From b1496698fb0630efc9684940e300d29bc134785e Mon Sep 17 00:00:00 2001 From: succerseng Date: Sun, 15 May 2022 20:33:42 +0800 Subject: [PATCH] docs:README --- .gitignore | 2 +- .idea/artifacts/SepolicyTools_jar.xml | 14 + META-INF/MANIFEST.MF | 3 + README.md | 41 +++ sepolicy/BGW.te | 2 +- sepolicy/GoogleOtaBinder.te | 2 +- sepolicy/MtkCodecService.te | 2 +- sepolicy/aal.te | 15 +- sepolicy/aee_core_forwarder.te | 2 +- sepolicy/akmd09911.te | 2 +- sepolicy/akmd09912.te | 2 +- sepolicy/akmd8963.te | 2 +- sepolicy/akmd8975.te | 2 +- sepolicy/ami304d.te | 2 +- sepolicy/atci_service.te | 2 +- sepolicy/atcid.te | 2 +- sepolicy/atcp.te | 217 +------------- sepolicy/audiocmdservice_atci.te | 2 +- sepolicy/autokd.te | 2 +- sepolicy/batterywarning.te | 2 +- sepolicy/bmm050d.te | 2 +- sepolicy/bmm056d.te | 2 +- sepolicy/boot_logo_updater.te | 2 +- sepolicy/br_app_data_service.te | 2 +- sepolicy/bt.te | 2 +- sepolicy/ccci_fsd.te | 2 +- sepolicy/ccci_mdinit.te | 2 +- sepolicy/ccci_rpcd.te | 2 +- sepolicy/cmddumper.te | 2 +- sepolicy/ctl.te | 96 +++--- sepolicy/debug.te | 8 +- sepolicy/device.te | 406 +++++++++++++------------- sepolicy/dhcp6c.te | 2 +- sepolicy/disableswap.te | 2 +- sepolicy/dm_agent_binder.te | 2 +- sepolicy/dmlog.te | 2 +- sepolicy/eemcs_fsd.te | 2 +- sepolicy/eemcs_mdinit.te | 2 +- sepolicy/em_svr.te | 2 +- sepolicy/emdlogger.te | 2 +- sepolicy/emmc_rw_debug.te | 2 +- sepolicy/enableswap.te | 2 +- sepolicy/epdg_wod.te | 2 +- sepolicy/factory.te | 140 +-------- sepolicy/file.te | 304 +++++++++---------- sepolicy/flashlessd.te | 2 +- sepolicy/fota1.te | 2 +- sepolicy/fuelgauged.te | 2 +- sepolicy/gas_srv.te | 2 +- sepolicy/ged_srv.te | 2 +- sepolicy/genfs_contexts | 13 +- sepolicy/geomagneticd.te | 2 +- sepolicy/goodix.te | 83 +----- sepolicy/goodixfingerprintd.te | 91 +----- sepolicy/gsm0710muxd.te | 35 +-- sepolicy/gsm0710muxdmd2.te | 2 +- sepolicy/guiext-server.te | 24 +- sepolicy/hotknot.te | 2 +- sepolicy/hotknot_native.te | 2 +- sepolicy/icusbd.te | 2 +- sepolicy/init_thh.te | 2 +- sepolicy/ipo_swap.te | 2 +- sepolicy/ipod.te | 63 +--- sepolicy/ipsec.te | 8 +- sepolicy/ist8303.te | 2 +- sepolicy/kpoc_charger.te | 2 +- sepolicy/lannetmngrd.te | 43 +-- sepolicy/launchpppoe.te | 2 +- sepolicy/matv.te | 2 +- sepolicy/mbimd.te | 2 +- sepolicy/mc6420d.te | 2 +- sepolicy/md_ctrl.te | 2 +- sepolicy/md_monitor.te | 2 +- sepolicy/mdlogger.te | 2 +- sepolicy/mediaserver.te | 156 +--------- sepolicy/memsicd.te | 2 +- sepolicy/memsicd3416x.te | 2 +- sepolicy/meta_tst.te | 2 +- sepolicy/mmc_ffu.te | 2 +- sepolicy/mmp.te | 2 +- sepolicy/mnld.te | 70 +---- sepolicy/mobicore.te | 12 +- sepolicy/mobile_log_d.te | 2 +- sepolicy/mpe.te | 2 +- sepolicy/mpud6050.te | 2 +- sepolicy/msensord.te | 2 +- sepolicy/mtk.te | 48 +-- sepolicy/mtkFlpDaemon.te | 2 +- sepolicy/mtk_6620_launcher.te | 2 +- sepolicy/mtk_agpsd.te | 2 +- sepolicy/mtkmal.te | 2 +- sepolicy/mtkrild.te | 2 +- sepolicy/mtkrildmd2.te | 2 +- sepolicy/muxreport.te | 2 +- sepolicy/mvg_app.te | 2 +- sepolicy/mxg2320d.te | 2 +- sepolicy/net.te | 11 +- sepolicy/netdiag.te | 2 +- sepolicy/nvram_agent_binder.te | 2 +- sepolicy/nvram_daemon.te | 2 +- sepolicy/orientationd.te | 2 +- sepolicy/osi.te | 2 +- sepolicy/permission_check.te | 2 +- sepolicy/persist.te | 18 +- sepolicy/poad.te | 2 +- sepolicy/ppl_agent.te | 2 +- sepolicy/pppd_btdun.te | 2 +- sepolicy/pppd_dt.te | 2 +- sepolicy/pppd_via.te | 2 +- sepolicy/pq.te | 23 +- sepolicy/proc.te | 14 +- sepolicy/program.te | 2 +- sepolicy/program_binary.te | 4 +- sepolicy/property.te | 208 ++++++------- sepolicy/property_contexts | 340 +++++++-------------- sepolicy/pvrsrvctl.te | 2 +- sepolicy/radio.te | 141 +++------ sepolicy/rda.te | 2 +- sepolicy/resize.te | 2 +- sepolicy/resmon.te | 2 +- sepolicy/ril-3gddaemon.te | 2 +- sepolicy/ril.te | 6 +- sepolicy/rilproxy.te | 2 +- sepolicy/s62xd.te | 2 +- sepolicy/sbchk.te | 2 +- sepolicy/service.te | 54 ++-- sepolicy/service_contexts | 95 +++--- sepolicy/slpd.te | 2 +- sepolicy/smart_audio.te | 2 +- sepolicy/sn.te | 2 +- sepolicy/spm_loader.te | 2 +- sepolicy/st480.te | 2 +- sepolicy/statusd.te | 2 +- sepolicy/stp_dump3.te | 2 +- sepolicy/teei_daemon.te | 2 +- sepolicy/terservice.te | 12 +- sepolicy/thermal.te | 2 +- sepolicy/thermal_manager.te | 2 +- sepolicy/thermald.te | 2 +- sepolicy/thermalloadalgod.te | 2 +- sepolicy/tiny_mkswap.te | 2 +- sepolicy/tiny_swapon.te | 2 +- sepolicy/tune2fs.te | 2 +- sepolicy/tunman.te | 6 +- sepolicy/usbdongled.te | 2 +- sepolicy/viarild.te | 2 +- sepolicy/vold.te | 67 +---- sepolicy/volte.te | 2 +- sepolicy/volte_imcb.te | 6 +- sepolicy/volte_imsm_md.te | 2 +- sepolicy/volte_rcs_ua.te | 4 +- sepolicy/volte_stack.te | 2 +- sepolicy/volte_ua.te | 2 +- sepolicy/vtservice.te | 41 +-- sepolicy/wfca.te | 2 +- sepolicy/wifi2agps.te | 2 +- sepolicy/wmt_loader.te | 2 +- sepolicy/xlog.te | 2 +- sepolicy/yamaha537fusiond.te | 2 +- sepolicy/zpppd_gprs.te | 2 +- src/Gui/SepolicyToolsGUI.java | 3 +- 161 files changed, 1047 insertions(+), 2138 deletions(-) create mode 100644 .idea/artifacts/SepolicyTools_jar.xml create mode 100644 META-INF/MANIFEST.MF create mode 100644 README.md diff --git a/.gitignore b/.gitignore index e2e7327..1fcb152 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/out +out diff --git a/.idea/artifacts/SepolicyTools_jar.xml b/.idea/artifacts/SepolicyTools_jar.xml new file mode 100644 index 0000000..f4b3e97 --- /dev/null +++ b/.idea/artifacts/SepolicyTools_jar.xml @@ -0,0 +1,14 @@ + + + $PROJECT_DIR$/out/artifacts/SepolicyTools_jar + + + + + + + + + + + \ No newline at end of file diff --git a/META-INF/MANIFEST.MF b/META-INF/MANIFEST.MF new file mode 100644 index 0000000..7054c3d --- /dev/null +++ b/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Main-Class: Gui.SepolicyToolsGUI + diff --git a/README.md b/README.md new file mode 100644 index 0000000..47406f3 --- /dev/null +++ b/README.md @@ -0,0 +1,41 @@ +## 这是什么东西? + +一个能格式化Selinux 政策的东西 + +## 这东西能干嘛? + +美化Sepolicy~~(其实没什么用)~~ + +## 使用步骤: + +1、烧一壶开水 + +2、[下载软件](https://github.com/succerseng/SepolicyTools/releases) SepolicyTools.jar + +3、使用刚烧开的水烫洗茶杯 + +4、在终端运行 + +```sh +# 请先解压文件 +# 进入解压得到的文件夹 +# 打开终端 +# 键入 +java -jar SepolicyTools.jar --encoding=utf-8 +``` + +5、用稍微凉了一点的水洗茶 + +6、选择您的sepolicy文件夹 + +7、现在可以开始泡茶啦 + +8、连接您的手机 + +9、请注意 不要泡太久 + +10、点击自动运行 + +接下来只需要等着程序执行完成~~崩溃~~ + +好了,您的茶快凉了,请尽快饮用吧 diff --git a/sepolicy/BGW.te b/sepolicy/BGW.te index a68d0f6..3e18ca4 100644 --- a/sepolicy/BGW.te +++ b/sepolicy/BGW.te @@ -1,5 +1,5 @@ -type BGW, domain; type BGW_exec, exec_type, file_type; +type BGW, domain; init_daemon_domain(BGW) allow BGW stpwmt_device:chr_file { read write open }; allow BGW self:netlink_socket { read bind create write }; diff --git a/sepolicy/GoogleOtaBinder.te b/sepolicy/GoogleOtaBinder.te index 5776a84..66b424a 100644 --- a/sepolicy/GoogleOtaBinder.te +++ b/sepolicy/GoogleOtaBinder.te @@ -1,5 +1,5 @@ -type GoogleOtaBinder, domain; type GoogleOtaBinder_exec, exec_type, file_type; +type GoogleOtaBinder, domain; init_daemon_domain(GoogleOtaBinder) binder_use(GoogleOtaBinder) binder_service(GoogleOtaBinder) diff --git a/sepolicy/MtkCodecService.te b/sepolicy/MtkCodecService.te index 9d6dc69..36561ea 100644 --- a/sepolicy/MtkCodecService.te +++ b/sepolicy/MtkCodecService.te @@ -1,5 +1,5 @@ -type MtkCodecService, domain; type MtkCodecService_exec, exec_type, file_type; +type MtkCodecService, domain; init_daemon_domain(MtkCodecService) binder_use(MtkCodecService) allow MtkCodecService self:capability { setuid sys_nice }; diff --git a/sepolicy/aal.te b/sepolicy/aal.te index d00a953..bc1b29a 100644 --- a/sepolicy/aal.te +++ b/sepolicy/aal.te @@ -1,11 +1,4 @@ -type aal, domain; -type aal_exec, exec_type, file_type; -init_daemon_domain(aal) -binder_use(aal) -binder_service(aal) -binder_call(aal, binderservicedomain) -allow aal permission_service:service_manager { find }; -allow aal graphics_device:dir search; -allow aal graphics_device:chr_file { read open ioctl }; -allow aal aal_service:service_manager add; -allow aal aal_als_device:chr_file { read open ioctl }; \ No newline at end of file +type aal_service, service_manager_type; +allow system_server aal_service:service_manager find; +allow atci_service aal_service:service_manager { find }; +allow aal aal_service:service_manager add; \ No newline at end of file diff --git a/sepolicy/aee_core_forwarder.te b/sepolicy/aee_core_forwarder.te index c6cc4ff..85264fa 100644 --- a/sepolicy/aee_core_forwarder.te +++ b/sepolicy/aee_core_forwarder.te @@ -1,5 +1,5 @@ -type aee_core_forwarder, domain; type aee_core_forwarder_exec, exec_type, file_type; +type aee_core_forwarder, domain; init_daemon_domain(aee_core_forwarder) allow aee_core_forwarder system_data_file:dir { write relabelfrom create add_name }; allow aee_core_forwarder sysfs_wake_lock:file { read write open }; diff --git a/sepolicy/akmd09911.te b/sepolicy/akmd09911.te index a3c32a1..ef6ddb6 100644 --- a/sepolicy/akmd09911.te +++ b/sepolicy/akmd09911.te @@ -1,5 +1,5 @@ -type akmd09911, domain; type akmd09911_exec, exec_type, file_type; +type akmd09911, domain; init_daemon_domain(akmd09911) file_type_auto_trans(akmd09911, system_data_file, msensor_data_file) allow akmd09911 system_data_file:dir { create setattr }; diff --git a/sepolicy/akmd09912.te b/sepolicy/akmd09912.te index 873bfa0..2e61b91 100644 --- a/sepolicy/akmd09912.te +++ b/sepolicy/akmd09912.te @@ -1,5 +1,5 @@ -type akmd09912, domain; type akmd09912_exec, exec_type, file_type; +type akmd09912, domain; init_daemon_domain(akmd09912) file_type_auto_trans(akmd09912, system_data_file, msensor_data_file) allow akmd09912 system_data_file:dir { create setattr }; diff --git a/sepolicy/akmd8963.te b/sepolicy/akmd8963.te index e7feeff..f0d1506 100644 --- a/sepolicy/akmd8963.te +++ b/sepolicy/akmd8963.te @@ -1,5 +1,5 @@ -type akmd8963, domain; type akmd8963_exec, exec_type, file_type; +type akmd8963, domain; init_daemon_domain(akmd8963) file_type_auto_trans(akmd8963, system_data_file, msensor_data_file) allow akmd8963 system_data_file:dir { create setattr }; diff --git a/sepolicy/akmd8975.te b/sepolicy/akmd8975.te index 105ca16..0e2e9a7 100644 --- a/sepolicy/akmd8975.te +++ b/sepolicy/akmd8975.te @@ -1,3 +1,3 @@ -type akmd8975, domain; type akmd8975_exec, exec_type, file_type; +type akmd8975, domain; init_daemon_domain(akmd8975) \ No newline at end of file diff --git a/sepolicy/ami304d.te b/sepolicy/ami304d.te index 4ac8f4b..ba80a41 100644 --- a/sepolicy/ami304d.te +++ b/sepolicy/ami304d.te @@ -1,3 +1,3 @@ -type ami304d, domain; type ami304d_exec, exec_type, file_type; +type ami304d, domain; init_daemon_domain(ami304d) \ No newline at end of file diff --git a/sepolicy/atci_service.te b/sepolicy/atci_service.te index 8964db4..c176d94 100644 --- a/sepolicy/atci_service.te +++ b/sepolicy/atci_service.te @@ -1,5 +1,5 @@ -type atci_service, domain; type atci_service_exec, exec_type, file_type; +type atci_service, domain; init_daemon_domain(atci_service) file_type_auto_trans(atci_service, system_data_file, atci_data_file) binder_use(atci_service) diff --git a/sepolicy/atcid.te b/sepolicy/atcid.te index 64ff21a..db80118 100644 --- a/sepolicy/atcid.te +++ b/sepolicy/atcid.te @@ -1,5 +1,5 @@ -type atcid, domain; type atcid_exec, exec_type, file_type; +type atcid, domain; init_daemon_domain(atcid) allow atcid wmtWifi_device:chr_file { write open }; allow atcid viarild:unix_stream_socket connectto; diff --git a/sepolicy/atcp.te b/sepolicy/atcp.te index 3539f64..a93f4e6 100644 --- a/sepolicy/atcp.te +++ b/sepolicy/atcp.te @@ -1,214 +1,3 @@ -type atcp, domain; -type atcp_exec, exec_type, file_type; -wakelock_use(atcp) -unix_socket_connect(atcp, property, init) -typeattribute atcp mlstrustedsubject; -init_daemon_domain(atcp) -dontaudit atcp untrusted_app:fd use; -dontaudit atcp isolated_app:fd use; -binder_use(atcp) -auditallow atcp system_radio_prop:property_service set; -auditallow atcp net_radio_prop:property_service set; -allow system_server atcp:fd use; -allow atcp zygote_exec:file { read getattr open execute execute_no_trans }; -allow atcp wod_sim_socket:sock_file write; -allow atcp wod_action_socket:sock_file write; -allow atcp wmtWifi_device:chr_file { write open }; -allow atcp volte_prop:property_service set; -allow atcp volte_imsa1_socket:sock_file write; -allow atcp volte_imcb:unix_stream_socket connectto; -allow atcp vmodem_device:chr_file { read write ioctl open }; -allow atcp viarild:unix_stream_socket connectto; -allow atcp vfat:file create_file_perms; -allow atcp vfat:dir create_dir_perms; -allow atcp untrusted_app:dir search; -allow atcp tty_device:chr_file rw_file_perms; -allow atcp ttySDIO_device:chr_file { read write ioctl open }; -allow atcp ttyGS_device:chr_file { read write open ioctl }; -allow atcp ttyGS_device:chr_file { read write ioctl open }; -allow atcp ttyGS_device:chr_file { open read write ioctl }; -allow atcp tmpfs:lnk_file read; -allow atcp system_server:binder call; -allow atcp system_radio_prop:property_service set; -allow atcp system_prop:property_service set; -allow atcp system_file:file x_file_perms; -allow atcp system_file:file execute_no_trans; -allow atcp system_data_file:file r_file_perms; -allow atcp system_data_file:dir { write create open add_name relabelfrom }; -allow atcp system_data_file:dir { relabelfrom create_dir_perms }; -allow atcp system_data_file:dir r_dir_perms; -allow atcp sysfs_vcorefs_pwrctrl:file { open write }; -allow atcp sysfs_scp:file { open write }; -allow atcp sysfs_scp:dir search; -allow atcp sysfs:file write; -allow atcp storage_file:lnk_file read; -allow atcp storage_file:lnk_file create_file_perms; -allow atcp storage_file:file create_file_perms; -allow atcp storage_file:dir create_dir_perms; -allow atcp statusd:unix_stream_socket connectto; -allow atcp socket_device:sock_file write; -allow atcp shell_exec:file { read open }; -allow atcp shell_exec:file { read execute open }; -allow atcp shell_exec:file { read execute open execute_no_trans }; -allow atcp shell_exec:file rx_file_perms; -allow atcp shell_exec:file execute_no_trans; -allow atcp shell_exec:file execute; -allow atcp servicemanager:binder call; -allow atcp self:udp_socket { create ioctl }; -allow atcp self:udp_socket ioctl; -allow atcp self:udp_socket create; -allow atcp self:udp_socket connect; -allow atcp self:socket create_socket_perms; -allow atcp self:rawip_socket { getopt create }; -allow atcp self:rawip_socket setopt; -allow atcp self:rawip_socket getopt; -allow atcp self:rawip_socket create; -allow atcp self:packet_socket { write ioctl setopt read getopt create }; -allow atcp self:netlink_socket create_socket_perms; -allow atcp self:netlink_route_socket { write getattr setopt read bind create nlmsg_read }; -allow atcp self:netlink_route_socket nlmsg_write; -allow atcp self:netlink_kobject_uevent_socket create_socket_perms; -allow atcp self:capability2 syslog; -allow atcp self:capability { setuid setgid }; -allow atcp self:capability { setuid net_raw setgid }; -allow atcp self:capability { setuid net_admin net_raw }; -allow atcp self:capability { net_admin net_raw }; -allow atcp self:capability sys_time; -allow atcp self:capability setuid; -allow atcp self:capability net_admin; -allow atcp self:capability fowner; -allow atcp self:capability dac_override; -allow atcp self:capability chown; -allow atcp sdcard_type:dir r_dir_perms; -allow atcp scp_device:chr_file { read open }; -allow atcp rilproxy_atci_socket:sock_file write; -allow atcp rilproxy:unix_stream_socket connectto; -allow atcp rild_mal_socket:sock_file write; -allow atcp rild_mal_md2_socket:sock_file write; -allow atcp rild_mal_at_socket:sock_file write; -allow atcp rild_mal_at_md2_socket:sock_file write; -allow atcp rild_imsm_socket:sock_file write; -allow atcp rild_atci_socket:sock_file write; -allow atcp rild_atci_c2k_socket:sock_file write; -allow atcp ril_mux_report_case_prop:property_service set; -allow atcp ril_cdma_report_prop:property_service set; -allow atcp ril_active_md_prop:property_service set; -allow atcp radio_tmpfs:file write; -allow atcp radio_prop:property_service set; -allow atcp radio_device:chr_file rw_file_perms; -allow atcp radio_device:blk_file r_file_perms; -allow atcp radio_data_file:file create_file_perms; -allow atcp radio_data_file:dir rw_dir_perms; -allow atcp radio:fd use; -allow atcp qtaguid_proc:file { read getattr open }; -allow atcp qemu_pipe_device:chr_file rw_file_perms; -allow atcp property_socket:sock_file write; -allow atcp proc_net:file write; -allow atcp proc_lk_env:file { open read write ioctl }; -allow atcp proc_lk_env:file rw_file_perms; -allow atcp proc:file write; -allow atcp pq:binder call; -allow atcp platform_app_tmpfs:file write; -allow atcp platform_app:unix_stream_socket connectto; -allow atcp platform_app:fd use; -allow atcp platform_app:dir search; -allow atcp persist_service_atci_prop:property_service set; -allow atcp persist_ril_prop:property_service set; -allow atcp persist_mtklog_prop:property_service set; -allow atcp para_block_device:blk_file { read write open }; -allow atcp netstats_service:service_manager find; -allow atcp netd_socket:sock_file write; -allow atcp netd:unix_stream_socket connectto; -allow atcp net_radio_prop:property_service set; -allow atcp net_data_file:file { read getattr open }; -allow atcp net_data_file:dir search; -allow atcp mtkrild:unix_stream_socket connectto; -allow atcp mtkmal:unix_stream_socket connectto; -allow atcp mtd_device:dir search; -allow atcp mnt_user_file:lnk_file read; -allow atcp mnt_user_file:lnk_file create_file_perms; -allow atcp mnt_user_file:dir search; -allow atcp mnt_user_file:dir create_dir_perms; -allow atcp mnt_media_rw_file:lnk_file create_file_perms; -allow atcp mnt_media_rw_file:dir search; -allow atcp mnt_media_rw_file:dir create_dir_perms; -allow atcp mmcblk0_block_device:blk_file { read write open }; -allow atcp mmcblk0_block_device:blk_file { open read write }; -allow atcp misc_device:chr_file { read write open }; -allow atcp misc2_device:chr_file { read write open }; -allow atcp misc2_block_device:blk_file { read write open }; -allow atcp mdlog_device:chr_file { read write open ioctl }; -allow atcp mdlog_data_file:file { write read create open rename unlink getattr setattr append }; -allow atcp mdlog_data_file:fifo_file { read write open create setattr }; -allow atcp mdlog_data_file:dir { write search read create open rmdir remove_name add_name relabelto getattr }; -allow atcp md32_device:chr_file { read open }; -allow atcp mal_mfi_socket:sock_file write; -allow atcp logtemp_data_file:file create_file_perms; -allow atcp logtemp_data_file:dir { relabelto create_dir_perms }; -allow atcp logmisc_data_file:file create_file_perms; -allow atcp logmisc_data_file:dir { relabelto create_dir_perms }; -allow atcp logdr_socket:sock_file write; -allow atcp logd:unix_stream_socket connectto; -allow atcp log_device:chr_file { write open }; -allow atcp log_device:chr_file r_file_perms; -allow atcp kernel:system syslog_mod; -allow atcp kernel:system module_request; -allow atcp init:unix_stream_socket connectto; -allow atcp gsm0710muxd_prop:property_service set; -allow atcp gsm0710muxd_device:chr_file { read write }; -allow atcp gsm0710muxd_device:chr_file open; -allow atcp gpu_device:chr_file { read write open ioctl getattr }; -allow atcp gps_device:chr_file rw_file_perms; -allow atcp fwmarkd_socket:sock_file write; -allow atcp fuse:file { write read create open rename unlink getattr setattr append }; -allow atcp fuse:file { rename write getattr read create open unlink }; -allow atcp fuse:file create_file_perms; -allow atcp fuse:dir { write search create rmdir add_name remove_name read open rename }; -allow atcp fuse:dir { remove_name write search read remove_name open add_name create }; -allow atcp fuse:dir create_dir_perms; -allow atcp epdg_wod:unix_stream_socket connectto; -allow atcp efs_file:file create_file_perms; -allow atcp efs_file:dir create_dir_perms; -allow atcp eemcs_device:chr_file { read write }; -allow atcp eemcs_device:chr_file { read write ioctl open }; -allow atcp eemcs_device:chr_file open; -allow atcp eemcs_device:chr_file ioctl; -allow atcp domain:file { read open }; -allow atcp domain:dir search; -allow atcp dnsproxyd_socket:sock_file write; -allow atcp devpts:chr_file { read write open }; -allow atcp devpts:chr_file { open read write ioctl }; -allow atcp devpts:chr_file { getattr setattr }; -allow atcp devpts:chr_file setattr; -allow atcp devpts:chr_file ioctl; -allow atcp devmap_device:chr_file { read ioctl open }; -allow atcp device:lnk_file unlink; -allow atcp device:lnk_file create; -allow atcp device:dir write; -allow atcp device:dir remove_name; -allow atcp device:dir add_name; -allow atcp debug_prop:property_service set; -allow atcp debug_netlog_prop:property_service set; -allow atcp debug_mtklog_prop:property_service set; -allow atcp debug_mdlogger_prop:property_service set; -allow atcp data_tmpfs_log_file:file create_file_perms; -allow atcp data_tmpfs_log_file:dir create_dir_perms; -allow atcp ctl_volte_ua_prop:property_service set; -allow atcp ctl_volte_stack_prop:property_service set; -allow atcp ctl_volte_imcb_prop:property_service set; -allow atcp ctl_rildaemon_prop:property_service set; -allow atcp ctl_ril-daemon-mtk_prop:property_service set; -allow atcp ctl_muxreport-daemon_prop:property_service set; -allow atcp connectivity_service:service_manager find; -allow atcp cgroup:dir create_dir_perms; -allow atcp ccci_device:chr_file { read write ioctl open }; -allow atcp bluetooth_efs_file:file r_file_perms; -allow atcp bluetooth_efs_file:dir r_dir_perms; -allow atcp block_device:dir search; -allow atcp audiocmdservice_atci:unix_stream_socket connectto; -allow atcp atcp_prop:property_service set; -allow atcp atci_service_socket:sock_file write; -allow atcp atci_service:unix_stream_socket connectto; -allow atcp atci_audio_socket:sock_file write; -allow atcp alarm_device:chr_file rw_file_perms; -allow atcp Vcodec_device:chr_file { read write open }; \ No newline at end of file +type atcp_prop, property_type; +allow untrusted_app atcp_prop:file { open read getattr }; +allow atcp atcp_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/audiocmdservice_atci.te b/sepolicy/audiocmdservice_atci.te index a5cf79f..53b3c32 100644 --- a/sepolicy/audiocmdservice_atci.te +++ b/sepolicy/audiocmdservice_atci.te @@ -1,5 +1,5 @@ -type audiocmdservice_atci, domain; type audiocmdservice_atci_exec, exec_type, file_type; +type audiocmdservice_atci, domain; init_daemon_domain(audiocmdservice_atci) binder_use(audiocmdservice_atci) binder_call(audiocmdservice_atci, mediaserver) diff --git a/sepolicy/autokd.te b/sepolicy/autokd.te index 1e7ac26..f6936eb 100644 --- a/sepolicy/autokd.te +++ b/sepolicy/autokd.te @@ -1,5 +1,5 @@ -type autokd_exec, exec_type, file_type; type autokd, domain; +type autokd_exec, exec_type, file_type; init_daemon_domain(autokd) file_type_auto_trans(autokd, system_data_file, autokd_data_file) allow init self:tcp_socket create; diff --git a/sepolicy/batterywarning.te b/sepolicy/batterywarning.te index 247b320..1a4e0f1 100644 --- a/sepolicy/batterywarning.te +++ b/sepolicy/batterywarning.te @@ -1,5 +1,5 @@ -type batterywarning, domain; type batterywarning_exec, exec_type, file_type; +type batterywarning, domain; init_daemon_domain(batterywarning) binder_use(batterywarning) allow batterywarning system_server:binder call; diff --git a/sepolicy/bmm050d.te b/sepolicy/bmm050d.te index 1739773..1fe63d6 100644 --- a/sepolicy/bmm050d.te +++ b/sepolicy/bmm050d.te @@ -1,5 +1,5 @@ -type bmm050d, domain; type bmm050d_exec, exec_type, file_type; +type bmm050d, domain; init_daemon_domain(bmm050d) file_type_auto_trans(bmm050d, system_data_file, msensor_data_file) allow bmm050d system_sensor_data_file:file { open read create write }; diff --git a/sepolicy/bmm056d.te b/sepolicy/bmm056d.te index af0b670..c750a50 100644 --- a/sepolicy/bmm056d.te +++ b/sepolicy/bmm056d.te @@ -1,5 +1,5 @@ -type bmm056d, domain; type bmm056d_exec, exec_type, file_type; +type bmm056d, domain; init_daemon_domain(bmm056d) file_type_auto_trans(bmm056d, system_data_file, msensor_data_file) allow bmm056d system_sensor_data_file:file { open read create write }; diff --git a/sepolicy/boot_logo_updater.te b/sepolicy/boot_logo_updater.te index db690ac..9373c08 100644 --- a/sepolicy/boot_logo_updater.te +++ b/sepolicy/boot_logo_updater.te @@ -1,5 +1,5 @@ -type boot_logo_updater, domain; type boot_logo_updater_exec, exec_type, file_type; +type boot_logo_updater, domain; init_daemon_domain(boot_logo_updater) allow boot_logo_updater system_prop:property_service set; allow boot_logo_updater sysfs:file write; diff --git a/sepolicy/br_app_data_service.te b/sepolicy/br_app_data_service.te index 0a06b96..7f4c29a 100644 --- a/sepolicy/br_app_data_service.te +++ b/sepolicy/br_app_data_service.te @@ -1,5 +1,5 @@ -type br_app_data_service, domain; type