-
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathsepolicy.rule
104 lines (78 loc) · 6.08 KB
/
sepolicy.rule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
## Dolby
# debug
allow system_server system_file file write
# context
create { system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file hal_dms_default_exec }
allow { system_file system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file hal_dms_default_exec } labeledfs filesystem associate
allow init { system_file system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file } { dir file } relabelfrom
allow init hal_dms_default_exec file relabelfrom
# hwservice_manager
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app hal_audio_default mtk_hal_audio audioserver } { default_android_hwservice hal_dms_hwservice dms_hwservice } hwservice_manager find
# service_manager
allow daxservice_app { permission_checker_service game_service netstats_service content_capture_service } service_manager find
# binder
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } hal_dms_default binder call
# file
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { hal_dms_default_exec vendor_displayfeature_prop } file getattr
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } bluetooth_prop file map
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { vendor_default_prop vendor_audio_prop debug_mtk_gpud_prop audio_config_prop } file { read open getattr map }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } qemu_hw_prop file { read open getattr }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_displayfeature_prop file { read open }
allow { hal_audio_default mtk_hal_audio audioserver } vendor_dolby_loglevel_prop file { read open getattr }
allow zygote { device unlabeled } file write
allow zygote zygote_tmpfs file { create open }
allow init system_file file mounton
allow daxservice_app default_prop file read
# chr_file
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } device chr_file { read write open getattr ioctl }
# dir
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } migt_file dir search
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } system_file dir write
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } data_log_file dir { search getattr }
# unix_stream_socket
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } zygote unix_stream_socket getopt
# capability
allow system_app system_app capability { dac_read_search dac_override sys_resource }
allow platform_app platform_app capability { dac_read_search dac_override sys_resource }
allow priv_app priv_app capability { dac_read_search dac_override sys_resource }
allow untrusted_app_29 untrusted_app_29 capability { dac_read_search dac_override sys_resource }
allow untrusted_app_27 untrusted_app_27 capability { dac_read_search dac_override sys_resource }
allow untrusted_app untrusted_app capability { dac_read_search dac_override sys_resource }
# additional
allow { hal_audio_default mtk_hal_audio audioserver } system_suspend_hwservice hwservice_manager find
allow { hal_audio_default mtk_hal_audio audioserver } hal_system_suspend_service service_manager find
allow { hal_audio_default mtk_hal_audio audioserver } { default_prop boottime_prop audio_prop radio_prop vendor_pd_locater_dbg_prop } file { read open getattr map }
allow { hal_audio_default mtk_hal_audio audioserver } { mnt_vendor_file system_prop vendor_default_prop } file { read open getattr }
allow { hal_audio_default mtk_hal_audio audioserver } sysfs_wake_lock file { write open }
allow { hal_audio_default mtk_hal_audio audioserver } { sysfs sysfs_boot_mode } file { read open }
allow { hal_audio_default mtk_hal_audio audioserver } system_prop file map
allow { hal_audio_default mtk_hal_audio audioserver } sysfs_net dir search
allow { hal_audio_default mtk_hal_audio audioserver } { sysfs_net sysfs } dir { read open }
allow { hal_audio_default mtk_hal_audio audioserver } logd_socket sock_file write
allow { hal_audio_default mtk_hal_audio audioserver } logd unix_stream_socket connectto
allow { hal_audio_default mtk_hal_audio audioserver } { diag_device vendor_diag_device } chr_file { read write open ioctl getattr }
allow { hal_audio_default mtk_hal_audio audioserver } device chr_file { read write }
allow { hal_audio_default mtk_hal_audio audioserver } system_suspend binder call
allow { hal_audio_default mtk_hal_audio audioserver } { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } fifo_file write
allow hal_audio_default hal_audio_default capability2 block_suspend
allow mtk_hal_audio mtk_hal_audio capability2 block_suspend
allow audioserver audioserver capability2 block_suspend
allow hal_audio_default hal_audio_default capability { sys_nice dac_override sys_admin dac_read_search }
allow mtk_hal_audio mtk_hal_audio capability { sys_nice dac_override sys_admin dac_read_search }
allow audioserver audioserver capability { sys_nice dac_override sys_admin dac_read_search }
allow hal_audio_default hal_audio_default tcp_socket create
allow mtk_hal_audio mtk_hal_audio tcp_socket create
allow audioserver audioserver tcp_socket create
## Sound Enhancement
# context
create audio_hweffect_device
allow audio_hweffect_device tmpfs filesystem associate
allow init audio_hweffect_device chr_file relabelfrom
# service_manager
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } default_android_service service_manager find
# chr_file
allow { hal_audio_default mtk_hal_audio audioserver } audio_hweffect_device chr_file { read write }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } migt_dev chr_file { read write }
## Extended Audio Service
# dir
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } unlabeled dir search