bsp/non_plat/mtkimsmddomain.te - LeafOS-Devices/android_device_mediatek_sepolicy_vndr - Gitiles

 # ==============================================
 # Common SEPolicy Rule
 # ==============================================

 # IMCB
 allow mtkimsmddomain ccci_device:chr_file { read write open };
 allow mtkimsmddomain fwmarkd_socket:sock_file write;
 allow mtkimsmddomain sysfs_ccci:dir search;
 allow mtkimsmddomain sysfs_ccci:file r_file_perms;
 allow mtkimsmddomain self:capability2 wake_alarm;
 set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)
 allow mtkimsmddomain self:capability { setuid setgid chown net_raw } ;

 # Date : 2017/02/17
 # Purpose : ptty
 allow mtkimsmddomain devpts:chr_file { rw_file_perms setattr };

 # UA
 allow mtkimsmddomain volte_vt_socket:sock_file write;

 # IMSM
 allow mtkimsmddomain rild_imsm_socket:sock_file write;
 allow mtkimsmddomain mtkrild:unix_stream_socket connectto;
 allow mtkimsmddomain rild_mal_socket:sock_file write;
 allow mtkimsmddomain rild_mal_at_socket:sock_file write;
 allow mtkimsmddomain rild_mal_md2_socket:sock_file write;
 allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;
 unix_socket_send(mtkimsmddomain, wpa, wpa)
 allow mtkimsmddomain wpa:unix_dgram_socket sendto;

 # ePDG
 allow mtkimsmddomain dnsproxyd_socket:sock_file write;
 allow mtkimsmddomain ccci_device:chr_file { read write ioctl open };
 allow mtkimsmddomain devpts:chr_file { read write open };

 # MAL
 allow mtkimsmddomain tmpfs:lnk_file read;

 # VzW APN table
 allow mtkimsmddomain mal_data_file:dir create_dir_perms;
 allow mtkimsmddomain mal_data_file:file create_file_perms;

 # ATCP
 allow mtkimsmddomain devpts:chr_file { open read write ioctl };
 allow mtkimsmddomain devpts:chr_file { getattr setattr };

 # Netlink
 allow mtkimsmddomain self:netlink_route_socket { bind create write nlmsg_read };

 # RILD connection
 allow mtkimsmddomain mtkrild:unix_stream_socket connectto;
 allow mtkimsmddomain rild_mal_socket:sock_file write;
 allow mtkimsmddomain rild_mal_at_socket:sock_file write;
 allow mtkimsmddomain rild_mal_md2_socket:sock_file write;
 allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;

 # for RAN access wpa
 unix_socket_send(mtkimsmddomain, wpa, wpa)
 allow mtkimsmddomain wpa:unix_dgram_socket sendto;

 # RILPROXY
 allow mtkimsmddomain rild:unix_stream_socket connectto;

 set_prop(mtkimsmddomain, vendor_mtk_operator_id_prop)

 # Set permission for MAL
 vndbinder_use(mtkimsmddomain)

 # ViLTE
 allow mtkimsmddomain vtservice_hidl:unix_stream_socket connectto;

 # MD-AP
 set_prop(mtkimsmddomain, vendor_mtk_radio_prop)
 set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)
 set_prop(mtkimsmddomain, vendor_mtk_md_version_prop)
 set_prop(mtkimsmddomain, vendor_mtk_network_prop)
	# ==============================================
	# Common SEPolicy Rule
	# ==============================================

	# IMCB
	allow mtkimsmddomain ccci_device:chr_file { read write open };
	allow mtkimsmddomain fwmarkd_socket:sock_file write;
	allow mtkimsmddomain sysfs_ccci:dir search;
	allow mtkimsmddomain sysfs_ccci:file r_file_perms;
	allow mtkimsmddomain self:capability2 wake_alarm;
	set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)
	allow mtkimsmddomain self:capability { setuid setgid chown net_raw } ;

	# Date : 2017/02/17
	# Purpose : ptty
	allow mtkimsmddomain devpts:chr_file { rw_file_perms setattr };

	# UA
	allow mtkimsmddomain volte_vt_socket:sock_file write;

	# IMSM
	allow mtkimsmddomain rild_imsm_socket:sock_file write;
	allow mtkimsmddomain mtkrild:unix_stream_socket connectto;
	allow mtkimsmddomain rild_mal_socket:sock_file write;
	allow mtkimsmddomain rild_mal_at_socket:sock_file write;
	allow mtkimsmddomain rild_mal_md2_socket:sock_file write;
	allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;
	unix_socket_send(mtkimsmddomain, wpa, wpa)
	allow mtkimsmddomain wpa:unix_dgram_socket sendto;

	# ePDG
	allow mtkimsmddomain dnsproxyd_socket:sock_file write;
	allow mtkimsmddomain ccci_device:chr_file { read write ioctl open };
	allow mtkimsmddomain devpts:chr_file { read write open };

	# MAL
	allow mtkimsmddomain tmpfs:lnk_file read;

	# VzW APN table
	allow mtkimsmddomain mal_data_file:dir create_dir_perms;
	allow mtkimsmddomain mal_data_file:file create_file_perms;

	# ATCP
	allow mtkimsmddomain devpts:chr_file { open read write ioctl };
	allow mtkimsmddomain devpts:chr_file { getattr setattr };

	# Netlink
	allow mtkimsmddomain self:netlink_route_socket { bind create write nlmsg_read };

	# RILD connection
	allow mtkimsmddomain mtkrild:unix_stream_socket connectto;
	allow mtkimsmddomain rild_mal_socket:sock_file write;
	allow mtkimsmddomain rild_mal_at_socket:sock_file write;
	allow mtkimsmddomain rild_mal_md2_socket:sock_file write;
	allow mtkimsmddomain rild_mal_at_md2_socket:sock_file write;

	# for RAN access wpa
	unix_socket_send(mtkimsmddomain, wpa, wpa)
	allow mtkimsmddomain wpa:unix_dgram_socket sendto;

	# RILPROXY
	allow mtkimsmddomain rild:unix_stream_socket connectto;

	set_prop(mtkimsmddomain, vendor_mtk_operator_id_prop)

	# Set permission for MAL
	vndbinder_use(mtkimsmddomain)

	# ViLTE
	allow mtkimsmddomain vtservice_hidl:unix_stream_socket connectto;

	# MD-AP
	set_prop(mtkimsmddomain, vendor_mtk_radio_prop)
	set_prop(mtkimsmddomain, vendor_mtk_ril_mux_report_case_prop)
	set_prop(mtkimsmddomain, vendor_mtk_md_version_prop)
	set_prop(mtkimsmddomain, vendor_mtk_network_prop)