sepolicy/hotknot_native.te - device/mediatek/common - Gitiles

 # ==============================================
 # Policy File of /system/bin/hotknot_native_service Executable File

 # ==============================================
 # Type Declaration
 # ==============================================
 type hotknot_native_exec, exec_type, file_type;
 type hotknot_native, domain;

 # ==============================================
 # MTK Policy Rule
 # ==============================================
 init_daemon_domain(hotknot_native)

 # Date : 2015/9/8
 # Operation : New
 # Purpose : Add for HotKnot 3.5 native service
 binder_service(hotknot_native)
 binder_use(hotknot_native)
 binder_call({domain -init -netd}, hotknot_native)

 # Purpose : To allow register hotknot_native_service in servicemanager.
 allow hotknot_native hotknot_native_service:service_manager { add find };

 # Purpose : To allow binder call to system server and system app.
 allow hotknot_native system_server:binder call;
 allow hotknot_native system_app:binder call;

 # Purpose : To allow access device drivers.
 allow hotknot_native hotknot_device:chr_file { read write ioctl open };
 allow hotknot_native devmap_device:chr_file { read ioctl open };
 allow hotknot_native graphics_device:chr_file { read write ioctl open };
 allow hotknot_native graphics_device:dir search;

 # Date : 2015/9/22
 # Operation : New
 # Purpose : To allow read/write system properties and read/write file
 #           for hotknot service preferences.
 allow hotknot_native hotknot_prop:property_service set;
 allow hotknot_native init:unix_stream_socket connectto;
 allow hotknot_native property_socket:sock_file { write read };
 allow hotknot_native system_app_data_file:dir { write search add_name };
 allow hotknot_native system_app_data_file:file { read write open getattr create };
 # Date : 2015/9/23
 # Operation : New
 # Purpose : To allow read wifi mac address from nvram.
 allow hotknot_native nvdata_file:dir search;
 allow hotknot_native nvdata_file:file { read getattr open };
 allow hotknot_native nvram_data_file:dir search;
 allow hotknot_native nvram_data_file:file { read getattr open };
	# ==============================================
	# Policy File of /system/bin/hotknot_native_service Executable File

	# ==============================================
	# Type Declaration
	# ==============================================
	type hotknot_native_exec, exec_type, file_type;
	type hotknot_native, domain;

	# ==============================================
	# MTK Policy Rule
	# ==============================================
	init_daemon_domain(hotknot_native)

	# Date : 2015/9/8
	# Operation : New
	# Purpose : Add for HotKnot 3.5 native service
	binder_service(hotknot_native)
	binder_use(hotknot_native)
	binder_call({domain -init -netd}, hotknot_native)

	# Purpose : To allow register hotknot_native_service in servicemanager.
	allow hotknot_native hotknot_native_service:service_manager { add find };

	# Purpose : To allow binder call to system server and system app.
	allow hotknot_native system_server:binder call;
	allow hotknot_native system_app:binder call;

	# Purpose : To allow access device drivers.
	allow hotknot_native hotknot_device:chr_file { read write ioctl open };
	allow hotknot_native devmap_device:chr_file { read ioctl open };
	allow hotknot_native graphics_device:chr_file { read write ioctl open };
	allow hotknot_native graphics_device:dir search;

	# Date : 2015/9/22
	# Operation : New
	# Purpose : To allow read/write system properties and read/write file
	# for hotknot service preferences.
	allow hotknot_native hotknot_prop:property_service set;
	allow hotknot_native init:unix_stream_socket connectto;
	allow hotknot_native property_socket:sock_file { write read };
	allow hotknot_native system_app_data_file:dir { write search add_name };
	allow hotknot_native system_app_data_file:file { read write open getattr create };
	# Date : 2015/9/23
	# Operation : New
	# Purpose : To allow read wifi mac address from nvram.
	allow hotknot_native nvdata_file:dir search;
	allow hotknot_native nvdata_file:file { read getattr open };
	allow hotknot_native nvram_data_file:dir search;
	allow hotknot_native nvram_data_file:file { read getattr open };