| # ============================================== |
| # Policy File of /system/binGoogleOtaBinder Executable File |
| |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| |
| type GoogleOtaBinder_exec , exec_type, file_type; |
| type GoogleOtaBinder ,domain; |
| |
| # ============================================== |
| # Android Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # NSA Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| |
| #permissive GoogleOtaBinder; |
| init_daemon_domain(GoogleOtaBinder) |
| #unconfined_domain(GoogleOtaBinder) |
| |
| # Date : 2014/09/10 |
| # Operation : Migration |
| # Purpose : allow Binder IPC |
| binder_use(GoogleOtaBinder) |
| binder_service(GoogleOtaBinder) |
| |
| allow GoogleOtaBinder ota_agent_service:service_manager add; |
| # /dev/block/mmcblko |
| allow GoogleOtaBinder para_block_device:blk_file { write read open }; |
| allow GoogleOtaBinder mmcblk0_block_device:blk_file { write read open }; |
| |
| allow GoogleOtaBinder block_device:dir search; |
| #/dev/misc |
| allow GoogleOtaBinder misc_device:chr_file { write read open ioctl}; |
| #for kmsg |
| allow GoogleOtaBinder kmsg_device:chr_file { write read open ioctl}; |
| #for nand |
| allow GoogleOtaBinder mtd_device:dir search; |
| allow GoogleOtaBinder mtd_device:chr_file { read write open rw_file_perms}; |
| |