| # ============================================== |
| # Policy File of /vendor/bin/viarild Executable File |
| |
| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================= |
| type viarild_exec, exec_type, file_type, vendor_file_type; |
| typeattribute viarild mtkimsapdomain; |
| |
| init_daemon_domain(viarild) |
| net_domain(viarild) |
| allow viarild self:netlink_route_socket nlmsg_write; |
| allow viarild kernel:system module_request; |
| allow viarild self:capability { setuid net_admin net_raw }; |
| allow viarild cgroup:dir create_dir_perms; |
| allow viarild radio_device:chr_file rw_file_perms; |
| allow viarild radio_device:blk_file r_file_perms; |
| allow viarild mtd_device:dir search; |
| allow viarild efs_file:dir create_dir_perms; |
| allow viarild efs_file:file create_file_perms; |
| |
| allow viarild bluetooth_efs_file:file r_file_perms; |
| allow viarild bluetooth_efs_file:dir r_dir_perms; |
| allow viarild sdcardfs:dir r_dir_perms; |
| |
| set_prop(viarild, vendor_mtk_cdma_prop) |
| set_prop(viarild, vendor_mtk_ril_cdma_report_prop) |
| set_prop(viarild, vendor_mtk_ril_mux_report_case_prop) |
| set_prop(viarild, vendor_mtk_radio_prop) |
| set_prop(viarild, vendor_mtk_ril_ipo_prop) |
| |
| # Dat: 2017/02/14 |
| # Purpose: allow set telephony Sensitive property |
| set_prop(viarild, vendor_mtk_telephony_sensitive_prop) |
| |
| allow viarild tty_device:chr_file rw_file_perms; |
| |
| # Allow viarild to create and use netlink sockets. |
| allow viarild self:netlink_socket create_socket_perms_no_ioctl; |
| allow viarild self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; |
| |
| # Access to wake locks |
| wakelock_use(viarild) |
| |
| allow viarild self:socket create_socket_perms_no_ioctl; |
| |
| allow viarild Vcodec_device:chr_file { read write open }; |
| allow viarild devmap_device:chr_file { read ioctl open }; |
| allow viarild devpts:chr_file { read write open }; |
| |
| allow viarild ccci_device:chr_file { read write ioctl open }; |
| allow viarild devpts:chr_file ioctl; |
| allow viarild misc_device:chr_file { read write open }; |
| allow viarild proc_lk_env:file { read ioctl open }; |
| allow viarild sysfs_vcorefs_pwrctrl:file { open write }; |
| set_prop(viarild, vendor_mtk_ril_active_md_prop) |
| |
| # set for mux |
| allow viarild devpts:chr_file setattr; |
| allow viarild self:capability chown; |
| allow viarild self:capability fowner; |
| allow viarild self:capability setuid; |
| |
| # For MAL MFI |
| allow viarild mal_mfi_socket:sock_file write; |
| |
| # For Vzw Phone CCP - Set IPV6 RS |
| allow viarild proc_net:file write; |
| |
| # If viarild(which belongs to vendor partition) want to open binder dev node(e.g. Parcel) will be |
| # denied for no permission. Should use vndbinder dev node in vendor domain. |
| # Using the following sepolicy rule to allow viarild to use vendor binder. |
| vndbinder_use(viarild) |
| |
| # Allow to trigger IPv6 RS |
| allow viarild node:rawip_socket node_bind; |
| |
| # Allow to config network |
| allowxperm viarild self:udp_socket ioctl {SIOCDELRT SIOCSIFFLAGS SIOCSIFADDR SIOCKILLADDR SIOCDEVPRIVATE SIOCDEVPRIVATE_1}; |
| allow viarild sysfs_ccci:dir search; |
| allow viarild sysfs_ccci:file r_file_perms; |