1# ============================================== 2# Policy File of /system/bin/mtkrild Executable File 3 4# ============================================== 5# Type Declaration 6# ============================================== 7type mtkrild_exec , exec_type, file_type, vendor_file_type; 8type mtkrild ,domain; 9 10# ============================================== 11# MTK Policy Rule 12# ============================================== 13init_daemon_domain(mtkrild) 14net_domain(mtkrild) 15 16# Trigger module auto-load. 17allow mtkrild kernel:system module_request; 18 19# Capabilities assigned for mtkrild 20allow mtkrild self:capability { setuid net_admin net_raw }; 21 22# Control cgroups 23allow mtkrild cgroup:dir create_dir_perms; 24 25# Property service 26# allow set RIL related properties (radio./net./system./etc) 27#set_prop(mtkrild, radio_prop) 28#set_prop(mtkrild, net_radio_prop) 29#set_prop(mtkrild, system_radio_prop) 30auditallow mtkrild net_radio_prop:property_service set; 31auditallow mtkrild system_radio_prop:property_service set; 32set_prop(mtkrild, ril_active_md_prop) 33# allow set muxreport control properties 34set_prop(mtkrild, ril_cdma_report_prop) 35set_prop(mtkrild, ril_mux_report_case_prop) 36set_prop(mtkrild, ctl_muxreport-daemon_prop) 37 38#Dat: 2017/02/14 39#Purpose: allow set telephony Sensitive property 40set_prop(mtkrild, mtk_telephony_sensitive_prop) 41 42# Access to wake locks 43wakelock_use(mtkrild) 44 45# Allow access permission to efs files 46allow mtkrild efs_file:dir create_dir_perms; 47allow mtkrild efs_file:file create_file_perms; 48allow mtkrild bluetooth_efs_file:file r_file_perms; 49allow mtkrild bluetooth_efs_file:dir r_dir_perms; 50 51# Allow access permission to dir/files 52# (radio data/system data/proc/etc) 53# Violate Android P rule 54allow mtkrild sdcardfs:dir r_dir_perms; 55# Violate Android P rule 56#allow mtkrild system_file:file x_file_perms; 57allow mtkrild proc_net:file w_file_perms; 58 59# Set and get routes directly via netlink. 60allow mtkrild self:netlink_route_socket nlmsg_write; 61 62# Allow read/write to devices/files 63allow mtkrild radio_device:chr_file rw_file_perms; 64allow mtkrild radio_device:blk_file r_file_perms; 65allow mtkrild mtd_device:dir search; 66# Allow read/write to tty devices 67allow mtkrild tty_device:chr_file rw_file_perms; 68allow mtkrild eemcs_device:chr_file { rw_file_perms }; 69 70#allow mtkrild Vcodec_device:chr_file { rw_file_perms }; 71allow mtkrild devmap_device:chr_file { r_file_perms }; 72allow mtkrild devpts:chr_file { rw_file_perms }; 73allow mtkrild ccci_device:chr_file { rw_file_perms }; 74allow mtkrild misc_device:chr_file { rw_file_perms }; 75allow mtkrild proc_lk_env:file rw_file_perms; 76#allow mtkrild bootdevice_block_device:blk_file { rw_file_perms }; 77allow mtkrild para_block_device:blk_file { rw_file_perms }; 78 79# Allow dir search, fd uses 80allow mtkrild block_device:dir search; 81allow mtkrild platform_app:fd use; 82allow mtkrild radio:fd use; 83 84# For MAL MFI 85allow mtkrild mal_mfi_socket:sock_file { w_file_perms }; 86 87# For ccci sysfs node 88allow mtkrild sysfs_ccci:dir search; 89allow mtkrild sysfs_ccci:file r_file_perms; 90 91#For Kryptowire mtklog issue 92allow mtkrild aee_aedv:unix_stream_socket connectto; 93# Allow ioctl in order to control network interface 94allowxperm mtkrild self:udp_socket ioctl {SIOCDELRT SIOCSIFFLAGS SIOCSIFADDR SIOCKILLADDR SIOCDEVPRIVATE SIOCDEVPRIVATE_1}; 95 96# Allow to use vendor binder 97vndbinder_use(mtkrild) 98 99# Allow to trigger IPv6 RS 100allow mtkrild node:rawip_socket node_bind; 101 102#Date : W18.15 103#Purpose: allow rild access to vendor.ril.ipo system property 104set_prop(mtkrild, vendor_ril_ipo_prop) 105 106# Date : WK18.16 107# Operation: P migration 108# Purpose: Allow mtkrild to get tel_switch_prop 109get_prop(mtkrild, tel_switch_prop) 110 111#Date: W1817 112#Purpose: allow rild access property of vendor_radio_prop 113set_prop(mtkrild, vendor_radio_prop) 114 115# Date : WK18.26 116# Operation: P migration 117# Purpose: Allow carrier express HIDL to set vendor property 118set_prop(mtkrild, mtk_cxp_vendor_prop) 119allow mtkrild mnt_vendor_file:dir search; 120allow mtkrild mnt_vendor_file:file create_file_perms; 121allow mtkrild nvdata_file:dir create_dir_perms; 122allow mtkrild nvdata_file:file create_file_perms; 123 124# Date : WK18.31 125# Operation: P migration 126# Purpose: Allow supplementary service HIDL to set vendor property 127set_prop(mtkrild, mtk_ss_vendor_prop) 128 129# Date : WK19.43 130# Purpose: Allow wfc module from rild read system property from wfc module 131get_prop(mtkrild, mtk_wfc_serv_prop) 132 133