summaryrefslogtreecommitdiff
path: root/non_plat/mtkrild.te
blob: 82cc1e5e543da810470540ce47aa66536660a533 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

# ==============================================
# Policy File of /system/bin/mtkrild Executable File

# ==============================================
# Type Declaration
# ==============================================
type mtkrild_exec , exec_type, file_type, vendor_file_type;
type mtkrild ,domain;

# ==============================================
# MTK Policy Rule
# ==============================================
init_daemon_domain(mtkrild)
net_domain(mtkrild)

# Trigger module auto-load.
allow mtkrild kernel:system module_request;

# Capabilities assigned for mtkrild
allow mtkrild self:capability { setuid net_admin net_raw };

# Control cgroups
allow mtkrild cgroup:dir create_dir_perms;

# Property service
# allow set RIL related properties (radio./net./system./etc)
set_prop(mtkrild, vendor_mtk_ril_active_md_prop)

# allow set muxreport control properties
set_prop(mtkrild, vendor_mtk_ril_cdma_report_prop)
set_prop(mtkrild, vendor_mtk_ril_mux_report_case_prop)
set_prop(mtkrild, vendor_mtk_ctl_muxreport-daemon_prop)

#Dat: 2017/02/14
#Purpose: allow set telephony Sensitive property
set_prop(mtkrild, vendor_mtk_telephony_sensitive_prop)

# Access to wake locks
wakelock_use(mtkrild)

# Allow access permission to efs files
allow mtkrild efs_file:dir create_dir_perms;
allow mtkrild efs_file:file create_file_perms;
allow mtkrild bluetooth_efs_file:file r_file_perms;
allow mtkrild bluetooth_efs_file:dir r_dir_perms;

# Allow access permission to dir/files
# (radio data/system data/proc/etc)
# Violate Android P rule
allow mtkrild sdcardfs:dir r_dir_perms;
# Violate Android P rule
#allow mtkrild system_file:file x_file_perms;
allow mtkrild proc_net:file w_file_perms;

# Set and get routes directly via netlink.
allow mtkrild self:netlink_route_socket { nlmsg_write bind nlmsg_readpriv nlmsg_getneigh };

# Allow read/write to devices/files
allow mtkrild mtk_radio_device:dir search;
allow mtkrild radio_device:chr_file rw_file_perms;
allow mtkrild radio_device:blk_file r_file_perms;
allow mtkrild mtd_device:dir search;
# Allow read/write to tty devices
allow mtkrild tty_device:chr_file rw_file_perms;
allow mtkrild eemcs_device:chr_file { rw_file_perms };

#allow mtkrild Vcodec_device:chr_file { rw_file_perms };
allow mtkrild devmap_device:chr_file { r_file_perms };
allow mtkrild devpts:chr_file { rw_file_perms };
allow mtkrild ccci_device:chr_file { rw_file_perms };
allow mtkrild misc_device:chr_file { rw_file_perms };
allow mtkrild proc_lk_env:file rw_file_perms;
#allow mtkrild bootdevice_block_device:blk_file { rw_file_perms };
allow mtkrild para_block_device:blk_file { rw_file_perms };

# Allow dir search, fd uses
allow mtkrild block_device:dir search;
allow mtkrild platform_app:fd use;
allow mtkrild radio:fd use;

# For MAL MFI
allow mtkrild mal_mfi_socket:sock_file { w_file_perms };

# For ccci sysfs node
allow mtkrild sysfs_ccci:dir search;
allow mtkrild sysfs_ccci:file r_file_perms;

#For Kryptowire mtklog issue
allow mtkrild aee_aedv:unix_stream_socket connectto;
# Allow ioctl in order to control network interface
allowxperm mtkrild self:udp_socket ioctl {SIOCDELRT SIOCSIFFLAGS SIOCSIFADDR SIOCKILLADDR SIOCDEVPRIVATE SIOCDEVPRIVATE_1};

# Allow to use vendor binder
vndbinder_use(mtkrild)

# Allow to trigger IPv6 RS
allow mtkrild node:rawip_socket node_bind;

#Date : W18.15
#Purpose: allow rild access to vendor.ril.ipo system property
set_prop(mtkrild, vendor_mtk_ril_ipo_prop)

# Date : WK18.16
# Operation: P migration
# Purpose: Allow mtkrild to get vendor_mtk_tel_switch_prop
get_prop(mtkrild, vendor_mtk_tel_switch_prop)

#Date: W1817
#Purpose: allow rild access property of vendor_mtk_radio_prop
set_prop(mtkrild, vendor_mtk_radio_prop)

# Date : WK18.26
# Operation: P migration
# Purpose: Allow carrier express HIDL to set vendor property
set_prop(mtkrild, vendor_mtk_cxp_vendor_prop)
allow mtkrild mnt_vendor_file:dir search;
allow mtkrild mnt_vendor_file:file create_file_perms;
allow mtkrild nvdata_file:dir create_dir_perms;
allow mtkrild nvdata_file:file create_file_perms;

# Date : WK18.31
# Operation: P migration
# Purpose: Allow supplementary service HIDL to set vendor property
set_prop(mtkrild, vendor_mtk_ss_vendor_prop)

# Date : WK19.43
# Purpose: Allow wfc module from rild read system property from wfc module
get_prop(mtkrild, vendor_mtk_wfc_serv_prop)

# Date : 2020/06/11
# Operation: R migration
# Purpose: Allow mtkrild to get system_boot_reason_prop
get_prop(mtkrild, system_boot_reason_prop)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 10:38:47 +0000