| # ============================================== |
| # Policy File of /system/bin/dm_agent_binder Executable File |
| |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| |
| type dm_agent_binder_exec , exec_type, file_type; |
| type dm_agent_binder ,domain; |
| |
| # ============================================== |
| # Android Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # NSA Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| |
| init_daemon_domain(dm_agent_binder) |
| |
| # Date : WK14.37 |
| # Operation : access DmAgent by binder |
| # Purpose : ensure can access DmAgent api normally. |
| allow dm_agent_binder dm_agent_binder_service:service_manager add; |
| |
| # Date : WK14.37 |
| # Operation : access DmAgent by binder |
| # Purpose : ensure can access DmAgent api normally. |
| binder_use(dm_agent_binder) |
| binder_service(dm_agent_binder) |
| |
| # Date : WK14.42 |
| # Operation : Migration |
| # Purpose : Allow DmAgent access nvram_data_file. |
| allow dm_agent_binder nvram_data_file:dir { rw_dir_perms }; |
| allow dm_agent_binder nvdata_file:dir { rw_dir_perms }; |
| |
| # Date : WK14.42 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent access nvram_data_file. |
| allow dm_agent_binder nvram_data_file:file { create_file_perms }; |
| allow dm_agent_binder nvram_data_file:lnk_file read; |
| allow dm_agent_binder nvdata_file:file { create_file_perms }; |
| |
| # Date : WK14.42 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent access block_device. |
| allow dm_agent_binder block_device:dir search; |
| |
| |
| # Date : WK14.42 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent access misc_device. |
| allow dm_agent_binder misc_device:chr_file { rw_file_perms }; |
| |
| # Date : WK14.42 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent write sock_file. |
| allow dm_agent_binder property_socket:sock_file write; |
| |
| # Date : WK14.42 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent connectto unix_stream_socket. |
| allow dm_agent_binder init:unix_stream_socket connectto; |
| |
| # Date : 2014/10/17 |
| # Operation : QC |
| # Purpose : [Privacy protection lock][dm_agent_binder call FileOp_BackupToBinRegionForDM to do nvram backup] |
| allow dm_agent_binder nvram_device:blk_file rw_file_perms; |
| allow dm_agent_binder para_block_device:blk_file rw_file_perms; |
| allow dm_agent_binder mmcblk0_block_device:blk_file rw_file_perms; |
| |
| # Date : WK14.42 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent to set properties. |
| allow dm_agent_binder persist_dm_prop:property_service set; |
| |
| # Date : WK14.43 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent to access cache_file. |
| allow dm_agent_binder cache_file:dir { w_dir_perms create }; |
| |
| # Date : WK14.43 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent to access cache_file. |
| allow dm_agent_binder cache_file:file { create_file_perms }; |
| |
| # Date : WK14.44 |
| # Operation : Basic UT |
| # Purpose : Allow DmAgent to access nvram_device. |
| allow dm_agent_binder nvram_device:chr_file { rw_file_perms }; |
| |
| # Date : WK15.30 |
| # Operation : Migration |
| # Purpose : for device bring up, not to block early migration/sanity |
| allow dm_agent_binder nvdata_file:dir create; |
| |
| # Date : WK15.45 |
| # Operation : SQC issue |
| # Purpose : permission to create directory in nvram |
| allow dm_agent_binder nvram_data_file:dir create; |