br_app_data_service_exec, exec_type, file_type; +type br_app_data_service, domain; typeattribute br_app_data_service mlstrustedsubject; init_daemon_domain(br_app_data_service) allow br_app_data_service system_data_file:dir write; diff --git a/sepolicy/bt.te b/sepolicy/bt.te index 9570500..7025a05 100755 --- a/sepolicy/bt.te +++ b/sepolicy/bt.te @@ -1,5 +1,5 @@ -type bt_prop, property_type; type persist_bt_prop, property_type; +type bt_prop, property_type; allow untrusted_app persist_bt_prop:file { open read getattr }; allow untrusted_app bt_prop:file { open read getattr }; allow bluetooth persist_bt_prop:file { read open getattr }; diff --git a/sepolicy/ccci_fsd.te b/sepolicy/ccci_fsd.te index b7d4d2b..cfb174e 100644 --- a/sepolicy/ccci_fsd.te +++ b/sepolicy/ccci_fsd.te @@ -1,5 +1,5 @@ -type ccci_fsd, domain; type ccci_fsd_exec, exec_type, file_type; +type ccci_fsd, domain; wakelock_use(ccci_fsd) init_daemon_domain(ccci_fsd) allow ccci_fsd sysfs_ccci_version:file { open read getattr }; diff --git a/sepolicy/ccci_mdinit.te b/sepolicy/ccci_mdinit.te index 2d5b31e..8d18bb4 100644 --- a/sepolicy/ccci_mdinit.te +++ b/sepolicy/ccci_mdinit.te @@ -1,5 +1,5 @@ -type ccci_mdinit, domain; type ccci_mdinit_exec, exec_type, file_type; +type ccci_mdinit, domain; wakelock_use(ccci_mdinit) unix_socket_connect(ccci_mdinit, property, init) init_daemon_domain(ccci_mdinit) diff --git a/sepolicy/ccci_rpcd.te b/sepolicy/ccci_rpcd.te index 736baee..ce5230e 100644 --- a/sepolicy/ccci_rpcd.te +++ b/sepolicy/ccci_rpcd.te @@ -1,5 +1,5 @@ -type ccci_rpcd, domain; type ccci_rpcd_exec, exec_type, file_type; +type ccci_rpcd, domain; wakelock_use(ccci_rpcd) init_daemon_domain(ccci_rpcd) allow ccci_rpcd mmcblk0_block_device:blk_file { open read write }; diff --git a/sepolicy/cmddumper.te b/sepolicy/cmddumper.te index 8ebdfe3..6e50b09 100644 --- a/sepolicy/cmddumper.te +++ b/sepolicy/cmddumper.te @@ -1,5 +1,5 @@ -type cmddumper_exec, exec_type, file_type; type cmddumper, domain; +type cmddumper_exec, exec_type, file_type; init_daemon_domain(cmddumper) allow cmddumper ttySDIO_device:chr_file { read write ioctl open }; allow cmddumper system_file:file execute_no_trans; diff --git a/sepolicy/ctl.te b/sepolicy/ctl.te index 433e6e0..f2d0191 100755 --- a/sepolicy/ctl.te +++ b/sepolicy/ctl.te @@ -1,52 +1,52 @@ -type ctl_volte_ua_prop, property_type; -type ctl_volte_imcb_prop, property_type; -type ctl_st480_prop, property_type; -type ctl_ril3gd_prop, property_type; -type ctl_ril-daemon-s_prop, property_type; -type ctl_ril-daemon-md2_prop, property_type; -type ctl_rbfota_prop, property_type; -type ctl_orientationd_prop, property_type; -type ctl_muxreport-daemon_prop, property_type; -type ctl_memsicd3416x_prop, property_type; -type ctl_mbimd_prop, property_type; -type ctl_ipod_prop, property_type; -type ctl_gsm0710muxdmd2_prop, property_type; -type ctl_gsm0710muxd-s_prop, property_type; -type ctl_geomagneticd_prop, property_type; -type ctl_emdlogger3_prop, property_type; -type ctl_emdlogger1_prop, property_type; -type ctl_eemcs_fsd_prop, property_type; -type ctl_dualmdlogger_prop, property_type; -type ctl_ccci_fsd_prop, property_type; -type ctl_ccci2_rpcd_prop, property_type; -type ctl_bmm056d_prop, property_type; -type ctl_atcid-daemon-u_prop, property_type; -type ctl_akmd8963_prop, property_type; -type ctl_akmd09911_prop, property_type; -type ctl_akmd09912_prop, property_type; -type ctl_atci_service_prop, property_type; -type ctl_bmm050d_prop, property_type; -type ctl_ccci2_fsd_prop, property_type; -type ctl_ccci3_fsd_prop, property_type; -type ctl_ccci_rpcd_prop, property_type; -type ctl_eemcs_fmdl_prop, property_type; -type ctl_emcsmdlogger_prop, property_type; -type ctl_emdlogger2_prop, property_type; -type ctl_gsm0710muxd-d_prop, property_type; -type ctl_gsm0710muxd_prop, property_type; -type ctl_ipo_swap_prop, property_type; -type ctl_istd8303_prop, property_type; -type ctl_mdlogger_prop, property_type; -type ctl_msensord_prop, property_type; -type ctl_mxg2320d_prop, property_type; -type ctl_pppd_via_prop, property_type; -type ctl_ril-daemon-d_prop, property_type; -type ctl_ril-daemon-mtk_prop, property_type; -type ctl_ril-proxy_prop, property_type; -type ctl_s62xd_prop, property_type; -type ctl_viarild_prop, property_type; -type ctl_volte_stack_prop, property_type; type ctl_zpppdgprs_prop, property_type; +type ctl_volte_stack_prop, property_type; +type ctl_viarild_prop, property_type; +type ctl_s62xd_prop, property_type; +type ctl_ril-proxy_prop, property_type; +type ctl_ril-daemon-mtk_prop, property_type; +type ctl_ril-daemon-d_prop, property_type; +type ctl_pppd_via_prop, property_type; +type ctl_mxg2320d_prop, property_type; +type ctl_msensord_prop, property_type; +type ctl_mdlogger_prop, property_type; +type ctl_istd8303_prop, property_type; +type ctl_ipo_swap_prop, property_type; +type ctl_gsm0710muxd_prop, property_type; +type ctl_gsm0710muxd-d_prop, property_type; +type ctl_emdlogger2_prop, property_type; +type ctl_emcsmdlogger_prop, property_type; +type ctl_eemcs_fmdl_prop, property_type; +type ctl_ccci_rpcd_prop, property_type; +type ctl_ccci3_fsd_prop, property_type; +type ctl_ccci2_fsd_prop, property_type; +type ctl_bmm050d_prop, property_type; +type ctl_atci_service_prop, property_type; +type ctl_akmd09912_prop, property_type; +type ctl_akmd09911_prop, property_type; +type ctl_akmd8963_prop, property_type; +type ctl_atcid-daemon-u_prop, property_type; +type ctl_bmm056d_prop, property_type; +type ctl_ccci2_rpcd_prop, property_type; +type ctl_ccci_fsd_prop, property_type; +type ctl_dualmdlogger_prop, property_type; +type ctl_eemcs_fsd_prop, property_type; +type ctl_emdlogger1_prop, property_type; +type ctl_emdlogger3_prop, property_type; +type ctl_geomagneticd_prop, property_type; +type ctl_gsm0710muxd-s_prop, property_type; +type ctl_gsm0710muxdmd2_prop, property_type; +type ctl_ipod_prop, property_type; +type ctl_mbimd_prop, property_type; +type ctl_memsicd3416x_prop, property_type; +type ctl_muxreport-daemon_prop, property_type; +type ctl_orientationd_prop, property_type; +type ctl_rbfota_prop, property_type; +type ctl_ril-daemon-md2_prop, property_type; +type ctl_ril-daemon-s_prop, property_type; +type ctl_ril3gd_prop, property_type; +type ctl_st480_prop, property_type; +type ctl_volte_imcb_prop, property_type; +type ctl_volte_ua_prop, property_type; allow zpppd_gprs ctl_zpppdgprs_prop:property_service set; allow volte_imsm_md ctl_volte_ua_prop:property_service set; allow volte_imsm_md ctl_volte_stack_prop:property_service set; diff --git a/sepolicy/debug.te b/sepolicy/debug.te index 082da27..14c91b0 100755 --- a/sepolicy/debug.te +++ b/sepolicy/debug.te @@ -1,8 +1,8 @@ -type debug_mtklog_prop, property_type; -type debug_mdlogger_prop, property_type; -type debug_bq_dump_prop, property_type; -type debug_mtk_aee_prop, property_type; type debug_netlog_prop, property_type; +type debug_mtk_aee_prop, property_type; +type debug_bq_dump_prop, property_type; +type debug_mdlogger_prop, property_type; +type debug_mtklog_prop, property_type; allow untrusted_app debug_netlog_prop:file { open read getattr }; allow untrusted_app debug_mtklog_prop:file { read open getattr }; allow untrusted_app debug_mtk_aee_prop:file { read open getattr }; diff --git a/sepolicy/device.te b/sepolicy/device.te index 3e4aef0..84d16e7 100644 --- a/sepolicy/device.te +++ b/sepolicy/device.te @@ -1,204 +1,204 @@ -type event_input_device, dev_type; -type McDriverDaemon_device, dev_type; -type mobicore-user_device, dev_type; -type mobicore_device, dev_type; -type goodix_fp_device, dev_type; -type goodixfingerprintd_device, dev_type, mlstrustedobject; -type teei_vfs_device, dev_type; -type teei_config_device, dev_type; -type teei_client_device, dev_type; -type teei_fp_device, dev_type; -type teei_rpmb_device, dev_type; -type fingerprint_device, dev_type; -type tfa9890_device, dev_type; -type audio_ipi_device, dev_type; -type mbim_device, dev_type; -type ancservice_device, dev_type; -type nvcfg_block_device, dev_type; -type ppl_block_device, dev_type; -type dsp_block_device, dev_type; -type md_block_device, dev_type; -type persist_block_device, dev_type; -type spm_device, dev_type; -type mmcblk0p4_block_device, dev_type; -type mmcblk1p1_block_device, dev_type; -type mmcblk1_block_device, dev_type; -type mmcblk0_block_device, dev_type; -type oemkeystore_block_device, dev_type; -type keystore_block_device, dev_type; -type protect2_block_device, dev_type; -type protect1_block_device, dev_type; -type preloader_block_device, dev_type; -type secro_block_device, dev_type; -type seccfg_block_device, dev_type; -type tee_block_device, dev_type; -type para_block_device, dev_type; -type logo_block_device, dev_type; -type misc2_block_device, dev_type; -type expdb_block_device, dev_type; -type nvdata_device, dev_type; -type lens_device, dev_type; -type hrm_device, dev_type; -type ttyACM_device, dev_type; -type offloadservice_device, dev_type; -type keyblock_device, dev_type; -type shf_device, dev_type; -type pmic_ftm_device, dev_type; -type irrx_device, dev_type; -type irtx_device, dev_type; -type icusb_device, dev_type; -type qemu_pipe_device, dev_type; -type otp_device, dev_type; -type humidity_device, dev_type; -type barometer_device, dev_type; -type MT_pmic_cali_device, dev_type; -type mtk-adc-cali_device, dev_type; -type MT_pmic_adc_cali_device, dev_type; -type etb_device, dev_type; -type scp_device, dev_type; -type md32_device, dev_type; -type mdlog_device, dev_type; -type hotknot_device, dev_type; -type mnld_device, dev_type; -type agps_device, dev_type; -type kick_powerkey_device, dev_type; -type RT_Monitor_device, dev_type; -type zram0_device, dev_type; -type usrdata_device, dev_type; -type uibc_device, dev_type; -type uboot_device, dev_type; -type ttyp_device, dev_type; -type tpd_em_log_device, dev_type; -type touch_device, dev_type; -type tgt_device, dev_type; -type snapshot_device, dev_type; -type tee_part_device, dev_type; -type seccfg_device, dev_type; -type sec_ro_device, dev_type; -type recovery_device, dev_type; -type ptyp_device, dev_type; -type psaux_device, dev_type; -type protect_s_device, dev_type; -type protect_f_device, dev_type; -type pro_info_device, dev_type; -type preloader_device, dev_type; -type pmt_device, dev_type; -type nvram_device, dev_type; -type network_device, dev_type; -type mtk_kpd_device, dev_type; -type mtgpio_device, dev_type; -type mtfreqhopping_device, dev_type; -type misc2_device, dev_type; -type misc_device, dev_type; -type met_device, dev_type; -type mbr_device, dev_type; -type m_mag_misc_device, dev_type; -type m_batch_misc_device, dev_type; -type m_acc_misc_device, dev_type; -type loop-control_device, dev_type; -type logo_device, dev_type; -type fat_device, dev_type; -type expdb_device, dev_type; -type ebr_device, dev_type; -type dummy_cam_cal_device, dev_type; -type cpu_dma_latency_device, dev_type; -type cache_device, dev_type; -type btif_device, dev_type; -type bootimg_device, dev_type; -type bmtpool_device, dev_type; -type android_device, dev_type; -type accdet_device, dev_type; -type aal_als_device, dev_type; -type MT_pmic_device, dev_type; -type BOOT_device, dev_type; -type mmcblk_device, dev_type; -type exm0_device, dev_type; -type mt6605_device, dev_type; -type emd_device, dev_type; -type eemcs_device, dev_type; -type gsm0710muxd_device, dev_type; -type ccci_monitor_device, dev_type; -type ccci_device, dev_type; -type aed_device, dev_type; -type xlog_device, dev_type; -type sensor_device, dev_type; -type MT6516_MP4_ENC_device, dev_type; -type MT6516_MP4_DEC_device, dev_type; -type MT6516_MM_QUEUE_device, dev_type; -type MT6516_Int_SRAM_device, dev_type; -type MT6516_H264_DEC_device, dev_type; -type vow_device, dev_type; -type ebc_device, dev_type; -type mtk_rrc_device, dev_type; -type MTK_SMI_device, dev_type; -type CAM_CAL_DRV2_device, dev_type; -type CAM_CAL_DRV1_device, dev_type; -type CAM_CAL_DRV_device, dev_type; -type ttyGS_device, dev_type; -type mmp_device, dev_type; -type ampc0_device, dev_type; -type mtk_sched_device, dev_type; -type misc_sd_device, dev_type; -type mtkg2d_device, dev_type; -type mt_mdp_device, dev_type; -type mt_otg_test_device, dev_type; -type MATV_device, dev_type; -type kd_camera_hw_bus2_device, dev_type; -type kd_camera_flashlight_device, dev_type; -type kd_camera_hw_device, dev_type; -type mtk_jpeg_device, dev_type; -type camera_pipemgr_device, dev_type; -type camera_fdvt_device, dev_type; -type camera_dpe_device, dev_type; -type camera_isp_device, dev_type; -type camera_sysram_device, dev_type; -type TV_out_device, dev_type; -type uinput_device, dev_type; -type btn_device, dev_type; -type hid_keyboard_device, dev_type; -type sec_device, dev_type; -type sw_sync_device, dev_type; -type rfkill_device, dev_type; -type xt_qtaguid_device, dev_type; -type uio0_device, dev_type; -type smartpa1_device, dev_type; -type smartpa_device, dev_type; -type MJC_device, dev_type; -type Vcodec_device, dev_type; -type gyroscope_device, dev_type; -type als_ps_device, dev_type; -type gsensor_device, dev_type; -type msensor_device, dev_type; -type hwmsensor_device, dev_type; -type M4U_device_device, dev_type; -type SUBAF_device, dev_type; -type MAIN2AF_device, dev_type; -type MAINAF_device, dev_type; -type BU64745GWZAF_device, dev_type; -type DW9718AF_device, dev_type; -type AD5820AF_device, dev_type; -type BU6429AF_device, dev_type; -type LC898212AF_device, dev_type; -type LC898122AF_device, dev_type; -type DW9714A_device, dev_type; -type AK7345AF_device, dev_type; -type DW9814AF_device, dev_type; -type DW9714AF_device, dev_type; -type DW9763AF_device, dev_type; -type FM50AF_device, dev_type; -type mt6516_jpeg_device, dev_type; -type mt9p012_device, dev_type; -type mt6516_IDP_device, dev_type; -type mt6516_isp_device, dev_type; -type pmem_multimedia_device, dev_type; -type stpgps_device, dev_type; -type fm_device, dev_type; -type stpant_device, dev_type; -type stpbt_device, dev_type; -type wmtWifi_device, dev_type; -type wmtdetect_device, dev_type; -type stpwmt_device, dev_type; -type vmodem_device, dev_type; -type ttySDIO_device, dev_type; +type devmap_device, dev_type; type ttyMT_device, dev_type; -type devmap_device, dev_type; \ No newline at end of file +type ttySDIO_device, dev_type; +type vmodem_device, dev_type; +type stpwmt_device, dev_type; +type wmtdetect_device, dev_type; +type wmtWifi_device, dev_type; +type stpbt_device, dev_type; +type stpant_device, dev_type; +type fm_device, dev_type; +type stpgps_device, dev_type; +type pmem_multimedia_device, dev_type; +type mt6516_isp_device, dev_type; +type mt6516_IDP_device, dev_type; +type mt9p012_device, dev_type; +type mt6516_jpeg_device, dev_type; +type FM50AF_device, dev_type; +type DW9763AF_device, dev_type; +type DW9714AF_device, dev_type; +type DW9814AF_device, dev_type; +type AK7345AF_device, dev_type; +type DW9714A_device, dev_type; +type LC898122AF_device, dev_type; +type LC898212AF_device, dev_type; +type BU6429AF_device, dev_type; +type AD5820AF_device, dev_type; +type DW9718AF_device, dev_type; +type BU64745GWZAF_device, dev_type; +type MAINAF_device, dev_type; +type MAIN2AF_device, dev_type; +type SUBAF_device, dev_type; +type M4U_device_device, dev_type; +type hwmsensor_device, dev_type; +type msensor_device, dev_type; +type gsensor_device, dev_type; +type als_ps_device, dev_type; +type gyroscope_device, dev_type; +type Vcodec_device, dev_type; +type MJC_device, dev_type; +type smartpa_device, dev_type; +type smartpa1_device, dev_type; +type uio0_device, dev_type; +type xt_qtaguid_device, dev_type; +type rfkill_device, dev_type; +type sw_sync_device, dev_type; +type sec_device, dev_type; +type hid_keyboard_device, dev_type; +type btn_device, dev_type; +type uinput_device, dev_type; +type TV_out_device, dev_type; +type camera_sysram_device, dev_type; +type camera_isp_device, dev_type; +type camera_dpe_device, dev_type; +type camera_fdvt_device, dev_type; +type camera_pipemgr_device, dev_type; +type mtk_jpeg_device, dev_type; +type kd_camera_hw_device, dev_type; +type kd_camera_flashlight_device, dev_type; +type kd_camera_hw_bus2_device, dev_type; +type MATV_device, dev_type; +type mt_otg_test_device, dev_type; +type mt_mdp_device, dev_type; +type mtkg2d_device, dev_type; +type misc_sd_device, dev_type; +type mtk_sched_device, dev_type; +type ampc0_device, dev_type; +type mmp_device, dev_type; +type ttyGS_device, dev_type; +type CAM_CAL_DRV_device, dev_type; +type CAM_CAL_DRV1_device, dev_type; +type CAM_CAL_DRV2_device, dev_type; +type MTK_SMI_device, dev_type; +type mtk_rrc_device, dev_type; +type ebc_device, dev_type; +type vow_device, dev_type; +type MT6516_H264_DEC_device, dev_type; +type MT6516_Int_SRAM_device, dev_type; +type MT6516_MM_QUEUE_device, dev_type; +type MT6516_MP4_DEC_device, dev_type; +type MT6516_MP4_ENC_device, dev_type; +type sensor_device, dev_type; +type xlog_device, dev_type; +type aed_device, dev_type; +type ccci_device, dev_type; +type ccci_monitor_device, dev_type; +type gsm0710muxd_device, dev_type; +type eemcs_device, dev_type; +type emd_device, dev_type; +type mt6605_device, dev_type; +type exm0_device, dev_type; +type mmcblk_device, dev_type; +type BOOT_device, dev_type; +type MT_pmic_device, dev_type; +type aal_als_device, dev_type; +type accdet_device, dev_type; +type android_device, dev_type; +type bmtpool_device, dev_type; +type bootimg_device, dev_type; +type btif_device, dev_type; +type cache_device, dev_type; +type cpu_dma_latency_device, dev_type; +type dummy_cam_cal_device, dev_type; +type ebr_device, dev_type; +type expdb_device, dev_type; +type fat_device, dev_type; +type logo_device, dev_type; +type loop-control_device, dev_type; +type m_acc_misc_device, dev_type; +type m_batch_misc_device, dev_type; +type m_mag_misc_device, dev_type; +type mbr_device, dev_type; +type met_device, dev_type; +type misc_device, dev_type; +type misc2_device, dev_type; +type mtfreqhopping_device, dev_type; +type mtgpio_device, dev_type; +type mtk_kpd_device, dev_type; +type network_device, dev_type; +type nvram_device, dev_type; +type pmt_device, dev_type; +type preloader_device, dev_type; +type pro_info_device, dev_type; +type protect_f_device, dev_type; +type protect_s_device, dev_type; +type psaux_device, dev_type; +type ptyp_device, dev_type; +type recovery_device, dev_type; +type sec_ro_device, dev_type; +type seccfg_device, dev_type; +type tee_part_device, dev_type; +type snapshot_device, dev_type; +type tgt_device, dev_type; +type touch_device, dev_type; +type tpd_em_log_device, dev_type; +type ttyp_device, dev_type; +type uboot_device, dev_type; +type uibc_device, dev_type; +type usrdata_device, dev_type; +type zram0_device, dev_type; +type RT_Monitor_device, dev_type; +type kick_powerkey_device, dev_type; +type agps_device, dev_type; +type mnld_device, dev_type; +type hotknot_device, dev_type; +type mdlog_device, dev_type; +type md32_device, dev_type; +type scp_device, dev_type; +type etb_device, dev_type; +type MT_pmic_adc_cali_device, dev_type; +type mtk-adc-cali_device, dev_type; +type MT_pmic_cali_device, dev_type; +type barometer_device, dev_type; +type humidity_device, dev_type; +type otp_device, dev_type; +type qemu_pipe_device, dev_type; +type icusb_device, dev_type; +type irtx_device, dev_type; +type irrx_device, dev_type; +type pmic_ftm_device, dev_type; +type shf_device, dev_type; +type keyblock_device, dev_type; +type offloadservice_device, dev_type; +type ttyACM_device, dev_type; +type hrm_device, dev_type; +type lens_device, dev_type; +type nvdata_device, dev_type; +type expdb_block_device, dev_type; +type misc2_block_device, dev_type; +type logo_block_device, dev_type; +type para_block_device, dev_type; +type tee_block_device, dev_type; +type seccfg_block_device, dev_type; +type secro_block_device, dev_type; +type preloader_block_device, dev_type; +type protect1_block_device, dev_type; +type protect2_block_device, dev_type; +type keystore_block_device, dev_type; +type oemkeystore_block_device, dev_type; +type mmcblk0_block_device, dev_type; +type mmcblk1_block_device, dev_type; +type mmcblk1p1_block_device, dev_type; +type mmcblk0p4_block_device, dev_type; +type spm_device, dev_type; +type persist_block_device, dev_type; +type md_block_device, dev_type; +type dsp_block_device, dev_type; +type ppl_block_device, dev_type; +type nvcfg_block_device, dev_type; +type ancservice_device, dev_type; +type mbim_device, dev_type; +type audio_ipi_device, dev_type; +type tfa9890_device, dev_type; +type fingerprint_device, dev_type; +type teei_rpmb_device, dev_type; +type teei_fp_device, dev_type; +type teei_client_device, dev_type; +type teei_config_device, dev_type; +type teei_vfs_device, dev_type; +type goodixfingerprintd_device, dev_type, mlstrustedobject; +type goodix_fp_device, dev_type; +type mobicore_device, dev_type; +type mobicore-user_device, dev_type; +type McDriverDaemon_device, dev_type; +type event_input_device, dev_type; \ No newline at end of file diff --git a/sepolicy/dhcp6c.te b/sepolicy/dhcp6c.te index e36c1fd..3823ceb 100644 --- a/sepolicy/dhcp6c.te +++ b/sepolicy/dhcp6c.te @@ -1,5 +1,5 @@ -type dhcp6c, domain; type dhcp6c_exec, exec_type, file_type; +type dhcp6c, domain; init_daemon_domain(dhcp6c) allow dhcp6c wide_dhcpv6_data_file:file { read write create open getattr }; allow dhcp6c wide_dhcpv6_data_file:dir { write search add_name }; diff --git a/sepolicy/disableswap.te b/sepolicy/disableswap.te index 489ce38..3bb3df8 100644 --- a/sepolicy/disableswap.te +++ b/sepolicy/disableswap.te @@ -1,5 +1,5 @@ -type disableswap, domain; type disableswap_exec, exec_type, file_type; +type disableswap, domain; init_daemon_domain(disableswap) allow disableswap system_file:file execute_no_trans; allow disableswap system_data_file:dir { write }; diff --git a/sepolicy/dm_agent_binder.te b/sepolicy/dm_agent_binder.te index e77e577..7edd563 100644 --- a/sepolicy/dm_agent_binder.te +++ b/sepolicy/dm_agent_binder.te @@ -1,5 +1,5 @@ -type dm_agent_binder, domain; type dm_agent_binder_exec, exec_type, file_type; +type dm_agent_binder, domain; init_daemon_domain(dm_agent_binder) binder_use(dm_agent_binder) binder_service(dm_agent_binder) diff --git a/sepolicy/dmlog.te b/sepolicy/dmlog.te index 11b3669..56d79f9 100644 --- a/sepolicy/dmlog.te +++ b/sepolicy/dmlog.te @@ -1,5 +1,5 @@ -type dmlog, domain; type dmlog_exec, exec_type, file_type; +type dmlog, domain; init_daemon_domain(dmlog) allow dmlog sysfs:file write; allow dmlog mmcblk0_block_device:blk_file { read write }; diff --git a/sepolicy/eemcs_fsd.te b/sepolicy/eemcs_fsd.te index 97e2f2b..fb4dc55 100644 --- a/sepolicy/eemcs_fsd.te +++ b/sepolicy/eemcs_fsd.te @@ -1,5 +1,5 @@ -type eemcs_fsd, domain; type eemcs_fsd_exec, exec_type, file_type; +type eemcs_fsd, domain; wakelock_use(eemcs_fsd) init_daemon_domain(eemcs_fsd) allow eemcs_fsd protect_s_data_file:file create_file_perms; diff --git a/sepolicy/eemcs_mdinit.te b/sepolicy/eemcs_mdinit.te index e105a8c..d39e5b5 100644 --- a/sepolicy/eemcs_mdinit.te +++ b/sepolicy/eemcs_mdinit.te @@ -1,5 +1,5 @@ -type eemcs_mdinit, domain; type eemcs_mdinit_exec, exec_type, file_type; +type eemcs_mdinit, domain; unix_socket_connect(eemcs_mdinit, property, init) init_daemon_domain(eemcs_mdinit) allow eemcs_mdinit { ctl_rildaemon_prop ctl_ril-daemon-s_prop ctl_ril-daemon-d_prop ctl_ril-daemon-mtk_prop }:property_service set; diff --git a/sepolicy/em_svr.te b/sepolicy/em_svr.te index 7931718..ff9878f 100644 --- a/sepolicy/em_svr.te +++ b/sepolicy/em_svr.te @@ -1,5 +1,5 @@ -type em_svr, domain; type em_svr_exec, exec_type, file_type; +type em_svr, domain; init_daemon_domain(em_svr) binder_use(em_svr) binder_call(em_svr, surfaceflinger) diff --git a/sepolicy/emdlogger.te b/sepolicy/emdlogger.te index 7b84a9a..51a4864 100644 --- a/sepolicy/emdlogger.te +++ b/sepolicy/emdlogger.te @@ -1,5 +1,5 @@ -type emdlogger, domain; type emdlogger_exec, exec_type, file_type; +type emdlogger, domain; init_daemon_domain(emdlogger) binder_use(emdlogger) binder_service(emdlogger) diff --git a/sepolicy/emmc_rw_debug.te b/sepolicy/emmc_rw_debug.te index c33a736..7dc4b51 100644 --- a/sepolicy/emmc_rw_debug.te +++ b/sepolicy/emmc_rw_debug.te @@ -1,3 +1,3 @@ -type emmc_rw_debug_exec, exec_type, file_type; type emmc_rw_debug, domain; +type emmc_rw_debug_exec, exec_type, file_type; init_daemon_domain(emmc_rw_debug) \ No newline at end of file diff --git a/sepolicy/enableswap.te b/sepolicy/enableswap.te index 3220f4a..f84dc0a 100644 --- a/sepolicy/enableswap.te +++ b/sepolicy/enableswap.te @@ -1,5 +1,5 @@ -type enableswap, domain; type enableswap_exec, exec_type, file_type; +type enableswap, domain; init_daemon_domain(enableswap) file_type_auto_trans(enableswap, system_data_file, enableswap_data_file) allow enableswap zram0_device:blk_file { read write getattr open ioctl }; diff --git a/sepolicy/epdg_wod.te b/sepolicy/epdg_wod.te index 