# Access to wake locks -wakelock_use(rild) - -# rild Bringup Policy -allow rild init:unix_stream_socket connectto; -allow rild mtkrild:unix_stream_socket connectto; -allow rild property_socket:sock_file write; -allow rild self:capability setuid; -allow rild radio_prop:property_service set; -allow rild ril_mux_report_case_prop:property_service set; -allow rild mtk_agpsd:unix_stream_socket connectto; -allow servicemanager rild:dir search; -allow servicemanager rild:file { read open }; -allow servicemanager rild:process getattr; - -# Allow the socket read/write of netd for rild -allow rild netd_socket:sock_file write; -allow rild netd_socket:sock_file read; - -#Date : W17.13 -#Purpose: Treble SEpolicy denied clean up -get_prop(rild, hwservicemanager_prop) - -#Date : W17.18 -#Purpose: Treble SEpolicy denied clean up -add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice) -allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find; - -#Date : W17.21 -#Purpose: Grant permission to access binder dev node -vndbinder_use(rild) - -#Date : W17.20 -#Purpose: allow access to audio hal -binder_call(rild, mtk_hal_audio) -hal_client_domain(rild, hal_audio) - -#Date : W18.15 -#Purpose: allow rild access to vendor.ril.ipo system property -set_prop(mtkrild, vendor_ril_ipo_prop) - -# Date : WK18.26 -# Operation: P migration -# Purpose: Allow carrier express HIDL to set vendor property -set_prop(mtkrild, mtk_cxp_vendor_prop) -allow mtkrild mnt_vendor_file:dir search; -allow mtkrild mnt_vendor_file:file create_file_perms; -allow mtkrild nvdata_file:dir create_dir_perms; -allow mtkrild nvdata_file:file create_file_perms; - -# Date : WK18.31 -# Operation: P migration -# Purpose: Allow supplementary service HIDL to set vendor property -set_prop(mtkrild, mtk_ss_vendor_prop) - -# Date : W19.16 -# Operation: Q migration -# Purpose: Allow rild access to send SUPL INIT to mnld -allow rild mnld:unix_dgram_socket sendto; -allow mtkrild mnld:unix_dgram_socket sendto; - -# Date : W19.35 -# Operation: Q migration -# Purpose: Fix rilproxy SeLinux warning of pre-defined socket -allow rild gsmrild_socket:sock_file write; - diff --git a/r_non_plat/shared_relro.te b/r_non_plat/shared_relro.te deleted file mode 100644 index 88430ee..0000000 --- a/r_non_plat/shared_relro.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date: 2019/06/14 -# Operation : Migration -get_prop(shared_relro, mtk_amslog_prop) diff --git a/r_non_plat/shell.te b/r_non_plat/shell.te deleted file mode 100644 index b292564..0000000 --- a/r_non_plat/shell.te +++ /dev/null @@ -1,25 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Date : WK16.46 -# Purpose : allow shell to switch aee mode -allow shell aee_aed:unix_stream_socket connectto; - -# Date : WK17.35 -# Purpose : allow shell to dump the debugging information of camera hal. -#allow shell hal_camera_hwservice:hwservice_manager { find }; -binder_call(shell, mtk_hal_camera) - -# Date : WK17.36 -# Purpose : allow shell to dump the debugging information of power hal. -hal_client_domain(shell, hal_power) -allow shell aee_exp_vendor_file:dir r_dir_perms; -allow shell aee_exp_vendor_file:file r_file_perms; -allow shell aee_exp_data_file:dir r_dir_perms; -allow shell aee_exp_data_file:file r_file_perms; - -get_prop(shell, mobile_log_prop) -get_prop(shell, persist_mtk_aee_prop); -get_prop(shell, persist_aee_prop); -get_prop(shell, debug_mtk_aee_prop); diff --git a/r_non_plat/slpd.te b/r_non_plat/slpd.te deleted file mode 100644 index cfce93b..0000000 --- a/r_non_plat/slpd.te +++ /dev/null @@ -1,18 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/slpd Executable File - -# ============================================== -# Type Declaration -# ============================================== -type slpd_exec, exec_type, file_type, vendor_file_type; -type slpd, domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(slpd) - -net_domain(slpd) - -# mtk_agpsd will send the current SUPL profile to SLPD -allow slpd mtk_agpsd:unix_dgram_socket sendto; diff --git a/r_non_plat/spm_loader.te b/r_non_plat/spm_loader.te deleted file mode 100644 index d0f5984..0000000 --- a/r_non_plat/spm_loader.te +++ /dev/null @@ -1,19 +0,0 @@ -# ============================================== -# Policy File of /system/bin/spm_loader Executable File - -# ============================================== -# Type Declaration -# ============================================== -type spm_loader_exec , exec_type, file_type, vendor_file_type; -type spm_loader ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -# date: 2015/6/18 wk1525 -# purpose: load spm firmware -# ============================================== -init_daemon_domain(spm_loader) - -# Read to /dev/spm -allow spm_loader