diff options
author | Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org> | 2016-11-10 20:34:07 +0100 |
---|---|---|
committer | Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org> | 2016-11-11 00:36:25 +0100 |
commit | 095e739ffc8d6f2f81929079cde19183d65e1c68 (patch) | |
tree | 93b823ffc8b1e16a384df131e6ff901c202f23d4 | |
parent | 512ed1c8433a61d18fc7ecb1ecb9cc027793cdaf (diff) | |
download | common-095e739ffc8d6f2f81929079cde19183d65e1c68.tar.gz |
First steps in updating selinux rules for N
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
-rw-r--r-- | sepolicy/autokd.te | 1 | ||||
-rw-r--r-- | sepolicy/bmm056d.te | 3 | ||||
-rw-r--r-- | sepolicy/debuggerd.te | 4 | ||||
-rw-r--r-- | sepolicy/domain.te | 9 | ||||
-rw-r--r-- | sepolicy/em_svr.te | 1 | ||||
-rw-r--r-- | sepolicy/factory.te | 1 | ||||
-rw-r--r-- | sepolicy/gas_srv.te | 2 | ||||
-rw-r--r-- | sepolicy/ged_srv.te | 2 | ||||
-rw-r--r-- | sepolicy/guiext-server.te | 4 | ||||
-rw-r--r-- | sepolicy/hotknot_native.te | 2 | ||||
-rw-r--r-- | sepolicy/ipod.te | 2 | ||||
-rw-r--r-- | sepolicy/kpoc_charger.te | 2 | ||||
-rw-r--r-- | sepolicy/logd.te | 7 | ||||
-rw-r--r-- | sepolicy/mediaserver.te | 16 | ||||
-rw-r--r-- | sepolicy/meta_tst.te | 1 | ||||
-rw-r--r-- | sepolicy/platform_app.te | 14 | ||||
-rw-r--r-- | sepolicy/program_binary.te | 7 | ||||
-rw-r--r-- | sepolicy/property.te | 1 | ||||
-rw-r--r-- | sepolicy/radio.te | 12 | ||||
-rw-r--r-- | sepolicy/recovery.te | 10 | ||||
-rw-r--r-- | sepolicy/service_contexts | 4 | ||||
-rw-r--r-- | sepolicy/surfaceflinger.te | 3 | ||||
-rw-r--r-- | sepolicy/system_app.te | 12 | ||||
-rw-r--r-- | sepolicy/system_server.te | 5 | ||||
-rw-r--r-- | sepolicy/tunman.te | 3 | ||||
-rw-r--r-- | sepolicy/untrusted_app.te | 6 | ||||
-rw-r--r-- | sepolicy/vold.te | 8 | ||||
-rw-r--r-- | sepolicy/zygote.te | 6 |
28 files changed, 19 insertions, 129 deletions
diff --git a/sepolicy/autokd.te b/sepolicy/autokd.te index a5acd41..7b7361d 100644 --- a/sepolicy/autokd.te +++ b/sepolicy/autokd.te @@ -22,7 +22,6 @@ allow init self:tcp_socket create; # Date : WK14.43 # Operation : Migration # Purpose : Interact with kernel to perform autok -allow autokd debugfs:file read; allow autokd init:unix_stream_socket connectto; allow autokd property_socket:sock_file write; allow autokd self:netlink_kobject_uevent_socket { read bind create setopt }; diff --git a/sepolicy/bmm056d.te b/sepolicy/bmm056d.te index 8863405..e8ae661 100644 --- a/sepolicy/bmm056d.te +++ b/sepolicy/bmm056d.te @@ -50,5 +50,4 @@ allow bmm056d sysfs_msensor_file:lnk_file read; file_type_auto_trans(bmm056d, system_data_file, msensor_data_file) allow bmm056d system_data_file:dir { create setattr }; allow bmm056d msensor_data_file:file { open write read create setattr}; -allow bmm056d shell_data_file:dir { search }; -allow bmm056d shell_data_file:file { open read write create append unlink ioctl getattr setattr }; +allow bmm056d shell_data_file:file { read write create append unlink ioctl getattr setattr }; diff --git a/sepolicy/debuggerd.te b/sepolicy/debuggerd.te index cd996e7..b7807ea 100644 --- a/sepolicy/debuggerd.te +++ b/sepolicy/debuggerd.te @@ -62,9 +62,6 @@ allow debuggerd aee_core_data_file:file create_file_perms; allow debuggerd data_tmpfs_log_file:dir create_dir_perms; allow debuggerd data_tmpfs_log_file:file create_file_perms; -allow debuggerd shell_data_file:dir search; -allow debuggerd shell_data_file:file r_file_perms; - #/data/anr/SF_RTT allow debuggerd sf_rtt_file:dir search; allow debuggerd