blob: 192d34535c96920e88813aaf2b759f47edfde795 [file] [log] [blame]
# ==============================================
# Common SEPolicy Rule
# ==============================================
# Date : WK14.34
# Operation : Migration
# Purpose : for L early bring up: add for nvram command in init rc files
allow init nvram_data_file:dir create_dir_perms;
allow init nvram_data_file:lnk_file r_file_perms;
allow init nvdata_file:lnk_file r_file_perms;
allow init nvdata_file:dir { create_dir_perms mounton };
#============= init ==============
# Date : W14.42
# Operation : Migration
# Purpose : for L : add for partition (chown/chmod)
allow init system_block_device:blk_file setattr;
allow init nvram_device:blk_file setattr;
allow init seccfg_block_device:blk_file setattr;
allow init secro_block_device:blk_file setattr;
allow init frp_block_device:blk_file setattr;
allow init logo_block_device:blk_file setattr;
allow init para_block_device:blk_file { setattr w_file_perms };
allow init recovery_block_device:blk_file setattr;
# Date : WK15.30
# Operation : Migration
# Purpose : format wiped partition with "formattable" and "check" flag in fstab file
allow init protect1_block_device:blk_file rw_file_perms;
allow init protect2_block_device:blk_file rw_file_perms;
allow init userdata_block_device:blk_file rw_file_perms;
allow init cache_block_device:blk_file rw_file_perms;
allow init nvdata_device:blk_file w_file_perms;
allow init persist_block_device:blk_file rw_file_perms;
allow init nvcfg_block_device:blk_file rw_file_perms;
allow init odm_block_device:blk_file rw_file_perms;
allow init oem_block_device:blk_file rw_file_perms;
# Date : W16.28
# Operation : Migration
# Purpose : enable modules capability
allow init self:capability sys_module;
allow init kernel:system module_request;
# Date : WK16.35
# Operation : Migration
# Purpose : create symbolic link from /mnt/sdcard to /sdcard
allow init tmpfs:lnk_file create_file_perms;
# Date:W17.07
# Operation : bt hal
# Purpose : bt hal interface permission
allow init mtk_hal_bluetooth_exec:file getattr;
# Date : WK17.02
# Purpose: Fix audio hal service fail
allow init mtk_hal_audio_exec:file getattr;
# Date : W17.20
# Purpose: Enable PRODUCT_FULL_TREBLE
allow init vendor_block_device:lnk_file relabelto;
# Date : WK17.21
# Purpose: Fix gnss hal service fail
allow init mtk_hal_gnss_exec:file getattr;
# Date: W17.22
# Operation : New Feature
# Purpose : Add for A/B system
allow init oemfs:dir mounton;
allow init protect_f_data_file:dir mounton;
allow init protect_s_data_file:dir mounton;
allow init nvcfg_file:dir mounton;
allow init mcf_ota_file:dir mounton;
allow init persist_data_file:dir mounton;
# Date : WK17.39
# Operation : able to relabel mntl block device link
# Purpose : Correct permission for mntl
allow init expdb_block_device:lnk_file relabelto;
allow init mcupmfw_block_device:lnk_file relabelto;
allow init tee_block_device:lnk_file relabelto;
# Date : WK17.43
# Operation : able to insert fpsgo kernel module
# Purpose : Correct permission for fpsgo
allow init rootfs:system module_load;
# Date: W17.43
# Operation : module load
# Purpose : insmod LKM under /vendor (connsys module KO)
allow init vendor_file:system module_load;
# Date : WK17.46
# Operation : feature porting
# Purpose : kernel module verification
allow init kernel:key search;
# Date : WK17.50
# Operation : boost cpu while booting
# Purpose : enhance boottime
allow init proc_perfmgr:file w_file_perms;
allow init proc_wmtdbg:file w_file_perms;
# Date : W18.20
# Operation : mount soc vendor's partition when booting
allow init mnt_vendor_file:dir mounton;
# Date : W19.28
# Purpose: Allow to setattr /proc/last_kmsg
allow init proc_last_kmsg:file setattr;
# Purpose: Allow to write /proc/cpu/alignment
allow init proc_cpu_alignment:file w_file_perms;
# Purpose: Allow to relabelto for selinux_android_restorecon
allow init boot_block_device:lnk_file relabelto;
allow init vbmeta_block_device:lnk_file relabelto;
# Purpose: Allow to write /proc/mtprintk
allow init proc_mtprintk:file w_file_perms;
# Date : 2020/08/05
# Purpose: Allow to write /proc/driver/wmt_user_proc
allow init proc_wmtuserproc:file w_file_perms;
# Date: 2020/09/02
# Operation: R migration
# Purpose: Add permission for pl path utilities to add symlink to raw pl
recovery_only(`
domain_trans(init, rootfs, update_engine)
')
# Date : 2020/12/23
# Purpose: Allow init to write /proc/driver/conninfra_dbg
allow init proc_conninfradbg:file w_file_perms;
# Date : 2021/07/15
# Purpose: Add permission for pl path utilities
domain_auto_trans(init, postinstall_file, update_engine)
# Date : 2021/09/13
# Purpose: Add permission for mtk_core_ctl
allow init sysfs_mtk_core_ctl:dir r_dir_perms;
allow init sysfs_mtk_core_ctl:file rw_file_perms;
allow init sysfs_devices_block:file rw_file_perms;
allow init xcap_socket:sock_file create_file_perms;