spm_device:chr_file r_file_perms; diff --git a/r_non_plat/st54spi_hal_secure_element.te b/r_non_plat/st54spi_hal_secure_element.te deleted file mode 100644 index f949e19..0000000 --- a/r_non_plat/st54spi_hal_secure_element.te +++ /dev/null @@ -1,9 +0,0 @@ -type st54spi_hal_secure_element, domain; -hal_server_domain(st54spi_hal_secure_element, hal_secure_element) -type st54spi_hal_secure_element_exec, exec_type, vendor_file_type, file_type; - -allow st54spi_hal_secure_element st54spi_device:chr_file rw_file_perms; - -init_daemon_domain(st54spi_hal_secure_element) - - diff --git a/r_non_plat/stp_dump3.te b/r_non_plat/stp_dump3.te deleted file mode 100644 index d7e7675..0000000 --- a/r_non_plat/stp_dump3.te +++ /dev/null @@ -1,43 +0,0 @@ -# ============================================== -# Policy File of /system/binstp_dump3 Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type stp_dump3_exec, vendor_file_type, exec_type, file_type; -type stp_dump3, domain; - -# ============================================== -# Android Policy Rule -# ============================================== - -# ============================================== -# NSA Policy Rule -# ============================================== - -# ============================================== -# MTK Policy Rule -# ============================================== -allow stp_dump3 self:capability { net_admin fowner chown fsetid }; -allow stp_dump3 self:netlink_socket { read write getattr bind create setopt }; -allow stp_dump3 self:netlink_generic_socket { read write getattr bind create setopt }; -allow stp_dump3 wmtdetect_device:chr_file { read write ioctl open }; -allow stp_dump3 stpwmt_device:chr_file rw_file_perms; -allow stp_dump3 tmpfs:lnk_file r_file_perms; -allow stp_dump3 tmpfs:lnk_file read; -allow stp_dump3 mnt_user_file:dir search; -allow stp_dump3 mnt_user_file:lnk_file read; -allow stp_dump3 storage_file:lnk_file read; -allow stp_dump3 storage_file:dir search; -allow stp_dump3 sdcard_type:dir search; -allow stp_dump3 sdcard_type:dir {open read write create setattr getattr add_name remove_name search}; -allow stp_dump3 sdcard_type:file { open read write create setattr getattr append unlink rename}; -allow stp_dump3 sdcard_type:file create_file_perms; -allow stp_dump3 stp_dump_data_file:dir create_dir_perms; -allow stp_dump3 stp_dump_data_file:file create_file_perms; -allow stp_dump3 connsyslog_data_vendor_file:dir create_dir_perms; -allow stp_dump3 connsyslog_data_vendor_file:file create_file_perms; -get_prop(stp_dump3, coredump_prop) -init_daemon_domain(stp_dump3) diff --git a/r_non_plat/surfaceflinger.te b/r_non_plat/surfaceflinger.te deleted file mode 100644 index 795076e..0000000 --- a/r_non_plat/surfaceflinger.te +++ /dev/null @@ -1,84 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ - -# Data : WK14.42 -# Operation : Migration -# Purpose : Video playback -allow surfaceflinger sw_sync_device:chr_file { rw_file_perms }; -allow surfaceflinger debug_prop:property_service set; - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow surfaceflinger proc_ged:file rw_file_perms; -allowxperm surfaceflinger proc_ged:file ioctl { proc_ged_ioctls }; - -# Date : W16.42 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required - -allow surfaceflinger gpu_device:dir search; - -# Date : WK17.12 -# Purpose: Fix bootup fail -allow surfaceflinger proc_bootprof:file r_file_perms; - -#============= surfaceflinger ============== -allow surfaceflinger debugfs_ion:dir search; - -# Date : WK17.30 -# Operation : O Migration -# Purpose: Allow to access cmdq driver -allow surfaceflinger mtk_cmdq_device:chr_file { read ioctl open }; - -# Date : W17.39 -# Perform Binder IPC. -binder_use(surfaceflinger) -binder_call(surfaceflinger, binderservicedomain) -binder_call(surfaceflinger, appdomain) -binder_call(surfaceflinger, mtkbootanimation) -binder_service(surfaceflinger) - -allow surfaceflinger mtkbootanimation:dir search; -allow surfaceflinger mtkbootanimation:file { read getattr open }; - -# Date : W17.43 -# Operation : Migration -# Purpose: Allow to access perfmgr -allow surfaceflinger proc_perfmgr:dir {read search}; -allow surfaceflinger proc_perfmgr:file {open read ioctl}; -allowxperm surfaceflinger proc_perfmgr:file ioctl { - PERFMGR_FPSGO_QUEUE - PERFMGR_FPSGO_DEQUEUE - PERFMGR_FPSGO_QUEUE_CONNECT - PERFMGR_FPSGO_BQID - PERFMGR_FPSGO_VSYNC -}; - -# Date : WK17.43 -# Operation : Debug -# Purpose: Allow to dump HWC backtrace -get_prop(surfaceflinger, graphics_hwc_pid_prop) -get_prop(surfaceflinger, graphics_hwc_latch_unsignaled_prop) -allow surfaceflinger hal_graphics_composer_default:dir search; -allow surfaceflinger hal_graphics_composer_default:lnk_file read; - -# Date : WK18.36 -# Operation : Debug -# Purpose: Allow to dump buffer queue -get_prop(surfaceflinger, debug_bq_dump_prop) - -# Date : WK19.4 -# Operation : P Migration -# Purpose: Allow to access /dev/mdp_device driver -allow surfaceflinger mdp_device:chr_file rw_file_perms; - -# Date : WK19.09 -# Purpose: Allow to access property dev/mdp_sync -#============= surfaceflinger ============== -allow surfaceflinger mtk_mdp_device:chr_file rw_file_perms; - -# Date : WK18.43 -# Operation : HDR -# Purpose: Allow to skip aosp hdr solution -get_prop(surfaceflinger, graphics_hwc_hdr_prop) diff --git a/r_non_plat/system_app.te b/r_non_plat/system_app.te deleted file mode 100644 index 4e18c90..0000000 --- a/r_non_plat/system_app.te +++ /dev/null @@ -1,50 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -typeattribute system_app mlstrustedsubject; - -# Date : 2017/07/21 -# Purpose :[CdsInfo] read/ write WI-FI MAC address by NVRAM API -# Package Name: com.mediatek.connectivity -hal_client_domain(system_app, hal_nvramagent); - -hal_client_domain(system_app, mtk_hal_lbs) - -#Dat: 2017/02/14 -#Purpose: allow set telephony Sensitive property -get_prop(system_app, mtk_telephony_sensitive_prop) - - -# Date : WK17.12 -# Operation : MT6799 SQC -# Purpose : Change thermal config -allow system_app mtk_thermal_config_prop:file { getattr open read }; - - -# Date : 2017/11/07 -# Operation : Migration -# Purpose : CAT need copy exception db file from data folder -# Package: CAT tool -allow system_app aee_exp_data_file:file r_file_perms; -allow system_app aee_exp_data_file:dir r_dir_perms; - -# Date: 2018/11/08 -# Operation : JPEG -# Purpose : JPEG need to use PQ via MMS HIDL -allow system_app mtk_hal_mms_hwservice:hwservice_manager find; -allow system_app mtk_hal_mms:binder call; - -# Date: 2019/06/14 -# Operation : Migration -# Purpose : system_app need vendor_default_prop -get_prop(system_app, vendor_default_prop) - -# Date: 2019/07/16 -# Operation : Migration -# Purpose : system_app need use hdmi service and create socktet -allow system_app mtk_hal_hdmi_hwservice:hwservice_manager find; -allow system_app mtk_hal_hdmi:binder call; -allow system_app self:netlink_kobject_uevent_socket {read bind create setopt }; -# system_app need to read from sysfs /sys/class/switch/hdmi/state -r_dir_file(system_app, sysfs_switch); diff --git a/r_non_plat/system_server.te b/r_non_plat/system_server.te deleted file mode 100644 index d79c56f..0000000 --- a/r_non_plat/system_server.te +++ /dev/null @@ -1,211 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== -# Access devices. -allow system_server touch_device:chr_file rw_file_perms; -allow system_server stpant_device:chr_file rw_file_perms; -allow system_server devmap_device:chr_file r_file_perms; -allow system_server irtx_device:chr_file rw_file_perms; -allow system_server qemu_pipe_device:chr_file rw_file_perms; -allow system_server wmtWifi_device:chr_file w_file_perms; - -# Add for bootprof -allow system_server proc_bootprof:file rw_file_perms; - -# /data/core access. -allow system_server aee_core_data_file:dir r_dir_perms; - -# Perform Binder IPC. -allow system_server zygote:binder impersonate; - -# Property service. -allow system_server ctl_bootanim_prop:property_service set; - -# For dumpsys. -allow system_server aee_dumpsys_data_file:file w_file_perms; -allow system_server aee_exp_data_file:file w_file_perms; - -# Dump native process backtrace. -#allow system_server exec_type:file r_file_perms; - -# Querying zygote socket. -allow system_server zygote:unix_stream_socket { getopt getattr }; - -# Communicate over a socket created by mnld process. - -# Allow system_server to read /sys/kernel/debug/wakeup_sources -allow system_server debugfs_wakeup_sources:file r_file_perms; - -# Allow system_server to read/write /sys/power/dcm_state -allow system_server sysfs_dcm:file rw_file_perms; - -# Date : WK16.36 -# Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW -allow system_server log_tag_prop:property_service set; - -# Data : WK16.42 -# Operator: Whitney bring up -# Purpose: call surfaceflinger due to powervr -allow system_server surfaceflinger:fifo_file rw_file_perms; - -# Date : W16.42 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required -allow system_server gpu_device:dir search; -allow system_server debugfs_gpu_img:dir search; - -# Date : W16.43 -# Operation : Integration -# Purpose : DRM / DRI GPU driver required -allow system_server sw_sync_device:chr_file { read write getattr open ioctl }; - -# Date : WK16.44 -# Purpose: Allow to access UART1 ttyMT1 -allow system_server ttyMT_device:chr_file rw_file_perms; - -# Date : WK17.52 -# Purpose: Allow to access UART1 ttyS -allow system_server ttyS_device:chr_file rw_file_perms; - -# Date:W16.46 -# Operation : thermal hal Feature developing -# Purpose : thermal hal interface permission -allow system_server proc_mtktz:dir search; -allow system_server proc_mtktz:file r_file_perms; - -# Date:W17.02 -# Operation : audio hal developing -# Purpose : audio hal interface permission -allow system_server mtk_hal_audio:process { getsched setsched }; - -# Date:W17.07 -# Operation : bt hal -# Purpose : bt hal interface permission -binder_call(system_server, mtk_hal_bluetooth) - -# Date:W17.08 -# Operation : sensors hal developing -# Purpose : sensors hal interface permission -binder_call(system_server, mtk_hal_sensors) - -# Operation : light hal developing -# Purpose : light hal interface permission -binder_call(system_server, mtk_hal_light) - -# Date:W17.21 -# Operation : gnss hal -# Purpose : gnss hal interface permission -hal_client_domain(system_server, hal_gnss) - -# Date : W18.01 -# Add for turn on SElinux in enforcing mode -allow system_server vendor_framework_file:dir r_file_perms; - -# Fix bootup violation -allow system_server vendor_framework_file:file getattr; -allow system_server wifi_prop:file { read getattr open }; - -# Date:W17.22 -# Operation : add aee_aed socket rule -# Purpose : type=1400 audit(0.0:134519): avc: denied { connectto } -# for comm=4572726F722064756D703A20737973 -# path=00636F6D2E6D746B2E6165652E6165645F3634 -# scontext=u:r:system_server:s0 tcontext=u:r:aee_aed:s0 -# tclass=unix_stream_socket permissive=0 -allow system_server aee_aed:unix_stream_socket connectto; - -#Dat: 2017/02/14 -#Purpose: allow get telephony Sensitive property -get_prop(system_server, mtk_telephony_sensitive_prop) - -# Date: W17.22 -# Operation : New Feature -# Purpose : Add for A/B system -allow system_server debugfs_wakeup_sources:file { read getattr open }; - -# Date:W17.26 -# Operation : imsa hal -# Purpose : imsa hal interface permission -binder_call(system_server, mtk_hal_imsa) - -# Date:W17.28 -# Operation : camera hal developing -# Purpose : camera hal binder_call permission -binder_call(system_server, mtk_hal_camera) - -# Date:W17.31 -# Operation : mpe sensor hidl developing -# Purpose : mpe sensor hidl permission -binder_call(system_server, mnld) - -# Date : WK17.32 -# Operation : Migration -# Purpose : for network log dumpsys setting/netd information -# audit(0.0:914): avc: denied { write } for path="pipe:[46088]" -# dev="pipefs" ino=46088 scontext=u:r:system_server:s0 -# tcontext=u:r:netdiag:s0 tclass=fifo_file permissive=1 -allow system_server netdiag:fifo_file write; - -# Date : WK17.32 -# Operation : Migration -# Purpose : for DHCP Client ip recover functionality -allow system_server dhcp_data_file:dir search; -allow system_server dhcp_data_file:dir rw_dir_perms; -allow system_server dhcp_data_file:file create_file_perms; - -# Date:W17.35 -# Operation : lbs hal -# Purpose : lbs hidl interface permission -hal_client_domain(system_server, mtk_hal_lbs) - -# Date : WK17.12 -# Operation : MT6799 SQC -# Purpose : Change thermal config -allow system_server mtk_thermal_config_prop:file { getattr open read }; - - -# Date : WK17.43 -# Operation : Migration -# Purpose : perfmgr permission -allow system_server mtk_hal_power_hwservice:hwservice_manager find; -allow system_server proc_perfmgr:dir {read search}; -allow system_server proc_perfmgr:file {open read ioctl}; -allowxperm system_server proc_perfmgr:file ioctl { - PERFMGR_FPSGO_QUEUE - PERFMGR_FPSGO_DEQUEUE - PERFMGR_FPSGO_QUEUE_CONNECT - PERFMGR_FPSGO_BQID -}; - -# Date : W18.22 -# Operation : MTK wifi hal migration -# Purpose : MTK wifi hal interface permission -binder_call(system_server, mtk_hal_wifi) - -# Date : WK18.33 -# Purpose : type=1400 audit(0.0:1592): avc: denied { read } -# for comm=4572726F722064756D703A20646174 name= -# "u:object_r:persist_mtk_aee_prop:s0" dev="tmpfs" -# ino=10312 scontext=u:r:system_server:s0 tcontext= -# u:object_r:persist_mtk_aee_prop:s0 tclass=file permissive=0 -get_prop(system_server, persist_mtk_aee_prop); - -# Date : W19.15 -# Operation : alarm device permission -# Purpose : support power-off alarm -allow system_server alarm_device:chr_file rw_file_perms; - -# Date : WK19.7 -# Operation: Q migration -# Purpose : Allow system_server to use ioctl/ioctlcmd -allow system_server proc_ged:file rw_file_perms; -allowxperm system_server proc_ged:file ioctl { proc_ged_ioctls }; - -# Date: 2019/06/14 -# Operation : Migration -get_prop(system_server, vendor_default_prop) - -# Date: 2019/06/14 -# Operation : when WFD turnning on, turn off hdmi -allow system_server mtk_hal_hdmi_hwservice:hwservice_manager find; -allow system_server mtk_hal_hdmi:binder call; diff --git a/r_non_plat/thermal_manager.te b/r_non_plat/thermal_manager.te deleted