1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# volume manager 6 7# Date : WK16.19 8# Operation : Migration 9# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts 10allow vold iso9660:filesystem unmount; 11 12# Date : WK16.19 13# Operation : Migration 14# Purpose : vold will traverse /proc when remountUid(). 15# It will trigger violation if mtk customize some label in /proc. 16# However, we should ignore the violation if the processes never access the storage. 17dontaudit vold proc_battery_cmd:dir { read open }; 18dontaudit vold proc_mtkcooler:dir { read open }; 19dontaudit vold proc_mtktz:dir { read open }; 20dontaudit vold proc_thermal:dir { read open }; 21 22# Date : WK18.30 23# Operation : Migration 24# Purpose : vold create mdlog folder in data for meta mode. 25allow vold mdlog_data_file:dir { create_dir_perms }; 26 27allow vold mtd_device:blk_file rw_file_perms; 28 29# dontaudit for fstrim on 'vendor' folder 30dontaudit vold nvdata_file:dir r_dir_perms; 31dontaudit vold nvcfg_file:dir r_dir_perms; 32dontaudit vold protect_f_data_file:dir r_dir_perms; 33dontaudit vold protect_s_data_file:dir r_dir_perms; 34 35# execute mke2fs when format as internal 36allow vold cache_block_device:blk_file getattr; 37allowxperm vold dm_device:blk_file ioctl { 38 BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET 39}; 40allow vold nvcfg_block_device:blk_file getattr; 41allow vold nvdata_device:blk_file getattr; 42allow vold proc_swaps:file r_file_perms; 43allow vold protect1_block_device:blk_file getattr; 44allow vold protect2_block_device:blk_file getattr; 45allow vold proc_swaps:file getattr; 46allow vold swap_block_device:blk_file getattr; 47