1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# New added for moving to /system 6type mobile_log_d_exec , exec_type, file_type; 7typeattribute mobile_log_d coredomain; 8 9init_daemon_domain(mobile_log_d) 10 11#syslog module 12allow mobile_log_d kernel:system syslog_mod; 13 14#GMO project 15dontaudit mobile_log_d untrusted_app:fd use; 16dontaudit mobile_log_d isolated_app:fd use; 17 18#debug property set 19set_prop(mobile_log_d, debug_prop) 20 21#socket connect and write 22unix_socket_connect(mobile_log_d, logdr, logd); 23 24#capability 25allow mobile_log_d self:capability { setuid setgid chown fowner fsetid }; 26allow mobile_log_d self:capability { setuid chown setgid }; 27allow mobile_log_d self:capability2 syslog; 28 29#aee mode switch 30allow mobile_log_d system_file:file execute_no_trans; 31 32#shell command 33allow mobile_log_d shell_exec:file rx_file_perms; 34 35#general storage access 36allow mobile_log_d storage_file:dir create_dir_perms; 37allow mobile_log_d storage_file:file create_file_perms; 38allow mobile_log_d storage_file:lnk_file create_file_perms; 39allow mobile_log_d mnt_user_file:dir create_dir_perms; 40allow mobile_log_d mnt_user_file:lnk_file create_file_perms; 41allow mobile_log_d sdcard_type:dir create_dir_perms; 42allow mobile_log_d sdcard_type:file create_file_perms; 43 44#factory mode vfat access 45allow mobile_log_d vfat:dir create_dir_perms; 46allow mobile_log_d vfat:file create_file_perms; 47 48#chiptest mode storage access 49allow mobile_log_d mnt_media_rw_file:dir create_dir_perms; 50allow mobile_log_d mnt_media_rw_file:lnk_file create_file_perms; 51 52#system/bin/toybox for using 'sh' command 53allow mobile_log_d toolbox_exec:file rx_file_perms; 54 55#selinux_version access 56allow mobile_log_d rootfs:file r_file_perms; 57 58#dev/__properties__ access 59allow mobile_log_d device_logging_prop:file { getattr open }; 60allow mobile_log_d mmc_prop:file { getattr open }; 61allow mobile_log_d safemode_prop:file { getattr open }; 62 63# purpose: allow MobileLog to access storage in N version 64allow mobile_log_d media_rw_data_file:file create_file_perms; 65allow mobile_log_d media_rw_data_file:dir create_dir_perms; 66 67# access debugfs/tracing/instances/ 68allow mobile_log_d debugfs_tracing:dir create_dir_perms; 69allow mobile_log_d debugfs_tracing_instances:dir create_dir_perms; 70allow mobile_log_d debugfs_tracing_instances:file create_file_perms; 71