sf_rtt_file:file r_file_perms; @@ -72,7 +69,6 @@ allow debuggerd sf_rtt_file:file r_file_perms; allow debuggerd sysfs:file write; allow debuggerd proc:file write; allow debuggerd sysfs_lowmemorykiller:file { read open }; -allow debuggerd debugfs:file read; #allow debuggerd proc_security:file { write open }; allow debuggerd self:capability { fsetid sys_nice sys_resource net_admin sys_module }; diff --git a/sepolicy/domain.te b/sepolicy/domain.te index d6157b9..7c096c0 100644 --- a/sepolicy/domain.te +++ b/sepolicy/domain.te @@ -13,12 +13,3 @@ allow domain exm0_device:chr_file { read write ioctl open }; allow domain log_device:dir search; allow domain log_device:chr_file {open write}; allow domain storage_file:dir search; - -# Date : WK16.04 -# Operation : direct coredump enhancement -# Purpose : support abort message dumping -userdebug_or_eng(` - allow domain aee_interim_data_file:dir { search write add_name }; - allow domain aee_interim_data_file:file { create read write open getattr }; -') - diff --git a/sepolicy/em_svr.te b/sepolicy/em_svr.te index d0ca3ad..5c2217b 100644 --- a/sepolicy/em_svr.te +++ b/sepolicy/em_svr.te @@ -64,7 +64,6 @@ allow em_svr kernel:system module_request; allow em_svr fuse:dir create_dir_perms; allow em_svr fuse:file create_file_perms; #allow em_svr tmpfs:lnk_file read; -allow em_svr debugfs:file read; # Date: 2015/08/09 # Operation : M Migration diff --git a/sepolicy/factory.te b/sepolicy/factory.te index d03c7a4..f2b283d 100644 --- a/sepolicy/factory.te +++ b/sepolicy/factory.te @@ -135,7 +135,6 @@ allow factory irtx_device:chr_file { read write ioctl open }; allow factory devpts:chr_file { read write getattr ioctl }; allow factory vfat:dir search; allow factory hrm_device:chr_file { read ioctl open }; -allow factory debugfs:file { read write open }; # Date: WK14.47 # Operation : Migration diff --git a/sepolicy/gas_srv.te b/sepolicy/gas_srv.te index 27e1f34..bf070ba 100644 --- a/sepolicy/gas_srv.te +++ b/sepolicy/gas_srv.te @@ -28,8 +28,6 @@ allow gas_srv gas_srv_service:service_manager add; allow gas_srv property_socket:sock_file write; allow gas_srv init:unix_stream_socket connectto; -allow gas_srv debugfs:file {getattr read write ioctl open}; - # For /proc/[pid]/cmdline accessing typeattribute gas_srv mlstrustedsubject; allow gas_srv proc:dir {search getattr}; diff --git a/sepolicy/ged_srv.te b/sepolicy/ged_srv.te index c209b44..61d10dc 100644 --- a/sepolicy/ged_srv.te +++ b/sepolicy/ged_srv.te @@ -22,7 +22,7 @@ init_daemon_domain(ged_srv) allow ged_srv servicemanager:binder call; allow ged_srv surfaceflinger_service:service_manager find; -allow ged_srv debugfs:file {getattr read write ioctl open}; +allow ged_srv debugfs:file { getattr }; allow ged_srv surfaceflinger:binder call; binder_use(init) diff --git a/sepolicy/guiext-server.te b/sepolicy/guiext-server.te index 6c75633..2d19db5 100644 --- a/sepolicy/guiext-server.te +++ b/sepolicy/guiext-server.te @@ -15,8 +15,8 @@ init_daemon_domain(guiext-server) # for bqdump and conversion pool binder_service(guiext-server) binder_use(guiext-server) -binder_call({domain -init}, guiext-server) -binder_call(guiext-server, {domain -init}) +binder_call({domain -init -netd}, guiext-server) +binder_call(guiext-server, {domain -init -netd}) # to allocate GraphicBuffer allow guiext-server surfaceflinger:binder call; diff --git a/sepolicy/hotknot_native.te b/sepolicy/hotknot_native.te index 92ec0cf..44f9b2a 100644 --- a/sepolicy/hotknot_native.te +++ b/sepolicy/hotknot_native.te @@ -17,7 +17,7 @@ init_daemon_domain(hotknot_native) # Purpose : Add for HotKnot 3.5 native service binder_service(hotknot_native) binder_use(hotknot_native) -binder_call({domain -init}, hotknot_native) +binder_call({domain -init -netd}, hotknot_native) # Purpose : To allow register hotknot_native_service in servicemanager. allow hotknot_native hotknot_native_service:service_manager { add find }; diff --git a/sepolicy/ipod.te b/sepolicy/ipod.te index 007a683..0ed9ad6 100644 --- a/sepolicy/ipod.te +++ b/sepolicy/ipod.te @@ -87,8 +87,6 @@ allow ipod proc_drop_caches:file { open write }; allow ipod self:capability sys_boot; allow ipod proc_sysrq:file { open write }; -allow ipod debugfs:file { open read getattr }; - # IPOH allow ipod system_data_file:dir { open read write add_name create remove_name }; allow ipod ipoh_data_file:file { create open write ioctl setattr }; diff --git a/sepolicy/kpoc_charger.te b/sepolicy/kpoc_charger.te index 858f370..63c8423 100644 --- a/sepolicy/kpoc_charger.te +++ b/sepolicy/kpoc_charger.te @@ -28,7 +28,7 @@ allow kpoc_charger self:capability net_admin; allow kpoc_charger self:capability dac_override; allow kpoc_charger self:netlink_kobject_uevent_socket { create bind read setopt }; allow kpoc_charger sysfs:file write; -allow kpoc_charger debugfs:file { getattr read}; +allow kpoc_charger debugfs:file { getattr }; allow kpoc_charger graphics_device:chr_file { read write ioctl open }; allow kpoc_charger kmsg_device:chr_file { write open }; allow kpoc_charger logo_block_device:blk_file { read open }; diff --git a/sepolicy/logd.te b/sepolicy/logd.te deleted file mode 100644 index b35b97b..0000000 --- a/sepolicy/logd.te +++ /dev/null @@ -1,7 +0,0 @@ -# ============================================== -# MTK Policy Rule -# ============ -dontaudit logd unlabeled:dir search; -#allow logd system_data_file:dir { relabelfrom create_dir_perms }; -allow logd logmuch_data_file:dir { relabelto create_dir_perms }; -allow logd logmuch_data_file:file create_file_perms; diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 4a66e53..2a90587 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -87,13 +87,6 @@ allow mediaserver Vcodec_device:chr_file { read write ioctl open }; # Date : WK14.36 # Operation : Migration -# Purpose : MMProfile debug -# userdebug_or_eng(` -allow mediaserver debugfs:file {read ioctl getattr}; -# ') - -# Date : WK14.36 -# Operation : Migration # Purpose : bring up allow mediaserver MtkCodecService:binder call; allow mediaserver ccci_device:chr_file { read write ioctl open }; @@ -232,13 +225,6 @@ allow mediaserver mtk_jpeg_device:chr_file { read ioctl open }; # Date : WK14.41 # Operation : Migration -# Purpose : Lossless BT audio -allow mediaserver shell_exec:file { read open execute execute_no_trans }; -allow mediaserver system_file:file execute_no_trans; -allow mediaserver zygote_exec:file execute_no_trans; - -# Date : WK14.41 -# Operation : Migration # Purpose : WFD HID Driver allow mediaserver uhid_device:chr_file { read write ioctl open }; @@ -357,7 +343,7 @@ allow mediaserver untrusted_app_tmpfs:file write; # Operation : WFD # Purpose : WFD notifies its status to thermal module allow mediaserver proc_thermal:file { write getattr open }; -allow mediaserver thermal_manager_exec:file { getattr execute read open execute_no_trans }; +allow mediaserver thermal_manager_exec:file { getattr execute read open }; allow mediaserver proc_mtkcooler:file { read write open }; allow mediaserver proc_mtktz:file { read write open }; allow mediaserver proc_thermal:file { read write open }; diff --git a/sepolicy/meta_tst.te b/sepolicy/meta_tst.te index 0de252b..847d89a 100644 --- a/sepolicy/meta_tst.te +++ b/sepolicy/meta_tst.te @@ -151,7 +151,6 @@ allow meta_tst ttyACM_device:chr_file { read write ioctl open }; # Purpose : FT_EMMC_OP_FORMAT_TCARD allow meta_tst block_device:blk_file getattr; allow meta_tst system_block_device:blk_file getattr; -allow meta_tst fuse_device:chr_file getattr; allow meta_tst shell_exec:file { read open }; # Date: WK15.52 diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te index d9e9e45..790c3fe 100644 --- a/sepolicy/platform_app.te +++ b/sepolicy/platform_app.te @@ -18,14 +18,6 @@ unix_socket_connect(platform_app, agpsd, mtk_agpsd); # Package: com.mediatek.fmradio allow platform_app fm_device:chr_file rw_file_perms; -# Date: 2014/08/22 -# Operation: Migration -# Purpose: enable drawing picture/texture in OpenGl environment for gallery3d -# Package: com.android.gallery3d -#allow platform_app init:binder transfer; -# add debugfs policy for MMProfile -allow platform_app debugfs:file { read ioctl }; - # Date: 2014/09/05 # Operation: FullUT # Purpose: [SystemUI] [Bind to guiext-server for updating view][path:hardware/gui_ext/] @@ -212,12 +204,6 @@ allow platform_app guiext-server_service:service_manager find; allow platform_app program_binary_service:service_manager find; allow platform_app system_app_service:service_manager find; -# Date: 2015/08/19 -# Operation: Migration -# Purpose: enable accessing cache dir and executing renderscript lib for gallery3d -# Package: com.android.gallery3d -allow platform_app app_data_file:file execute; - # Date : 2015/08/17 # Operation : Migration # Purpose : Allow ppl agent app to find ppl agent servive diff --git a/sepolicy/program_binary.te b/sepolicy/program_binary.te index 8f9b38f..1b3058b 100644 --- a/sepolicy/program_binary.te +++ b/sepolicy/program_binary.te @@ -18,7 +18,7 @@ init_daemon_domain(program_binary) # Purpose : Cache program binaries for HWUI usage binder_service(program_binary) binder_use(program_binary) -binder_call({domain -init}, program_binary) +binder_call({domain -init -netd}, program_binary) # Date : 2015/1/6 # Operation : New @@ -31,11 +31,6 @@ allow program_binary gpu_device:chr_file getattr; # Purpose : To be a service allow program_binary program_binary_service:service_manager add; -# Date : 2015/1/6 -# Operation : New -# Purpose : To allow binder call to system server. -allow program_binary system_server:binder call; - # Date : 2015/3/19 # Operation : New # Purpose : To allow write system property. diff --git a/sepolicy/property.te b/sepolicy/property.te index 1de237a..96c5448 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -7,7 +7,6 @@ type mtk_default_prop, property_type; # Operation: Migration # Purpose: don't allow to use default_prop neverallow { domain -init } default_prop:property_service set; -neverallow { domain -init -system_server -recovery } ctl_default_prop:property_service set; #=============allow ccci_mdinit to start gsm0710muxd============== type ctl_gsm0710muxd_prop, property_type; diff --git a/sepolicy/radio.te b/sepolicy/radio.te index 174b4f3..3c1e838 100644 --- a/sepolicy/radio.te +++ b/sepolicy/radio.te @@ -109,7 +109,7 @@ allow radio als_ps_device:chr_file { read open ioctl }; # Date : 2015/01/20 # Operation : IT # Purpose : for engineermode Usb PHY Tuning -allow radio debugfs:file { read getattr }; +allow radio debugfs:file { getattr }; # Date : 2015/01/21 # Operation : IT @@ -227,13 +227,3 @@ allow radio