26105a5..4e025e9 100644 --- a/sepolicy/epdg_wod.te +++ b/sepolicy/epdg_wod.te @@ -1,5 +1,5 @@ -type epdg_wod, domain; type epdg_wod_exec, exec_type, file_type; +type epdg_wod, domain; init_daemon_domain(epdg_wod) domain_auto_trans(epdg_wod, stroke_exec, ipsec) domain_auto_trans(epdg_wod, starter_exec, ipsec) diff --git a/sepolicy/factory.te b/sepolicy/factory.te index 6dde363..1a3a243 100644 --- a/sepolicy/factory.te +++ b/sepolicy/factory.te @@ -1,137 +1,3 @@ -type factory, domain; -type factory_exec, exec_type, file_type; -init_daemon_domain(factory) -file_type_auto_trans(factory, system_data_file, factory_data_file) -allow resize block_device:dir search; -allow factory wmtWifi_device:chr_file { write open }; -allow factory vmodem_device:chr_file { read write ioctl open }; -allow factory vfat:filesystem { mount unmount }; -allow factory vfat:dir { read open search mounton }; -allow factory vfat:dir search; -allow factory userdata_block_device:blk_file rw_file_perms; -allow factory ttySDIO_device:chr_file { read write ioctl open }; -allow factory ttyMT_device:chr_file { read write open ioctl }; -allow factory ttyGS_device:chr_file { read write open }; -allow factory ttyGS_device:chr_file { read write open ioctl }; -allow factory tfa9890_device:chr_file { open read write ioctl }; -allow factory system_file:file execute_no_trans; -allow factory system_data_file:sock_file { write create unlink setattr }; -allow factory system_data_file:dir { write remove_name add_name }; -allow factory system_data_file:dir { write add_name }; -allow factory sysfs_wake_lock:file { read write open }; -allow factory sysfs:file write; -allow factory stpbt_device:chr_file { read write open }; -allow factory storage_file:lnk_file { open read write }; -allow factory storage_file:dir { write create add_name search mounton }; -allow factory shell_exec:file { read open }; -allow factory shell_exec:file { read open execute execute_no_trans }; -allow factory shell_exec:file execute; -allow factory self:udp_socket { create ioctl }; -allow factory self:tcp_socket { setopt read bind create accept write connect listen }; -allow factory self:process execmem; -allow factory self:netlink_route_socket { bind create }; -allow factory self:capability2 block_suspend; -allow factory self:capability { sys_nice sys_time }; -allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time }; -allow factory self:capability sys_resource; -allow factory self:capability sys_boot; -allow factory self:capability sys_admin; -allow factory rtc_device:chr_file { read write ioctl open }; -allow factory rootfs:dir mounton; -allow factory property_socket:sock_file write; -allow factory proc_mrdump_rst:file w_file_perms; -allow factory pro_info_device:chr_file { read write ioctl open }; -allow factory powerctl_prop:property_service set; -allow factory port:tcp_socket { name_bind name_connect }; -allow factory pmic_ftm_device:chr_file { read write ioctl open }; -allow factory nvram_device:chr_file { read write ioctl open }; -allow factory nvram_device:blk_file { read write open ioctl }; -allow factory nvram_device:blk_file { getattr ioctl }; -allow factory nvram_data_file:lnk_file read; -allow factory nvram_data_file:file { write getattr setattr read create open }; -allow factory nvram_data_file:file { create_file_perms }; -allow factory nvram_data_file:dir { write read open add_name getattr setattr }; -allow factory nvram_data_file:dir { create_dir_perms }; -allow factory nvram_data_file:dir search; -allow factory nvdata_file:file { create_file_perms }; -allow factory nvdata_file:dir { create_dir_perms }; -allow factory nvdata_device:blk_file rw_file_perms; -allow factory node:tcp_socket node_bind; -allow factory mtk_kpd_device:chr_file { read ioctl open }; -allow factory mtkFlpDaemon_exec:file { read execute open execute_no_trans }; -allow factory mtd_device:dir search; -allow factory mtd_device:chr_file { read write ioctl open }; -allow factory mtd_device:chr_file rw_file_perms; -allow factory mt6605_device:chr_file { read write ioctl open getattr }; -allow factory msensor_device:chr_file { read ioctl open }; -allow factory mnt_user_file:lnk_file { open read write }; -allow factory mnt_user_file:dir { write create add_name search mounton }; -allow factory mnld_exec:file { read execute open execute_no_trans }; -allow factory mnld_device:chr_file { read write ioctl open }; -allow factory mmcblk1p1_block_device:blk_file rw_file_perms; -allow factory mmcblk1_block_device:blk_file rw_file_perms; -allow factory mmcblk0_block_device:blk_file rw_file_perms; -allow factory misc_sd_device:chr_file { read ioctl open }; -allow factory labeledfs:filesystem unmount; -allow factory kernel:system module_request; -allow factory kd_camera_hw_device:chr_file { read write ioctl open }; -allow factory kd_camera_flashlight_device:chr_file { read write ioctl open }; -allow factory irtx_device:chr_file { read write ioctl open }; -allow factory input_device:dir { read open }; -allow factory input_device:dir search; -allow factory input_device:chr_file { read ioctl open }; -allow factory init:unix_stream_socket connectto; -allow factory humidity_device:chr_file { read ioctl open }; -allow factory hrm_device:chr_file { read ioctl open }; -allow factory gyroscope_device:chr_file { read ioctl open }; -allow factory gsm0710muxd_device:chr_file { read write ioctl open }; -allow factory gsensor_device:chr_file { read ioctl open }; -allow factory graphics_device:dir search; -allow factory graphics_device:chr_file { read write ioctl open }; -allow factory gps_device:chr_file { read write open }; -allow factory gps_data_file:dir { read search }; -allow factory fuse:file { read write create open getattr }; -allow factory fuse:dir { write create add_name }; -allow factory fuse:dir { read search open }; -allow factory fuse:dir mounton; -allow factory fm_device:chr_file { read write ioctl open }; -allow factory factory_idle_state_prop:property_service set; -allow factory factory_data_file:file { write create unlink open }; -allow factory factory:capability chown; -allow factory eemcs_device:chr_file { read write ioctl open }; -allow factory ebc_device:chr_file { read write open }; -allow factory devpts:chr_file { read write getattr ioctl }; -allow factory devmap_device:chr_file { read ioctl open }; -allow factory cct_data_file:file { create_file_perms }; -allow factory cct_data_file:dir { create_dir_perms }; -allow factory ccci_device:chr_file { read write ioctl open }; -allow factory camera_sysram_device:chr_file { read ioctl open }; -allow factory camera_pipemgr_device:chr_file { read ioctl open }; -allow factory camera_isp_device:chr_file { read write ioctl open }; -allow factory block_device:dir search; -allow factory barometer_device:chr_file { read ioctl open }; -allow factory audiohal_prop:property_service set; -allow factory audio_device:dir search; -allow factory audio_device:chr_file { read write ioctl open }; -allow factory ashmem_device:chr_file execute; -allow factory apk_data_file:dir write; -allow factory als_ps_device:chr_file { read ioctl open }; -allow factory agpsd_data_file:dir search; -allow factory accdet_device:chr_file { read ioctl open }; -allow factory SUBAF_device:chr_file { read write ioctl open }; -allow factory MT_pmic_cali_device:chr_file { read ioctl open }; -allow factory MT_pmic_adc_cali_device:chr_file { read write ioctl open }; -allow factory MTK_SMI_device:chr_file { read ioctl open }; -allow factory MPED_exec:file { read execute open execute_no_trans }; -allow factory MAINAF_device:chr_file { read write ioctl open }; -allow factory MAIN2AF_device:chr_file { read write ioctl open }; -allow factory LC898212AF_device:chr_file { read write ioctl open }; -allow factory LC898122AF_device:chr_file { read write ioctl open }; -allow factory FM50AF_device:chr_file { read write ioctl open }; -allow factory DW9763AF_device:chr_file { read write ioctl open }; -allow factory DW9718AF_device:chr_file { read write ioctl open }; -allow factory DW9714A_device:chr_file { read write ioctl open }; -allow factory DW9714AF_device:chr_file { read write ioctl open }; -allow factory BU64745GWZAF_device:chr_file { read write ioctl open }; -allow factory BU6429AF_device:chr_file { read write ioctl open }; -allow factory AD5820AF_device:chr_file { read write ioctl open }; \ No newline at end of file +type factory_idle_state_prop, property_type; +allow untrusted_app factory_idle_state_prop:file { open read getattr }; +allow factory factory_idle_state_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/file.te b/sepolicy/file.te index ba2c733..7d5f196 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,156 +1,156 @@ -type event_notify, file_type, data_file_type; -type vsync_offset_level, file_type, data_file_type; -type md_monitor_file, file_type, data_file_type; -type sysfs_boot_mode_file, file_type, data_file_type; -type teei_data_file, file_type, data_file_type; -type mobicore_lib_file, file_type, data_file_type, exec_type; -type goodixfingerprintd_lib_file, file_type, data_file_type; -type goodixfingerprintd_data_file, file_type, data_file_type; -type sysfs_goodixfingerprintd, fs_type, sysfs_type; -type sysfs_fingerprintd, fs_type, sysfs_type; -type subtitle_data_file, file_type, data_file_type; -type md_monitor_data_file, file_type, data_file_type; -type proc_mrdump_rst, fs_type; -type ipoh_data_file, file_type, data_file_type; -type autokd_data_file, file_type, data_file_type; -type adbd_data_file, file_type, data_file_type; -type factory_data_file, file_type, data_file_type; -type atci_data_file, file_type, data_file_type; -type thermal_manager_data_file, file_type, data_file_type; -type ims_ipsec_data_file, file_type, data_file_type; -type enableswap_data_file, file_type, data_file_type; -type fon_image_data_file, file_type, data_file_type; -type rawfs, fs_type, mlstrustedobject; -type data_tmpfs_log_file, file_type, data_file_type; -type iso9660, fs_type; -type wod_ipsec_socket, file_type; -type wod_sim_socket, file_type; -type wod_action_socket, file_type; -type wod_apn_conf_file, file_type, data_file_type; -type wod_ipsec_conf_file, file_type, data_file_type; -type provision_file, file_type, data_file_type; -type proc_icusb, fs_type; -type statusd_socket, file_type; -type rilproxy_atci_socket, file_type; -type rild_atci_c2k_socket, file_type; -type rild_ctclient_socket, file_type; -type rpc_socket, file_type; -type rild_via_socket, file_type; -type istd8303_access_file2, file_type, data_file_type; -type istd8303_access_file1, file_type, data_file_type; -type sysfs_keypad_file, file_type, sysfs_type; -type sysfs_msensor_file, file_type, sysfs_type; -type sysfs_gsensor_file, file_type, sysfs_type; -type bmm050_sensor_log_file, file_type, data_file_type; -type system_sensor_data_file, file_type; -type stp_dump_data_file, file_type, data_file_type; -type msensor_data_file, file_type, data_file_type; -type sensor_data_file, file_type, data_file_type; -type gyroscope_mpud6050_file, fs_type, sysfs_type; -type gyroscope_mpud6050_use, fs_type, sysfs_type; -type gyroscope_mpud6050_status, fs_type, sysfs_type; -type gyroscope_mpud6050_chipinfo, fs_type, sysfs_type; -type st480_access_file1, file_type, data_file_type; -type akmd8963_access_file2, file_type, data_file_type; -type akmd8963_access_file1, file_type, data_file_type; -type msensord_daemon2, fs_type, sysfs_type; -type msensord_daemon, fs_type, sysfs_type; -type c2k_file, file_type, data_file_type; -type sysfs_ccci_version, file_type, data_file_type; -type ccci_cfg_file, file_type, data_file_type; -type rild-dongle_socket, file_type; -type sf_bqdump_data_file, file_type, data_file_type; -type aee_dumpsys_data_file, file_type, data_file_type; -type aee_exp_data_file, file_type, data_file_type; -type aee_core_data_file, file_type, data_file_type; -type xlog_data_file, file_type, data_file_type; -type metlog_data_file, file_type, data_file_type; -type logtemp_data_file, file_type, data_file_type; -type logmisc_data_file, file_type, data_file_type; -type mdlog_data_file, file_type, data_file_type; -type mediaserver_data_file, file_type, data_file_type; -type cct_data_file, file_type, data_file_type; -type nvcfg_file, file_type, data_file_type; -type nvdata_file, file_type, data_file_type; -type nvram_data_file, file_type, data_file_type; -type key_install_data_file, file_type, data_file_type; -type persist_data_file, file_type, data_file_type; -type protect_s_data_file, file_type, data_file_type; -type protect_f_data_file, file_type, data_file_type; -type nfc_socket, file_type; -type backuprestore_socket, file_type; -type mtkFlpDaemon_data_file, file_type, data_file_type; -type mtkFlpDaemon_socket, file_type; -type sysctl_socket, file_type; -type MPED_data_file, file_type, data_file_type; -type MPED_socket, file_type; -type mnld_data_file, file_type, data_file_type; -type mnld_socket, file_type; -type agpsd_data_file, file_type, data_file_type; -type agpsd_socket, file_type; -type sysfs_scp, fs_type, sysfs_type; -type sysfs_md32, fs_type, sysfs_type; -type sysfs_vcorefs_pwrctrl, fs_type, sysfs_type; -type proc_lk_env, fs_type; -type proc_slogger, fs_type; -type proc_mtktz, fs_type; -type proc_mtkcooler, fs_type; -type proc_thermal, fs_type; -type bt_data_file, file_type, data_file_type; -type bt_a2dp_stream_socket, file_type; -type bt_int_adp_socket, file_type; -type dbus_bluetooth_socket, file_type; -type soc_vt_svc_socket, file_type; -type soc_vt_stk_socket, file_type; -type soc_vt_tcv_socket, file_type; -type soc_vt_imcb_socket, file_type; -type wpa_wlan0_socket, file_type; -type atci_audio_socket, file_type; -type atci_serv_fw_socket, file_type; -type atci_service_socket, file_type; -type netdiag_socket, file_type; -type mal_data_file, file_type, data_file_type; -type mal_mfi_socket, file_type; -type rild_vsim_md2_socket, file_type; -type rild_vsim_socket, file_type; -type rild_atci_md2_socket, file_type; -type rild_mtk_modem_md2_socket, file_type; -type rild_mtk_ut_2_md2_socket, file_type; -type rild_mtk_ut_md2_socket, file_type; -type rild_oem_md2_socket, file_type; -type rild_debug_md2_socket, file_type; -type rild2_md2_socket, file_type; -type rild_md2_socket, file_type; -type rild_atci_socket, file_type; -type rild_mtk_modem_socket, file_type; -type rild_mtk_ut_2_socket, file_type; -type rild_mtk_ut_socket, file_type; -type rild_oem_socket, file_type; -type rild_imsm_socket, file_type; -type rild_ims_socket, file_type; -type rild_mal_at_md2_socket, file_type; -type rild_mal_md2_socket, file_type; -type rild_mal_at_socket, file_type; -type rild_mal_socket, file_type; -type rild4_socket, file_type; -type rild3_socket, file_type; -type rild2_socket, file_type; -type dfo_socket, file_type; -type volte_vt_socket, file_type; -type volte_ua_socket, file_type; -type volte_imcb_socket, file_type; -type volte_stack_socket, file_type; -type sf_rtt_file, file_type, data_file_type; -type radvd_data_file, file_type, data_file_type; -type wpa_supplicant_data_file, file_type, data_file_type; -type wide_dhcpv6_data_file, file_type, data_file_type; -type ppp_data_file, file_type, data_file_type; -type acdapi_data_file, file_type, data_file_type; -type http_proxy_cfg_data_file, file_type, data_file_type; -type resource_cache_data_file, file_type, data_file_type; -type dontpanic_data_file, file_type, data_file_type; -type lost_found_data_file, file_type, data_file_type; type custom_file, file_type, data_file_type; +type lost_found_data_file, file_type, data_file_type; +type dontpanic_data_file, file_type, data_file_type; +type resource_cache_data_file, file_type, data_file_type; +type http_proxy_cfg_data_file, file_type, data_file_type; +type acdapi_data_file, file_type, data_file_type; +type ppp_data_file, file_type, data_file_type; +type wide_dhcpv6_data_file, file_type, data_file_type; +type wpa_supplicant_data_file, file_type, data_file_type; +type radvd_data_file, file_type, data_file_type; +type sf_rtt_file, file_type, data_file_type; +type volte_stack_socket, file_type; +type volte_imcb_socket, file_type; +type volte_ua_socket, file_type; +type volte_vt_socket, file_type; +type dfo_socket, file_type; +type rild2_socket, file_type; +type rild3_socket, file_type; +type rild4_socket, file_type; +type rild_mal_socket, file_type; +type rild_mal_at_socket, file_type; +type rild_mal_md2_socket, file_type; +type rild_mal_at_md2_socket, file_type; +type rild_ims_socket, file_type; +type rild_imsm_socket, file_type; +type rild_oem_socket, file_type; +type rild_mtk_ut_socket, file_type; +type rild_mtk_ut_2_socket, file_type; +type rild_mtk_modem_socket, file_type; +type rild_atci_socket, file_type; +type rild_md2_socket, file_type; +type rild2_md2_socket, file_type; +type rild_debug_md2_socket, file_type; +type rild_oem_md2_socket, file_type; +type rild_mtk_ut_md2_socket, file_type; +type rild_mtk_ut_2_md2_socket, file_type; +type rild_mtk_modem_md2_socket, file_type; +type rild_atci_md2_socket, file_type; +type rild_vsim_socket, file_type; +type rild_vsim_md2_socket, file_type; +type mal_mfi_socket, file_type; +type mal_data_file, file_type, data_file_type; +type netdiag_socket, file_type; +type atci_service_socket, file_type; +type atci_serv_fw_socket, file_type; +type atci_audio_socket, file_type; +type wpa_wlan0_socket, file_type; +type soc_vt_imcb_socket, file_type; +type soc_vt_tcv_socket, file_type; +type soc_vt_stk_socket, file_type; +type soc_vt_svc_socket, file_type; +type dbus_bluetooth_socket, file_type; +type bt_int_adp_socket, file_type; +type bt_a2dp_stream_socket, file_type; +type bt_data_file, file_type, data_file_type; +type proc_thermal, fs_type; +type proc_mtkcooler, fs_type; +type proc_mtktz, fs_type; +type proc_slogger, fs_type; +type proc_lk_env, fs_type; +type sysfs_vcorefs_pwrctrl, fs_type, sysfs_type; +type sysfs_md32, fs_type, sysfs_type; +type sysfs_scp, fs_type, sysfs_type; +type agpsd_socket, file_type; +type agpsd_data_file, file_type, data_file_type; +type mnld_socket, file_type; +type mnld_data_file, file_type, data_file_type; +type MPED_socket, file_type; +type MPED_data_file, file_type, data_file_type; +type sysctl_socket, file_type; +type mtkFlpDaemon_socket, file_type; +type mtkFlpDaemon_data_file, file_type, data_file_type; +type backuprestore_socket, file_type; +type nfc_socket, file_type; +type protect_f_data_file, file_type, data_file_type; +type protect_s_data_file, file_type, data_file_type; +type persist_data_file, file_type, data_file_type; +type key_install_data_file, file_type, data_file_type; +type nvram_data_file, file_type, data_file_type; +type nvdata_file, file_type, data_file_type; +type nvcfg_file, file_type, data_file_type; +type cct_data_file, file_type, data_file_type; +type mediaserver_data_file, file_type, data_file_type; +type mdlog_data_file, file_type, data_file_type; +type logmisc_data_file, file_type, data_file_type; +type logtemp_data_file, file_type, data_file_type; +type metlog_data_file, file_type, data_file_type; +type xlog_data_file, file_type, data_file_type; +type aee_core_data_file, file_type, data_file_type; +type aee_exp_data_file, file_type, data_file_type; +type aee_dumpsys_data_file, file_type, data_file_type; +type sf_bqdump_data_file, file_type, data_file_type; +type rild-dongle_socket, file_type; +type ccci_cfg_file, file_type, data_file_type; +type sysfs_ccci_version, file_type, data_file_type; +type c2k_file, file_type, data_file_type; +type msensord_daemon, fs_type, sysfs_type; +type msensord_daemon2, fs_type, sysfs_type; +type akmd8963_access_file1, file_type, data_file_type; +type akmd8963_access_file2, file_type, data_file_type; +type st480_access_file1, file_type, data_file_type; +type gyroscope_mpud6050_chipinfo, fs_type, sysfs_type; +type gyroscope_mpud6050_status, fs_type, sysfs_type; +type gyroscope_mpud6050_use, fs_type, sysfs_type; +type gyroscope_mpud6050_file, fs_type, sysfs_type; +type sensor_data_file, file_type, data_file_type; +type msensor_data_file, file_type, data_file_type; +type stp_dump_data_file, file_type, data_file_type; +type system_sensor_data_file, file_type; +type bmm050_sensor_log_file, file_type, data_file_type; +type sysfs_gsensor_file, file_type, sysfs_type; +type sysfs_msensor_file, file_type, sysfs_type; +type sysfs_keypad_file, file_type, sysfs_type; +type istd8303_access_file1, file_type, data_file_type; +type istd8303_access_file2, file_type, data_file_type; +type rild_via_socket, file_type; +type rpc_socket, file_type; +type rild_ctclient_socket, file_type; +type rild_atci_c2k_socket, file_type; +type rilproxy_atci_socket, file_type; +type statusd_socket, file_type; +type proc_icusb, fs_type; +type provision_file, file_type, data_file_type; +type wod_ipsec_conf_file, file_type, data_file_type; +type wod_apn_conf_file, file_type, data_file_type; +type wod_action_socket, file_type; +type wod_sim_socket, file_type; +type wod_ipsec_socket, file_type; +type iso9660, fs_type; +type data_tmpfs_log_file, file_type, data_file_type; +type rawfs, fs_type, mlstrustedobject; +type fon_image_data_file, file_type, data_file_type; +type enableswap_data_file, file_type, data_file_type; +type ims_ipsec_data_file, file_type, data_file_type; +type thermal_manager_data_file, file_type, data_file_type; +type atci_data_file, file_type, data_file_type; +type factory_data_file, file_type, data_file_type; +type adbd_data_file, file_type, data_file_type; +type autokd_data_file, file_type, data_file_type; +type ipoh_data_file, file_type, data_file_type; +type proc_mrdump_rst, fs_type; +type md_monitor_data_file, file_type, data_file_type; +type subtitle_data_file, file_type, data_file_type; +type sysfs_fingerprintd, fs_type, sysfs_type; +type sysfs_goodixfingerprintd, fs_type, sysfs_type; +type goodixfingerprintd_data_file, file_type, data_file_type; +type goodixfingerprintd_lib_file, file_type, data_file_type; +type mobicore_lib_file, file_type, data_file_type, exec_type; +type teei_data_file, file_type, data_file_type; +type sysfs_boot_mode_file, file_type, data_file_type; +type md_monitor_file, file_type, data_file_type; +type vsync_offset_level, file_type, data_file_type; +type event_notify, file_type, data_file_type; typealias vfat alias sdcard_external; typealias fuse alias sdcard_internal; allow sysfs_boot_mode_file sysfs:filesystem { associate }; diff --git a/sepolicy/flashlessd.te b/sepolicy/flashlessd.te index 9b73b13..ac43869 100644 --- a/sepolicy/flashlessd.te +++ b/sepolicy/flashlessd.te @@ -1,3 +1,3 @@ -type flashlessd, domain; type flashlessd_exec, exec_type, file_type; +type flashlessd, domain; init_daemon_domain(flashlessd) \ No newline at end of file diff --git a/sepolicy/fota1.te b/sepolicy/fota1.te index 7a98a93..6fffd5d 100644 --- a/sepolicy/fota1.te +++ b/sepolicy/fota1.te @@ -1,5 +1,5 @@ -type fota1_exec, exec_type, file_type; type fota1, domain; +type fota1_exec, exec_type, file_type; init_daemon_domain(fota1) allow fota1 recovery_device:chr_file { read write open }; allow fota1 misc_device:chr_file { write open }; diff --git a/sepolicy/fuelgauged.te b/sepolicy/fuelgauged.te index 867b526..8834773 100644 --- a/sepolicy/fuelgauged.te +++ b/sepolicy/fuelgauged.te @@ -1,5 +1,5 @@ -type fuelgauged_exec, exec_type, file_type; type fuelgauged, domain; +type fuelgauged_exec, exec_type, file_type; init_daemon_domain(fuelgauged) allow fuelgauged sysfs:file { read open }; allow fuelgauged rootfs:lnk_file { getattr }; diff --git a/sepolicy/gas_srv.te b/sepolicy/gas_srv.te index b2da395..03f7311 100644 --- a/sepolicy/gas_srv.te +++ b/sepolicy/gas_srv.te @@ -1,5 +1,5 @@ -type gas_srv, domain; type gas_srv_exec, exec_type, file_type; +type gas_srv, domain; typeattribute gas_srv mlstrustedsubject; init_daemon_domain(gas_srv) binder_use(gas_srv) diff --git a/sepolicy/ged_srv.te b/sepolicy/ged_srv.te index fae1c18..911546f 100644 --- a/sepolicy/ged_srv.te +++ b/sepolicy/ged_srv.te @@ -1,5 +1,5 @@ -type ged_srv_exec, exec_type, file_type; type ged_srv, domain; +type ged_srv_exec, exec_type, file_type; init_daemon_domain(ged_srv) binder_use(init) binder_use(ged_srv) diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts index c6ffb3e..5039d9f 100644 --- a/sepolicy/genfs_contexts +++ b/sepolicy/genfs_contexts @@ -1,13 +1,10 @@ +genfscon rawfs / u:object_r:rawfs:s0 genfscon proc /secmem0 u:object_r:proc_secmem:s0 - -genfscon proc /driver/thermal u:object_r:proc_thermal:s0 -genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0 genfscon proc /mtktz u:object_r:proc_mtktz:s0 +genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0 +genfscon proc /mrdump_rst u:object_r:proc_mrdump_rst:s0 genfscon proc /lk_env u:object_r:proc_lk_env:s0 +genfscon proc /driver/thermal u:object_r:proc_thermal:s0 genfscon proc /driver/storage_logger u:object_r:proc_slogger:s0 genfscon proc /driver/icusb u:object_r:proc_icusb:s0 -genfscon proc /mrdump_rst