file mode 100644 index 3bdf75c..0000000 --- a/r_non_plat/thermal_manager.te +++ /dev/null @@ -1,53 +0,0 @@ -# ============================================== -# Policy File of /system/bin/thermal_manager Executable File - -# ============================================== -# Type Declaration -# ============================================== -type thermal_manager_exec , exec_type, file_type, vendor_file_type; -type thermal_manager ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(thermal_manager) - -allow thermal_manager proc_mtkcooler:dir search; -allow thermal_manager proc_mtktz:dir search; -allow thermal_manager proc_thermal:dir search; -allow thermal_manager proc_mtkcooler:file rw_file_perms; -allow thermal_manager proc_mtktz:file rw_file_perms; -allow thermal_manager proc_thermal:file rw_file_perms; - -allow thermal_manager thermal_manager_data_file:file create_file_perms; -allow thermal_manager thermal_manager_data_file:dir { rw_dir_perms setattr }; - -allow thermal_manager mediaserver:fd use; -allow thermal_manager mediaserver:fifo_file { read write }; -allow thermal_manager mediaserver:tcp_socket { read write }; - -# Date : WK16.30 -# Operation : Migration -# Purpose : -allow thermal_manager camera_isp_device:chr_file { read write }; -allow thermal_manager cameraserver:fd use; -allow thermal_manager kd_camera_hw_device:chr_file { read write }; -allow thermal_manager MTK_SMI_device:chr_file read; -allow thermal_manager surfaceflinger:fd use; -set_prop(thermal_manager ,mtk_thermal_config_prop) - -# Date : 2019/09/12 -# Operation : Migration -# Purpose : add sysfs permission -# path = " sys/devices/virtual/thermal/" -# path = " sys/class/thermal/" -allow thermal_manager sysfs_therm:file w_file_perms; - - - -# Date : WK18.18 -# Operation : P Migration -# Purpose : Allow thermal_manager to access vendor data file. - -allow thermal_manager self:capability { fowner chown }; - diff --git a/r_non_plat/thermalloadalgod.te b/r_non_plat/thermalloadalgod.te deleted file mode 100644 index a0091b4..0000000 --- a/r_non_plat/thermalloadalgod.te +++ /dev/null @@ -1,45 +0,0 @@ -# ============================================== -# Policy File of /system/bin/thermalloadalgod_exec Executable File - -# ============================================== -# Type Declaration -# ============================================== -type thermalloadalgod ,domain; -type thermalloadalgod_exec , exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(thermalloadalgod) - -# Data : WK14.43 -# Operation : Migration -# Purpose : thermal algorithm daemon for access driver node -allow thermalloadalgod input_device:dir { r_dir_perms write }; -allow thermalloadalgod input_device:file r_file_perms; - -allow thermalloadalgod thermalloadalgod:netlink_socket { create bind write read}; - -allow thermalloadalgod thermal_manager_data_file:dir create_dir_perms; -allow thermalloadalgod thermal_manager_data_file:file create_file_perms; -allow thermalloadalgod kmsg_device:chr_file write; - -# Data : WK16.49 -# Operation : SPA porting -# Purpose : thermal algorithm daemon for SPA -# For /proc/[pid]/cgroup accessing -typeattribute thermalloadalgod mlstrustedsubject; -allow thermalloadalgod proc:dir { search getattr }; -allow thermalloadalgod shell:dir search; -allow thermalloadalgod platform_app:dir search; -allow thermalloadalgod platform_app:file { open read getattr }; -allow thermalloadalgod priv_app:dir search; -allow thermalloadalgod priv_app:file { open read getattr }; -allow thermalloadalgod system_app:dir search; -allow thermalloadalgod system_app:file { open read getattr }; -allow thermalloadalgod untrusted_app:dir search; -allow thermalloadalgod untrusted_app:file { open read getattr }; -allow thermalloadalgod mediaserver:dir search; -allow thermalloadalgod mediaserver:file { open read getattr }; -allow thermalloadalgod proc_thermal:dir search; -allow thermalloadalgod proc_thermal:file { open read write getattr }; diff --git a/r_non_plat/ueventd.te b/r_non_plat/ueventd.te deleted file mode 100644 index a98faaa..0000000 --- a/r_non_plat/ueventd.te +++ /dev/null @@ -1,14 +0,0 @@ -# Date : WK17.12 -# Purpose: Fix bootup fail -allow ueventd proc_net:file r_file_perms; - -# Date: W17.22 -# Operation : New Feature -# Purpose : Add for A/B system -allow ueventd device:chr_file { relabelfrom relabelto }; -allow ueventd m_acc_misc_device:chr_file { relabelfrom relabelto }; -allow ueventd m_mag_misc_device:chr_file { relabelfrom relabelto }; - -# Date: 2019/06/14 -# Operation : Migration -allow ueventd tmpfs:lnk_file r_file_perms; diff --git a/r_non_plat/uncrypte.te b/r_non_plat/uncrypte.te deleted file mode 100644 index 22efa73..0000000 --- a/r_non_plat/uncrypte.te +++ /dev/null @@ -1,3 +0,0 @@ -#====================== uncrypt.te ====================== -allow uncrypt para_block_device:blk_file w_file_perms; -allow uncrypt ota_package_file:file w_file_perms; diff --git a/r_non_plat/untrusted_app.te b/r_non_plat/untrusted_app.te deleted file mode 100644 index 040d47f..0000000 --- a/r_non_plat/untrusted_app.te +++ /dev/null @@ -1,12 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# TODO:: Security Issue. - -# Date: 2016/02/26 -# Operation: Migration -# Purpose: Allow MTK modified ElephantStress and WhatsTemp to read thermal zone temperatures -# from MTK kernel modules for thermal tests at OEM/ODM. -allow untrusted_app proc_mtktz:dir search; -allow untrusted_app proc_mtktz:file r_file_perms; diff --git a/r_non_plat/untrusted_app_25.te b/r_non_plat/untrusted_app_25.te deleted file mode 100644 index 76310d7..0000000 --- a/r_non_plat/untrusted_app_25.te +++ /dev/null @@ -1,19 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : 2017/08/01 -# Operation: SQC -# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information -# properly for thermal tests at OEM/ODM. -allow untrusted_app_25 proc_mtktz:dir search; -allow untrusted_app_25 proc_mtktz:file r_file_perms; -allow untrusted_app_25 proc_thermal:dir search; -allow untrusted_app_25 proc_thermal:file r_file_perms; - -allow untrusted_app_25 sysfs_fps:dir search; -allow untrusted_app_25 sysfs_fps:file r_file_perms; -allow untrusted_app_25 sysfs_batteryinfo:dir search; -#allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read }; -allow untrusted_app_25 sysfs_therm:dir r_dir_perms; -allow untrusted_app_25 sysfs_therm:file r_file_perms; diff --git a/r_non_plat/update_engine.te b/r_non_plat/update_engine.te deleted file mode 100644 index e3013f9..0000000 --- a/r_non_plat/update_engine.te +++ /dev/null @@ -1,29 +0,0 @@ -# MTK Add policy for update_engine -# Add for update_engine update block device -allow update_engine preloader_block_device:blk_file rw_file_perms; -allow update_engine lk_block_device:blk_file rw_file_perms; -allow update_engine dtbo_block_device:blk_file rw_file_perms; -allow update_engine tee_block_device:blk_file rw_file_perms; -allow update_engine vendor_block_device:blk_file rw_file_perms; -allow update_engine odm_block_device:blk_file rw_file_perms; -allow update_engine oem_block_device:blk_file rw_file_perms; -allow update_engine md_block_device:blk_file rw_file_perms; -allow update_engine dsp_block_device:blk_file rw_file_perms; -allow update_engine scp_block_device:blk_file rw_file_perms; -allow update_engine sspm_block_device:blk_file rw_file_perms; -allow update_engine spmfw_block_device:blk_file rw_file_perms; -allow update_engine mcupmfw_block_device:blk_file rw_file_perms; -allow update_engine loader_ext_block_device:blk_file rw_file_perms; -allow update_engine cam_vpu_block_device:blk_file rw_file_perms; -allow update_engine para_block_device:blk_file rw_file_perms; -allow update_engine vbmeta_block_device:blk_file rw_file_perms; -allow update_engine proc_filesystems:file r_file_perms; - -# Add for update_engine call by system_app -allow update_engine system_app:binder { call transfer }; - -# Add for update_engine with postinstall -allow update_engine postinstall_mnt_dir:dir { search getattr open read write search unlink}; - -# Add for AVB20 -allow update_engine tmpfs:lnk_file read; diff --git a/r_non_plat/vendor_init.te b/r_non_plat/vendor_init.te deleted file mode 100644 index eef9af4..0000000 --- a/r_non_plat/vendor_init.te +++ /dev/null @@ -1,71 +0,0 @@ -#allow vendor_init exported3_system_prop:property_service set; -#allow vendor_init dalvik_prop:property_service set; - -#allow vendor_init ffs_prop:property_service set; -allow vendor_init mediatek_prop:property_service set; -allow vendor_init mtk_md_version_prop:property_service set; -allow vendor_init mtk_volte_prop:property_service set; -allow vendor_init vendor_radio_prop:property_service set; -allow vendor_init mtk_ril_mode_prop:property_service set; -allow vendor_init wmt_prop:property_service set; -allow vendor_init coredump_prop:property_service set; -allow vendor_init proc_wmtdbg:file w_file_perms; -#allow vendor_init vold_prop:property_service set; - -allow vendor_init proc_bootprof:file write; -allow vendor_init rootfs:dir { write add_name setattr }; -allow vendor_init self:capability sys_module; - -allow vendor_init tmpfs:dir { write create add_name }; -allow vendor_init unlabeled:dir { relabelfrom getattr setattr search }; -allow vendor_init vendor_file:system module_load; - -allow vendor_init kmsg_device:chr_file