md_monitor:unix_stream_socket connectto; # Operation : SQC # Purpose : for system app labled by radio to search file allow radio system_app_data_file:dir search; - -# Date : WK15.51 2015/12/19 -# Operation : Adapt CMCC FT auto test tool[CMDC Tester] to MTK platform -# Purpose : for [CMDC Tester] run on user load -allow radio radio_data_file:file { execute execute_no_trans }; -allow radio media_rw_data_file:dir search; -allow radio proc_mtkcooler:dir search; -allow radio proc_mtktz:dir search; -allow radio md_monitor:dir search; -allow radio md_monitor:file { read open getattr}; diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te index f7d9aea..97e6014 100644 --- a/sepolicy/recovery.te +++ b/sepolicy/recovery.te @@ -33,10 +33,10 @@ allow recovery logo_device:chr_file *; allow recovery preloader_device:chr_file *; allow recovery uboot_device:chr_file *; allow recovery init:dir *; -allow recovery init:file ~{ execute entrypoint }; +allow recovery init:file ~{ execute execute_no_trans entrypoint }; allow recovery init:lnk_file *; allow recovery kernel:dir *; -allow recovery kernel:file ~{ execute entrypoint }; +allow recovery kernel:file ~{ execute execute_no_trans entrypoint }; allow recovery kernel:lnk_file *; @@ -44,11 +44,11 @@ allow recovery kernel:lnk_file *; # Operation : Migration # Purpose : Block full update allow recovery healthd:dir *; -allow recovery healthd:file ~{ execute entrypoint }; +allow recovery healthd:file ~{ execute execute_no_trans entrypoint }; allow recovery healthd:lnk_file *; dontaudit recovery self:capability sys_ptrace; allow recovery ueventd:dir *; -allow recovery ueventd:file ~{ execute entrypoint }; +allow recovery ueventd:file ~{ execute execute_no_trans entrypoint }; allow recovery ueventd:lnk_file *; # Date : WK14.42 @@ -65,7 +65,7 @@ allow recovery ueventd:lnk_file *; userdebug_or_eng(` allow recovery su:dir *; - allow recovery su:file *; + allow recovery su:file ~{ execute execute_no_trans entrypoint }; allow recovery su:lnk_file *; ') diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts index 35b6918..b3c7c30 100644 --- a/sepolicy/service_contexts +++ b/sepolicy/service_contexts @@ -7,7 +7,7 @@ search_engine u:object_r:search_service:s0 audioprofile u:object_r:audio_service:s0 mobile u:object_r:mtk_mobile_service:s0 mtk-perfservice u:object_r:mtk_perf_service:s0 -recovery u:object_r:mtk_recovery_service:s0 +mtkrecovery u:object_r:mtk_recovery_service:s0 mtkhdmi u:object_r:mtk_hdmi_service:s0 msgmonitorservice u:object_r:mtk_msg_monitor_service:s0 anrmanager u:object_r:mtk_anrmanager_service:s0 @@ -43,4 +43,4 @@ GpuAppSpectatorService u:object_r:gas_srv_service:s0 hotknotnativeservice u:object_r:hotknot_native_service:s0 wfo u:object_r:radio_service:s0 CrossMountManagerService u:object_r:system_app_service:s0 -data_shaping u:object_r:mtk_data_shaping_service:s0
\ No newline at end of file +data_shaping u:object_r:mtk_data_shaping_service:s0 diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te index 9cc050e..81cdf18 100644 --- a/sepolicy/surfaceflinger.te +++ b/sepolicy/surfaceflinger.te @@ -80,4 +80,5 @@ allow surfaceflinger mtk_perf_service:service_manager find; allow surfaceflinger pq_service:service_manager { find }; # HWC need to write mhl 4k information to debug node of GED -allow surfaceflinger debugfs:file { open write read }; +# but neverallow rules won't let us... +#allow surfaceflinger debugfs:file { open write read }; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index c86e19b..29ee944 