u:object_r:proc_mrdump_rst:s0 - -genfscon iso9660 / u:object_r:iso9660:s0 -genfscon rawfs / u:object_r:rawfs:s0 -#genfscon fuseblk / u:object_r:fuseblk:s0 +genfscon iso9660 / u:object_r:iso9660:s0 \ No newline at end of file diff --git a/sepolicy/geomagneticd.te b/sepolicy/geomagneticd.te index 857e1a9..e93584c 100644 --- a/sepolicy/geomagneticd.te +++ b/sepolicy/geomagneticd.te @@ -1,5 +1,5 @@ -type geomagneticd, domain; type geomagneticd_exec, exec_type, file_type; +type geomagneticd, domain; init_daemon_domain(geomagneticd) file_type_auto_trans(geomagneticd, system_data_file, msensor_data_file) allow geomagneticd system_data_file:dir { write remove_name add_name }; diff --git a/sepolicy/goodix.te b/sepolicy/goodix.te index e8d1565..a9f9360 100644 --- a/sepolicy/goodix.te +++ b/sepolicy/goodix.te @@ -1,80 +1,3 @@ -type goodix_exec, exec_type, file_type; -type goodix, domain; -use_keystore(goodixfingerprintd) -type_transition goodixfingerprintd system_data_file: { dir file goodixfingerprintd_data_file; -set_prop(goodix, system_prop) -set_prop(goodix, config_prop) -r_dir_file(goodixfingerprintd, sdcard_type) -r_dir_file(goodixfingerprintd, mobicore_data_file) -r_dir_file(goodix, goodixfingerprintd_data_file) -r_dir_file(goodix, fingerprintd_data_file) -init_daemon_domain(goodix) -file_type_auto_trans(goodixfingerprintd, system_data_file, goodixfingerprintd_data_file) -binder_use(goodix) -binder_service(goodix) -binder_call(goodixfingerprintd, system_server); -binder_call(goodix, system_server); -binder_call(goodix, fingerprintd); -binder_call(goodix, binderservicedomain) -binder_call(goodix, appdomain) -allow goodix untrusted_app:binder { call transfer }; -allow goodix tee_device:chr_file { rw_file_perms }; -allow goodix tee_device:chr_file { open read ioctl write }; -allow goodix system_data_file:file { open }; -allow goodix system_data_file:dir { write open read add_name create }; -allow goodix sysfs:file rw_file_perms; -allow goodix storage_file:lnk_file create_file_perms; -allow goodix storage_file:dir create_dir_perms; -allow goodix self:process execmem; -allow goodix self:netlink_socket read; -allow goodix self:netlink_socket create; -allow goodix self:capability { dac_override }; -allow goodix self:capability { dac_override dac_read_search }; -allow goodix sdcard_type:file write; -allow goodix power_service:service_manager find; -allow goodix platform_app:binder { call transfer }; -allow goodix permission_service:service_manager { find }; -allow goodix permission_service:service_manager find; -allow goodix mobicore_user_device:chr_file { open read ioctl write }; -allow goodix mobicore_tui_device:chr_file { open read ioctl write }; -allow goodix mobicore_device:chr_file { open read ioctl write }; -allow goodix mobicore_device:chr_file rw_file_perms; -allow goodix mobicore_data_file:file create_file_perms; -allow goodix mobicore_data_file:dir ra_dir_perms; -allow goodix mobicore_data_file:dir create_dir_perms; -allow goodix mobicore_data_file:chr_file { rw_file_perms setattr }; -allow goodix mobicore_data_file:chr_file { open read ioctl write }; -allow goodix mnt_user_file:lnk_file create_file_perms; -allow goodix mnt_user_file:dir create_dir_perms; -allow goodix keystore:keystore_key { add_auth }; -allow goodix kernel:system module_request; -allow goodix goodixfingerprintd_lib_file:file { create_file_perms getattr read }; -allow goodix goodixfingerprintd_lib_file:file r_file_perms; -allow goodix goodixfingerprintd_lib_file:dir ra_dir_perms; -allow goodix goodixfingerprintd_lib_file:chr_file { rw_file_perms setattr }; -allow goodix goodixfingerprintd_device:file { create_file_perms }; -allow goodix goodixfingerprintd_device:chr_file { rw_file_perms setattr }; -allow goodix goodixfingerprintd_device:chr_file { read write ioctl open }; -allow goodix goodixfingerprintd_device:chr_file { getattr open read ioctl lock append write }; -allow goodix goodixfingerprintd_data_file:file { create_file_perms }; -allow goodix goodixfingerprintd_data_file:file { create_file_perms create open write }; -allow goodix goodixfingerprintd_data_file:file relabelfrom; -allow goodix goodixfingerprintd_data_file:file create_file_perms; -allow goodix goodixfingerprintd_data_file:dir { create setattr open read ra_dir_perms rw_dir_perms }; -allow goodix goodixfingerprintd_data_file:dir rw_dir_perms; -allow goodix goodixfingerprintd_data_file:dir relabelfrom; -allow goodix goodixfingerprintd_data_file:dir create_dir_perms; -allow goodix goodixfingerprintd_data_file:chr_file { rw_file_perms setattr }; -allow goodix goodixfingerprintd:netlink_socket read; -allow goodix goodix_service:service_manager { add }; -allow goodix fuse:file create_file_perms; -allow goodix fuse:dir create_dir_perms; -allow goodix fingerprintd_service:service_manager find; -allow goodix fingerprintd_data_file:file { create_file_perms rw_file_perms create open }; -allow goodix fingerprintd_data_file:dir { ra_dir_perms r_dir_perms }; -allow goodix fingerprintd_data_file:dir { create setattr }; -allow goodix fingerprintd_data_file:chr_file { rw_file_perms setattr }; -allow goodix fingerprintd:binder { call transfer }; -allow goodix fingerprint_device:chr_file { rw_file_perms }; -allow goodix app_data_file:file rw_file_perms; -allow goodix app_data_file:dir search; \ No newline at end of file +type goodix_service, service_manager_type; +type goodix_fingerprint_service, app_api_service, system_server_service, service_manager_type; +allow goodix goodix_service:service_manager { add }; \ No newline at end of file diff --git a/sepolicy/goodixfingerprintd.te b/sepolicy/goodixfingerprintd.te index 1261ca4..ed418f7 100644 --- a/sepolicy/goodixfingerprintd.te +++ b/sepolicy/goodixfingerprintd.te @@ -1,89 +1,4 @@ -type goodixfingerprintd_exec, exec_type, file_type; -type goodixfingerprintd, domain; -use_keystore(goodixfingerprintd) -type_transition goodixfingerprintd system_data_file: { dir file goodixfingerprintd_data_file; -set_prop(goodixfingerprintd, system_prop) -set_prop(goodixfingerprintd, config_prop) -r_dir_file(goodixfingerprintd, sdcard_type) -r_dir_file(goodixfingerprintd, mobicore_data_file) -r_dir_file(goodixfingerprintd, goodixfingerprintd_data_file) -r_dir_file(goodixfingerprintd, fingerprintd_data_file) -init_daemon_domain(goodixfingerprintd) -file_type_auto_trans(goodixfingerprintd, system_data_file, goodixfingerprintd_data_file) -binder_use(goodixfingerprintd) -binder_service(goodixfingerprintd) -binder_call(goodixfingerprintd, system_server); -binder_call(goodixfingerprintd, fingerprintd); -binder_call(goodixfingerprintd, binderservicedomain) -binder_call(goodixfingerprintd, appdomain) -allow goodixfingerprintd_data_file labeledfs:filesystem associate; -allow goodixfingerprintd untrusted_app:binder { call transfer }; -allow goodixfingerprintd tee_device:chr_file { rw_file_perms }; -allow goodixfingerprintd tee_device:chr_file { open read ioctl write }; -allow goodixfingerprintd system_file:file { rx_file_perms }; -allow goodixfingerprintd system_data_file:file { open }; -allow goodixfingerprintd system_data_file:dir { write open read add_name create }; -allow goodixfingerprintd sysfs:file rw_file_perms; -allow goodixfingerprintd storage_file:lnk_file create_file_perms; -allow goodixfingerprintd storage_file:dir create_dir_perms; -allow goodixfingerprintd self:process execmem; -allow goodixfingerprintd self:netlink_socket read; -allow goodixfingerprintd self:netlink_socket create; -allow goodixfingerprintd self:capability { dac_override dac_read_search }; -allow goodixfingerprintd sdcard_type:file write; -allow goodixfingerprintd power_service:service_manager find; -allow goodixfingerprintd platform_app:binder { call transfer }; -allow goodixfingerprintd permission_service:service_manager find; -allow goodixfingerprintd mobicore_user_device:chr_file { open read ioctl write }; -allow goodixfingerprintd mobicore_tui_device:chr_file { open read ioctl write }; -allow goodixfingerprintd mobicore_lib_file:file { read open getattr }; -allow goodixfingerprintd mobicore_device:chr_file { open read ioctl write }; -allow goodixfingerprintd mobicore_device:chr_file rw_file_perms; -allow goodixfingerprintd mobicore_data_file:file create_file_perms; -allow goodixfingerprintd mobicore_data_file:dir ra_dir_perms; -allow goodixfingerprintd mobicore_data_file:dir create_dir_perms; -allow goodixfingerprintd mobicore_data_file:chr_file { rw_file_perms setattr }; -allow goodixfingerprintd mobicore_data_file:chr_file { open read ioctl write }; -allow goodixfingerprintd mobicore:unix_stream_socket { read write connectto ioctl }; -allow goodixfingerprintd mnt_user_file:lnk_file create_file_perms; -allow goodixfingerprintd mnt_user_file:dir create_dir_perms; -allow goodixfingerprintd keystore:keystore_key { add_auth }; -allow goodixfingerprintd kernel:system module_request; +type goodixfingerprintd_service, app_api_service, system_server_service, service_manager_type; +allow untrusted_app goodixfingerprintd_service:service_manager find; allow goodixfingerprintd goodixfingerprintd_service:service_manager { add }; -allow goodixfingerprintd goodixfingerprintd_lib_file:file { open read getattr }; -allow goodixfingerprintd goodixfingerprintd_lib_file:file { create_file_perms getattr read }; -allow goodixfingerprintd goodixfingerprintd_lib_file:file r_file_perms; -allow goodixfingerprintd goodixfingerprintd_lib_file:dir ra_dir_perms; -allow goodixfingerprintd goodixfingerprintd_lib_file:chr_file { rw_file_perms setattr }; -allow goodixfingerprintd goodixfingerprintd_exec:file { entrypoint open read }; -allow goodixfingerprintd goodixfingerprintd_device:file { create_file_perms }; -allow goodixfingerprintd goodixfingerprintd_device:chr_file { rw_file_perms setattr }; -allow goodixfingerprintd goodixfingerprintd_device:chr_file { read write ioctl open }; -allow goodixfingerprintd goodixfingerprintd_device:chr_file { getattr open read ioctl lock append write }; -allow goodixfingerprintd goodixfingerprintd_data_file:file { create_file_perms }; -allow goodixfingerprintd goodixfingerprintd_data_file:file { create_file_perms create open write }; -allow goodixfingerprintd goodixfingerprintd_data_file:file relabelfrom; -allow goodixfingerprintd goodixfingerprintd_data_file:file create_file_perms; -allow goodixfingerprintd goodixfingerprintd_data_file:dir { create setattr open read ra_dir_perms rw_dir_perms }; -allow goodixfingerprintd goodixfingerprintd_data_file:dir rw_dir_perms; -allow goodixfingerprintd goodixfingerprintd_data_file:dir relabelfrom; -allow goodixfingerprintd goodixfingerprintd_data_file:dir create_dir_perms; -allow goodixfingerprintd goodixfingerprintd_data_file:chr_file { rw_file_perms setattr }; -allow goodixfingerprintd goodixfingerprintd:netlink_socket { setopt read bind create write getattr shutdown write ioctl }; -allow goodixfingerprintd goodixfingerprintd:netlink_socket read; -allow goodixfingerprintd fuse:file create_file_perms; -allow goodixfingerprintd fuse:dir create_dir_perms; -allow goodixfingerprintd fingerprintd_service:service_manager find; -allow goodixfingerprintd fingerprintd_data_file:file { create_file_perms rw_file_perms create open }; -allow goodixfingerprintd fingerprintd_data_file:dir { ra_dir_perms r_dir_perms }; -allow goodixfingerprintd fingerprintd_data_file:dir { create setattr }; -allow goodixfingerprintd fingerprintd_data_file:chr_file { rw_file_perms setattr }; -allow goodixfingerprintd fingerprintd:binder { call transfer }; -allow goodixfingerprintd fingerprint_service:service_manager { find }; -allow goodixfingerprintd app_data_file:file rw_file_perms; -allow goodixfingerprintd app_data_file:dir search; -allow fingerprintd mobicore_lib_file:file { read open getattr }; -allow fingerprintd goodixfingerprintd_service:service_manager find; -allow fingerprintd goodixfingerprintd_lib_file:file { read open getattr }; -allow fingerprintd goodixfingerprintd_device:chr_file rw_file_perms; -allow fingerprintd goodixfingerprintd:binder { call }; \ No newline at end of file +allow fingerprintd goodixfingerprintd_service:service_manager find; \ No newline at end of file diff --git a/sepolicy/gsm0710muxd.te b/sepolicy/gsm0710muxd.te index df357e7..4bf6bcc 100644 --- a/sepolicy/gsm0710muxd.te +++ b/sepolicy/gsm0710muxd.te @@ -1,28 +1,11 @@ -type gsm0710muxd, domain; -type gsm0710muxd_exec, exec_type, file_type; -init_daemon_domain(gsm0710muxd) -allow gsm0710muxd sysfs_ccci_version:file { open read getattr }; -allow gsm0710muxd sysfs:file { read open }; -allow gsm0710muxd self:capability setuid; -allow gsm0710muxd self:capability fowner; -allow gsm0710muxd self:capability chown; -allow gsm0710muxd rootfs:lnk_file { getattr }; -allow gsm0710muxd ril_mux_report_case_prop:property_service set; -allow gsm0710muxd radio_prop:property_service set; -allow gsm0710muxd property_socket:sock_file write; -allow gsm0710muxd persist_ril_prop:file { read open getattr }; -allow gsm0710muxd init:unix_stream_socket connectto; +type gsm0710muxd_prop, property_type; +type ctl_gsm0710muxd_prop, property_type; +allow untrusted_app gsm0710muxd_prop:file { open read getattr }; +allow mtkrild gsm0710muxd_prop:file { read open getattr }; +allow gsm0710muxdmd2 gsm0710muxd_prop:property_service set; allow gsm0710muxd gsm0710muxd_prop:property_service set; allow gsm0710muxd gsm0710muxd_prop:file r_file_perms; -allow gsm0710muxd gsm0710muxd_device:chr_file { read write }; -allow gsm0710muxd gsm0710muxd_device:chr_file open; -allow gsm0710muxd eemcs_device:chr_file { read write }; -allow gsm0710muxd eemcs_device:chr_file open; -allow gsm0710muxd devpts:chr_file setattr; -allow gsm0710muxd device:lnk_file unlink; -allow gsm0710muxd device:lnk_file create; -allow gsm0710muxd device:dir write; -allow gsm0710muxd device:dir remove_name; -allow gsm0710muxd device:dir add_name; -allow gsm0710muxd ctl_rildaemon_prop:property_service set; -allow gsm0710muxd ctl_ril-daemon-mtk_prop:property_service set; \ No newline at end of file +allow eemcs_mdinit { ctl_gsm0710muxd_prop ctl_gsm0710muxd-s_prop ctl_gsm0710muxd-d_prop }:property_service set; +allow ccci_mdinit { ctl_gsm0710muxd_prop ctl_gsm0710muxd-s_prop ctl_gsm0710muxd-d_prop ctl_gsm0710muxdmd2_prop }:property_service set; +allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set; +allow atcp gsm0710muxd_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/gsm0710muxdmd2.te b/sepolicy/gsm0710muxdmd2.te index 6351258..3c84d96 100644 --- a/sepolicy/gsm0710muxdmd2.te +++ b/sepolicy/gsm0710muxdmd2.te @@ -1,5 +1,5 @@ -type gsm0710muxdmd2, domain; type gsm0710muxdmd2_exec, exec_type, file_type; +type gsm0710muxdmd2, domain; init_daemon_domain(gsm0710muxdmd2) allow gsm0710muxdmd2 self:capability setuid; allow gsm0710muxdmd2 self:capability fowner; diff --git a/sepolicy/guiext-server.te b/sepolicy/guiext-server.te index 19eadf9..f8d582d 100644 --- a/sepolicy/guiext-server.te +++ b/sepolicy/guiext-server.te @@ -1,20 +1,6 @@ -type guiext-server_exec, exec_type, file_type; -type guiext-server, domain; -init_daemon_domain(guiext-server) -binder_use(guiext-server) -binder_service(guiext-server) +type guiext-server_service, service_manager_type; allow { domain -init -isolated_app guiext-server_service:service_manager find; -allow guiext-server system_server:binder call; -allow guiext-server surfaceflinger_service:service_manager find; -allow guiext-server surfaceflinger:fifo_file { read write }; -allow guiext-server surfaceflinger:fd use; -allow guiext-server surfaceflinger:binder call; -allow guiext-server rootfs:lnk_file { getattr }; -allow guiext-server proc_secmem:file { read write open }; -allow guiext-server platform_app:binder call; -allow guiext-server permission_service:service_manager find; -allow guiext-server ion_device:chr_file { open read write ioctl }; -allow guiext-server guiext-server_service:service_manager add; -allow guiext-server graphics_device:chr_file { open read write ioctl }; -allow guiext-server gpu_device:chr_file { open read write ioctl }; -allow guiext-server app_data_file:file write; \ No newline at end of file +allow system_server guiext-server_service:service_manager find; +allow platform_app guiext-server_service:service_manager find; +allow mediaserver guiext-server_service:service_manager find; +allow guiext-server guiext-server_service:service_manager add; \ No newline at end of file diff --git a/sepolicy/hotknot.te b/sepolicy/hotknot.te index bb5fbd6..39ff613 100755 --- a/sepolicy/hotknot.te +++ b/sepolicy/hotknot.te @@ -1,5 +1,5 @@ -type hotknot_native_service, service_manager_type; type hotknot_prop, property_type; +type hotknot_native_service, service_manager_type; allow untrusted_app hotknot_prop:file { getattr open read }; allow system_app hotknot_prop:property_service set; allow hotknot_native hotknot_prop:property_service set; diff --git a/sepolicy/hotknot_native.te b/sepolicy/hotknot_native.te index 8c951ce..c1dae95 100644 --- a/sepolicy/hotknot_native.te +++ b/sepolicy/hotknot_native.te @@ -1,5 +1,5 @@ -type hotknot_native, domain; type hotknot_native_exec, exec_type, file_type; +type hotknot_native, domain; init_daemon_domain(hotknot_native) binder_use(hotknot_native) binder_service(hotknot_native) diff --git a/sepolicy/icusbd.te b/sepolicy/icusbd.te index 79ed578..9765f25 100644 --- a/sepolicy/icusbd.te +++ b/sepolicy/icusbd.te @@ -1,5 +1,5 @@ -type icusbd, domain; type icusbd_exec, exec_type, file_type; +type icusbd, domain; init_daemon_domain(icusbd) allow icusbd vdc_exec:file execute_no_trans; allow icusbd usb_device:dir { read open search }; diff --git a/sepolicy/init_thh.te b/sepolicy/init_thh.te index 18dc1be..b1f7821 100644 --- a/sepolicy/init_thh.te +++ b/sepolicy/init_thh.te @@ -1,5 +1,5 @@ -type init_thh_service_exec, exec_type, file_type; type init_thh_service, domain; +type init_thh_service_exec, exec_type, file_type; init_daemon_domain(init_thh_service) allow teei_daemon self:capability sys_module; allow init_thh_service teei_data_file:file rw_file_perms; diff --git a/sepolicy/ipo_swap.te b/sepolicy/ipo_swap.te index 4bea0b8..a740a39 100644 --- a/sepolicy/ipo_swap.te +++ b/sepolicy/ipo_swap.te @@ -1,5 +1,5 @@ -type ipo_swap, domain; type ipo_swap_exec, exec_type, file_type; +type ipo_swap, domain; init_daemon_domain(ipo_swap) allow ipo_swap system_file:file execute_no_trans; allow ipo_swap shell_exec:file { read execute open execute_no_trans }; diff --git a/sepolicy/ipod.te b/sepolicy/ipod.te index 0254572..ed0776c 100644 --- a/sepolicy/ipod.te +++ b/sepolicy/ipod.te @@ -1,59 +1,6 @@ -type ipod, domain; -type ipod_exec, exec_type, file_type; -init_daemon_domain(ipod) -file_type_auto_trans(ipod, system_data_file, ipoh_data_file) -binder_use(ipod) -binder_service(ipod) -binder_call(ipod, system_server) -binder_call(ipod, surfaceflinger) -allow ipod userdata_block_device:blk_file rw_file_perms; -allow ipod system_server:unix_stream_socket connectto; -allow ipod system_prop:property_service set; -allow ipod system_file:file execute_no_trans; -allow ipod system_data_file:dir { open read write add_name create remove_name }; -allow ipod sysfs_wake_lock:file { read write open getattr }; -allow ipod sysfs:file { open read write getattr }; -allow ipod surfaceflinger_service:service_manager find; -allow ipod shell_exec:file { read open execute_no_trans execute }; -allow ipod self:capability2 block_suspend; -allow ipod self:capability { chown sys_admin }; -allow ipod self:capability sys_boot; -allow ipod self:capability net_admin; -allow ipod self:capability dac_override; -allow ipod rtc_device:chr_file { open read write ioctl }; -allow ipod property_socket:sock_file write; -allow ipod proc_sysrq:file { open write }; -allow ipod proc_lk_env:file { open read write }; -allow ipod proc_drop_caches:file { open write }; -allow ipod proc:file { open read write }; -allow ipod proc:dir { search getattr }; -allow ipod powerctl_prop:property_service set; -allow ipod power_service:service_manager find; -allow ipod para_block_device:blk_file rw_file_perms; -allow ipod mtd_device:dir search; -allow ipod mtd_device:chr_file { open read write }; -allow ipod mtd_device:blk_file { read write open }; -allow ipod mmcblk0_block_device:blk_file rw_file_perms; -allow ipod misc_device:chr_file { open read write }; -allow ipod logo_device:chr_file { open read }; -allow ipod logo_block_device:blk_file { read open }; -allow ipod kmsg_device:chr_file { open write }; -allow ipod ipoh_data_file:file { create open write ioctl setattr }; +type ctl_ipod_prop, property_type; +type ipod_prop, property_type; +allow untrusted_app ipod_prop:file { open read getattr }; +allow system_server ctl_ipod_prop:property_service set; allow ipod ipod_prop:property_service set; -allow ipod ipod:netlink_kobject_uevent_socket { create bind read setopt }; -allow ipod input_device:file { open read write ioctl }; -allow ipod input_device:dir { open read search }; -allow ipod input_device:chr_file { open read write ioctl }; -allow ipod init:unix_stream_socket connectto; -allow ipod init:dir getattr; -allow ipod gpu_device:chr_file { read write open ioctl }; -allow ipod debugfs:file { getattr }; -allow ipod ctl_ipod_prop:property_service set; -allow ipod ctl_ipo_swap_prop:property_service set; -allow ipod ctl_bootanim_prop:property_service set; -allow ipod cache_file:file { create open write ioctl setattr }; -allow ipod cache_file:dir { open read write add_name create remove_name }; -allow ipod cache_block_device:blk_file rw_file_perms; -allow ipod block_device:dir search; -allow ipod audiohal_prop:property_service set; -allow ipod alarm_device:chr_file write; \ No newline at end of file +allow ipod ctl_ipod_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/ipsec.te b/sepolicy/ipsec.te index 06929e1..7089d6f 100644 --- a/sepolicy/ipsec.te +++ b/sepolicy/ipsec.te @@ -1,8 +1,8 @@ -type ipsec, domain; -type stroke_exec, exec_type, file_type; -type ipsec_exec, exec_type, file_type; -type charon_exec, exec_type, file_type; type starter_exec, exec_type, file_type; +type charon_exec, exec_type, file_type; +type ipsec_exec, exec_type, file_type; +type stroke_exec, exec_type, file_type; +type ipsec, domain; allow ipsec wod_ipsec_socket:sock_file write; allow ipsec wod_ipsec_conf_file:file { write read ioctl open getattr create append unlink }; allow ipsec wod_ipsec_conf_file:dir { write read open search remove_name add_name }; diff --git a/sepolicy/ist8303.te b/sepolicy/ist8303.te index 5889b4e..accf011 100644 --- a/sepolicy/ist8303.te +++ b/sepolicy/ist8303.te @@ -1,5 +1,5 @@ -type istd8303, domain; type istd8303_exec, exec_type, file_type; +type istd8303, domain; init_daemon_domain(istd8303) allow istd8303 system_data_file:dir { write add_name create setattr }; allow istd8303 msensor_device:chr_file { open ioctl read write }; diff --git a/sepolicy/kpoc_charger.te b/sepolicy/kpoc_charger.te index 050f20d..ee1afe6 100644 --- a/sepolicy/kpoc_charger.te +++ b/sepolicy/kpoc_charger.te @@ -1,5 +1,5 @@ -type kpoc_charger_exec, exec_type, file_type; type kpoc_charger, domain; +type kpoc_charger_exec, exec_type, file_type; init_daemon_domain(kpoc_charger) allow kpoc_charger sysfs:file write; allow kpoc_charger self:netlink_kobject_uevent_socket { create bind read setopt }; diff --git a/sepolicy/lannetmngrd.te b/sepolicy/lannetmngrd.te index 6808048..e1d0598 100644 --- a/sepolicy/lannetmngrd.te +++ b/sepolicy/lannetmngrd.te @@ -1,41 +1,2 @@ -type lannetmngrd_exec, exec_type, file_type; -type lannetmngrd, domain; -init_daemon_domain(lannetmngrd) -allow lannetmngrd wmtWifi_device:chr_file { write open }; -allow lannetmngrd wide_dhcpv6_data_file:file { read write create open getattr unlink }; -allow lannetmngrd wide_dhcpv6_data_file:dir { read search write add_name remove_name }; -allow lannetmngrd volte_stack:udp_socket { read write setopt getopt }; -allow lannetmngrd volte_stack:tcp_socket { read write setopt getopt }; -allow lannetmngrd volte_stack:fd use; -allow lannetmngrd volte_imcb:tcp_socket { read write }; -allow lannetmngrd volte_imcb:tcp_socket setopt; -allow lannetmngrd volte_imcb:tcp_socket getopt; -allow lannetmngrd volte_imcb:fd use; -allow lannetmngrd untrusted_app_tmpfs:file write; -allow lannetmngrd untrusted_app:unix_stream_socket { read write getopt setopt }; -allow lannetmngrd untrusted_app:fd use; -allow lannetmngrd self:capability { setuid setgid }; -allow lannetmngrd self:capability { setuid net_bind_service setgid }; -allow lannetmngrd self:capability sys_module; -allow lannetmngrd self:capability fsetid; -allow lannetmngrd radvd_data_file:file { read write create open unlink }; -allow lannetmngrd radvd_data_file:dir { read write search add_name remove_name }; -allow lannetmngrd radio_tmpfs:file write; -allow lannetmngrd ppp:process sigkill; -allow lannetmngrd platform_app_tmpfs:file write; -allow lannetmngrd platform_app:fd use; -allow