| # ============================================== |
| # Policy File of /system/binfactory Executable File |
| |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| |
| type factory_exec , exec_type, file_type; |
| type factory ,domain; |
| |
| # ============================================== |
| # Android Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # NSA Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| |
| #permissive factory; |
| init_daemon_domain(factory) |
| file_type_auto_trans(factory, system_data_file, factory_data_file) |
| #unconfined_domain(factory) |
| |
| #============= factory ============== |
| allow factory FM50AF_device:chr_file { read write ioctl open }; |
| allow factory AD5820AF_device:chr_file { read write ioctl open }; |
| allow factory DW9714AF_device:chr_file { read write ioctl open }; |
| allow factory DW9714A_device:chr_file { read write ioctl open }; |
| allow factory LC898122AF_device:chr_file { read write ioctl open }; |
| allow factory LC898212AF_device:chr_file { read write ioctl open }; |
| allow factory BU6429AF_device:chr_file { read write ioctl open }; |
| allow factory DW9718AF_device:chr_file { read write ioctl open }; |
| allow factory BU64745GWZAF_device:chr_file { read write ioctl open }; |
| allow factory MAINAF_device:chr_file { read write ioctl open }; |
| allow factory MAIN2AF_device:chr_file { read write ioctl open }; |
| allow factory SUBAF_device:chr_file { read write ioctl open }; |
| allow factory MTK_SMI_device:chr_file { read ioctl open }; |
| allow factory accdet_device:chr_file { read ioctl open }; |
| allow factory als_ps_device:chr_file { read ioctl open }; |
| allow factory ashmem_device:chr_file execute; |
| allow factory audio_device:chr_file { read write ioctl open }; |
| allow factory camera_isp_device:chr_file { read write ioctl open }; |
| allow factory camera_pipemgr_device:chr_file { read ioctl open }; |
| allow factory camera_sysram_device:chr_file { read ioctl open }; |
| allow factory ccci_device:chr_file { read write ioctl open }; |
| allow factory MT_pmic_cali_device:chr_file { read ioctl open }; |
| allow factory barometer_device:chr_file { read ioctl open }; |
| allow factory humidity_device:chr_file { read ioctl open }; |
| allow factory mtk_kpd_device:chr_file { read ioctl open }; |
| allow factory ebc_device:chr_file { read write open }; |
| allow factory fm_device:chr_file { read write ioctl open }; |
| allow factory fuse:dir { read search open }; |
| allow factory gps_device:chr_file { read write open }; |
| allow factory graphics_device:chr_file { read write ioctl open }; |
| allow factory gsensor_device:chr_file { read ioctl open }; |
| allow factory gsm0710muxd_device:chr_file { read write ioctl open }; |
| allow factory gyroscope_device:chr_file { read ioctl open }; |
| allow factory init:unix_stream_socket connectto; |
| allow factory input_device:chr_file { read ioctl open }; |
| allow factory input_device:dir { read open }; |
| allow factory kd_camera_flashlight_device:chr_file { read write ioctl open }; |
| allow factory kd_camera_hw_device:chr_file { read write ioctl open }; |
| allow factory kernel:system module_request; |
| allow factory misc_sd_device:chr_file { read ioctl open }; |
| allow factory mnld_device:chr_file { read write ioctl open }; |
| allow factory mnld_exec:file { read execute open execute_no_trans }; |
| allow factory MPED_exec:file { read execute open execute_no_trans }; |
| allow factory mtkFlpDaemon_exec:file { read execute open execute_no_trans }; |
| allow factory msensor_device:chr_file { read ioctl open }; |
| allow factory mt6605_device:chr_file { read write ioctl open getattr }; |
| allow factory node:tcp_socket node_bind; |
| allow factory nvram_data_file:dir { write read open add_name getattr setattr}; |
| allow factory nvram_data_file:file { write getattr setattr read create open }; |
| allow factory nvram_device:chr_file { read write ioctl open }; |
| allow factory nvram_device:blk_file { read write open ioctl}; |
| allow factory userdata_block_device:blk_file rw_file_perms; |
| allow factory mmcblk0_block_device:blk_file rw_file_perms; |
| allow factory mmcblk1_block_device:blk_file rw_file_perms; |
| allow factory mmcblk1p1_block_device:blk_file rw_file_perms; |
| allow factory nvdata_device:blk_file rw_file_perms; |
| allow factory self:capability sys_boot; |
| #allow factory platformblk_device:dir search; |
| allow factory port:tcp_socket { name_bind name_connect }; |
| allow factory property_socket:sock_file write; |
| allow factory rtc_device:chr_file { read write ioctl open }; |
| allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time }; |
