1# ============================================== 2# MTK Policy Rule 3# ============ 4# Date : WK14.38 5# Operation : Migration 6# Purpose : run guitar_update for touch F/W upgrade. 7allow kernel sdcard_type:dir search; 8 9# Date : WK14.39 10# Operation : Migration 11# Purpose : ums driver can access blk_file 12allow kernel block_device:blk_file rw_file_perms; 13allow kernel loop_device:blk_file r_file_perms; 14allow kernel vold_device:blk_file rw_file_perms; 15 16# Date : WK15.35 17# Operation : Migration 18# Purpose : grant fon_image_data_file read permission for loop device 19allow kernel fon_image_data_file:file read; 20 21# Date : WK15.38 22# Operation : Migration 23# Purpose : grant proc_thermal for dir search 24allow kernel proc_thermal:dir search; 25 26# Date : WK16.11 27# Operation : Migration 28# Purpose : grant storage_file and wifi_data_file for kernel thread mtk_wmtd to access /sdcard/wifi.cfg 29# and /data/misc/wifi/wifi.cfg to access wifi.cfg, in which, some wifi driver configuations are there. 30allow kernel mnt_user_file:dir search; 31allow kernel mnt_user_file:lnk_file read; 32allow kernel wifi_data_file:file r_file_perms; 33allow kernel wifi_data_file:dir search; 34allow kernel storage_file:lnk_file read; 35allow kernel sdcard_type:file open; 36 37# Data : WK16.16 38# Operation : Migration 39# Purpose : Access to TC1 partition for reading MEID 40allow kernel block_device:dir search; 41 42# Data : WK16.16 43# Operation : Migration 44# Purpose : Access to TC1 partition for reading MEID 45allow kernel misc2_block_device:blk_file rw_file_perms; 46 47# Date : WK16.30 48# Operation: SQC 49# Purpose: Allow sdcardfs workqueue to access lower file systems 50allow kernel { fuseblk }:dir create_dir_perms; 51allow kernel { fuseblk }:file create_file_perms; 52 53# Date : WK16.30 54# Operation: SQC 55# Purpose: Allow sdcardfs workqueue to access lower file systems 56allow kernel {vfat mnt_media_rw_file}:dir create_dir_perms; 57allow kernel {vfat mnt_media_rw_file}:file create_file_perms; 58allow kernel kernel:key { write search setattr }; 59 60# Date : WK16.42 61# Operation: SQC 62# Purpose: Allow task of cpuset cgroup can migration to parent cgroup when cpus is NULL 63allow kernel platform_app:process setsched; 64 65# Date : WK17.01 66# Operation: SQC 67# Purpose: Allow OpenDSP kthread to write debug dump to sdcard 68allow kernel audioserver:fd use; 69 70# Date : WK18.02 71# Operation: SQC 72# Purpose: Allow SCP SmartPA kthread to write debug dump to sdcard 73allow kernel mtk_hal_audio:fd use; 74allow kernel factory:fd use; 75 76# Date : WK18.29 77# Operation: SQC 78# Purpose: Allow kernel read firmware binary on vendor partition 79allow kernel vendor_file:file r_file_perms; 80 81# Date : WK18.35 82# Operation: SQC 83# Purpose: Allow VOW kthread to write debug PCM dump 84allow kernel mtk_audiohal_data_file:file write; 85