lannetmngrd netdiag:udp_socket { read write getopt setopt }; -allow lannetmngrd netdiag:fd use; -allow lannetmngrd mtk_wifi_prop:property_service set; -allow lannetmngrd mdlogger:tcp_socket { read write }; -allow lannetmngrd mdlogger:tcp_socket { getopt setopt }; -allow lannetmngrd mdlogger:fd use; -allow lannetmngrd kernel:system module_request; -allow lannetmngrd isolated_app_tmpfs:file write; -allow lannetmngrd isolated_app:fd use; -allow lannetmngrd ipsec:tcp_socket { read write setopt getopt }; -allow lannetmngrd ipsec:fd use; -allow lannetmngrd dhcp_data_file:file { read write create open getattr unlink }; -allow lannetmngrd dhcp_data_file:dir { read search write add_name remove_name }; -allow lannetmngrd dhcp6s_exec:file execute; -allow lannetmngrd device:file { open write }; \ No newline at end of file +type lannetmngrd_prop, property_type; +allow untrusted_app lannetmngrd_prop:file { open read getattr }; \ No newline at end of file diff --git a/sepolicy/launchpppoe.te b/sepolicy/launchpppoe.te index 32b9388..c54432b 100644 --- a/sepolicy/launchpppoe.te +++ b/sepolicy/launchpppoe.te @@ -1,3 +1,3 @@ -type launchpppoe_exec, exec_type, file_type; type launchpppoe, domain; +type launchpppoe_exec, exec_type, file_type; domain_auto_trans(init, launchpppoe_exec, ppp) \ No newline at end of file diff --git a/sepolicy/matv.te b/sepolicy/matv.te index 27b6094..77eb62c 100644 --- a/sepolicy/matv.te +++ b/sepolicy/matv.te @@ -1,4 +1,4 @@ -type matv, domain; type matv_exec, exec_type, file_type; +type matv, domain; init_daemon_domain(matv) binder_use(matv) \ No newline at end of file diff --git a/sepolicy/mbimd.te b/sepolicy/mbimd.te index 8e9bf38..e584ad1 100644 --- a/sepolicy/mbimd.te +++ b/sepolicy/mbimd.te @@ -1,5 +1,5 @@ -type mbimd_exec, exec_type, file_type; type mbimd, domain; +type mbimd_exec, exec_type, file_type; init_daemon_domain(mbimd) allow mbimd system_prop:property_service set; allow mbimd sysfs_wake_lock:file { write open }; diff --git a/sepolicy/mc6420d.te b/sepolicy/mc6420d.te index c001486..4275564 100644 --- a/sepolicy/mc6420d.te +++ b/sepolicy/mc6420d.te @@ -1,3 +1,3 @@ -type mc6420d, domain; type mc6420d_exec, exec_type, file_type; +type mc6420d, domain; init_daemon_domain(mc6420d) \ No newline at end of file diff --git a/sepolicy/md_ctrl.te b/sepolicy/md_ctrl.te index cb7ed3c..e85c65a 100644 --- a/sepolicy/md_ctrl.te +++ b/sepolicy/md_ctrl.te @@ -1,5 +1,5 @@ -type md_ctrl_exec, exec_type, file_type; type md_ctrl, domain; +type md_ctrl_exec, exec_type, file_type; init_daemon_domain(md_ctrl) allow md_ctrl vold_prop:property_service set; allow md_ctrl self:capability dac_override; diff --git a/sepolicy/md_monitor.te b/sepolicy/md_monitor.te index 8bc7f3e..3223ac6 100644 --- a/sepolicy/md_monitor.te +++ b/sepolicy/md_monitor.te @@ -1,5 +1,5 @@ -type md_monitor, domain; type md_monitor_exec, exec_type, file_type; +type md_monitor, domain; typeattribute md_monitor mlstrustedsubject; init_daemon_domain(md_monitor) file_type_auto_trans(md_monitor, system_data_file, md_monitor_data_file) diff --git a/sepolicy/mdlogger.te b/sepolicy/mdlogger.te index c437cde..2e548f0 100644 --- a/sepolicy/mdlogger.te +++ b/sepolicy/mdlogger.te @@ -1,5 +1,5 @@ -type mdlogger, domain; type mdlogger_exec, exec_type, file_type; +type mdlogger, domain; init_daemon_domain(mdlogger) binder_use(mdlogger) binder_service(mdlogger) diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 562a27b..d886f99 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -1,152 +1,4 @@ -binder_call(mediaserver,audiocmdservice_atci) -binder_call(mediaserver,MtkCodecService) -allow mediaserver vtservice:fd use; -allow mediaserver vtservice:binder { transfer call }; -allow mediaserver vow_device:chr_file { read write ioctl open }; -allow mediaserver untrusted_app_tmpfs:file write; -allow mediaserver untrusted_app:file { read open getattr }; -allow mediaserver untrusted_app:dir search; -allow mediaserver unlabeled:dir search; -allow mediaserver uibc_device:chr_file { read write getattr ioctl open }; -allow mediaserver uhid_device:chr_file { read write ioctl open }; -allow mediaserver ttySDIO_device:chr_file { read write }; -allow mediaserver ttySDIO_device:chr_file open; -allow mediaserver thermal_manager_exec:file { getattr execute read open }; -allow mediaserver thermal_manager_data_file:file { open setattr write lock read create getattr }; -allow mediaserver thermal_manager_data_file:file setattr; -allow mediaserver thermal_manager_data_file:dir { search getattr open read write setattr add_name }; -allow mediaserver tfa9890_device:chr_file { open read write ioctl }; -allow mediaserver system_server:unix_stream_socket { read write }; -allow mediaserver system_file:file execmod; -allow mediaserver system_data_file:file open; -allow mediaserver system_data_file:dir write; -allow mediaserver system_app_data_file:file { read getattr }; -allow mediaserver system_app:file { read open getattr }; -allow mediaserver system_app:dir search; -allow mediaserver sysfs_wake_lock:file { read write open }; -allow mediaserver sysfs_lowmemorykiller:file { read open }; -allow mediaserver sysfs_boot_mode_file:file { read open getattr }; -allow mediaserver sysfs:file { read open }; -allow mediaserver sw_sync_device:chr_file rw_file_perms; -allow mediaserver surfaceflinger:file { read open }; -allow mediaserver surfaceflinger:file getattr; -allow mediaserver surfaceflinger:fifo_file { read write }; -allow mediaserver surfaceflinger:dir search; -allow mediaserver storage_file:lnk_file { read write }; -allow mediaserver statusd:unix_stream_socket connectto; -allow mediaserver smartpa_device:chr_file { read write ioctl open }; -allow mediaserver smartpa1_device:chr_file { read write ioctl open }; -allow mediaserver sensorservice_service:service_manager find; -allow mediaserver self:netlink_kobject_uevent_socket { create setopt bind }; -allow mediaserver self:netlink_kobject_uevent_socket read; -allow mediaserver self:capability { setuid ipc_lock }; -allow mediaserver self:capability { net_admin dac_override }; -allow mediaserver self:capability sys_nice; -allow mediaserver sec_device:chr_file { read open ioctl }; -allow mediaserver sdcard_internal:file create; -allow mediaserver sdcard_internal:dir { write create add_name }; -allow mediaserver rpc_socket:sock_file write; -allow mediaserver radio_data_file:file open; -allow mediaserver radio_data_file:dir search; -allow mediaserver radio:file { read getattr open }; -allow mediaserver radio:dir { search read }; -allow mediaserver qemu_pipe_device:chr_file rw_file_perms; -allow mediaserver proc_thermal:file { write getattr open }; -allow mediaserver proc_thermal:file { read write open }; -allow mediaserver proc_thermal:dir search; -allow mediaserver proc_secmem:file { read write open }; -allow mediaserver proc_secmem:file ioctl; -allow mediaserver proc_mtktz:file { read write open }; -allow mediaserver proc_mtktz:dir search; -allow mediaserver proc_mtkcooler:file { read write open }; -allow mediaserver proc_mtkcooler:dir search; -allow mediaserver proc:file { read open ioctl }; -allow mediaserver pq_service:service_manager { find }; -allow mediaserver platform_app:file { read getattr open }; -allow mediaserver platform_app:dir search; -allow mediaserver persist_data_file:file { read write create open getattr }; -allow mediaserver persist_data_file:dir { create write add_name search }; -allow mediaserver offloadservice_device:chr_file { read write ioctl open }; -allow mediaserver nvram_device:chr_file { open read write }; -allow mediaserver nvram_device:blk_file { read write open }; -allow mediaserver nvram_data_file:lnk_file read; -allow mediaserver nvram_data_file:file { write getattr setattr read create open }; -allow mediaserver nvram_data_file:dir { add_name write search }; -allow mediaserver nvdata_file:file { write getattr setattr read create open }; -allow mediaserver nvdata_file:dir { add_name write search }; -allow mediaserver nvcfg_file:file { write getattr setattr read create open }; -allow mediaserver nvcfg_file:dir { add_name write read open search create create_dir_perms getattr setattr }; -allow mediaserver mtk_sched_device:chr_file { read write ioctl open }; -allow mediaserver mtk_rrc_device:chr_file { read write ioctl open }; -allow mediaserver mtk_perf_service:service_manager find; -allow mediaserver mtk_mjc_prop:property_service set; -allow mediaserver mtk_jpeg_device:chr_file { read ioctl open }; -allow mediaserver mtk_codec_service_service:service_manager find; -allow mediaserver mobicore_user_device:chr_file { read write open ioctl }; -allow mediaserver mobicore_data_file:file { getattr read open lock }; -allow mediaserver mobicore_data_file:file getattr; -allow mediaserver mobicore_data_file:dir search; -allow mediaserver mobicore:unix_stream_socket connectto; -allow mediaserver mnt_user_file:lnk_file { read write }; -allow mediaserver mnt_user_file:dir { write read search }; -allow mediaserver mmcblk0_block_device:blk_file { read write open }; -allow mediaserver mjc_lib_prop:property_service set; -allow mediaserver mediaserver_data_file:file { create open read write setattr }; -allow mediaserver mediaserver_data_file:dir { search getattr open read write setattr add_name }; -allow mediaserver media_wfd_prop:property_service set; -allow mediaserver lens_device:chr_file { read write ioctl open }; -allow mediaserver kd_camera_hw_device:chr_file { read write ioctl open }; -allow mediaserver kd_camera_flashlight_device:chr_file { read write ioctl open }; -allow mediaserver guiext-server_service:service_manager find; -allow mediaserver guiext-server:binder { transfer call }; -allow mediaserver graphics_device:chr_file { read write ioctl open }; -allow mediaserver fuse:file unlink; -allow mediaserver fuse:file append; -allow mediaserver fuse:dir remove_name; -allow mediaserver fm_device:chr_file { read write ioctl open }; -allow mediaserver eemcs_device:chr_file { read write ioctl open }; -allow mediaserver ebc_device:chr_file { read write ioctl open }; -allow mediaserver devmap_device:chr_file { read open }; -allow mediaserver devmap_device:chr_file { ioctl }; -allow mediaserver custom_file:file r_file_perms; -allow mediaserver custom_file:dir search; -allow mediaserver ccci_device:chr_file { read write ioctl open }; -allow mediaserver camera_sysram_device:chr_file { read ioctl open }; -allow mediaserver camera_pipemgr_device:chr_file { read ioctl open }; -allow mediaserver camera_isp_device:chr_file { read write ioctl open }; -allow mediaserver camera_fdvt_device:chr_file { read write ioctl open }; -allow mediaserver camera_dpe_device:chr_file { read write ioctl open }; -allow mediaserver bt_int_adp_socket:sock_file write; -allow mediaserver bt_data_file:file { open write create setattr append }; -allow mediaserver bt_data_file:dir { write add_name search }; -allow mediaserver bt_a2dp_stream_socket:sock_file write; -allow mediaserver bootanim:binder { transfer call }; -allow mediaserver bluetooth:unix_dgram_socket sendto; -allow mediaserver block_device:dir { write search }; -allow mediaserver block_device:dir search; -allow mediaserver audiohal_prop:property_service set; -allow mediaserver audiocmdservice_atci:binder call; -allow mediaserver audio_ipi_device:chr_file { read write ioctl open }; -allow mediaserver ancservice_device:chr_file { read write ioctl open }; -allow mediaserver Vcodec_device:chr_file { read write ioctl open }; -allow mediaserver SUBAF_device:chr_file { read write ioctl open }; -allow mediaserver MtkCodecService:binder call; -allow mediaserver MTK_SMI_device:chr_file { read ioctl open }; -allow mediaserver MJC_device:chr_file { read write ioctl open }; -allow mediaserver MAINAF_device:chr_file { read write ioctl open }; -allow mediaserver MAIN2AF_device:chr_file { read write ioctl open }; -allow mediaserver LC898212AF_device:chr_file { read write ioctl open }; -allow mediaserver LC898122AF_device:chr_file { read write ioctl open }; -allow mediaserver FM50AF_device:chr_file { read write ioctl open }; -allow mediaserver DW9814AF_device:chr_file { read write ioctl open }; -allow mediaserver DW9763AF_device:chr_file { read write ioctl open }; -allow mediaserver DW9718AF_device:chr_file { read write ioctl open }; -allow mediaserver DW9714A_device:chr_file { read write ioctl open }; -allow mediaserver DW9714AF_device:chr_file { read write ioctl open }; -allow mediaserver CAM_CAL_DRV_device:chr_file { read write ioctl open }; -allow mediaserver CAM_CAL_DRV2_device:chr_file { read write ioctl open }; -allow mediaserver CAM_CAL_DRV1_device:chr_file { read write ioctl open }; -allow mediaserver BU64745GWZAF_device:chr_file { read write ioctl open }; -allow mediaserver BU6429AF_device:chr_file { read write ioctl open }; -allow mediaserver AK7345AF_device:chr_file { read write ioctl open }; -allow mediaserver AD5820AF_device:chr_file { read write ioctl open }; \ No newline at end of file +allow vtservice mediaserver_service:service_manager find; +allow bootanim mediaserver_service:service_manager find; +allow audiocmdservice_atci mediaserver_service:service_manager find; +allow atci_service mediaserver_service:service_manager find; \ No newline at end of file diff --git a/sepolicy/memsicd.te b/sepolicy/memsicd.te index 6050053..c16b36f 100644 --- a/sepolicy/memsicd.te +++ b/sepolicy/memsicd.te @@ -1,5 +1,5 @@ -type memsicd, domain; type memsicd_exec, exec_type, file_type; +type memsicd, domain; init_daemon_domain(memsicd) allow memsicd msensor_device:chr_file { read write open ioctl }; allow memsicd gsensor_device:chr_file { read write open }; \ No newline at end of file diff --git a/sepolicy/memsicd3416x.te b/sepolicy/memsicd3416x.te index 2635131..bf22391 100644 --- a/sepolicy/memsicd3416x.te +++ b/sepolicy/memsicd3416x.te @@ -1,5 +1,5 @@ -type memsicd3416x, domain; type memsicd3416x_exec, exec_type, file_type; +type memsicd3416x, domain; init_daemon_domain(memsicd3416x) allow memsicd3416x msensor_device:chr_file { open ioctl read write }; allow memsicd3416x input_device:file { open read }; diff --git a/sepolicy/meta_tst.te b/sepolicy/meta_tst.te index 8fdbb2d..97db52a 100644 --- a/sepolicy/meta_tst.te +++ b/sepolicy/meta_tst.te @@ -1,5 +1,5 @@ -type meta_tst, domain; type meta_tst_exec, exec_type, file_type; +type meta_tst, domain; init_daemon_domain(meta_tst) allow meta_tst wmtWifi_device:chr_file { write open }; allow meta_tst vold_socket:sock_file write; diff --git a/sepolicy/mmc_ffu.te b/sepolicy/mmc_ffu.te index ef32640..a552195 100644 --- a/sepolicy/mmc_ffu.te +++ b/sepolicy/mmc_ffu.te @@ -1,5 +1,5 @@ -type mmc_ffu_exec, exec_type, file_type; type mmc_ffu, domain; +type mmc_ffu_exec, exec_type, file_type; init_daemon_domain(mmc_ffu) allow mmc_ffu mmcblk0_block_device:blk_file { read write ioctl open }; allow mmc_ffu misc_sd_device:chr_file { read ioctl open }; diff --git a/sepolicy/mmp.te b/sepolicy/mmp.te index 013fbcf..2e33317 100644 --- a/sepolicy/mmp.te +++ b/sepolicy/mmp.te @@ -1,3 +1,3 @@ -type mmp, domain; type mmp_exec, exec_type, file_type; +type mmp, domain; init_daemon_domain(mmp) \ No newline at end of file diff --git a/sepolicy/mnld.te b/sepolicy/mnld.te index 8023fcf..0f2a09b 100644 --- a/sepolicy/mnld.te +++ b/sepolicy/mnld.te @@ -1,67 +1,5 @@ -type mnld_exec, exec_type, file_type; -type mnld, domain; -net_domain(mnld) -init_daemon_domain(mnld) -file_type_auto_trans(mnld, system_data_file, mnld_data_file); -allow mnld wmt_prop:file r_file_perms; -allow mnld ttyGS_device:chr_file { read write }; -allow mnld tmpfs:lnk_file { read create open }; -allow mnld system_server:unix_dgram_socket sendto; -allow mnld system_data_file:sock_file create_file_perms; -allow mnld system_data_file:file { open read }; -allow mnld system_data_file:dir rw_dir_perms; -allow mnld system_data_file:dir create_dir_perms; -allow mnld system_app:unix_stream_socket connectto; -allow mnld sysfs_wake_lock:file rw_file_perms; -allow mnld sysfs_boot_mode_file:file { open read getattr }; -allow mnld sysfs:file rw_file_perms; -allow mnld stpbt_device:chr_file { read write }; -allow mnld self:capability { fsetid dac_override }; -allow mnld rootfs:lnk_file { getattr }; -allow mnld property_socket:sock_file rw_file_perms; -allow mnld proc_lk_env:file rw_file_perms; -allow mnld platform_app:unix_stream_socket connectto; -allow mnld nvram_device:chr_file { read write }; -allow mnld nvram_device:chr_file open; -allow mnld nvram_device:chr_file ioctl; -allow mnld nvram_device:blk_file rw_file_perms; -allow mnld nvram_data_file:lnk_file read; -allow mnld nvram_data_file:file create_file_perms; -allow mnld nvram_data_file:dir create_dir_perms; -allow mnld nvdata_file:file create_file_perms; -allow mnld nvdata_file:dir create_dir_perms; -allow mnld mtk_agpsd:unix_dgram_socket sendto; -allow mnld mtkFlpDaemon_data_file:sock_file create_file_perms; -allow mnld mtkFlpDaemon_data_file:dir create_dir_perms; -allow mnld mtkFlpDaemon:unix_dgram_socket sendto; -allow mnld mtd_device:dir search; +type mnld_prop, property_type; +allow untrusted_app mnld_prop:file { open read getattr }; +allow radio mnld_prop:file { read open getattr }; allow mnld mnld_prop:property_service set; -allow mnld mnld_device:chr_file rw_file_perms; -allow mnld mnld_data_file:sock_file create_file_perms; -allow mnld mnld_data_file:file rw_file_perms; -allow mnld mnld_data_file:file open; -allow mnld mnld_data_file:file create_file_perms; -allow mnld mnld_data_file:fifo_file create_file_perms; -allow mnld mnld_data_file:dir rw_dir_perms; -allow mnld mmcblk0_block_device:blk_file rw_file_perms; -allow mnld mdlog_device:chr_file { read write }; -allow mnld init:unix_stream_socket connectto; -allow mnld init:udp_socket { read write }; -allow mnld gps_device:chr_file rw_file_perms; -allow mnld gps_data_file:file create_file_perms; -allow mnld gps_data_file:dir rw_dir_perms; -allow mnld fuse:file rw_file_perms; -allow mnld fuse:file create_file_perms; -allow mnld fuse:file create; -allow mnld fuse:dir { read remove_name create open }; -allow mnld fuse:dir write; -allow mnld fuse:dir search; -allow mnld fuse:dir add_name; -allow mnld block_device:dir search; -allow mnld apk_data_file:file { write create }; -allow mnld apk_data_file:dir { write add_name }; -allow mnld agpsd_data_file:sock_file create_file_perms; -allow mnld agpsd_data_file:dir create_dir_perms; -allow mnld MPED_data_file:sock_file create_file_perms; -allow mnld MPED_data_file:dir create_dir_perms; -allow mnld MPED:unix_dgram_socket sendto; \ No newline at end of file +allow meta_tst mnld_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/mobicore.te b/sepolicy/mobicore.te index e73fe9c..aebe4cf 100644 --- a/sepolicy/mobicore.te +++ b/sepolicy/mobicore.te @@ -1,10 +1,10 @@ -type proc_secmem, fs_type; -type mobicore_data_file, file_type, data_file_type; -type mobicore_tui_device, dev_type; -type mobicore_user_device, dev_type; -type mobicore_admin_device, dev_type; -type mobicore_exec, exec_type, file_type; type mobicore, domain, domain_deprecated; +type mobicore_exec, exec_type, file_type; +type mobicore_admin_device, dev_type; +type mobicore_user_device, dev_type; +type mobicore_tui_device, dev_type; +type mobicore_data_file, file_type, data_file_type; +type proc_secmem, fs_type; init_daemon_domain(mobicore) allow mobicore self:netlink_socket create_socket_perms; allow mobicore self:capability { dac_override }; diff --git a/sepolicy/mobile_log_d.te b/sepolicy/mobile_log_d.te index 0799fe9..d988ba0 100644 --- a/sepolicy/mobile_log_d.te +++ b/sepolicy/mobile_log_d.te @@ -1,5 +1,5 @@ -type mobile_log_d, domain; type mobile_log_d_exec, exec_type, file_type; +type mobile_log_d, domain; init_daemon_domain(mobile_log_d) dontaudit mobile_log_d untrusted_app:fd use; dontaudit mobile_log_d isolated_app:fd use; diff --git a/sepolicy/mpe.te b/sepolicy/mpe.te index d32082f..62255ca 100644 --- a/sepolicy/mpe.te +++ b/sepolicy/mpe.te @@ -1,5 +1,5 @@ -type MPED_exec, exec_type, file_type; type MPED, domain; +type MPED_exec, exec_type, file_type; type_transition MPED system_data_file:sock_file MPED_socket "mtk_mpe_server"; net_domain(MPED) init_daemon_domain(MPED) diff --git a/sepolicy/mpud6050.te b/sepolicy/mpud6050.te index 0970c89..34ee617 100644 --- a/sepolicy/mpud6050.te +++ b/sepolicy/mpud6050.te @@ -1,5 +1,5 @@ -type mpud6050, domain; type mpud6050_exec, exec_type, file_type; +type mpud6050, domain; init_daemon_domain(mpud6050) allow mpud6050 gyroscope_mpud6050_use:file { open read }; allow mpud6050 gyroscope_mpud6050_use:dir { open read search }; diff --git a/sepolicy/msensord.te b/sepolicy/msensord.te index e1554e2..f880374 100644 --- a/sepolicy/msensord.te +++ b/sepolicy/msensord.te @@ -1,5 +1,5 @@ -type msensord, domain; type msensord_exec, exec_type, file_type; +type msensord, domain; unix_socket_connect(msensord, property, init) init_daemon_domain(msensord) allow msensord rootfs:lnk_file { getattr }; diff --git a/sepolicy/mtk.te b/sepolicy/mtk.te index f47c207..38f7907 100755 --- a/sepolicy/mtk.te +++ b/sepolicy/mtk.te @@ -1,28 +1,28 @@ -type mtk_wifi_prop, property_type; -type mtk_vt_prop, property_type; -type mtk_tele_prop, property_type; -type mtk_rns_service, app_api_service, system_server_service, service_manager_type; -type mtk_mwblacklist_service, service_manager_type; -type mtk_msg_monitor_service, app_api_service, system_server_service, service_manager_type; -type mtk_mjc_prop, property_type; -type mtk_hotknot_service, service_manager_type; -type mtk_epgd_service, app_api_service, system_server_service, service_manager_type; -type mtk_em_ims_simulate_prop, property_type; -type mtk_data_shaping_service, app_api_service, system_server_service, service_manager_type; -type mtk_codec_service_service, service_manager_type; -type mtk_anrmanager_service, app_api_service, system_server_service, service_manager_type; -type mtk_consumerir_service, service_manager_type; -type mtk_em_auto_answer_prop, property_type; -type mtk_em_pdn_prop, property_type; -type mtk_hdmi_service, app_api_service, system_server_service, service_manager_type; -type mtk_md_prop, property_type; -type mtk_mobile_service, app_api_service, system_server_service, service_manager_type; -type mtk_multiwindow_service, app_api_service, system_server_service, service_manager_type; -type mtk_perf_service, app_api_service, system_server_service, service_manager_type; -type mtk_sf_prop, property_type; -type mtk_volte_prop, property_type; -type mtk_wfc_prop, property_type; type mtk_wod_prop, property_type; +type mtk_wfc_prop, property_type; +type mtk_volte_prop, property_type; +type mtk_sf_prop, property_type; +type mtk_perf_service, app_api_service, system_server_service, service_manager_type; +type mtk_multiwindow_service, app_api_service, system_server_service, service_manager_type; +type mtk_mobile_service, app_api_service, system_server_service, service_manager_type; +type mtk_md_prop, property_type; +type mtk_hdmi_service, app_api_service, system_server_service, service_manager_type; +type mtk_em_pdn_prop, property_type; +type mtk_em_auto_answer_prop, property_type; +type mtk_consumerir_service, service_manager_type; +type mtk_anrmanager_service, app_api_service, system_server_service, service_manager_type; +type mtk_codec_service_service, service_manager_type; +type mtk_data_shaping_service, app_api_service, system_server_service, service_manager_type; +type mtk_em_ims_simulate_prop, property_type; +type mtk_epgd_service, app_api_service, system_server_service, service_manager_type; +type mtk_hotknot_service, service_manager_type; +type mtk_mjc_prop, property_type; +type mtk_msg_monitor_service, app_api_service, system_server_service, service_manager_type; +type mtk_mwblacklist_service, service_manager_type; +type mtk_rns_service, app_api_service, system_server_service, service_manager_type; +type mtk_tele_prop, property_type; +type mtk_vt_prop, property_type; +type mtk_wifi_prop, property_type; allow untrusted_app mtk_wod_prop:file { open read getattr }; allow untrusted_app mtk_wifi_prop:file { read open getattr }; allow untrusted_app mtk_wfc_prop:file { getattr open read }; diff --git a/sepolicy/mtkFlpDaemon.te b/sepolicy/mtkFlpDaemon.te index 4bea2ba..4b8d5d6 100644 --- a/sepolicy/mtkFlpDaemon.te +++ b/sepolicy/mtkFlpDaemon.te @@ -1,5 +1,5 @@ -type mtkFlpDaemon_exec, exec_type, file_type; type mtkFlpDaemon, domain; +type mtkFlpDaemon_exec, exec_type, file_type; net_domain(mtkFlpDaemon) init_daemon_domain(mtkFlpDaemon) file_type_auto_trans(mtkFlpDaemon, system_data_file, mtkFlpDaemon_data_file); diff --git a/sepolicy/mtk_6620_launcher.te b/sepolicy/mtk_6620_launcher.te index 92aa95e..d814598 100644 --- a/sepolicy/mtk_6620_launcher.te +++ b/sepolicy/mtk_6620_launcher.te @@ -1,5 +1,5 @@ -type mtk_6620_launcher, domain; type mtk_6620_launcher_exec, exec_type, file_type; +type mtk_6620_launcher, domain; init_daemon_domain(mtk_6620_launcher) allow