| # ============================================== |
| # Policy File of /system/binatcid Executable File |
| |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| |
| type atcid_exec , exec_type, file_type; |
| type atcid ,domain; |
| |
| # ============================================== |
| # Android Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # NSA Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| init_daemon_domain(atcid) |
| allow atcid self:capability dac_override; |
| allow atcid init:unix_stream_socket connectto; |
| allow atcid property_socket:sock_file write; |
| allow atcid ttyGS_device:chr_file { read write ioctl open }; |
| allow atcid atci_service:unix_stream_socket connectto; |
| allow atcid atci_service_socket:sock_file write; |
| allow atcid mtkrild:unix_stream_socket connectto; |
| allow atcid rild_atci_socket:sock_file write; |
| allow atcid atci_audio_socket:sock_file write; |
| allow atcid audiocmdservice_atci:unix_stream_socket connectto; |
| allow atcid system_prop:property_service set; |
| allow atcid persist_service_atci_prop:property_service set; |
| allow atcid misc2_device:chr_file { read write open }; |
| allow atcid wmtWifi_device:chr_file { write open }; |
| allow atcid block_device:dir search; |
| allow atcid misc2_block_device:blk_file { read write open }; |
| allow atcid mmcblk0_block_device:blk_file { open read write }; |
| allow atcid self:capability { net_admin net_raw }; |
| allow atcid self:udp_socket { create ioctl }; |
| allow atcid shell_exec:file execute; |
| allow atcid socket_device:sock_file write; |
| allow atcid shell_exec:file { read open }; |
| allow atcid statusd:unix_stream_socket connectto; |
| allow atcid shell_exec:file execute_no_trans; |
| allow atcid system_file:file execute_no_trans; |
| allow atcid self:rawip_socket create; |
| allow atcid self:rawip_socket getopt; |
| allow atcid self:rawip_socket setopt; |
| allow atcid rild_atci_c2k_socket:sock_file write; |
| allow atcid viarild:unix_stream_socket connectto; |
| allow atci_service gpu_device:chr_file { read write open ioctl getattr }; |
| #allow atci_service CAM_CAL_DRV1_device:chr_file { read write open }; |
| allow atci_service pq:binder call; |
| allow atcid rilproxy_atci_socket:sock_file write; |
| allow atcid rilproxy:unix_stream_socket connectto; |
| allow atcid self:capability sys_time; |