121 lines
4.1 KiB
Plaintext
Executable File
121 lines
4.1 KiB
Plaintext
Executable File
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# Date : WK14.38
|
|
# Operation : Migration
|
|
# Purpose : run guitar_update for touch F/W upgrade.
|
|
allow kernel sdcard_type:dir search;
|
|
|
|
# Date : WK14.39
|
|
# Operation : Migration
|
|
# Purpose : ums driver can access blk_file
|
|
allow kernel loop_device:blk_file r_file_perms;
|
|
allow kernel vold_device:blk_file rw_file_perms;
|
|
|
|
# Date : WK15.35
|
|
# Operation : Migration
|
|
# Purpose : grant fon_image_data_file read permission for loop device
|
|
allow kernel fon_image_data_file:file read;
|
|
|
|
# Date : WK15.38
|
|
# Operation : Migration
|
|
# Purpose : grant proc_thermal for dir search
|
|
allow kernel proc_thermal:dir search;
|
|
|
|
# Date : WK16.11
|
|
# Operation : Migration
|
|
# Purpose : grant storage_file and wifi_data_file for kernel thread mtk_wmtd to access /sdcard/wifi.cfg
|
|
# and /data/misc/wifi/wifi.cfg to access wifi.cfg, in which, some wifi driver configuations are there.
|
|
allow kernel mnt_user_file:dir search;
|
|
allow kernel mnt_user_file:lnk_file r_file_perms;
|
|
allow kernel wifi_data_file:file r_file_perms;
|
|
allow kernel wifi_data_file:dir search;
|
|
allow kernel storage_file:lnk_file r_file_perms;
|
|
allow kernel sdcard_type:file open;
|
|
|
|
# Data : WK16.16
|
|
# Operation : Migration
|
|
# Purpose : Access to TC1 partition for reading MEID
|
|
allow kernel block_device:dir search;
|
|
|
|
# Data : WK16.16
|
|
# Operation : Migration
|
|
# Purpose : Access to TC1 partition for reading MEID
|
|
allow kernel misc2_block_device:blk_file rw_file_perms;
|
|
|
|
# Date : WK16.30
|
|
# Operation: SQC
|
|
# Purpose: Allow sdcardfs workqueue to access lower file systems
|
|
allow kernel fuseblk:dir create_dir_perms;
|
|
allow kernel fuseblk:file create_file_perms;
|
|
|
|
# Date : WK16.30
|
|
# Operation: SQC
|
|
# Purpose: Allow sdcardfs workqueue to access lower file systems
|
|
allow kernel {vfat mnt_media_rw_file}:dir create_dir_perms;
|
|
allow kernel {vfat mnt_media_rw_file}:file create_file_perms;
|
|
allow kernel kernel:key { write search setattr };
|
|
|
|
# Date : WK16.42
|
|
# Operation: SQC
|
|
# Purpose: Allow task of cpuset cgroup can migration to parent cgroup when cpus is NULL
|
|
allow kernel platform_app:process setsched;
|
|
|
|
# Date : WK17.01
|
|
# Operation: SQC
|
|
# Purpose: Allow OpenDSP kthread to write debug dump to sdcard
|
|
allow kernel audioserver:fd use;
|
|
|
|
# Date : WK18.02
|
|
# Operation: SQC
|
|
# Purpose: Allow SCP SmartPA kthread to write debug dump to sdcard
|
|
allow kernel mtk_hal_audio:fd use;
|
|
allow kernel factory:fd use;
|
|
|
|
# Date : WK18.29
|
|
# Operation: SQC
|
|
# Purpose: Allow kernel read firmware binary on vendor partition
|
|
allow kernel vendor_file:file r_file_perms;
|
|
|
|
# Date : WK18.35
|
|
# Operation: SQC
|
|
# Purpose: Allow VOW kthread to write debug PCM dump
|
|
allow kernel mtk_audiohal_data_file:file write;
|
|
|
|
# Date: WK19.03
|
|
allow kernel expdb_block_device:blk_file rw_file_perms;
|
|
|
|
# Date: WK22.37
|
|
# fw loader load fireware in kernel thread
|
|
allow kernel same_process_hal_file:file r_file_perms;
|
|
|
|
allow kernel super_block_device:lnk_file relabelto;
|
|
allow kernel sysfs_dt_firmware_android:dir search;
|
|
allow kernel sysfs_dt_firmware_android:file r_file_perms;
|
|
allow kernel tmpfs:lnk_file rw_file_perms;
|
|
allow kernel tmpfs:chr_file rw_file_perms;
|
|
allow kernel dm_device:blk_file rw_file_perms_no_map;
|
|
|
|
allow kernel system_bootstrap_lib_file:dir search;
|
|
allow kernel system_bootstrap_lib_file:file r_file_perms;
|
|
allow kernel ota_metadata_file:dir { lock search open };
|
|
|
|
# Date: WK23.08
|
|
# modi
|
|
# Add by henry: Boot failed after FOTA upgraded.
|
|
allow kernel system_bootstrap_lib_file:dir {getattr read open search};
|
|
allow kernel system_bootstrap_lib_file:file {getattr read open};
|
|
allow kernel system_bootstrap_lib_file:file r_file_perms;
|
|
allow kernel system_bootstrap_lib_file:dir search;
|
|
allow kernel sysfs_dt_firmware_android:dir {getattr read open search};
|
|
allow kernel sysfs_dt_firmware_android:file {getattr read open};
|
|
allow kernel sysfs_dt_firmware_android:file r_file_perms;
|
|
allow kernel tmpfs:lnk_file { getattr read open};
|
|
allow kernel tmpfs:lnk_file rw_file_perms;
|
|
allow kernel dm_device:blk_file {read open};
|
|
allow kernel dm_device:blk_file rw_file_perms_no_map;
|
|
allow kernel super_block_device:lnk_file relabelto;
|
|
allow kernel ota_metadata_file:dir { lock search open };
|
|
allow kernel sysfs_dt_firmware_android:dir search;
|