unlink; -set_prop(vendor_init, persist_mtk_aee_prop) -set_prop(vendor_init, ro_mtk_aee_prop) -set_prop(vendor_init, vendor_usb_prop) -set_prop(vendor_init, mtk_ct_volte_prop) -set_prop(vendor_init, mtk_gps_support_prop) -set_prop(vendor_init, mtk_rat_config_prop) -set_prop(vendor_init, tel_switch_prop) -set_prop(vendor_init, mtk_aal_ro_prop) -set_prop(vendor_init, mtk_pq_ro_prop) -set_prop(vendor_init, mtk_default_prop) -set_prop(vendor_init, mtk_nn_option_prop) - -set_prop(vendor_init, mtk_emmc_support_prop) -set_prop(vendor_init, mtk_anr_support_prop) -set_prop(vendor_init, mtk_antutu_prop) -set_prop(vendor_init, mtk_bt_sap_enable_prop) -set_prop(vendor_init, coredump_prop) - -# allow create symbolic link, /mnt/sdcard, for meta/factory mode -allow vendor_init tmpfs:lnk_file create; - -set_prop(vendor_init, mtk_cxp_vendor_prop) - -# Run "ifup lo" to bring up the localhost interface -allow vendor_init proc_hostname:file w_file_perms; -allow vendor_init self:udp_socket { create ioctl }; -# in addition to unpriv ioctls granted to all domains, init also needs: -allowxperm vendor_init self:udp_socket ioctl { SIOCSIFFLAGS }; -allow vendor_init self:global_capability_class_set net_raw; - -# enhance boot time -allow vendor_init proc_perfmgr:file write; - -# allow create symbolic link, /mnt/sdcard, for meta/factory mode -allow vendor_init tmpfs:lnk_file create; - -set_prop(vendor_init, mtk_appresolutiontuner_prop) - -# fullscreen switch -set_prop(vendor_init, mtk_fullscreenswitch_prop) - -# for kernel module verification support, allow vendor domain to search kernel keyring -allow vendor_init kernel:key search; - -# Purpose: /dev/block/mmcblk0p10 -allow vendor_init expdb_block_device:blk_file rw_file_perms; - -set_prop(vendor_init, mtk_wifi_hotspot_prop) diff --git a/r_non_plat/vendor_shell.te b/r_non_plat/vendor_shell.te deleted file mode 100644 index 46903b0..0000000 --- a/r_non_plat/vendor_shell.te +++ /dev/null @@ -1,5 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================= -# Purpose : allow vendor_shell to run aeev -allow vendor_shell aee_aedv_exec:file execute_no_trans; diff --git a/r_non_plat/vold.te b/r_non_plat/vold.te deleted file mode 100644 index 8679bc7..0000000 --- a/r_non_plat/vold.te +++ /dev/null @@ -1,46 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# volume manager - -# Date : WK16.19 -# Operation : Migration -# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts -allow vold iso9660:filesystem unmount; - -# Date : WK16.19 -# Operation : Migration -# Purpose : vold will traverse /proc when remountUid(). -# It will trigger violation if mtk customize some label in /proc. -# However, we should ignore the violation if the processes never access the storage. -dontaudit vold proc_battery_cmd:dir { read open }; -dontaudit vold proc_mtkcooler:dir { read open }; -dontaudit vold proc_mtktz:dir { read open }; -dontaudit vold proc_thermal:dir { read open }; - -# Date : WK18.30 -# Operation : Migration -# Purpose : vold create mdlog folder in data for meta mode. -allow vold mdlog_data_file:dir { create_dir_perms }; - -allow vold mtd_device:blk_file rw_file_perms; - -# dontaudit for fstrim on 'vendor' folder -dontaudit vold nvdata_file:dir r_dir_perms; -dontaudit vold nvcfg_file:dir r_dir_perms; -dontaudit vold protect_f_data_file:dir r_dir_perms; -dontaudit vold protect_s_data_file:dir r_dir_perms; - -# execute mke2fs when format as internal -allow vold cache_block_device:blk_file getattr; -allowxperm vold dm_device:blk_file ioctl { - BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET -}; -allow vold nvcfg_block_device:blk_file getattr; -allow vold nvdata_device:blk_file getattr; -allow vold proc_swaps:file r_file_perms; -allow vold protect1_block_device:blk_file getattr; -allow vold protect2_block_device:blk_file getattr; -allow vold proc_swaps:file getattr; -allow vold swap_block_device:blk_file getattr; diff --git a/r_non_plat/wlan_assistant.te b/r_non_plat/wlan_assistant.te deleted file mode 100644 index 830da67..0000000 --- a/r_non_plat/wlan_assistant.te +++ /dev/null @@ -1,43 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/wlan_assistant Executable File - -# ============================================== -# Type Declaration -# ============================================== -type wlan_assistant_exec , exec_type, file_type, vendor_file_type; -type wlan_assistant ,domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(wlan_assistant) - -# Date : WK14.34 -# Operation : Migration -# Purpose : for mtk debug mechanism. agpsd_data_file, mtk_agpsd are used -# to share wifi scan results with AGPS module. netlink_socket is used to -# listen events of wlan driver. udp_socket is used to do ioctl with wlan driver -# kernel-3.18 uses netlink_socket, but kernel-4.4 uses generic netlink_socket -allow wlan_assistant agpsd_data_file:sock_file write; -allow wlan_assistant