modem/volte_imcb.te - LeafOS-Devices/android_device_mediatek_sepolicy - Gitiles

 # ==============================================
 # Policy File of /system/bin/volte_imcb Executable File

 # ==============================================
 # Type Declaration
 # ==============================================
 type volte_imcb, domain, mtkimsmddomain;
 type volte_imcb_exec, exec_type, file_type, vendor_file_type;
 type volte_imsa_socket, file_type;
 type volte_imsvt_socket, file_type;

 # ==============================================
 # Common SEPolicy Rule
 # ==============================================
 #permissive volte_imcb;
 init_daemon_domain(volte_imcb)
 net_domain(volte_imcb)

 # Date : WK14.42
 # Operation : Migration
 # Purpose : for VoLTE L early bring up and first call
 allow volte_imcb node:tcp_socket node_bind;
 allow volte_imcb port:tcp_socket name_bind;
 allow volte_imcb self:tcp_socket { bind create setopt accept listen };
 allow volte_imcb self:tcp_socket { read getattr };
 allow volte_imcb self:tcp_socket write;
 allow volte_imcb self:capability { setuid setgid };

 # Date : 2015/8/5
 # Operation : M Migration
 # Purpose : For imcb connect to ua by local socket
 unix_socket_connect(volte_imcb, volte_ua, volte_ua)

 allow volte_imcb volte_imcb_socket:sock_file write;
 allow volte_imcb volte_ut_socket:sock_file write;

 # Dtae : WK15.42
 # Operation : ViLTE Migration
 # Purpose : For open socket device to vtservice connect

 # Date : 2016/12/14
 # Purpose : TRM
 set_prop(volte_imcb, vendor_mtk_md_volte_prop)

 # to NETD
 allow volte_imcb netd:unix_stream_socket connectto;
 allow volte_imcb netd_socket:sock_file write;
 allow netd volte_imcb:fd use;
 allow netd volte_imcb:tcp_socket { read write setopt getopt };
 allow netd volte_imcb:udp_socket {read write setopt getopt};

 # Date : 2020/02/24
 # Purpose : pttyims
 allow volte_imcb mtk_radio_device:dir w_dir_perms;
 allow volte_imcb mtk_radio_device:lnk_file create_file_perms;
 allow volte_imcb devpts:chr_file setattr;
 allow volte_imcb self:capability2 wake_alarm;
 allow volte_imcb sysfs_ccci:dir search;
 allow volte_imcb sysfs_ccci:file r_file_perms;
 allow volte_imcb ccci_device:chr_file rw_file_perms;
	# ==============================================
	# Policy File of /system/bin/volte_imcb Executable File

	# ==============================================
	# Type Declaration
	# ==============================================
	type volte_imcb, domain, mtkimsmddomain;
	type volte_imcb_exec, exec_type, file_type, vendor_file_type;
	type volte_imsa_socket, file_type;
	type volte_imsvt_socket, file_type;

	# ==============================================
	# Common SEPolicy Rule
	# ==============================================
	#permissive volte_imcb;
	init_daemon_domain(volte_imcb)
	net_domain(volte_imcb)

	# Date : WK14.42
	# Operation : Migration
	# Purpose : for VoLTE L early bring up and first call
	allow volte_imcb node:tcp_socket node_bind;
	allow volte_imcb port:tcp_socket name_bind;
	allow volte_imcb self:tcp_socket { bind create setopt accept listen };
	allow volte_imcb self:tcp_socket { read getattr };
	allow volte_imcb self:tcp_socket write;
	allow volte_imcb self:capability { setuid setgid };

	# Date : 2015/8/5
	# Operation : M Migration
	# Purpose : For imcb connect to ua by local socket
	unix_socket_connect(volte_imcb, volte_ua, volte_ua)

	allow volte_imcb volte_imcb_socket:sock_file write;
	allow volte_imcb volte_ut_socket:sock_file write;

	# Dtae : WK15.42
	# Operation : ViLTE Migration
	# Purpose : For open socket device to vtservice connect

	# Date : 2016/12/14
	# Purpose : TRM
	set_prop(volte_imcb, vendor_mtk_md_volte_prop)

	# to NETD
	allow volte_imcb netd:unix_stream_socket connectto;
	allow volte_imcb netd_socket:sock_file write;
	allow netd volte_imcb:fd use;
	allow netd volte_imcb:tcp_socket { read write setopt getopt };
	allow netd volte_imcb:udp_socket {read write setopt getopt};

	# Date : 2020/02/24
	# Purpose : pttyims
	allow volte_imcb mtk_radio_device:dir w_dir_perms;
	allow volte_imcb mtk_radio_device:lnk_file create_file_perms;
	allow volte_imcb devpts:chr_file setattr;
	allow volte_imcb self:capability2 wake_alarm;
	allow volte_imcb sysfs_ccci:dir search;
	allow volte_imcb sysfs_ccci:file r_file_perms;
	allow volte_imcb ccci_device:chr_file rw_file_perms;