1# ============================================== 2# Policy File of /system/bin/aee_aed Executable File 3 4# ============================================== 5# Type Declaration 6# ============================================== 7type aee_aed_exec, exec_type, file_type; 8typeattribute aee_aed coredomain; 9typeattribute aee_aed mlstrustedsubject; 10 11init_daemon_domain(aee_aed) 12 13# ============================================== 14# MTK Policy Rule 15# ============================================== 16 17# AED start: /dev/block/expdb 18allow aee_aed block_device:dir search; 19 20# aee db dir and db files 21allow aee_aed sdcard_type:dir create_dir_perms; 22allow aee_aed sdcard_type:file create_file_perms; 23 24#data/anr 25allow aee_aed anr_data_file:dir create_dir_perms; 26allow aee_aed anr_data_file:file create_file_perms; 27 28allow aee_aed domain:process { sigkill getattr getsched}; 29allow aee_aed domain:lnk_file getattr; 30 31#core-pattern 32allow aee_aed usermodehelper:file r_file_perms; 33 34#suid_dumpable. this is neverallow 35# allow aee_aed proc_security:file r_file_perms; 36 37#property 38allow aee_aed init:unix_stream_socket connectto; 39allow aee_aed property_socket:sock_file write; 40 41allow aee_aed system_file:file execute_no_trans; 42 43allow aee_aed init:process getsched; 44#allow aee_aed kernel:process getsched; 45 46# Date: W15.34 47# Operation: Migration 48# Purpose: For pagemap & pageflags information in NE DB 49userdebug_or_eng(`allow aee_aed self:capability sys_admin;') 50 51# Date: W16.17 52# Operation: N0 Migeration 53# Purpose: creat dir "aee_exp" under /data 54allow aee_aed system_data_file:dir { write create add_name }; 55allow aee_aed system_data_file:file r_file_perms; 56 57# Purpose: allow aee_aed to access toolbox 58allow aee_aed toolbox_exec:file rx_file_perms; 59 60# purpose: allow aee_aed to access storage on N version 61allow aee_aed media_rw_data_file:file { create_file_perms }; 62allow aee_aed media_rw_data_file:dir { create_dir_perms }; 63 64# Purpose: mnt/user/* 65allow aee_aed mnt_user_file:dir search; 66allow aee_aed mnt_user_file:lnk_file read; 67 68allow aee_aed storage_file:dir search; 69allow aee_aed storage_file:lnk_file read; 70 71# Date : WK17.09 72# Operation : AEE UT for Android O 73# Purpose : for AEE module to dump files 74domain_auto_trans(aee_aed, dumpstate_exec, dumpstate) 75 76# Purpose : aee_aed communicate with aee_core_forwarder 77# allow aee_aed aee_core_forwarder:dir search; 78# allow aee_aed aee_core_forwarder:file { read getattr open }; 79 80userdebug_or_eng(` 81# allow aee_aed su:dir {search read open }; 82# allow aee_aed su:file { read getattr open }; 83') 84 85# /data/tombstone 86allow aee_aed tombstone_data_file:dir w_dir_perms; 87allow aee_aed tombstone_data_file:file create_file_perms; 88 89# /proc/pid/ 90allow aee_aed self:capability { fowner chown fsetid sys_nice sys_resource net_admin sys_module}; 91 92# system(cmd) aee_dumpstate aee_archive 93#allow aee_aed shell_exec:file rx_file_perms; 94 95# PROCESS_FILE_STATE 96allow aee_aed dumpstate:unix_stream_socket { read write ioctl }; 97allow aee_aed dumpstate:dir search; 98allow aee_aed dumpstate:file r_file_perms; 99 100allow aee_aed logdr_socket:sock_file write; 101allow aee_aed logd:unix_stream_socket connectto; 102# allow aee_aed system_ndebug_socket:sock_file write; mask for never allow rule 103 104# vibrator 105allow aee_aed sysfs_vibrator:file w_file_perms; 106 107# Data : 2017/03/22 108# Operation : add NE flow rule for Android O 109# Purpose : make aee_aed can get specific process NE info 110allow aee_aed domain:dir r_dir_perms; 111allow aee_aed domain:{ file lnk_file } r_file_perms; 112allow aee_aed { 113 domain 114 -logd 115 -keystore 116 -init 117}:process ptrace; 118allow aee_aed dalvikcache_data_file:dir r_dir_perms; 119allow aee_aed zygote_exec:file r_file_perms; 120allow aee_aed init_exec:file r_file_perms; 121 122# Data : 2017/04/06 123# Operation : add selinux rule for crash_dump notify aee_aed 124# Purpose : make aee_aed can get notify from crash_dump 125allow aee_aed crash_dump:dir search; 126allow aee_aed crash_dump:file r_file_perms; 127