1# ============================================== 2# Policy File of /vendor/bin/rild Executable File 3 4# ============================================== 5# Type Declaration 6# ============================================== 7 8# ============================================== 9# MTK Policy Rule 10# ============================================== 11# Access to wake locks 12wakelock_use(rild) 13# Trigger module auto-load. 14allow rild kernel:system module_request; 15 16# Capabilities assigned for rild 17allow rild self:capability { setuid net_admin net_raw }; 18 19# Control cgroups 20allow rild cgroup:dir create_dir_perms; 21 22# Property service 23# allow set RIL related properties (radio./net./system./etc) 24auditallow rild net_radio_prop:property_service set; 25auditallow rild system_radio_prop:property_service set; 26set_prop(rild, ril_active_md_prop) 27# allow set muxreport control properties 28set_prop(rild, ril_cdma_report_prop) 29set_prop(rild, ril_mux_report_case_prop) 30set_prop(rild, ctl_muxreport-daemon_prop) 31 32# Access to wake locks 33wakelock_use(rild) 34 35# Allow access permission to efs files 36allow rild efs_file:dir create_dir_perms; 37allow rild efs_file:file create_file_perms; 38allow rild bluetooth_efs_file:file r_file_perms; 39allow rild bluetooth_efs_file:dir r_dir_perms; 40 41# Allow access permission to dir/files 42# (radio data/system data/proc/etc) 43# Violate Android P rule 44allow rild sdcardfs:dir r_dir_perms; 45#allow rild system_file:file x_file_perms; 46allow rild proc_net:file w_file_perms; 47 48# Allow rild to create and use netlink sockets. 49# Set and get routes directly via netlink. 50allow rild self:netlink_route_socket nlmsg_write; 51 52# Allow read/write to devices/files 53allow rild radio_device:chr_file rw_file_perms; 54allow rild radio_device:blk_file r_file_perms; 55allow rild mtd_device:dir search; 56# Allow read/write to tty devices 57allow rild tty_device:chr_file rw_file_perms; 58allow rild eemcs_device:chr_file { rw_file_perms }; 59 60#allow rild Vcodec_device:chr_file { rw_file_perms }; 61allow rild devmap_device:chr_file { r_file_perms }; 62allow rild devpts:chr_file { rw_file_perms }; 63allow rild ccci_device:chr_file { rw_file_perms }; 64allow rild misc_device:chr_file { rw_file_perms }; 65allow rild proc_lk_env:file rw_file_perms; 66allow rild sysfs_vcorefs_pwrctrl:file { w_file_perms }; 67#allow rild bootdevice_block_device:blk_file { rw_file_perms }; 68allow rild para_block_device:blk_file { rw_file_perms }; 69 70# Allow dir search, fd uses 71allow rild block_device:dir search; 72allow rild platform_app:fd use; 73allow rild radio:fd use; 74 75# For MAL MFI 76allow rild mal_mfi_socket:sock_file { w_file_perms }; 77 78# For ccci sysfs node 79allow rild sysfs_ccci:dir search; 80allow rild sysfs_ccci:file r_file_perms; 81 82#Date : W17.18 83#Purpose: Treble SEpolicy denied clean up 84add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice) 85allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find; 86 87#Date : W17.21 88#Purpose: Grant permission to access binder dev node 89vndbinder_use(rild) 90 91#Dat: 2017/03/27 92#Purpose: allow set telephony Sensitive property 93set_prop(rild, mtk_telephony_sensitive_prop) 94 95# For AGPSD 96allow rild mtk_agpsd:unix_stream_socket connectto; 97 98#Date 2017/10/12 99#Purpose: allow set MTU size 100#allow rild toolbox_exec:file getattr; 101allow rild mtk_net_ipv6_prop:property_service set; 102 103#Date: 2017/12/6 104#Purpose: allow set the RS times for /proc/sys/net/ipv6/conf/ccmniX/router_solicitations 105allow rild vendor_shell_exec:file {execute_no_trans}; 106allow rild vendor_toolbox_exec:file {execute_no_trans}; 107 108# Date : WK18.16 109# Operation: P migration 110# Purpose: Allow rild to get tel_switch_prop 111get_prop(rild, tel_switch_prop) 112 113#Date: W1817 114#Purpose: allow rild access property of vendor_radio_prop 115set_prop(rild, vendor_radio_prop) 116 117#Date : W18.21 118#Purpose: allow rild access to vendor.ril.ipo system property 119set_prop(rild, vendor_ril_ipo_prop) 120 121# Date : WK18.26 122# Operation: P migration 123# Purpose: Allow carrier express HIDL to set vendor property 124set_prop(rild, mtk_cxp_vendor_prop) 125allow rild mnt_vendor_file:dir search; 126allow rild mnt_vendor_file:file create_file_perms; 127allow rild nvdata_file:dir create_dir_perms; 128allow rild nvdata_file:file create_file_perms; 129 130#Date : W18.29 131#Purpose: allow rild access binder to mtk_hal_secure_element 132allow rild mtk_hal_secure_element:binder call; 133 134# Date : WK18.31 135# Operation: P migration 136# Purpose: Allow supplementary service HIDL to set vendor property 137set_prop(rild, mtk_ss_vendor_prop) 138 139# Date : 2018/2/27 140# Purpose : for NVRAM recovery mechanism 141set_prop(rild,powerctl_prop); 142 143# Date: 2019/06/14 144# Operation : Migration 145allow rild proc_cmdline:file r_file_perms; 146 147# Date: 2019/07/18 148# Operation: AP wifi path 149# Purpose: Allow packet can be filtered by RILD process 150allow rild self:netlink_netfilter_socket { create_socket_perms_no_ioctl }; 151 152# Date : 2019/08/29 153# Purpose: Allow rild to access proc/aed/reboot-reason 154allow rild proc_aed_reboot_reason:file rw_file_perms; 155 156# Date: 2019/11/15 157# Operation: RILD init flow 158# Purpose: To handle illegal rild started 159set_prop(rild, gsm0710muxd_prop) 160