• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# ==============================================
2# MTK Policy Rule
3# ==============================================
4
5# New added for moving to /system
6type mobile_log_d_exec, system_file_type, exec_type, file_type;
7typeattribute mobile_log_d coredomain;
8
9init_daemon_domain(mobile_log_d)
10
11#syslog module
12allow mobile_log_d kernel:system syslog_mod;
13
14#GMO project
15dontaudit mobile_log_d untrusted_app:fd use;
16dontaudit mobile_log_d isolated_app:fd use;
17
18#debug property set
19set_prop(mobile_log_d, debug_prop)
20
21#socket connect and write
22unix_socket_connect(mobile_log_d, logdr, logd);
23
24#capability
25allow mobile_log_d self:capability { setuid setgid chown fowner fsetid };
26allow mobile_log_d self:capability { setuid chown setgid };
27allow mobile_log_d self:capability2 syslog;
28
29#aee mode switch
30allow mobile_log_d system_file:file execute_no_trans;
31
32#shell command
33allow mobile_log_d shell_exec:file rx_file_perms;
34
35# execute logcat command
36allow mobile_log_d logcat_exec:file rx_file_perms;
37
38# execute 'logcat -L' via dumpstate
39domain_auto_trans(mobile_log_d, logcat_exec, dumpstate)
40
41#general storage access
42allow mobile_log_d storage_file:dir create_dir_perms;
43allow mobile_log_d storage_file:file create_file_perms;
44allow mobile_log_d storage_file:lnk_file create_file_perms;
45allow mobile_log_d mnt_user_file:dir create_dir_perms;
46allow mobile_log_d mnt_user_file:lnk_file create_file_perms;
47allow mobile_log_d sdcard_type:dir create_dir_perms;
48allow mobile_log_d sdcard_type:file create_file_perms;
49
50#factory mode vfat access
51allow mobile_log_d vfat:dir create_dir_perms;
52allow mobile_log_d vfat:file create_file_perms;
53
54#chiptest mode storage access
55allow mobile_log_d mnt_media_rw_file:dir create_dir_perms;
56allow mobile_log_d mnt_media_rw_file:lnk_file create_file_perms;
57
58#system/bin/toybox for using 'sh' command
59allow mobile_log_d toolbox_exec:file rx_file_perms;
60
61#selinux_version access
62allow mobile_log_d rootfs:file r_file_perms;
63
64#dev/__properties__ access
65allow mobile_log_d device_logging_prop:file { getattr open };
66allow mobile_log_d mmc_prop:file { getattr open };
67allow mobile_log_d safemode_prop:file { getattr open };
68
69# purpose: allow MobileLog to access storage in N version
70allow mobile_log_d media_rw_data_file:file  create_file_perms;
71allow mobile_log_d media_rw_data_file:dir create_dir_perms;
72
73# access debugfs/tracing/instances/
74allow mobile_log_d debugfs_tracing:dir create_dir_perms;
75#allow mobile_log_d debugfs_tracing:file create_file_perms;
76allow mobile_log_d debugfs_tracing_instances:dir create_dir_perms;
77allow mobile_log_d debugfs_tracing_instances:file create_file_perms;
78
79#data/debuglog
80allow mobile_log_d debuglog_data_file:dir {relabelto create_dir_perms};
81allow mobile_log_d debuglog_data_file:file create_file_perms;
82
83#mcupm
84allow mobile_log_d mcupm_device:chr_file r_file_perms;
85allow mobile_log_d sysfs_mcupm:file w_file_perms;
86allow mobile_log_d sysfs_mcupm:dir search;
87
88allow mobile_log_d sysfs_boot_info:file r_file_perms;
89