| allow factory self:netlink_route_socket { bind create }; |
| allow factory self:process execmem; |
| allow factory self:tcp_socket { setopt read bind create accept write connect listen }; |
| allow factory self:udp_socket { create ioctl }; |
| allow factory stpbt_device:chr_file { read write open }; |
| allow factory sysfs:file write; |
| allow factory sysfs_wake_lock:file { read write open }; |
| allow factory system_data_file:dir { write remove_name add_name }; |
| #allow factory system_data_file:file { write create unlink open }; |
| allow factory system_data_file:sock_file { write create unlink setattr }; |
| allow factory system_file:file execute_no_trans; |
| #allow factory tmpfs:lnk_file read; |
| allow factory ttyGS_device:chr_file { read write open }; |
| allow factory wmtWifi_device:chr_file { write open }; |
| allow factory nvram_data_file:dir { create_dir_perms }; |
| allow factory nvram_data_file:file { create_file_perms }; |
| allow factory nvram_data_file:lnk_file read; |
| allow factory nvdata_file:dir { create_dir_perms }; |
| allow factory nvdata_file:file { create_file_perms }; |
| allow factory cct_data_file:dir { create_dir_perms }; |
| allow factory cct_data_file:file { create_file_perms }; |
| allow factory self:capability { sys_nice sys_time }; |
| allow factory system_data_file:dir { write add_name }; |
| allow factory rootfs:dir mounton; |
| allow factory vfat:dir { read open search mounton }; |
| allow factory vfat:filesystem { mount unmount }; |
| allow factory block_device:dir search; |
| allow factory graphics_device:dir search; |
| allow factory input_device:dir search; |
| allow factory self:capability sys_admin; |
| allow factory self:capability sys_boot; |
| allow factory labeledfs:filesystem unmount; |
| allow factory nvram_device:blk_file { getattr ioctl }; |
| allow factory shell_exec:file execute; |
| allow factory MT_pmic_adc_cali_device:chr_file { read write ioctl open}; |
| allow factory audio_device:dir search; |
| allow factory nvram_data_file:dir search; |
| allow factory audiohal_prop:property_service set; |
| allow factory pmic_ftm_device:chr_file { read write ioctl open}; |
| allow factory powerctl_prop:property_service set; |
| allow factory ttyGS_device:chr_file { read write open ioctl}; |
| allow factory ttyMT_device:chr_file { read write open ioctl}; |
| allow factory irtx_device:chr_file { read write ioctl open }; |
| allow factory devpts:chr_file { read write getattr ioctl }; |
| allow factory vfat:dir search; |
| allow factory hrm_device:chr_file { read ioctl open }; |
| |
| # Date: WK14.47 |
| # Operation : Migration |
| # Purpose : CCCI |
| allow factory eemcs_device:chr_file { read write ioctl open }; |
| |
| # Purpose : SDIO |
| allow factory ttySDIO_device:chr_file { read write ioctl open }; |
| |
| # Date: WK15.01 |
| # Purpose : OTG Mount |
| allow factory fuse:dir mounton; |
| # Date: WK15.07 |
| # Purpose : use c2k flight mode; |
| allow factory vmodem_device:chr_file { read write ioctl open }; |
| |
| # Date: WK15.13 |
| # Purpose: for nand project |
| allow factory mtd_device:dir search; |
| allow factory mtd_device:chr_file { read write ioctl open }; |
| allow factory mtd_device:chr_file rw_file_perms; |
| allow factory self:capability sys_resource; |
| allow factory pro_info_device:chr_file { read write ioctl open}; |
| |
| # Data: WK15.28 |
| # Purpose: for mt-ramdump reset |
| allow factory proc_mrdump_rst:file w_file_perms; |
| |
| #Date: WK15.31 |
| #Purpose: define factory_data_file instead of system_data_file |
| # because system_data_file is sensitive partition from M |
| allow factory self:capability2 block_suspend; |
| allow factory storage_file:dir { write create add_name search mounton }; |
| allow factory factory_data_file:file { write create unlink open }; |
| allow factory shell_exec:file { read open }; |
| allow resize block_device:dir search; |
| |
| # Date: WK15.44 |
| # Purpose: factory idle current status |
| allow factory factory_idle_state_prop:property_service set; |
| |
| # Date: WK15.46 |
| # Purpose: gps factory mode |
| allow factory agpsd_data_file:dir search; |
| allow factory apk_data_file:dir write; |
| allow factory gps_data_file:dir { read search }; |
| allow factory shell_exec:file execute_no_trans; |
| allow factory storage_file:lnk_file read; |
| |
| #Date: WK15.48 |
| #Purpose: capture for factory mode |
| allow factory devmap_device:chr_file { read ioctl open }; |
| allow factory fuse:dir { write create add_name }; |
| allow factory fuse:file { read write create open getattr }; |
| allow factory mnt_user_file:dir search; |
| allow factory mnt_user_file:lnk_file read; |
| allow factory storage_file:lnk_file read; |