mtk_agpsd:unix_dgram_socket sendto; -allow wlan_assistant agpsd_data_file:dir search; -allow wlan_assistant self:netlink_generic_socket create_socket_perms_no_ioctl; -allow wlan_assistant self:udp_socket { create ioctl }; - -# Date : WK18.17 -# Operation : Migration -# Purpose : To allow wlan_assistant monitor /vendor/nvdata/APCFG/APRDEB, -# /storage/sdcard0, /vendor/firmware. Which can help to check if nvram, -# driver config or firmware config file are changed, if yes, will write it -# to wlan driver in time. -# allow wlan_assistant wifi_data_file:file { read getattr open }; -# allow wlan_assistant wifi_data_file:dir { read search getattr open }; -allow wlan_assistant nvdata_file:dir { search read getattr open }; -allow wlan_assistant nvdata_file:file { read getattr open }; -allow wlan_assistant wmtWifi_device:chr_file { read write getattr open }; - -allow wlan_assistant mnt_vendor_file :dir search; -allow wlan_assistant init:unix_stream_socket connectto; -allow wlan_assistant property_socket:sock_file write; - -set_prop(wlan_assistant, mtk_nvram_ready_prop) diff --git a/r_non_plat/wmt_loader.te b/r_non_plat/wmt_loader.te deleted file mode 100644 index 25c9bde..0000000 --- a/r_non_plat/wmt_loader.te +++ /dev/null @@ -1,30 +0,0 @@ -# ============================================== -# Policy File of /system/bin/wmt_loader Executable File - - -# ============================================== -# Type Declaration -# ============================================== -type wmt_loader ,domain; -type wmt_loader_exec , exec_type, file_type, vendor_file_type; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(wmt_loader) - -allow wmt_loader self:capability chown; - -# Set the property -set_prop(wmt_loader, wmt_prop) - -# add ioctl/open/read/write permission for wmt_loader with /dev/wmtdetect -allow wmt_loader wmtdetect_device:chr_file rw_file_perms; - -# add ioctl/open/read/write permission for wmt_loader with /dev/stpwm -allow wmt_loader stpwmt_device:chr_file rw_file_perms; -allow wmt_loader devpts:chr_file rwx_file_perms; - -# Date: 2019/06/14 -# Operation : Migration -allow wmt_loader proc_wmtdbg:file setattr; diff --git a/r_non_plat/zygote.te b/r_non_plat/zygote.te deleted file mode 100644 index 82dedf9..0000000 --- a/r_non_plat/zygote.te +++ /dev/null @@ -1,15 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow zygote proc_ged:file rw_file_perms; - -# Date : WK17.02 -# Purpose: Allow to access gpu for memtrack functions -allow zygote gpu_device:dir search; -allow zygote gpu_device:chr_file { open read write ioctl getattr}; - -allow zygote proc_bootprof:file rw_file_perms; -allow zygote proc_uptime:file rw_file_perms; diff --git a/vendor/google/bug_map b/vendor/google/bug_map deleted file mode 100644 index f10cd16..0000000 --- a/vendor/google/bug_map +++ /dev/null @@ -1,44 +0,0 @@ -kernel kernel capability 148682456 -kernel storage_file dir 148682456 -mtk_wifi_hal default_prop file 148682456 -mtk_wifi_hal vendor_default_prop property_service 148682456 -mediacodec default_prop file 148682456 -system_app debugfs_ion dir 148682456 -platform_app debugfs_ion dir 148682456 -system_server debugfs_ion dir 148682456 -priv_app debugfs_ion dir 148682456 -gmscore_app debugfs_ion dir 148682456 -mtk_hal_bluetooth metadata_file dir 148682456 -untrusted_app mnt_vendor_file dir 148682456 -rild vendor_default_prop property_service 148682456 -vold sysfs_mmcblk file 148682456 -mtk_hal_audio persist_aee_prop file 148682456 -ccci_fsd kernel system 148682456 -nvram_daemon proc_cmdline file 148682456 -ccci_mdinit proc_cmdline file 148682456 -merged_hal_service mtk_hal_gpu_hwservice hwservice_manager 148682456 -init proc file 148682456 -mnld proc_cmdline file 148682456 -connsyslogger vendor_default_prop property_service 148682456 -aee_aedv gsi_metadata_file dir 148682456 -thermal_manager thermalloadalgod unix_stream_socket 148682456 -fuelgauged_nvram sysfs_dt_firmware_android dir 148682456 -mediacodec default_prop file 148682456 -bip net_dns_prop file 148682456 -mnld metadatea_file dir 148682456 -mnld sysfs_dt_firmware_android dir 148682456 -mtk_hal_audio default_prop file 148682456 -emdlogger metadata_file dir 148682456 -bootanim debugfs_ion dir 148682456 -rild metadata_file dir 148682456 -mtk_hal_camera sysfs_dt_firmware_android file 148682456 -system_server sysfs file 148682456 -kernel storage_file dir 148682456 -mtk_hal_wifi vendor_default_prop property_service 148682456 -mediacodec default_prop file 148682456 -system_app debugfs_ion dir 148682456 -platform_app debugfs_ion dir 148682456 -system_server debugfs_ion dir 148682456 -system_server proc_last_kmsg file 148682456 -gmscore_app debugfs_ion dir 148682456 -untrusted_app_27 mnt_vendor_file dir 148682456 |