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -110,18 +110,6 @@ allow system_app asec_apk_file:file r_file_perms; # Purpose : for MTK Emulator HW GPU allow system_app qemu_pipe_device:chr_file rw_file_perms; -# Date : WK14.46 -# Operation : Migration -# Package: org.simalliance.openmobileapi.service -# Purpose : ALPS01820916, for SmartcardService -allow system_app system_app_data_file:file execute; - -# Date : 2014/11/17 -# Operation: SQC -# Purpose : [Settings][Battery module will call batterystats API, and it will read /sys/kernel/debug/wakeup_sources] -# Package: com.android.settings -allow system_app debugfs:file r_file_perms; - # Date : 2014/11/18 # Operation : SQC # Purpose : for oma dm fota recovery update diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 282e8bc..51de544 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -194,11 +194,6 @@ allow system_server dex2oat_exec:file r_file_perms; # allow system_server fuse:dir r_dir_perms; # Date: WK14.47 -# Operation : CTS -# Purpose : for executing recovery.dex -allow system_server system_data_file:file execute; - -# Date: WK14.47 # Operation : MTBF # Purpose : for debug allow system_server sf_rtt_file:file r_file_perms; diff --git a/sepolicy/tunman.te b/sepolicy/tunman.te index ab7c372..d40d939 100644 --- a/sepolicy/tunman.te +++ b/sepolicy/tunman.te @@ -29,8 +29,7 @@ allow tunman tunman_prop:property_service set; unix_socket_connect(tunman, netd, netd) # Multiple instance detection (fs lock) -allow tunman shell_data_file:dir { search write add_name}; -allow tunman shell_data_file:file { create open read write lock }; +allow tunman shell_data_file:file { create read write lock }; #allow tunman system_data_file:dir { search write add_name}; #allow tunman system_data_file:file { create open read write lock}; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te index e2d470f..80a0e74 100644 --- a/sepolicy/untrusted_app.te +++ b/sepolicy/untrusted_app.te @@ -10,12 +10,6 @@ # Package Name: com.android.launcher2 allow untrusted_app guiext-server:binder { transfer call }; -# Date : 2014/10/27 -# Operation : SQC -# Purpose : [ALPS01785313] Permission denied for dump hprof -# Package: com.android.gallery3d -allow untrusted_app anr_data_file:file rw_file_perms; - # Date : 2014/09/09 # Operation : Development GMO Feature "Move OAT to SD Card" # Purpose : for GMO ROM Size Slim diff --git a/sepolicy/vold.te b/sepolicy/vold.te index f313734..e073811 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -128,14 +128,6 @@ allow vold iso9660:filesystem unmount; # Purpose : resize userdata partition allow vold resize_exec:file rx_file_perms; -# Date : WK15.30 -# Operation : Migration -# Purpose : for device bring up, not to block early migration/sanity -allow vold proc_mtkcooler:dir r_dir_perms; -allow vold proc_mtktz:dir r_dir_perms; - -allow vold block_device:blk_file { read write ioctl open getattr }; - # Date : WK15.37 # Operation : Migration # Purpose : for ntfs device mount diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te index ee6e0f3..3099d1d 100644 --- a/sepolicy/zygote.te +++ b/sepolicy/zygote.te @@ -26,12 +26,6 @@ allow zygote custom_file:file create_file_perms; dontaudit zygote untrusted_app:process ptrace; # Date : WK14.43 -# Operation : Migration -# Purpose : for dump hprof when OOME -allow zygote anr_data_file:dir *; -allow zygote anr_data_file:file ~{ execute entrypoint execmod }; - -# Date : WK14.43 # Operation : SQC2 # Purpose : found in FST Auto Test (ALPS01774709) allow zygote platform_app:fd use; |