mtk_6620_launcher wmt_prop:property_service set; allow mtk_6620_launcher wmt_prop:file r_file_perms; diff --git a/sepolicy/mtk_agpsd.te b/sepolicy/mtk_agpsd.te index 8f3129d..616047a 100644 --- a/sepolicy/mtk_agpsd.te +++ b/sepolicy/mtk_agpsd.te @@ -1,5 +1,5 @@ -type mtk_agpsd, domain; type mtk_agpsd_exec, exec_type, file_type; +type mtk_agpsd, domain; net_domain(mtk_agpsd) init_daemon_domain(mtk_agpsd) allow mtk_agpsd ttySDIO_device:chr_file create_file_perms; diff --git a/sepolicy/mtkmal.te b/sepolicy/mtkmal.te index 82423d9..3e31408 100644 --- a/sepolicy/mtkmal.te +++ b/sepolicy/mtkmal.te @@ -1,5 +1,5 @@ -type mtkmal_exec, exec_type, file_type; type mtkmal, domain; +type mtkmal_exec, exec_type, file_type; unix_socket_send(mtkmal, wpa, wpa) init_daemon_domain(mtkmal) allow wpa mtkmal:unix_stream_socket connectto; diff --git a/sepolicy/mtkrild.te b/sepolicy/mtkrild.te index af5270b..fd9cc6a 100644 --- a/sepolicy/mtkrild.te +++ b/sepolicy/mtkrild.te @@ -1,5 +1,5 @@ -type mtkrild, domain; type mtkrild_exec, exec_type, file_type; +type mtkrild, domain; wakelock_use(mtkrild) unix_socket_connect(mtkrild, property, init) net_domain(mtkrild) diff --git a/sepolicy/mtkrildmd2.te b/sepolicy/mtkrildmd2.te index 62845c6..f82a94f 100644 --- a/sepolicy/mtkrildmd2.te +++ b/sepolicy/mtkrildmd2.te @@ -1,5 +1,5 @@ -type mtkrildmd2, domain; type mtkrildmd2_exec, exec_type, file_type; +type mtkrildmd2, domain; wakelock_use(mtkrildmd2) unix_socket_connect(mtkrildmd2, property, init) net_domain(mtkrildmd2) diff --git a/sepolicy/muxreport.te b/sepolicy/muxreport.te index 7b99b2f..a6306ed 100644 --- a/sepolicy/muxreport.te +++ b/sepolicy/muxreport.te @@ -1,5 +1,5 @@ -type muxreport, domain; type muxreport_exec, exec_type, file_type; +type muxreport, domain; init_daemon_domain(muxreport) allow muxreport sysfs:file { read open }; allow muxreport self:capability dac_override; diff --git a/sepolicy/mvg_app.te b/sepolicy/mvg_app.te index 618c6f4..43ed1d4 100644 --- a/sepolicy/mvg_app.te +++ b/sepolicy/mvg_app.te @@ -1,3 +1,3 @@ -type mvg_app_exec, exec_type, file_type; type mvg_app, domain; +type mvg_app_exec, exec_type, file_type; init_daemon_domain(mvg_app) \ No newline at end of file diff --git a/sepolicy/mxg2320d.te b/sepolicy/mxg2320d.te index d65b0fe..c2825c6 100644 --- a/sepolicy/mxg2320d.te +++ b/sepolicy/mxg2320d.te @@ -1,5 +1,5 @@ -type mxg2320d, domain; type mxg2320d_exec, exec_type, file_type; +type mxg2320d, domain; init_daemon_domain(mxg2320d) file_type_auto_trans(mxg2320d, system_data_file, msensor_data_file) allow mxg2320d system_data_file:dir { create setattr }; diff --git a/sepolicy/net.te b/sepolicy/net.te index b40d84a..eea7115 100644 --- a/sepolicy/net.te +++ b/sepolicy/net.te @@ -1,7 +1,4 @@ -unix_socket_connect(netdomain, dnsproxyd, netd) -allow netdomain self:netlink_route_socket { create bind read nlmsg_read }; -allow netdomain self: { tcp_socket udp_socket *; -allow netdomain port_type:udp_socket name_bind; -allow netdomain port_type:tcp_socket name_connect; -allow netdomain port_type:tcp_socket name_bind; -allow netdomain node_type: { tcp_socket udp_socket node_bind; \ No newline at end of file +type net_cdma_mdmstat, property_type; +allow untrusted_app net_cdma_mdmstat:file { open read getattr }; +allow statusd net_cdma_mdmstat:property_service set; +allow ccci_mdinit net_cdma_mdmstat:property_service set; \ No newline at end of file diff --git a/sepolicy/netdiag.te b/sepolicy/netdiag.te index 26ffcd1..f5c8a65 100644 --- a/sepolicy/netdiag.te +++ b/sepolicy/netdiag.te @@ -1,5 +1,5 @@ -type netdiag, domain; type netdiag_exec, exec_type, file_type; +type netdiag, domain; typeattribute netdiag mlstrustedsubject; init_daemon_domain(netdiag) binder_use(netdiag) diff --git a/sepolicy/nvram_agent_binder.te b/sepolicy/nvram_agent_binder.te index 2367e81..d52139a 100644 --- a/sepolicy/nvram_agent_binder.te +++ b/sepolicy/nvram_agent_binder.te @@ -1,5 +1,5 @@ -type nvram_agent_binder, domain; type nvram_agent_binder_exec, exec_type, file_type; +type nvram_agent_binder, domain; init_daemon_domain(nvram_agent_binder) binder_use(nvram_agent_binder) binder_service(nvram_agent_binder) diff --git a/sepolicy/nvram_daemon.te b/sepolicy/nvram_daemon.te index 40f85f5..db852a5 100644 --- a/sepolicy/nvram_daemon.te +++ b/sepolicy/nvram_daemon.te @@ -1,5 +1,5 @@ -type nvram_daemon, domain; type nvram_daemon_exec, exec_type, file_type; +type nvram_daemon, domain; init_daemon_domain(nvram_daemon) allow nvram_daemon toolbox_exec:file { r_file_perms execute execute_no_trans }; allow nvram_daemon system_prop:property_service set; diff --git a/sepolicy/orientationd.te b/sepolicy/orientationd.te index f5c5e18..7f66fdb 100644 --- a/sepolicy/orientationd.te +++ b/sepolicy/orientationd.te @@ -1,5 +1,5 @@ -type orientationd, domain; type orientationd_exec, exec_type, file_type; +type orientationd, domain; init_daemon_domain(orientationd) allow orientationd input_device:dir { read search open }; allow orientationd input_device:chr_file { read write ioctl open }; diff --git a/sepolicy/osi.te b/sepolicy/osi.te index ea2e7d7..8cf5ec4 100644 --- a/sepolicy/osi.te +++ b/sepolicy/osi.te @@ -1,5 +1,5 @@ -type osi, domain; type osi_exec, exec_type, file_type; +type osi, domain; net_domain(osi) init_daemon_domain(osi) allow osi system_file:file execute_no_trans; diff --git a/sepolicy/permission_check.te b/sepolicy/permission_check.te index 0874dfd..3a3bebf 100644 --- a/sepolicy/permission_check.te +++ b/sepolicy/permission_check.te @@ -1,5 +1,5 @@ -type permission_check, domain; type permission_check_exec, exec_type, file_type; +type permission_check, domain; init_daemon_domain(permission_check) allow permission_check toolbox_exec:file { getattr execute read open execute_no_trans }; allow permission_check system_file:file { read getattr open execute execute_no_trans }; diff --git a/sepolicy/persist.te b/sepolicy/persist.te index 1c9f769..143cf1f 100755 --- a/sepolicy/persist.te +++ b/sepolicy/persist.te @@ -1,13 +1,13 @@ -type persist_service_atci_prop, property_type; -type persist_mtklog_prop, property_type; -type persist_md_prop, property_type; -type persist_dm_prop, property_type; -type persist_aee_prop, property_type; -type persist_bt_prop, property_type; -type persist_mal_prop, property_type; -type persist_mtk_aee_prop, property_type; -type persist_ril_prop, property_type; type persist_wod_prop, property_type; +type persist_ril_prop, property_type; +type persist_mtk_aee_prop, property_type; +type persist_mal_prop, property_type; +type persist_bt_prop, property_type; +type persist_aee_prop, property_type; +type persist_dm_prop, property_type; +type persist_md_prop, property_type; +type persist_mtklog_prop, property_type; +type persist_service_atci_prop, property_type; allow zygote persist_ril_prop:file { read open getattr }; allow viarild persist_ril_prop:property_service set; allow untrusted_app persist_wod_prop:file { open read getattr }; diff --git a/sepolicy/poad.te b/sepolicy/poad.te index 61975c7..4fc2f2b 100644 --- a/sepolicy/poad.te +++ b/sepolicy/poad.te @@ -1,3 +1,3 @@ -type poad, domain; type poad_exec, exec_type, file_type; +type poad, domain; init_daemon_domain(poad) \ No newline at end of file diff --git a/sepolicy/ppl_agent.te b/sepolicy/ppl_agent.te index a253ce0..1a2c72f 100644 --- a/sepolicy/ppl_agent.te +++ b/sepolicy/ppl_agent.te @@ -1,5 +1,5 @@ -type ppl_agent, domain; type ppl_agent_exec, exec_type, file_type; +type ppl_agent, domain; init_daemon_domain(ppl_agent) binder_use(ppl_agent) binder_service(ppl_agent) diff --git a/sepolicy/pppd_btdun.te b/sepolicy/pppd_btdun.te index 7314b0a..fe0c473 100644 --- a/sepolicy/pppd_btdun.te +++ b/sepolicy/pppd_btdun.te @@ -1,5 +1,5 @@ -type pppd_btdun_exec, exec_type, file_type; type pppd_btdun, domain; +type pppd_btdun_exec, exec_type, file_type; init_daemon_domain(pppd_btdun) allow pppd_btdun tun_device:chr_file { read write ioctl open create }; allow pppd_btdun self:udp_socket { read write ioctl create }; diff --git a/sepolicy/pppd_dt.te b/sepolicy/pppd_dt.te index 177b1bb..5690b82 100644 --- a/sepolicy/pppd_dt.te +++ b/sepolicy/pppd_dt.te @@ -1,5 +1,5 @@ -type pppd_dt, domain; type pppd_dt_exec, exec_type, file_type; +type pppd_dt, domain; init_daemon_domain(pppd_dt) allow pppd_dt ttyACM_device:chr_file { read write ioctl open getattr }; allow pppd_dt system_prop:property_service set; diff --git a/sepolicy/pppd_via.te b/sepolicy/pppd_via.te index 53a336d..49187cd 100644 --- a/sepolicy/pppd_via.te +++ b/sepolicy/pppd_via.te @@ -1,5 +1,5 @@ -type pppd_via, domain; type pppd_via_exec, exec_type, file_type; +type pppd_via, domain; init_daemon_domain(pppd_via) allow pppd_via ttySDIO_device:chr_file { read write open setattr getattr ioctl }; allow pppd_via system_file:file execute_no_trans; diff --git a/sepolicy/pq.te b/sepolicy/pq.te index 094c8e1..6d1bebb 100644 --- a/sepolicy/pq.te +++ b/sepolicy/pq.te @@ -1,16 +1,11 @@ -type pq, domain; -type pq_exec, exec_type, file_type; -init_daemon_domain(pq) -binder_use(pq) -binder_service(pq) -binder_call(pq, binderservicedomain) -allow pq system_prop:property_service set; -allow pq rootfs:lnk_file { getattr }; -allow pq property_socket:sock_file write; -allow pq proc:file { read open ioctl }; +type pq_service, service_manager_type; +allow vtservice pq_service:service_manager { find }; +allow untrusted_app pq_service:service_manager { find }; +allow surfaceflinger pq_service:service_manager { find }; allow pq pq_service:service_manager { find }; allow pq pq_service:service_manager add; -allow pq permission_service:service_manager { find }; -allow pq init:unix_stream_socket connectto; -allow pq graphics_device:dir search; -allow pq graphics_device:chr_file { read write open ioctl }; \ No newline at end of file +allow platform_app pq_service:service_manager { find }; +allow mediaserver pq_service:service_manager { find }; +allow mediacodec pq_service:service_manager { find }; +allow cameraserver pq_service:service_manager { find }; +allow atci_service pq_service:service_manager { find }; \ No newline at end of file diff --git a/sepolicy/proc.te b/sepolicy/proc.te index ed30ccd..854cf9f 100755 --- a/sepolicy/proc.te +++ b/sepolicy/proc.te @@ -1,11 +1,11 @@ -type proc_slogger, fs_type; -type proc_mtktz, fs_type; -type proc_mrdump_rst, fs_type; -type proc_icusb, fs_type; -type proc_lk_env, fs_type; -type proc_mtkcooler, fs_type; -type proc_secmem, fs_type; type proc_thermal, fs_type; +type proc_secmem, fs_type; +type proc_mtkcooler, fs_type; +type proc_lk_env, fs_type; +type proc_icusb, fs_type; +type proc_mrdump_rst, fs_type; +type proc_mtktz, fs_type; +type proc_slogger, fs_type; allow vold proc_mtktz:dir r_dir_perms; allow vold proc_mtkcooler:dir r_dir_perms; allow vold proc_lk_env:file { read write open ioctl }; diff --git a/sepolicy/program.te b/sepolicy/program.te index bee01d8..452834c 100755 --- a/sepolicy/program.te +++ b/sepolicy/program.te @@ -1,5 +1,5 @@ -type program_binary_prop, property_type; type program_binary_service, service_manager_type; +type program_binary_prop, property_type; allow untrusted_app program_binary_service:service_manager find; allow untrusted_app program_binary_prop:file { open read getattr }; allow system_server program_binary_service:service_manager find; diff --git a/sepolicy/program_binary.te b/sepolicy/program_binary.te index 3a6d6fa..a9a4aa0 100644 --- a/sepolicy/program_binary.te +++ b/sepolicy/program_binary.te @@ -1,6 +1,6 @@ -type program_binary_service, service_manager_type; -type program_binary_exec, exec_type, file_type; type program_binary, domain; +type program_binary_exec, exec_type, file_type; +type program_binary_service, service_manager_type; init_daemon_domain(program_binary) binder_use(program_binary) binder_service(program_binary) diff --git a/sepolicy/property.te b/sepolicy/property.te index 90101dc..25cf0f4 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -1,107 +1,107 @@ -type smart_audio_prop, property_type; -type mtk_em_auto_answer_prop, property_type; -type mtk_em_ims_simulate_prop, property_type; -type ctl_mbimd_prop, property_type; -type mtk_em_pdn_prop, property_type; -type factory_idle_state_prop, property_type; -type mtk_sf_prop, property_type; -type soter_teei_prop, property_type; -type hotknot_prop, property_type; -type volte_prop, property_type; -type ctl_volte_ua_prop, property_type; -type ctl_volte_stack_prop, property_type; -type ctl_volte_imcb_prop, property_type; -type mtk_vt_prop, property_type; -type mtk_wfc_prop, property_type; -type mtk_volte_prop, property_type; -type program_binary_prop, property_type; -type persist_wod_prop, property_type; -type mtk_wod_prop, property_type; -type pppd_gprs_prop, property_type; -type mtk_tele_prop, property_type; -type persist_bt_prop, property_type; -type bt_prop, property_type; -type save_locale_prop, property_type; -type cdma_prop, property_type; -type net_cdma_mdmstat, property_type; -type ctl_memsicd3416x_prop, property_type; -type ctl_st480_prop, property_type; -type ctl_istd8303_prop, property_type; -type ctl_eemcs_fsd_prop, property_type; -type ctl_emcsmdlogger_prop, property_type; -type ctl_orientationd_prop, property_type; -type ctl_geomagneticd_prop, property_type; -type ctl_bmm056d_prop, property_type; -type ctl_bmm050d_prop, property_type; -type ctl_akmd09912_prop, property_type; -type ctl_mxg2320d_prop, property_type; -type ctl_akmd09911_prop, property_type; -type ctl_s62xd_prop, property_type; -type ctl_akmd8963_prop, property_type; -type ctl_msensord_prop, property_type; -type persist_md_prop, property_type; -type ril_volte_stack_rcsuaproxy_prop, property_type; -type persist_service_atci_prop, property_type; -type ctl_atci_service_prop, property_type; -type ctl_atcid-daemon-u_prop, property_type; -type wmt_prop, property_type; -type ctl_ipo_swap_prop, property_type; -type ctl_ipod_prop, property_type; -type ipod_prop, property_type; -type ctl_rbfota_prop, property_type; -type persist_dm_prop, property_type; -type ctl_zpppdgprs_prop, property_type; -type ctl_ril3gd_prop, property_type; -type audiohal_prop, property_type; -type mnld_prop, property_type; -type bootani_prop, property_type; -type mediatek_prop, property_type; -type ctl_pppd_via_prop, property_type; -type pppoe_ppp0_prop, property_type; -type ctl_muxreport-daemon_prop, property_type; -type mtk_md_prop, property_type; -type ril_cdma_report_prop, property_type; -type ril_mux_report_case_prop, property_type; -type ril_active_md_prop, property_type; -type ctl_ccci2_rpcd_prop, property_type; -type ctl_ccci_rpcd_prop, property_type; -type ctl_ccci3_fsd_prop, property_type; -type ctl_ccci2_fsd_prop, property_type; -type ctl_ccci_fsd_prop, property_type; -type ctl_ril-proxy_prop, property_type; -type ctl_ril-daemon-md2_prop, property_type; -type ctl_ril-daemon-d_prop, property_type; -type ctl_ril-daemon-s_prop, property_type; -type ctl_ril-daemon-mtk_prop, property_type; -type debug_bq_dump_prop, property_type; -type debug_mtk_aee_prop, property_type; -type persist_aee_prop, property_type; -type persist_mtk_aee_prop, property_type; -type debug_mdlogger_prop, property_type; -type mtk_wifi_prop, property_type; -type mtk_mjc_prop, property_type; -type mjc_lib_prop, property_type; -type media_wfd_prop, property_type; -type debug_netlog_prop, property_type; -type persist_mtklog_prop, property_type; -type debug_mtklog_prop, property_type; -type lannetmngrd_prop, property_type; -type atcp_prop, property_type; -type persist_mal_prop, property_type; -type gsm0710muxd_prop, property_type; -type terservice_prop, property_type; -type persist_ril_prop, property_type; -type ctl_viarild_prop, property_type; -type ctl_eemcs_fmdl_prop, property_type; -type ctl_dualmdlogger_prop, property_type; -type ctl_emdlogger3_prop, property_type; -type ctl_emdlogger2_prop, property_type; -type ctl_emdlogger1_prop, property_type; -type ctl_mdlogger_prop, property_type; -type ctl_gsm0710muxdmd2_prop, property_type; -type ctl_gsm0710muxd-d_prop, property_type; -type ctl_gsm0710muxd-s_prop, property_type; -type ctl_gsm0710muxd_prop, property_type; type mtk_default_prop, property_type; +type ctl_gsm0710muxd_prop, property_type; +type ctl_gsm0710muxd-s_prop, property_type; +type ctl_gsm0710muxd-d_prop, property_type; +type ctl_gsm0710muxdmd2_prop, property_type; +type ctl_mdlogger_prop, property_type; +type ctl_emdlogger1_prop, property_type; +type ctl_emdlogger2_prop, property_type; +type ctl_emdlogger3_prop, property_type; +type ctl_dualmdlogger_prop, property_type; +type ctl_eemcs_fmdl_prop, property_type; +type ctl_viarild_prop, property_type; +type persist_ril_prop, property_type; +type terservice_prop, property_type; +type gsm0710muxd_prop, property_type; +type persist_mal_prop, property_type; +type atcp_prop, property_type; +type lannetmngrd_prop, property_type; +type debug_mtklog_prop, property_type; +type persist_mtklog_prop, property_type; +type debug_netlog_prop, property_type; +type media_wfd_prop, property_type; +type mjc_lib_prop, property_type; +type mtk_mjc_prop, property_type; +type mtk_wifi_prop, property_type; +type debug_mdlogger_prop, property_type; +type persist_mtk_aee_prop, property_type; +type persist_aee_prop, property_type; +type debug_mtk_aee_prop, property_type; +type debug_bq_dump_prop, property_type; +type ctl_ril-daemon-mtk_prop, property_type; +type ctl_ril-daemon-s_prop, property_type; +type ctl_ril-daemon-d_prop, property_type; +type ctl_ril-daemon-md2_prop, property_type; +type ctl_ril-proxy_prop, property_type; +type ctl_ccci_fsd_prop, property_type; +type ctl_ccci2_fsd_prop, property_type; +type ctl_ccci3_fsd_prop, property_type; +type ctl_ccci_rpcd_prop, property_type; +type ctl_ccci2_rpcd_prop, property_type; +type ril_active_md_prop, property_type; +type ril_mux_report_case_prop, property_type; +type ril_cdma_report_prop, property_type; +type mtk_md_prop, property_type; +type ctl_muxreport-daemon_prop, property_type; +type pppoe_ppp0_prop, property_type; +type ctl_pppd_via_prop, property_type; +type mediatek_prop, property_type; +type bootani_prop, property_type; +type mnld_prop, property_type; +type audiohal_prop, property_type; +type ctl_ril3gd_prop, property_type; +type ctl_zpppdgprs_prop, property_type; +type persist_dm_prop, property_type; +type ctl_rbfota_prop, property_type; +type ipod_prop, property_type; +type ctl_ipod_prop, property_type; +type ctl_ipo_swap_prop, property_type; +type wmt_prop, property_type; +type ctl_atcid-daemon-u_prop, property_type; +type ctl_atci_service_prop, property_type; +type persist_service_atci_prop, property_type; +type ril_volte_stack_rcsuaproxy_prop, property_type; +type persist_md_prop, property_type; +type ctl_msensord_prop, property_type; +type ctl_akmd8963_prop, property_type; +type ctl_s62xd_prop, property_type; +type ctl_akmd09911_prop, property_type; +type ctl_mxg2320d_prop, property_type; +type ctl_akmd09912_prop, property_type; +type ctl_bmm050d_prop, property_type; +type ctl_bmm056d_prop, property_type; +type ctl_geomagneticd_prop, property_type; +type ctl_orientationd_prop, property_type; +type ctl_emcsmdlogger_prop, property_type; +type ctl_eemcs_fsd_prop, property_type; +type ctl_istd8303_prop, property_type; +type ctl_st480_prop, property_type; +type ctl_memsicd3416x_prop, property_type; +type net_cdma_mdmstat, property_type; +type cdma_prop, property_type; +type save_locale_prop, property_type; +type bt_prop, property_type; +type persist_bt_prop, property_type; +type mtk_tele_prop, property_type; +type pppd_gprs_prop, property_type; +type mtk_wod_prop, property_type; +type persist_wod_prop, property_type; +type program_binary_prop, property_type; +type mtk_volte_prop, property_type; +type mtk_wfc_prop, property_type; +type mtk_vt_prop, property_type; +type ctl_volte_imcb_prop, property_type; +type ctl_volte_stack_prop, property_type; +type ctl_volte_ua_prop, property_type; +type volte_prop, property_type; +type hotknot_prop, property_type; +type soter_teei_prop, property_type; +type mtk_sf_prop, property_type; +type factory_idle_state_prop, property_type; +type mtk_em_pdn_prop, property_type; +type ctl_mbimd_prop, property_type; +type mtk_em_ims_simulate_prop, property_type; +type mtk_em_auto_answer_prop, property_type; +type smart_audio_prop, property_type; neverallow { domain -init -system_app -system_server -recovery ctl_default_prop:property_service set; neverallow { domain -init -nvram_daemon default_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index c52d531..1777ece 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -1,244 +1,118 @@ -# ============================================== -# MTK Policy Rule -# ============================================== -#=============allow ccci_mdinit to start gsm0710muxd============== -ctl.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0 -ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd-s_prop:s0 -ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd-d_prop:s0 -ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0 - -#=============allow ccci_mdinit to ctl. mdlogger============== -ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0 -ctl.emdlogger1 u:object_r:ctl_emdlogger1_prop:s0 -ctl.emdlogger2 u:object_r:ctl_emdlogger2_prop:s0 -ctl.emdlogger3 u:object_r:ctl_emdlogger3_prop:s0 -ctl.dualmdlogger u:object_r:ctl_dualmdlogger_prop:s0 -#=============allow eemcs_mdinit to start mdlogger========== -ctl.eemcs_fmdl u:object_r:ctl_eemcs_fmdl_prop:s0 -#ctl.emdlogger5 u:object_r:ctl_emdlogger5_prop:s0 - -#=============allow mtkrild to set persist.ril property============== -persist.ril u:object_r:persist_ril_prop:s0 -#=============allow terservice to set terservice property============== +volte.emergency.pdn.protocol u:object_r:mtk_em_pdn_prop:s0 +user.region u:object_r:save_locale_prop:s0 +user.language u:object_r:save_locale_prop:s0 +tedongle. u:object_r:radio_prop:s0 +streamout. u:object_r:audiohal_prop:s0 +streamin. u:object_r:audiohal_prop:s0 +soter.teei. u:object_r:soter_teei_prop:s0 +smart_audio. u:object_r:smart_audio_prop:s0 +service.wcn u:object_r:wmt_prop:s0 +ril.volte.stack.rcsuaproxy u:object_r:ril_volte_stack_rcsuaproxy_prop:s0 +ril.volte. u:object_r:volte_prop:s0 +ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0 +ril.mux. u:object_r:gsm0710muxd_prop:s0 +ril.cdma.report u:object_r:ril_cdma_report_prop:s0 +ril.active.md u:object_r:ril_active_md_prop:s0 +pppoe.ppp0. u:object_r:pppoe_ppp0_prop:s0 +persist.vold. u:object_r:vold_prop:s0 persist.ter u:object_r:terservice_prop:s0 - -#============= allow mal ============== -persist.mal u:object_r:persist_mal_prop:s0 - -#=============allow netlog============== -#debug.mtklog.init.flag -debug.mtklog u:object_r:debug_mtklog_prop:s0 -#persist.mtklog.log2sd.path +persist.service.atci. u:object_r:persist_service_atci_prop:s0 +persist.ril u:object_r:persist_ril_prop:s0 +persist.net.wo. u:object_r:persist_wod_prop:s0 persist.mtklog u:object_r:persist_mtklog_prop:s0 -#debug.netlog.stopreason -debug.netlog u:object_r:debug_netlog_prop:s0 - -#=============allow system_server to set media.wfd.*============== -media.wfd. u:object_r:media_wfd_prop:s0 - -#=============allow mediaserver to set mjc.lib.*============== -mjc.lib. u:object_r:mjc_lib_prop:s0 - -#=============allow mediaserver to set mtk.mjc.*============== -mtk.mjc. u:object_r:mtk_mjc_prop:s0 - -#=============allow netd to set mtk_wifi.*======================== -mtk_wifi. u:object_r:mtk_wifi_prop:s0 - -#=============allow mdlogger============== -debug.mdlogger u:object_r:debug_mdlogger_prop:s0 - -#=============allow AEE============== -# persist.mtk.aee.mode && persist.mtk.aee.dal +persist.mtk.wfc.enable u:object_r:mtk_wfc_prop:s0 +persist.mtk.wcn u:object_r:wmt_prop:s0 +persist.mtk.volte.enable u:object_r:mtk_volte_prop:s0 +persist.mtk.sf.fps u:object_r:mtk_sf_prop:s0 +persist.mtk.ims.video.enable u:object_r:mtk_vt_prop:s0 persist.mtk.aee u:object_r:persist_mtk_aee_prop:s0 - -# persist.aee.core.dump && persist.aee.core.direct +persist.md u:object_r:persist_md_prop:s0 +persist.mal u:object_r:persist_mal_prop:s0 +persist.ipoh. u:object_r:ipod_prop:s0 +persist.ims.simulate u:object_r:mtk_em_ims_simulate_prop:s0 +persist.dm. u:object_r:persist_dm_prop:s0 +persist.bt. u:object_r:persist_bt_prop:s0 +persist.bootanim. u:object_r:bootani_prop:s0 +persist.auto_answer u:object_r:mtk_em_auto_answer_prop:s0 +persist.af. u:object_r:audiohal_prop:s0 persist.aee u:object_r:persist_aee_prop:s0 - -# debug.mtk.aee.db -debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0 - -#=============allow AEE_Dumpstate============== -debug.bq.dump u:object_r:debug_bq_dump_prop:s0 - -#=============allow mux============== -ril.mux. u:object_r:gsm0710muxd_prop:s0 - -#=============allow atcp============== -atcp. u:object_r:atcp_prop:s0 -#persist.sys.dongle.usb. u:object_r:persist_sys_dongle_usb_prop:s0 - -#=============allow lannetmngrd============== -lannetmngrd. u:object_r:lannetmngrd_prop:s0 - -#=============allow vold============== -persist.vold. u:object_r:vold_prop:s0 -ctl.sdcard u:object_r:ctl_fuse_prop:s0 - -#=============allow mdinit============== -ctl.ril-daemon-mtk u:object_r:ctl_ril-daemon-mtk_prop:s0 -ctl.ril-daemon-s u:object_r:ctl_ril-daemon-s_prop:s0 -ctl.ril-daemon-d u:object_r:ctl_ril-daemon-d_prop:s0 -ctl.ril-daemon-md2 u:object_r:ctl_ril-daemon-md2_prop:s0 -ctl.viarild u:object_r:ctl_viarild_prop:s0 -ctl.ril-proxy u:object_r:ctl_ril-proxy_prop:s0 - -ctl.