98379eb449
- adding policies and permissions for UCE HAL service and UCE HAL client to run and execute. - Separate system partition sepolicy and hal macros from vendor partition for dataservice_app and DPM. CRs-fixed: 2019046 Change-Id: I4460dc2542bec0812ba40e28176475877a1e9797
84 lines
2.1 KiB
Plaintext
84 lines
2.1 KiB
Plaintext
#dpmd as domain
|
|
#type dpmd, domain, mlstrustedsubject;
|
|
#type dpmd_exec, exec_type, vendor_file_type, file_type;
|
|
#file_type_auto_trans(dpmd, socket_device, dpmwrapper_socket);
|
|
#init_daemon_domain(dpmd)
|
|
#net_domain(dpmd)
|
|
#allow dpmd {
|
|
# dpmd_exec
|
|
# system_file
|
|
#}:file x_file_perms;
|
|
|
|
#allow dpmd to access dpm_data_file
|
|
|
|
#allow dpmd dpmd_data_file:file create_file_perms;
|
|
#allow dpmd dpmd_data_file:dir create_dir_perms;
|
|
|
|
allow dpmd persist_dpm_prop:file r_file_perms;
|
|
|
|
allow dpmd sysfs_wake_lock:file rw_file_perms;
|
|
|
|
allow dpmd sysfs_data:dir r_dir_perms;
|
|
|
|
allow dpmd sysfs_data:file r_file_perms;
|
|
|
|
#r_dir_file(dpmd,proc_net)
|
|
|
|
#allow dpmd self:capability {
|
|
# setuid
|
|
# setgid
|
|
# dac_override
|
|
# net_raw chown
|
|
# fsetid
|
|
# net_admin
|
|
# sys_module
|
|
#}; #Need to check on it . It was present earlier
|
|
|
|
#socket, self
|
|
allow dpmd smem_log_device:chr_file rw_file_perms;
|
|
#wakelock_use(dpmd) # it was present earlier
|
|
|
|
set_prop(dpmd, system_prop)
|
|
set_prop(dpmd, ctl_default_prop)
|
|
#misc.
|
|
#allow dpmd vendor_shell_exec:file rx_file_perms;
|
|
|
|
#permission to unlink dpmwrapper socket
|
|
#allow dpmd socket_device:dir remove_name;
|
|
|
|
#permission to communicate with cnd_socket for installing iptable rules
|
|
#unix_socket_connect(dpmd, cnd, cnd);
|
|
|
|
#allow dpmd to create socket
|
|
#allow dpmd self:socket create_socket_perms_no_ioctl;
|
|
#allow dpmd self:{ netlink_socket netlink_generic_socket } create_socket_perms_no_ioctl;
|
|
|
|
#allow dpmd to write to /proc/net/sys
|
|
#allow dpmd proc_net:file write;
|
|
|
|
#allow dpmd get appname and use inet socket.
|
|
#dpmd_socket_perm(appdomain)
|
|
#dpmd_socket_perm(system_server)
|
|
#dpmd_socket_perm(mediaserver)
|
|
#dpmd_socket_perm(mtp)
|
|
#dpmd_socket_perm(wfdservice)
|
|
#dpmd_socket_perm(drmserver)
|
|
#dpmd_socket_perm(netd)
|
|
|
|
#explicitly allow udp socket permissions for appdomain
|
|
#allow dpmd appdomain:udp_socket rw_socket_perms;
|
|
|
|
#Allow dpmd to acquire lock for iptables
|
|
allow dpmd system_file:file lock;
|
|
|
|
#Allow dpmd to connect to hal_dpmQMiMgr
|
|
allow dpmd hal_dpmqmi_hwservice:hwservice_manager find;
|
|
get_prop(dpmd, hwservicemanager_prop)
|
|
binder_call(dpmd,hal_dpmQmiMgr)
|
|
hwbinder_use(dpmd)
|
|
|
|
#diag
|
|
userdebug_or_eng(`
|
|
diag_use(dpmd)
|
|
')
|