| # ============================================== |
| # Policy File of /system/binipod Executable File |
| |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| |
| type ipod_exec , exec_type, file_type; |
| type ipod ,domain; |
| |
| # ============================================== |
| # Android Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # NSA Policy Rule |
| # ============================================== |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| |
| init_daemon_domain(ipod) |
| # unconfined_domain(ipod) |
| file_type_auto_trans(ipod, system_data_file, ipoh_data_file) |
| |
| # date: 2014/09/19 |
| # operation : migration |
| # purpose : allow ipod to perform binder IPC to control screen on/off via PowerManager |
| binder_use(ipod) |
| binder_service(ipod) |
| binder_call(ipod, system_server) |
| binder_call(ipod, surfaceflinger) |
| |
| allow ipod ctl_bootanim_prop:property_service set; |
| allow ipod ctl_ipod_prop:property_service set; |
| allow ipod ipod_prop:property_service set; |
| allow ipod powerctl_prop:property_service set; |
| allow ipod audiohal_prop:property_service set; |
| allow ipod system_prop:property_service set; |
| allow ipod shell_exec:file { read open execute_no_trans execute }; |
| allow ipod system_file:file execute_no_trans; |
| |
| # permissions for IPO with phone encrypted |
| # removed due to IPO will be disabled when phone is encrypted |
| # allow ipod vdc_exec:file { getattr execute read open execute_no_trans }; |
| # allow ipod vold_socket:sock_file write; |
| # allow ipod vold:unix_stream_socket connectto; |
| |
| # allow ipod platformblk_device:blk_file { read open write }; |
| allow ipod mmcblk0_block_device:blk_file rw_file_perms; |
| allow ipod userdata_block_device:blk_file rw_file_perms; |
| allow ipod cache_block_device:blk_file rw_file_perms; |
| allow ipod logo_block_device:blk_file { read open }; |
| allow ipod para_block_device:blk_file rw_file_perms; |
| |
| allow ipod self:capability dac_override; |
| allow ipod self:capability net_admin; |
| allow ipod kmsg_device:chr_file { open write }; |
| allow ipod property_socket:sock_file write; |
| |
| allow ipod init:dir getattr; |
| allow ipod init:unix_stream_socket connectto; |
| allow ipod sysfs_wake_lock:file { read write open getattr }; |
| allow ipod block_device:dir search; |
| allow ipod gpu_device:chr_file { read write open ioctl }; |
| allow ipod ipod:netlink_kobject_uevent_socket { create bind read setopt }; |
| allow ipod input_device:dir { open read search }; |
| allow ipod input_device:file { open read write ioctl }; |
| allow ipod input_device:chr_file { open read write ioctl }; |
| allow ipod rtc_device:chr_file { open read write ioctl }; |
| allow ipod sysfs:file { open read write getattr }; |
| allow ipod alarm_device:chr_file write; |
| allow ipod system_server:unix_stream_socket connectto; |
| allow ipod proc:file { open read write }; |
| allow ipod proc:dir { search getattr }; |
| allow ipod logo_device:chr_file { open read }; |
| allow ipod mtd_device:chr_file { open read write }; |
| allow ipod mtd_device:dir search; |
| allow ipod self:capability2 block_suspend; |
| allow ipod power_service:service_manager find; |
| allow ipod surfaceflinger_service:service_manager find; |
| allow ipod proc_drop_caches:file { open write }; |
| |
| # reboot syscall to switch to recovery/factory mode instantly |
| allow ipod self:capability sys_boot; |
| allow ipod proc_sysrq:file { open write }; |
| |
| allow ipod debugfs:file { open read getattr }; |
| |
| # IPOH |
| allow ipod system_data_file:dir { open read write add_name create remove_name }; |
| allow ipod ipoh_data_file:file { create open write ioctl setattr }; |
| allow ipod cache_file:dir { open read write add_name create remove_name }; |
| allow ipod cache_file:file { create open write ioctl setattr }; |
| allow ipod proc_lk_env:file { open read write }; |
| allow ipod misc_device:chr_file { open read write }; |
| allow ipod self:capability { chown sys_admin }; |
| allow ipod mtd_device:blk_file { read write open }; |
| allow ipod ctl_ipo_swap_prop:property_service set; |