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0 -ctl.ccci2_fsd u:object_r:ctl_ccci2_fsd_prop:s0 -ctl.ccci3_fsd u:object_r:ctl_ccci3_fsd_prop:s0 -ctl.ccci_rpcd u:object_r:ctl_ccci_rpcd_prop:s0 -ctl.ccci2_rpcd u:object_r:ctl_ccci2_rpcd_prop:s0 -ctl.muxreport-daemon u:object_r:ctl_muxreport-daemon_prop:s0 - -ril.active.md u:object_r:ril_active_md_prop:s0 -ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0 -ril.cdma.report u:object_r:ril_cdma_report_prop:s0 - -#=============allow pppd_via============== -ctl.pppd_via u:object_r:ctl_pppd_via_prop:s0 - -#=============allow ppp to set pppoe.ppp0.*======================== -pppoe.ppp0. u:object_r:pppoe_ppp0_prop:s0 - -#=============allow mediatek_prop ============== +net.wo. u:object_r:mtk_wod_prop:s0 +net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0 +mtk_wifi. u:object_r:mtk_wifi_prop:s0 +mtk_telephony u:object_r:mtk_tele_prop:s0 +mtk.mjc. u:object_r:mtk_mjc_prop:s0 +mtk.md u:object_r:mtk_md_prop:s0 +mjc.lib. u:object_r:mjc_lib_prop:s0 mediatek. u:object_r:mediatek_prop:s0 - -#=============allow bootanim============== -persist.bootanim. u:object_r:bootani_prop:s0 - -#=============allow mnld_prop ============== -gps.clock.type u:object_r:mnld_prop:s0 +media.wfd. u:object_r:media_wfd_prop:s0 +lannetmngrd. u:object_r:lannetmngrd_prop:s0 +ipo.ipoh. u:object_r:ipod_prop:s0 +hotknot. u:object_r:hotknot_prop:s0 gps.gps.version u:object_r:mnld_prop:s0 +gps.clock.type u:object_r:mnld_prop:s0 +dolby.audio u:object_r:audio_prop:s0 +dolby. u:object_r:system_prop:s0 +debug.program_binary. u:object_r:program_binary_prop:s0 +debug.netlog u:object_r:debug_netlog_prop:s0 +debug.mtklog u:object_r:debug_mtklog_prop:s0 +debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0 +debug.mdlogger u:object_r:debug_mdlogger_prop:s0 debug.gpsdbglog.enable u:object_r:mnld_prop:s0 - -#=============allow audiohal============== -streamout. u:object_r:audiohal_prop:s0 -af. u:object_r:audiohal_prop:s0 -streamin. u:object_r:audiohal_prop:s0 -a2dp. u:object_r:audiohal_prop:s0 -persist.af. u:object_r:audiohal_prop:s0 - -#=============allow tedongle to set tedongle.*============= -tedongle. u:object_r:radio_prop:s0 -ctl.ril-3gddaemon u:object_r:ctl_ril3gd_prop:s0 -ctl.zpppd_gprs u:object_r:ctl_zpppdgprs_prop:s0 - -#=============allow DM============== -# persist.dm.lock -persist.dm. u:object_r:persist_dm_prop:s0 -# dm fota +debug.factory.idle_state u:object_r:factory_idle_state_prop:s0 +debug.bq.dump u:object_r:debug_bq_dump_prop:s0 +ctl.zpppd_gprs u:object_r:ctl_zpppdgprs_prop:s0 +ctl.volte_ua u:object_r:ctl_volte_ua_prop:s0 +ctl.volte_stack u:object_r:ctl_volte_stack_prop:s0 +ctl.volte_imcb u:object_r:ctl_volte_imcb_prop:s0 +ctl.viarild u:object_r:ctl_viarild_prop:s0 +ctl.st480 u:object_r:ctl_st480_prop:s0 +ctl.sdcard u:object_r:ctl_fuse_prop:s0 +ctl.s62xd u:object_r:ctl_s62xd_prop:s0 +ctl.ril-proxy u:object_r:ctl_ril-proxy_prop:s0 +ctl.ril-daemon-s u:object_r:ctl_ril-daemon-s_prop:s0 +ctl.ril-daemon-mtk u:object_r:ctl_ril-daemon-mtk_prop:s0 +ctl.ril-daemon-md2 u:object_r:ctl_ril-daemon-md2_prop:s0 +ctl.ril-daemon-d u:object_r:ctl_ril-daemon-d_prop:s0 +ctl.ril-3gddaemon u:object_r:ctl_ril3gd_prop:s0 ctl.rbfota u:object_r:ctl_rbfota_prop:s0 - -#=============allow atcid============== +ctl.pppd_via u:object_r:ctl_pppd_via_prop:s0 +ctl.pppd_gprs u:object_r:pppd_gprs_prop:s0 +ctl.orientationd u:object_r:ctl_orientationd_prop:s0 +ctl.mxg2320d u:object_r:ctl_mxg2320d_prop:s0 +ctl.muxreport-daemon u:object_r:ctl_muxreport-daemon_prop:s0 +ctl.msensord u:object_r:ctl_msensord_prop:s0 +ctl.memsicd3416x u:object_r:ctl_memsicd3416x_prop:s0 +ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0 +ctl.mbimd u:object_r:ctl_mbimd_prop:s0 +ctl.istd8303 u:object_r:ctl_istd8303_prop:s0 +ctl.ipod u:object_r:ctl_ipod_prop:s0 +ctl.ipo_swap u:object_r:ctl_ipo_swap_prop:s0 +ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0 +ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd-s_prop:s0 +ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd-d_prop:s0 +ctl.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0 +ctl.geomagneticd u:object_r:ctl_geomagneticd_prop:s0 +ctl.emdlogger5 u:object_r:ctl_emcsmdlogger_prop:s0 +ctl.emdlogger3 u:object_r:ctl_emdlogger3_prop:s0 +ctl.emdlogger2 u:object_r:ctl_emdlogger2_prop:s0 +ctl.emdlogger1 u:object_r:ctl_emdlogger1_prop:s0 +ctl.eemcs_fsd u:object_r:ctl_eemcs_fsd_prop:s0 +ctl.eemcs_fmdl u:object_r:ctl_eemcs_fmdl_prop:s0 +ctl.dualmdlogger u:object_r:ctl_dualmdlogger_prop:s0 +ctl.ccci_rpcd u:object_r:ctl_ccci_rpcd_prop:s0 +ctl.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0 +ctl.ccci3_fsd u:object_r:ctl_ccci3_fsd_prop:s0 +ctl.ccci2_rpcd u:object_r:ctl_ccci2_rpcd_prop:s0 +ctl.ccci2_fsd u:object_r:ctl_ccci2_fsd_prop:s0 +ctl.bmm056d u:object_r:ctl_bmm056d_prop:s0 +ctl.bmm050d u:object_r:ctl_bmm050d_prop:s0 ctl.atcid-daemon-u u:object_r:ctl_atcid-daemon-u_prop:s0 ctl.atci_service u:object_r:ctl_atci_service_prop:s0 -persist.service.atci. u:object_r:persist_service_atci_prop:s0 - -#=============allow volte_rcs_ua============== -ril.volte.stack.rcsuaproxy u:object_r:ril_volte_stack_rcsuaproxy_prop:s0 - -#=============allow ipod============== -ctl.ipod u:object_r:ctl_ipod_prop:s0 -ctl.ipo_swap u:object_r:ctl_ipo_swap_prop:s0 -ipo.ipoh. u:object_r:ipod_prop:s0 -persist.ipoh. u:object_r:ipod_prop:s0 - -#=============allow wmt ============== -persist.mtk.wcn u:object_r:wmt_prop:s0 -service.wcn u:object_r:wmt_prop:s0 - -#============= permission_check ============== -#persist.md.perm.checked -persist.md u:object_r:persist_md_prop:s0 - -#=============allow sensor daemon============== -ctl.msensord u:object_r:ctl_msensord_prop:s0 -ctl.bmm050d u:object_r:ctl_bmm050d_prop:s0 -ctl.s62xd u:object_r:ctl_s62xd_prop:s0 -ctl.bmm056d u:object_r:ctl_bmm056d_prop:s0 -ctl.akmd8963 u:object_r:ctl_akmd8963_prop:s0 -ctl.akmd09911 u:object_r:ctl_akmd09911_prop:s0 -#ly_zhangtao add for mag sensor start -ctl.mxg2320d u:object_r:ctl_mxg2320d_prop:s0 -#ly_zhangtao add for mag sensor end -ctl.akmd09912 u:object_r:ctl_akmd09912_prop:s0 -ctl.geomagneticd u:object_r:ctl_geomagneticd_prop:s0 -ctl.orientationd u:object_r:ctl_orientationd_prop:s0 -ctl.emdlogger5 u:object_r:ctl_emcsmdlogger_prop:s0 -ctl.eemcs_fsd u:object_r:ctl_eemcs_fsd_prop:s0 -ctl.istd8303 u:object_r:ctl_istd8303_prop:s0 -ctl.st480 u:object_r:ctl_st480_prop:s0 -ctl.memsicd3416x u:object_r:ctl_memsicd3416x_prop:s0 -#=============allow statusd============== -net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0 - -#=============allow c2k_prop ============== +ctl.akmd8963 u:object_r:ctl_akmd8963_prop:s0 +ctl.akmd09912 u:object_r:ctl_akmd09912_prop:s0 +ctl.akmd09911 u:object_r:ctl_akmd09911_prop:s0 cdma. u:object_r:cdma_prop:s0 - -#=============allow saveLocale============== -user.language u:object_r:save_locale_prop:s0 -user.region u:object_r:save_locale_prop:s0 - -#=============allow bt prop============== -bt. u:object_r:bt_prop:s0 -persist.bt. u:object_r:persist_bt_prop:s0 -#=============allow ccci_mdinit EVDO ============== -mtk_telephony u:object_r:mtk_tele_prop:s0 -#=============allow ccci_mdinit md status ============== -mtk.md u:object_r:mtk_md_prop:s0 -#=============allow pppd ============== -ctl.pppd_gprs u:object_r:pppd_gprs_prop:s0 - -#=============allow wifi offload deamon ============== -net.wo. u:object_r:mtk_wod_prop:s0 -persist.net.wo. u:object_r:persist_wod_prop:s0 - -# DOLBY_START -dolby.audio u:object_r:audio_prop:s0 -dolby. u:object_r:system_prop:s0 -# DOLBY_END - -#=============allow program binary deamon ============== -debug.program_binary. u:object_r:program_binary_prop:s0 - -#=============allow radio to set mtk_volte_enable property ============== -persist.mtk.volte.enable u:object_r:mtk_volte_prop:s0 - -#=============allow radio to set mtk_wfc_enable property ============== -persist.mtk.wfc.enable u:object_r:mtk_wfc_prop:s0 - -#=============allow radio to set mtk_vt_enable property ============== -persist.mtk.ims.video.enable u:object_r:mtk_vt_prop:s0 - -#=============allow volte deamon ============== -ctl.volte_imcb u:object_r:ctl_volte_imcb_prop:s0 -ctl.volte_stack u:object_r:ctl_volte_stack_prop:s0 -ctl.volte_ua u:object_r:ctl_volte_ua_prop:s0 -ril.volte. u:object_r:volte_prop:s0 - -#=============allow hotknot deamon ============== -hotknot. u:object_r:hotknot_prop:s0 - -#=============allow teei daemon and init_thh daemon to set property ============== -soter.teei. u:object_r:soter_teei_prop:s0 - -#=============allow ged_srv set protocol================ -persist.mtk.sf.fps u:object_r:mtk_sf_prop:s0 - -#============= allow factory idle current prop ============== -debug.factory.idle_state u:object_r:factory_idle_state_prop:s0 - -#=============allow em set protocol================ -volte.emergency.pdn.protocol u:object_r:mtk_em_pdn_prop:s0 - -#=============allow MBIMD set protocol================ -ctl.mbimd u:object_r:ctl_mbimd_prop:s0 - -#=============allow em set protocol================ -persist.ims.simulate u:object_r:mtk_em_ims_simulate_prop:s0 - -#=============allow em set protocol================ -persist.auto_answer u:object_r:mtk_em_auto_answer_prop:s0 - -#=============allow smart audio pa deamon ============== -smart_audio. u:object_r:smart_audio_prop:s0 \ No newline at end of file +bt. u:object_r:bt_prop:s0 +atcp. u:object_r:atcp_prop:s0 +af. u:object_r:audiohal_prop:s0 +a2dp. u:object_r:audiohal_prop:s0 \ No newline at end of file diff --git a/sepolicy/pvrsrvctl.te b/sepolicy/pvrsrvctl.te index da85194..1e7b2c0 100644 --- a/sepolicy/pvrsrvctl.te +++ b/sepolicy/pvrsrvctl.te @@ -1,5 +1,5 @@ -type pvrsrvctl_exec, exec_type, file_type; type pvrsrvctl, domain; +type pvrsrvctl_exec, exec_type, file_type; init_daemon_domain(pvrsrvctl) allow pvrsrvctl self:capability sys_module; allow pvrsrvctl self:capability sys_admin; diff --git a/sepolicy/radio.te b/sepolicy/radio.te index baad5ee..c658049 100644 --- a/sepolicy/radio.te +++ b/sepolicy/radio.te @@ -1,96 +1,45 @@ -unix_socket_connect(radio, volte_imsa1, volte_imcb) -unix_socket_connect(radio, rild_vsim_md2, mtkrild) -unix_socket_connect(radio, rild_vsim, mtkrild) -unix_socket_connect(radio, rild_ims, mtkrild) -unix_socket_connect(radio, rild-dongle, ril-3gddaemon) -unix_socket_connect(radio, agpsd, mtk_agpsd) -allow vtservice tmpfs:lnk_file read; -allow vtservice system_server:binder call; -allow vtservice surfaceflinger:fd use; -allow vtservice soc_vt_tcv_socket:sock_file write; -allow vtservice soc_vt_svc_socket:sock_file write; -allow vtservice self:capability dac_override; -allow vtservice rild_oem_socket:sock_file write; -allow vtservice radio:binder call; -allow vtservice platform_app:binder call; -allow vtservice fuse:file getattr; -allow vtservice fuse:file create; -allow vtservice fuse:dir write; -allow vtservice fuse:dir create; -allow vtservice fuse:dir add_name; -allow radio zygote:unix_stream_socket { getopt getattr }; -allow radio vtservice_service:service_manager find; -allow radio vtservice:binder transfer; -allow radio vtservice:binder call; -allow radio viarild:unix_stream_socket connectto; -allow radio ttyGS_device:chr_file { open read write ioctl }; -allow radio system_prop:property_service set; -allow radio system_app_data_file:dir search; -allow radio sysfs_keypad_file:file { open write }; -allow radio sysfs_keypad_file:dir { open write }; -allow radio surfaceflinger:fifo_file { read write }; -allow radio stpbt_device:chr_file { read write open }; -allow radio stpant_device:chr_file { read write open }; -allow radio statusd:unix_stream_socket connectto; -allow radio sdcard_internal:file { read write getattr open create }; -allow radio sdcard_internal:dir { write create add_name }; -allow radio rilproxy_atci_socket:sock_file write; -allow radio rilproxy:unix_stream_socket connectto; -allow radio rild_via_socket:sock_file write; -allow radio rild_md2_socket:sock_file write; -allow radio rild_mal_socket:sock_file write; -allow radio rild_mal_md2_socket:sock_file write; -allow radio rild_mal_at_socket:sock_file write; -allow radio rild_mal_at_md2_socket:sock_file write; -allow radio rild_imsm_socket:sock_file write; -allow radio rild_atci_socket:sock_file write; -allow radio rild_atci_md2_socket:sock_file write; -allow radio rild_atci_c2k_socket:sock_file write; -allow radio rild4_socket:sock_file write; -allow radio rild3_socket:sock_file write; -allow radio rild2_socket:sock_file write; -allow radio program_binary_service:service_manager find; -allow radio proc_mtktz:dir search; -allow radio proc_mtkcooler:dir search; -allow radio ppl_agent_service:service_manager find; -allow radio persist_service_atci_prop:property_service set; -allow radio persist_ril_prop:property_service set; -allow radio nfc_socket:sock_file { create write unlink setattr }; -allow radio nfc_socket:dir { write add_name remove_name search }; -allow radio nfc_service:service_manager find; -allow radio mtkrildmd2:unix_stream_socket connectto; -allow radio mtkrild:unix_stream_socket connectto; -allow radio mtkmal:unix_stream_socket connectto; -allow radio mtk_wfc_prop:property_service set; -allow radio mtk_vt_prop:property_service set; -allow radio mtk_volte_prop:property_service set; -allow radio mtk_em_pdn_prop:property_service set; -allow radio mtk_em_ims_simulate_prop:property_service set; -allow radio mtk_em_auto_answer_prop:property_service set; -allow radio mtgpio_device:chr_file { read ioctl open }; -allow radio mt_otg_test_device:chr_file { read write ioctl open }; -allow radio mt6605_device:chr_file { read write ioctl open getattr }; -allow radio mnld_prop:file { read open getattr }; -allow radio mediatek_prop:property_service set; -allow radio media_wfd_prop:property_service set; -allow radio media_rw_data_file:dir search; -allow radio md_monitor:unix_stream_socket connectto; -allow radio md_monitor:file { read open getattr }; -allow radio md_monitor:dir search; -allow radio mal_mfi_socket:sock_file write; -allow radio guiext-server:binder { transfer call }; -allow radio em_svr:unix_stream_socket connectto; -allow radio dm_agent_binder_service:service_manager find; -allow radio dm_agent_binder:binder call; -allow radio debugfs:file { getattr }; -allow radio debug_prop:property_service set; -allow radio custom_file:file { read open getattr }; -allow radio custom_file:dir { search getattr open read }; -allow radio custom_file:dir getattr; -allow radio ctl_mbimd_prop:property_service set; -allow radio ctl_atcid-daemon-u_prop:property_service set; -allow radio ctl_atci_service_prop:property_service set; -allow radio cdma_prop:property_service set; -allow radio bt_int_adp_socket:sock_file write; -allow radio block_device:dir search; -allow radio als_ps_device:chr_file { read open ioctl }; \ No newline at end of file +auditallow viarild system_radio_prop:property_service set; +auditallow viarild net_radio_prop:property_service set; +auditallow statusd system_radio_prop:property_service set; +auditallow statusd net_radio_prop:property_service set; +auditallow ril-3gddaemon system_radio_prop:property_service set; +auditallow ril-3gddaemon net_radio_prop:property_service set; +auditallow mtkrildmd2 system_radio_prop:property_service set; +auditallow mtkrildmd2 net_radio_prop:property_service set; +auditallow mtkrild system_radio_prop:property_service set; +auditallow mtkrild net_radio_prop:property_service set; +auditallow atcp system_radio_prop:property_service set; +auditallow atcp net_radio_prop:property_service set; +allow zpppd_gprs system_radio_prop:property_service set; +allow zpppd_gprs radio_prop:property_service set; +allow zpppd_gprs net_radio_prop:property_service set; +allow vtservice radio_service:service_manager find; +allow viarild system_radio_prop:property_service set; +allow viarild radio_prop:property_service set; +allow viarild net_radio_prop:property_service set; +allow usbdongled radio_prop:property_service set; +allow statusd system_radio_prop:property_service set; +allow statusd radio_prop:property_service set; +allow statusd net_radio_prop:property_service set; +allow smart_audio radio_prop:property_service set; +allow rilproxy radio_prop:property_service set; +allow ril-3gddaemon system_radio_prop:property_service set; +allow ril-3gddaemon radio_prop:property_service set; +allow ril-3gddaemon net_radio_prop:property_service set; +allow pppd_via net_radio_prop:property_service set; +allow pppd_dt net_radio_prop:property_service set; +allow ppp net_radio_prop:property_service set; +allow mtkrildmd2 system_radio_prop:property_service set; +allow mtkrildmd2 radio_prop:property_service set; +allow mtkrildmd2 net_radio_prop:property_service set; +allow mtkrild system_radio_prop:property_service set; +allow mtkrild radio_prop:property_service set; +allow mtkrild net_radio_prop:property_service set; +allow mtkmal radio_prop:property_service set; +allow gsm0710muxdmd2 radio_prop:property_service set; +allow gsm0710muxd radio_prop:property_service set; +allow emdlogger system_radio_prop:property_service set; +allow ccci_mdinit radio_prop:property_service set; +allow atcp system_radio_prop:property_service set; +allow atcp radio_prop:property_service set; +allow atcp net_radio_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/rda.te b/sepolicy/rda.te index 1624502..98c3093 100644 --- a/sepolicy/rda.te +++ b/sepolicy/rda.te @@ -1,5 +1,5 @@ -type rda_exec, exec_type, file_type; type rda, domain; +type rda_exec, exec_type, file_type; userdebug_or_eng(` allow rda su_exec:file r_file_perms; ') diff --git a/sepolicy/resize.te b/sepolicy/resize.te index 5d6601c..db6e73b 100644 --- a/sepolicy/resize.te +++ b/sepolicy/resize.te @@ -1,5 +1,5 @@ -type resize_exec, exec_type, file_type; type resize, domain; +type resize_exec, exec_type, file_type; init_daemon_domain(resize) allow resize userdata_block_device:blk_file rw_file_perms; allow resize system_prop:property_service set; diff --git a/sepolicy/resmon.te b/sepolicy/resmon.te index 51f2b9c..88e4ba2 100644 --- a/sepolicy/resmon.te +++ b/sepolicy/resmon.te @@ -1,5 +1,5 @@ -type resmon, domain; type resmon_exec, exec_type, file_type; +type resmon, domain; userdebug_or_eng(` permissive resmon; init_daemon_domain(resmon) diff --git a/sepolicy/ril-3gddaemon.te b/sepolicy/ril-3gddaemon.te index 77af404..08e9a30 100644 --- a/sepolicy/ril-3gddaemon.te +++ b/sepolicy/ril-3gddaemon.te @@ -1,5 +1,5 @@ -type ril-3gddaemon_exec, exec_type, file_type; type ril-3gddaemon, domain; +type ril-3gddaemon_exec, exec_type, file_type; wakelock_use(ril-3gddaemon) unix_socket_connect(ril-3gddaemon, property, init) net_domain(ril-3gddaemon) diff --git a/sepolicy/ril.te b/sepolicy/ril.te index 3ee5f9a..b1e0b36 100755 --- a/sepolicy/ril.te +++ b/sepolicy/ril.te @@ -1,7 +1,7 @@ -type ril_mux_report_case_prop, property_type; -type ril_active_md_prop, property_type; -type ril_cdma_report_prop, property_type; type ril_volte_stack_rcsuaproxy_prop, property_type; +type ril_cdma_report_prop, property_type; +type ril_active_md_prop, property_type; +type ril_mux_report_case_prop, property_type; allow viarild ril_mux_report_case_prop:property_service set; allow viarild ril_cdma_report_prop:property_service set; allow viarild ril_active_md_prop:property_service set; diff --git a/sepolicy/rilproxy.te b/sepolicy/rilproxy.te index ac194cd..44d42b5 100644 --- a/sepolicy/rilproxy.te +++ b/sepolicy/rilproxy.te @@ -1,5 +1,5 @@ -type rilproxy, domain; type rilproxy_exec, exec_type, file_type; +type rilproxy, domain; wakelock_use(rilproxy) net_domain(rilproxy) init_daemon_domain(rilproxy) diff --git a/sepolicy/s62xd.te b/sepolicy/s62xd.te index eb113e3..afd603b 100644 --- a/sepolicy/s62xd.te +++ b/sepolicy/s62xd.te @@ -1,5 +1,5 @@ -type s62xd, domain; type s62xd_exec, exec_type, file_type; +type s62xd, domain; init_daemon_domain(s62xd) allow s62xd msensor_device:chr_file { open ioctl read write }; allow s62xd gsensor_device:chr_file { open ioctl read write }; \ No newline at end of file diff --git a/sepolicy/sbchk.te b/sepolicy/sbchk.te index d77e55b..7b222bf 100644 --- a/sepolicy/sbchk.te +++ b/sepolicy/sbchk.te @@ -1,5 +1,5 @@ -type sbchk_exec, exec_type, file_type; type sbchk, domain; +type sbchk_exec, exec_type, file_type; init_daemon_domain(sbchk) allow sbchk secro_block_device:blk_file rw_file_perms; allow sbchk seccfg_device:chr_file rw_file_perms; diff --git a/sepolicy/service.te b/sepolicy/service.te index 4c925ad..c6bf798 100644 --- a/sepolicy/service.te +++ b/sepolicy/service.te @@ -1,28 +1,28 @@ -type mtk_multiwindow_service, app_api_service, system_server_service, service_manager_type; -type mtk_data_shaping_service, app_api_service, system_server_service, service_manager_type; -type gas_srv_service, service_manager_type; -type mtk_rns_service, app_api_service, system_server_service, service_manager_type; -type mtk_epgd_service, app_api_service, system_server_service, service_manager_type; -type mtk_anrmanager_service, app_api_service, system_server_service, service_manager_type; -type mtk_msg_monitor_service, app_api_service, system_server_service, service_manager_type; -type mtk_hdmi_service, app_api_service, system_server_service, service_manager_type; -type mtk_recovery_service, app_api_service, system_server_service, service_manager_type; -type mtk_perf_service, app_api_service, system_server_service, service_manager_type; -type mtk_mobile_service, app_api_service, system_server_service, service_manager_type; -type goodix_service, service_manager_type; -type goodix_fingerprint_service, app_api_service, system_server_service, service_manager_type; -type goodixfingerprintd_service, app_api_service, system_server_service, service_manager_type; -type mtk_mwblacklist_service, service_manager_type; -type mtk_consumerir_service, service_manager_type; -type hotknot_native_service, service_manager_type; -type mtk_hotknot_service, service_manager_type; -type vtservice_service, service_manager_type; -type ppl_agent_service, service_manager_type; -type mtk_codec_service_service, service_manager_type; -type guiext-server_service, service_manager_type; -type pq_service, service_manager_type; -type aal_service, service_manager_type; -type ota_agent_service, service_manager_type; -type terservice_service, service_manager_type; +type nvram_agent_service, service_manager_type; type dm_agent_binder_service, service_manager_type; -type nvram_agent_service, service_manager_type; \ No newline at end of file +type terservice_service, service_manager_type; +type ota_agent_service, service_manager_type; +type aal_service, service_manager_type; +type pq_service, service_manager_type; +type guiext-server_service, service_manager_type; +type mtk_codec_service_service, service_manager_type; +type ppl_agent_service, service_manager_type; +type vtservice_service, service_manager_type; +type mtk_hotknot_service, service_manager_type; +type hotknot_native_service, service_manager_type; +type mtk_consumerir_service, service_manager_type; +type mtk_mwblacklist_service, service_manager_type; +type goodixfingerprintd_service, app_api_service, system_server_service, service_manager_type; +type goodix_fingerprint_service, app_api_service, system_server_service, service_manager_type; +type goodix_service, service_manager_type; +type mtk_mobile_service, app_api_service, system_server_service, service_manager_type; +type mtk_perf_service, app_api_service, system_server_service, service_manager_type; +type mtk_recovery_service, app_api_service, system_server_service, service_manager_type; +type mtk_hdmi_service, app_api_service, system_server_service, service_manager_type; +type mtk_msg_monitor_service, app_api_service, system_server_service, service_manager_type; +type mtk_anrmanager_service, app_api_service, system_server_service, service_manager_type; +type mtk_epgd_service, app_api_service, system_server_service, service_manager_type; +type mtk_rns_service, app_api_service, system_server_service, service_manager_type; +type gas_srv_service, service_manager_type; +type mtk_data_shaping_service, app_api_service, system_server_service, service_manager_type; +type mtk_multiwindow_service, app_api_service, system_server_service, service_manager_type; \ No newline at end of file diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts index 501e28e..b31991d 100644 --- a/sepolicy/service_contexts +++ b/sepolicy/service_contexts @@ -1,53 +1,44 @@ -# ============================================== -# MTK Policy Rule -# ============================================== - -# System Server Services -search_engine u:object_r:search_service:s0 -audioprofile u:object_r:audio_service:s0 -mobile u:object_r:mtk_mobile_service:s0 -mtk-perfservice u:object_r:mtk_perf_service:s0 -#recovery u:object_r:mtk_recovery_service:s0 -mtkhdmi u:object_r:mtk_hdmi_service:s0 -msgmonitorservice u:object_r:mtk_msg_monitor_service:s0 -anrmanager u:object_r:mtk_anrmanager_service:s0 -sensorhubservice u:object_r:sensorservice_service:s0 -SensorHubService u:object_r:sensorservice_service:s0 -epdg_service u:object_r:mtk_epgd_service:s0 -rns u:object_r:mtk_rns_service:s0 - -# Other Services -NvRAMAgent u:object_r:nvram_agent_service:s0 -phoneEx u:object_r:radio_service:s0 -DmAgent u:object_r:dm_agent_binder_service:s0 -hotknot_service u:object_r:mtk_hotknot_service:s0 -vie_command u:object_r:system_app_service:s0 -terservice u:object_r:terservice_service:s0 -GoogleOtaBinder u:object_r:ota_agent_service:s0 -memory_dumper u:object_r:mediaserver_service:s0 -AAL u:object_r:aal_service:s0 -PQ u:object_r:pq_service:s0 -iphonesubinfotedongle u:object_r:radio_service:s0 -isubtedongle u:object_r:radio_service:s0 -simphonebooktedongle u:object_r:radio_service:s0 -ismstedongle u:object_r:radio_service:s0 -tedongleservice u:object_r:radio_service:s0 -GbaService u:object_r:radio_service:s0 -GuiExtService u:object_r:guiext-server_service:s0 -mtk.codecservice u:object_r:mtk_codec_service_service:s0 -PPLAgent u:object_r:ppl_agent_service:s0 -media.mmsdk u:object_r:mediaserver_service:s0 -consumer_ir_extra u:object_r:mtk_consumerir_service:s0 -program_binary u:object_r:program_binary_service:s0 -media.VTS u:object_r:vtservice_service:s0 -GpuAppSpectatorService u:object_r:gas_srv_service:s0 -hotknotnativeservice u:object_r:hotknot_native_service:s0 -wfo u:object_r:radio_service:s0 -CrossMountManagerService u:object_r:system_app_service:s0 -data_shaping u:object_r:mtk_data_shaping_service:s0 -multiwindow u:object_r:mtk_multiwindow_service:s0 -mw_blacklist u:object_r:mtk_mwblacklist_service:s0 - -android.hardware.fingerprint.IGoodixFingerprintDaemon u:object_r:goodixfingerprintd_service:s0 +wfo u:object_r:radio_service:s0 +vie_command u:object_r:system_app_service:s0 +terservice u:object_r:terservice_service:s0 +tedongleservice u:object_r:radio_service:s0 +simphonebooktedongle u:object_r:radio_service:s0 +sensorhubservice u:object_r:sensorservice_service:s0 +search_engine u:object_r:search_service:s0 +rns u:object_r:mtk_rns_service:s0 +program_binary u:object_r:program_binary_service:s0 +phoneEx u:object_r:radio_service:s0 +mw_blacklist u:object_r:mtk_mwblacklist_service:s0 +multiwindow u:object_r:mtk_multiwindow_service:s0 +mtkhdmi u:object_r:mtk_hdmi_service:s0 +mtk.codecservice u:object_r:mtk_codec_service_service:s0 +mtk-perfservice u:object_r:mtk_perf_service:s0 +msgmonitorservice u:object_r:mtk_msg_monitor_service:s0 +mobile u:object_r:mtk_mobile_service:s0 +memory_dumper u:object_r:mediaserver_service:s0 +media.mmsdk u:object_r:mediaserver_service:s0 +media.VTS u:object_r:vtservice_service:s0 +isubtedongle u:object_r:radio_service:s0 +ismstedongle u:object_r:radio_service:s0 +iphonesubinfotedongle u:object_r:radio_service:s0 +hotknotnativeservice u:object_r:hotknot_native_service:s0 +hotknot_service u:object_r:mtk_hotknot_service:s0 +goodix.fp u:object_r:goodix_service:s0 +epdg_service u:object_r:mtk_epgd_service:s0 +data_shaping u:object_r:mtk_data_shaping_service:s0 +consumer_ir_extra u:object_r:mtk_consumerir_service:s0 com.goodix.FingerprintService u:object_r:goodix_fingerprint_service:s0 -goodix.fp u:object_r:goodix_service:s0 +audioprofile u:object_r:audio_service:s0 +anrmanager u:object_r:mtk_anrmanager_service:s0 +android.hardware.fingerprint.IGoodixFingerprintDaemon u:object_r:goodixfingerprintd_service:s0 +SensorHubService u:object_r:sensorservice_service:s0 +PQ u:object_r:pq_service:s0 +PPLAgent u:object_r:ppl_agent_service:s0 +NvRAMAgent u:object_r:nvram_agent_service:s0 +GuiExtService u:object_r:guiext-server_service:s0 +GpuAppSpectatorService u:object_r:gas_srv_service:s0 +GoogleOtaBinder u:object_r:ota_agent_service:s0 +GbaService u:object_r:radio_service:s0 +DmAgent u:object_r:dm_agent_binder_service:s0 +CrossMountManagerService u:object_r:system_app_service:s0 +AAL u:object_r:aal_service:s0 \ No newline at end of file diff --git a/sepolicy/slpd.te b/sepolicy/slpd.te index 151d101..f836c59 100644 --- a/sepolicy/slpd.te +++ b/sepolicy/slpd.te @@ -1,5 +1,5 @@ -type slpd, domain; type slpd_exec, exec_type, file_type; +type slpd, domain; net_domain(slpd) init_daemon_domain(slpd) allow slpd rootfs:lnk_file { getattr }; diff --git a/sepolicy/smart_audio.te b/sepolicy/smart_audio.te index 4f7db34..05f9ae4 100644 --- a/sepolicy/smart_audio.te +++ b/sepolicy/smart_audio.te @@ -1,5 +1,5 @@ -type smart_audio_exec, exec_type, file_type; type smart_audio, domain; +type smart_audio_exec, exec_type, file_type; unix_socket_connect(smart_audio, property, init); init_daemon_domain(smart_audio) allow smart_audio tfa9890_device:chr_file { open read write ioctl }; diff --git a/sepolicy/sn.te b/sepolicy/sn.te index e62193a..089cc7c 100644 --- a/sepolicy/sn.te +++ b/sepolicy/sn.te @@ -1,5 +1,5 @@ -type sn, domain; type sn_exec, exec_type, file_type; +type sn, domain; init_daemon_domain(sn) allow sn tmpfs:dir { read search }; allow sn system_prop:property_service set; diff --git a/sepolicy/spm_loader.te b/sepolicy/spm_loader.te index 7b1ded5..512452c 100644 --- a/sepolicy/spm_loader.te +++ b/sepolicy/spm_loader.te @@ -1,5 +1,5 @@ -type spm_loader, domain; type spm_loader_exec, exec_type, file_type; +type spm_loader, domain; init_daemon_domain(spm_loader) allow spm_loader spm_device:chr_file { read open }; allow spm_loader self:capability { dac_read_search dac_override }; \ No newline at end of file diff --git a/sepolicy/st480.te b/sepolicy/st480.te index 44a1ffb..b3c8e4e 100644 --- a/sepolicy/st480.te +++ b/sepolicy/st480.te @@ -1,5 +1,5 @@ -type st480, domain; type st480_exec, exec_type, file_type; +type st480, domain; init_daemon_domain(st480) file_type_auto_trans(st480, system_data_file, msensor_data_file) allow st480 system_data_file:dir { write add_name create setattr }; diff --git a/sepolicy/statusd.te b/sepolicy/statusd.te index 367aafb..996a6e8 100644 --- a/sepolicy/statusd.te +++ b/sepolicy/statusd.te @@ -1,5 +1,5 @@ -type statusd, domain; type statusd_exec, exec_type, file_type; +type statusd, domain; init_daemon_domain(statusd) auditallow statusd system_radio_prop:property_service set; auditallow statusd net_radio_prop:property_service set; diff --git a/sepolicy/stp_dump3.te b/sepolicy/stp_dump3.te index 9f1e6be..8711641 100644 --- a/sepolicy/stp_dump3.te +++ b/sepolicy/stp_dump3.te @@ -1,5 +1,5 @@ -type stp_dump3, domain; type stp_dump3_exec, exec_type, file_type; +type stp_dump3, domain; init_daemon_domain(stp_dump3) file_type_auto_trans(stp_dump3,system_data_file,stp_dump_data_file) allow stp_dump3 wmtdetect_device:chr_file { read write ioctl open }; diff --git a/sepolicy/teei_daemon.te b/sepolicy/teei_daemon.te index a400632..dadbaaf 100644 --- a/sepolicy/teei_daemon.te +++ b/sepolicy/teei_daemon.te @@ -1,5 +1,5 @@ -type teei_daemon_exec, exec_type, file_type; type teei_daemon, domain; +type teei_daemon_exec, exec_type, file_type; typeattribute teei_client_device mlstrustedobject; allow teei_daemon teei_vfs_device:chr_file rw_file_perms; allow teei_daemon teei_rpmb_device:chr_file rw_file_perms; diff --git a/sepolicy/terservice.te b/sepolicy/terservice.te index 54e1211..fa94b0c 100644 --- a/sepolicy/terservice.te +++ b/sepolicy/terservice.te @@ -1,10 +1,6 @@ -type terservice, domain; -type terservice_exec, exec_type, file_type; -init_daemon_domain(terservice) -binder_use(terservice) -binder_service(terservice) +type terservice_service, service_manager_type; +type terservice_prop, property_type; +allow untrusted_app terservice_prop:file { read open getattr }; allow terservice terservice_service:service_manager add; allow terservice terservice_prop:property_service set; -allow terservice rootfs:lnk_file { getattr }; -allow terservice persist_ril_prop:file { read open getattr }; -allow terservice ccci_device:chr_file { read write ioctl open }; \ No newline at end of file +allow bootanim terservice_service:service_manager find; \ No newline at end of file diff --git a/sepolicy/thermal.te b/sepolicy/thermal.te index 8793ac1..78c0c27 100644 --- a/sepolicy/thermal.te +++ b/sepolicy/thermal.te @@ -1,5 +1,5 @@ -type thermal, domain; type thermal_exec, exec_type, file_type; +type thermal, domain; init_daemon_domain(thermal) allow thermal viarild:unix_stream_socket connectto; allow thermal statusd:unix_stream_socket connectto; diff --git a/sepolicy/thermal_manager.te b/sepolicy/thermal_manager.te index 3cac49c..6c77f60 100644 --- a/sepolicy/thermal_manager.te +++ b/sepolicy/thermal_manager.te @@ -1,5 +1,5 @@ -type thermal_manager, domain; type thermal_manager_exec, exec_type, file_type; +type thermal_manager, domain; init_daemon_domain(thermal_manager) allow thermal_manager thermal_manager_data_file:file { create open read write setattr lock }; allow thermal_manager thermal_manager_data_file:dir { search getattr open read write setattr add_name }; diff --git a/sepolicy/thermald.te b/sepolicy/thermald.te index a34466f..d28832b 100644 --- a/sepolicy/thermald.te +++ b/sepolicy/thermald.te @@ -1,5 +1,5 @@ -type thermald, domain; type thermald_exec, exec_type, file_type; +type thermald, domain; init_daemon_domain(thermald) binder_use(thermald) allow thermald system_server:binder call; diff --git a/sepolicy/thermalloadalgod.te b/sepolicy/thermalloadalgod.te index fe2eef4..649546b 100644 --- a/sepolicy/thermalloadalgod.te +++ b/sepolicy/thermalloadalgod.te @@ -1,5 +1,5 @@ -type thermalloadalgod_exec, exec_type, file_type; type thermalloadalgod, domain; +type thermalloadalgod_exec, exec_type, file_type; init_daemon_domain(thermalloadalgod) file_type_auto_trans(thermal_manager, system_data_file, thermal_manager_data_file) allow thermalloadalgod thermalloadalgod:netlink_socket { create bind write read }; diff --git a/sepolicy/tiny_mkswap.te b/sepolicy/tiny_mkswap.te index 0406522..30614c2 100644 --- a/sepolicy/tiny_mkswap.te +++ b/sepolicy/tiny_mkswap.te @@ -1,5 +1,5 @@ -type tiny_mkswap, domain; type tiny_mkswap_exec, exec_type, file_type; +type tiny_mkswap, domain; init_daemon_domain(tiny_mkswap) allow tiny_mkswap zram0_device:blk_file { getattr read write open ioctl }; allow tiny_mkswap enableswap:fd use; \ No newline at end of file diff --git a/sepolicy/tiny_swapon.te b/sepolicy/tiny_swapon.te index 3240a55..0fc7ca6 100644 --- a/sepolicy/tiny_swapon.te +++ b/sepolicy/tiny_swapon.te @@ -1,5 +1,5 @@ -type tiny_swapon, domain; type tiny_swapon_exec, exec_type, file_type; +type tiny_swapon, domain; init_daemon_domain(tiny_swapon) allow tiny_swapon zram0_device:blk_file { getattr read write open ioctl }; allow tiny_swapon enableswap:fd use; \ No newline at end of file diff --git a/sepolicy/tune2fs.te b/sepolicy/tune2fs.te index 3e4aec0..9beb549 100644 --- a/sepolicy/tune2fs.te +++ b/sepolicy/tune2fs.te @@ -1,5 +1,5 @@ -type tune2fs_exec, exec_type, file_type; type tune2fs, domain; +type tune2fs_exec, exec_type, file_type; init_daemon_domain(tune2fs) allow tune2fs userdata_block_device:blk_file rw_file_perms; allow tune2fs rootfs:lnk_file { getattr }; diff --git a/sepolicy/tunman.te b/sepolicy/tunman.te index db3101f..03dc6c1 100644 --- a/sepolicy/tunman.te +++ b/sepolicy/tunman.te @@ -1,7 +1,7 @@ -type tunman_prop, property_type; -type tunman_socket, file_type, mlstrustedobject; -type tunman_exec, exec_type, file_type; type tunman, domain; +type tunman_exec, exec_type, file_type; +type tunman_socket, file_type, mlstrustedobject; +type tunman_prop, property_type; unix_socket_connect(tunman, property, init) unix_socket_connect(tunman, netd, netd) unix_socket_connect(netdomain, tunman, tunman) diff --git a/sepolicy/usbdongled.te b/sepolicy/usbdongled.te index fcc2f74..1733e6b 100644 --- a/sepolicy/usbdongled.te +++ b/sepolicy/usbdongled.te @@ -1,5 +1,5 @@ -type usbdongled_exec, exec_type, file_type; type usbdongled, domain; +type usbdongled_exec, exec_type, file_type; unix_socket_connect(usbdongled, property, init) net_domain(usbdongled) init_daemon_domain(usbdongled) diff --git a/sepolicy/viarild.te b/sepolicy/viarild.te index dccf95a..030115b 100644 --- a/sepolicy/viarild.te +++ b/sepolicy/viarild.te @@ -1,5 +1,5 @@ -type viarild, domain; type viarild_exec, exec_type, file_type; +type viarild, domain; wakelock_use(viarild) unix_socket_connect(viarild, property, init) net_domain(viarild) diff --git a/sepolicy/vold.te b/sepolicy/vold.te index 40e6b05..72f29cc 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -1,65 +1,2 @@ -allow vold zram0_device:blk_file getattr; -allow vold userdata_block_device:blk_file create_file_perms; -allow vold tmpfs:lnk_file { create unlink }; -allow vold system_data_file:lnk_file { create unlink }; -allow vold system_data_file:file open; -allow vold system_data_file:dir { relabelfrom relabelto setattr }; -allow vold storage_file:lnk_file { create unlink }; -allow vold self:capability { sys_resource setgid setuid }; -allow vold sdcardd_exec:file { read open execute execute_no_trans }; -allow vold resize_exec:file rx_file_perms; -allow vold rawfs:dir { read ioctl open }; -allow vold protect_s_data_file:dir { read getattr open ioctl }; -allow vold protect_f_data_file:dir { read getattr open ioctl }; -allow vold protect2_block_device:blk_file rw_file_perms; -allow vold protect1_block_device:blk_file rw_file_perms; -allow vold proc_mtktz:dir r_dir_perms; -allow vold proc_mtkcooler:dir r_dir_perms; -allow vold proc_lk_env:file { read write open ioctl }; -allow vold proc:file write; -allow vold platform_app:process ptrace; -allow vold platform_app:fd use; -allow vold persist_data_file:dir { read getattr open ioctl }; -allow vold para_block_device:blk_file rw_file_perms; -allow vold nvram_device:chr_file { read write open }; -allow vold nvram_device:chr_file ioctl; -allow vold nvram_device:blk_file rw_file_perms; -allow vold nvram_data_file:lnk_file read; -allow vold nvram_data_file:file { read getattr open write create setattr }; -allow vold nvram_data_file:dir { read open write add_name create getattr setattr search }; -allow vold nvdata_file:file { read getattr open write create setattr }; -allow vold nvdata_file:dir { read ioctl open write add_name create getattr setattr search }; -allow vold nvcfg_file:dir { read getattr open ioctl }; -allow vold mtd_device:dir search; -allow vold mtd_device:chr_file { read write open }; -allow vold mobile_log_d:process ptrace; -allow vold mobicore_user_device:chr_file { read write ioctl open }; -allow vold mobicore:unix_stream_socket connectto; -allow vold mmcblk1p1_block_device:blk_file { open read write lock ioctl getattr }; -allow vold mmcblk0_block_device:blk_file rw_file_perms; -allow vold misc_sd_device:chr_file { read ioctl open }; -allow vold misc_device:chr_file { write open }; -allow vold misc_device:chr_file read; -allow vold misc2_block_device:blk_file rw_file_perms; -allow vold mediaserver:process ptrace; -allow vold media_rw_data_file:dir { read open }; -allow vold mdlog_data_file:file { read getattr open }; -allow vold mdlog_data_file:dir { read open getattr search }; -allow vold logtemp_data_file:file { read getattr open }; -allow vold logtemp_data_file:dir { read open getattr search }; -allow vold logmisc_data_file:file { read getattr open }; -allow vold logmisc_data_file:dir { read open getattr search }; -allow vold kernel:system module_request; -allow vold iso9660:filesystem unmount; -allow vold install_data_file:file { read open }; -allow vold fuse_device:chr_file { read write open }; -allow vold fon_image_data_file:file { read write }; -allow vold fon_image_data_file:file open; -allow vold fon_image_data_file:file getattr; -allow vold fon_image_data_file:dir search; -allow vold data_tmpfs_log_file:file { write setattr getattr relabelto create unlink open read }; -allow vold data_tmpfs_log_file:dir { setattr getattr read create write rmdir relabelto remove_name open add_name search }; -allow vold block_device:file create; -allow vold block_device:blk_file { ioctl getattr }; -allow vold aee_exp_data_file:file { read getattr open }; -allow vold aee_exp_data_file:dir { read open getattr search }; \ No newline at end of file +allow vdc vold_prop:property_service set; +allow md_ctrl vold_prop:property_service set; \ No newline at end of file diff --git a/sepolicy/volte.te b/sepolicy/volte.te index 1072f69..d7f205e 100755 --- a/sepolicy/volte.te +++ b/sepolicy/volte.te @@ -1,5 +1,5 @@ -type mtk_volte_prop, property_type; type volte_prop, property_type; +type mtk_volte_prop, property_type; allow volte_imsm_md volte_prop:property_service set; allow untrusted_app volte_prop:file { getattr open read }; allow untrusted_app mtk_volte_prop:file { open read getattr }; diff --git a/sepolicy/volte_imcb.te b/sepolicy/volte_imcb.te index 04e8d78..b62d329 100644 --- a/sepolicy/volte_imcb.te +++ b/sepolicy/volte_imcb.te @@ -1,7 +1,7 @@ -type volte_imsvt1_socket, file_type; -type volte_imsa1_socket, file_type; -type volte_imcb_exec, exec_type, file_type; type volte_imcb, domain; +type volte_imcb_exec, exec_type, file_type; +type volte_imsa1_socket, file_type; +type volte_imsvt1_socket, file_type; unix_socket_connect(volte_imcb, volte_ua, volte_ua) init_daemon_domain(volte_imcb) allow volte_imcb volte_ua:unix_stream_socket connectto; diff --git a/sepolicy/volte_imsm_md.te b/sepolicy/volte_imsm_md.te index ad550e5..47b9a10 100644 --- a/sepolicy/volte_imsm_md.te +++ b/sepolicy/volte_imsm_md.te @@ -1,5 +1,5 @@ -type volte_imsm_md_exec, exec_type, file_type; type volte_imsm_md, domain; +type volte_imsm_md_exec, exec_type, file_type; unix_socket_send(volte_imsm_md, wpa, wpa) init_daemon_domain(volte_imsm_md) allow wpa volte_imsm_md:unix_stream_socket connectto; diff --git a/sepolicy/volte_rcs_ua.te b/sepolicy/volte_rcs_ua.te index 1fd69d0..6c57cdc 100644 --- a/sepolicy/volte_rcs_ua.te +++ b/sepolicy/volte_rcs_ua.te @@ -1,6 +1,6 @@ -type rcs_ua_proxy_socket, file_type; -type volte_rcs_ua_exec, exec_type, file_type; type volte_rcs_ua, domain; +type volte_rcs_ua_exec, exec_type, file_type; +type rcs_ua_proxy_socket, file_type; unix_socket_connect(volte_rcs_ua, volte_stack, volte_stack) init_daemon_domain(volte_rcs_ua) allow volte_rcs_ua volte_stack:unix_stream_socket connectto; diff --git a/sepolicy/volte_stack.te b/sepolicy/volte_stack.te index d0a8a63..bf44666 100644 --- a/sepolicy/volte_stack.te +++ b/sepolicy/volte_stack.te @@ -1,5 +1,5 @@ -type volte_stack_exec, exec_type, file_type; type volte_stack, domain; +type volte_stack_exec, exec_type, file_type; init_daemon_domain(volte_stack) file_type_auto_trans(volte_stack, system_data_file, ims_ipsec_data_file) allow volte_stack volte_stack_socket:sock_file write; diff --git a/sepolicy/volte_ua.te b/sepolicy/volte_ua.te index 741beb0..ca97166 100644 --- a/sepolicy/volte_ua.te +++ b/sepolicy/volte_ua.te @@ -1,5 +1,5 @@ -type volte_ua_exec, exec_type, file_type; type volte_ua, domain; +type volte_ua_exec, exec_type, file_type; unix_socket_connect(volte_ua, volte_stack, volte_stack) init_daemon_domain(volte_ua) allow volte_ua wfca:unix_stream_socket connectto; diff --git a/sepolicy/vtservice.te b/sepolicy/vtservice.te index 9ba3f1f..4267597 100644 --- a/sepolicy/vtservice.te +++ b/sepolicy/vtservice.te @@ -1,40 +1,3 @@ -type vtservice, domain; -type vtservice_exec, exec_type, file_type; -unix_socket_connect(vtservice, volte_imsvt1, volte_imcb) -unix_socket_connect(vtservice, rild_oem, mtkrild) -init_daemon_domain(vtservice) -binder_use(vtservice) -binder_service(vtservice) -binder_call(vtservice, mediaserver) +type vtservice_service, service_manager_type; allow vtservice vtservice_service:service_manager add; -allow vtservice volte_vt_socket:sock_file { create unlink read write }; -allow vtservice volte_vt_socket:dir { read write ioctl open remove_name add_name }; -allow vtservice volte_vt_socket:dir write; -allow vtservice volte_ua:udp_socket { read write setopt getattr getopt shutdown }; -allow vtservice volte_ua:udp_socket connect; -allow vtservice volte_ua:fd use; -allow vtservice untrusted_app:binder call; -allow vtservice system_data_file:dir { write open read getattr setattr }; -allow vtservice sysfs:file write; -allow vtservice surfaceflinger_service:service_manager find; -allow vtservice storage_file:lnk_file read; -allow vtservice self:udp_socket { create bind connect read write setopt getattr getopt shutdown }; -allow vtservice radio_service:service_manager find; -allow vtservice pq_service:service_manager { find }; -allow vtservice pq:fd use; -allow vtservice pq:binder call; -allow vtservice power_service:service_manager find; -allow vtservice node:udp_socket { node_bind }; -allow vtservice netd:unix_stream_socket connectto; -allow vtservice mtkrild:unix_stream_socket connectto; -allow vtservice mediaserver_service:service_manager find; -allow vtservice fwmarkd_socket:sock_file write; -allow vtservice fuse:file { read write open }; -allow vtservice fuse:dir search; -allow vtservice devmap_device:chr_file read; -allow vtservice devmap_device:chr_file open; -allow vtservice devmap_device:chr_file ioctl; -allow vtservice ccci_device:chr_file { read write open ioctl }; -allow vtservice batterystats_service:service_manager find; -allow vtservice Vcodec_device:chr_file { read write ioctl open }; -allow vtservice MTK_SMI_device:chr_file { read write ioctl open }; \ No newline at end of file +allow radio vtservice_service:service_manager find; \ No newline at end of file diff --git a/sepolicy/wfca.te b/sepolicy/wfca.te index 707454e..76d0806 100644 --- a/sepolicy/wfca.te +++ b/sepolicy/wfca.te @@ -1,5 +1,5 @@ -type wfca_exec, exec_type, file_type; type wfca, domain; +type wfca_exec, exec_type, file_type; init_daemon_domain(wfca) allow wfca volte_ua:udp_socket { read write setopt getattr getopt shutdown }; allow wfca volte_ua:fd use; diff --git a/sepolicy/wifi2agps.te b/sepolicy/wifi2agps.te index 1138310..91a1fce 100644 --- a/sepolicy/wifi2agps.te +++ b/sepolicy/wifi2agps.te @@ -1,5 +1,5 @@ -type wifi2agps, domain; type wifi2agps_exec, exec_type, file_type; +type wifi2agps, domain; init_daemon_domain(wifi2agps) allow wifi2agps self:udp_socket { create ioctl }; allow wifi2agps self:netlink_socket { write getattr setopt read bind create }; diff --git a/sepolicy/wmt_loader.te b/sepolicy/wmt_loader.te index 93ac743..6335a0d 100644 --- a/sepolicy/wmt_loader.te +++ b/sepolicy/wmt_loader.te @@ -1,5 +1,5 @@ -type wmt_loader, domain; type wmt_loader_exec, exec_type, file_type; +type wmt_loader, domain; init_daemon_domain(wmt_loader) allow wmt_loader wmtdetect_device:chr_file { read write ioctl open }; allow wmt_loader wmt_prop:property_service set; diff --git a/sepolicy/xlog.te b/sepolicy/xlog.te index 039ca71..e6c8388 100644 --- a/sepolicy/xlog.te +++ b/sepolicy/xlog.te @@ -1,5 +1,5 @@ -type xlog, domain; type xlog_exec, exec_type, file_type; +type xlog, domain; init_daemon_domain(xlog) allow xlog xlog_data_file:file { write create read open setattr };; allow xlog xlog_data_file:dir { relabelto create_dir_perms }; diff --git a/sepolicy/yamaha537fusiond.te b/sepolicy/yamaha537fusiond.te index 7447d68..cf27621 100644 --- a/sepolicy/yamaha537fusiond.te +++ b/sepolicy/yamaha537fusiond.te @@ -1,5 +1,5 @@ -type yamaha537fusiond, domain; type yamaha537fusiond_exec, exec_type, file_type; +type yamaha537fusiond, domain; init_daemon_domain(yamaha537fusiond) allow yamaha537fusiond system_data_file:file { open read getattr }; allow yamaha537fusiond system_data_file:dir { write remove_name add_name }; diff --git a/sepolicy/zpppd_gprs.te b/sepolicy/zpppd_gprs.te index 8bb7b82..263cdc0 100644 --- a/sepolicy/zpppd_gprs.te +++ b/sepolicy/zpppd_gprs.te @@ -1,5 +1,5 @@ -type zpppd_gprs_exec, exec_type, file_type; type zpppd_gprs, domain; +type zpppd_gprs_exec, exec_type, file_type; unix_socket_connect(zpppd_gprs, property, init) net_domain(zpppd_gprs) init_daemon_domain(zpppd_gprs) diff --git a/src/Gui/SepolicyToolsGUI.java b/src/Gui/SepolicyToolsGUI.java index 80af5ff..8dfed05 100644 --- a/src/Gui/SepolicyToolsGUI.java +++ b/src/Gui/SepolicyToolsGUI.java @@ -99,7 +99,7 @@ public void actionPerformed(ActionEvent e) { textArea = new JTextArea(); textArea.setColumns(57); - textArea.setRows(18); + textArea.setRows(15); textArea.setFont(textFont); textArea.setEditable(false); @@ -207,7 +207,6 @@ public void drop(DropTargetDropEvent dtde) { setFont(globalFont); setBounds(200, 100, 1000, 618); setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE); -// pack(); setVisible(true); }