1# ============================================== 2# Policy File of /vendor/bin/aee_aedv Executable File 3 4# ============================================== 5# MTK Policy Rule 6# ============================================== 7 8type aee_aedv, domain; 9 10type aee_aedv_exec, exec_type, file_type, vendor_file_type; 11typeattribute aee_aedv mlstrustedsubject; 12 13init_daemon_domain(aee_aedv) 14 15 16# Date : WK14.32 17# Operation : AEE UT 18# Purpose : for AEE module 19allow aee_aedv aed_device:chr_file rw_file_perms; 20allow aee_aedv expdb_device:chr_file rw_file_perms; 21allow aee_aedv expdb_block_device:blk_file rw_file_perms; 22allow aee_aedv bootdevice_block_device:blk_file rw_file_perms; 23allow aee_aedv etb_device:chr_file rw_file_perms; 24 25# AED start: /dev/block/expdb 26allow aee_aedv block_device:dir search; 27 28# NE flow: /dev/RT_Monitor 29allow aee_aedv RT_Monitor_device:chr_file r_file_perms; 30 31#data/aee_exp 32allow aee_aedv aee_exp_vendor_file:dir create_dir_perms; 33allow aee_aedv aee_exp_vendor_file:file create_file_perms; 34 35#data/dumpsys 36allow aee_aedv aee_dumpsys_vendor_file:dir create_dir_perms; 37allow aee_aedv aee_dumpsys_vendor_file:file create_file_perms; 38 39#/data/core 40allow aee_aedv aee_core_vendor_file:dir create_dir_perms; 41allow aee_aedv aee_core_vendor_file:file create_file_perms; 42 43# /data/data_tmpfs_log 44allow aee_aedv vendor_tmpfs_log_file:dir create_dir_perms; 45allow aee_aedv vendor_tmpfs_log_file:file create_file_perms; 46 47allow aee_aedv domain:process { sigkill getattr getsched}; 48allow aee_aedv domain:lnk_file getattr; 49 50#core-pattern 51allow aee_aedv usermodehelper:file r_file_perms; 52 53# Date: W15.34 54# Operation: Migration 55# Purpose: For pagemap & pageflags information in NE DB 56allow aee_aedv self:capability sys_admin; 57 58# Purpose: aee_aedv set property 59set_prop(aee_aedv, vendor_mtk_persist_mtk_aeev_prop) 60set_prop(aee_aedv, vendor_mtk_persist_aeev_prop) 61set_prop(aee_aedv, vendor_mtk_debug_mtk_aeev_prop) 62 63# Purpose: mnt/user/* 64allow aee_aedv mnt_user_file:dir search; 65allow aee_aedv mnt_user_file:lnk_file read; 66 67allow aee_aedv storage_file:dir search; 68allow aee_aedv storage_file:lnk_file read; 69 70userdebug_or_eng(` 71 allow aee_aedv su:dir {search read open }; 72 allow aee_aedv su:file { read getattr open }; 73') 74 75# /proc/pid/ 76allow aee_aedv self:capability { fowner chown fsetid sys_nice sys_resource net_admin sys_module}; 77 78# PROCESS_FILE_STATE 79allow aee_aedv dumpstate:unix_stream_socket { read write ioctl }; 80allow aee_aedv dumpstate:dir search; 81allow aee_aedv dumpstate:file r_file_perms; 82 83allow aee_aedv logdr_socket:sock_file write; 84allow aee_aedv logd:unix_stream_socket connectto; 85 86# vibrator 87allow aee_aedv sysfs_vibrator:file w_file_perms; 88 89# /proc/lk_env 90allow aee_aedv proc_lk_env:file rw_file_perms; 91 92# Data : 2017/03/22 93# Operation : add NE flow rule for Android O 94# Purpose : make aee_aedv can get specific process NE info 95allow aee_aedv domain:dir r_dir_perms; 96allow aee_aedv domain:{ file lnk_file } r_file_perms; 97#allow aee_aedv { 98# domain 99# -logd 100# -keystore 101# -init 102#}:process ptrace; 103#allow aee_aedv zygote_exec:file r_file_perms; 104#allow aee_aedv init_exec:file r_file_perms; 105 106# Data : 2017/04/06 107# Operation : add selinux rule for crash_dump notify aee_aedv 108# Purpose : make aee_aedv can get notify from crash_dump 109allow aee_aedv crash_dump:dir search; 110allow aee_aedv crash_dump:file r_file_perms; 111 112# Date : 20170512 113# Operation : fix aee_archive can't execute issue 114# Purpose : type=1400 audit(0.0:97916): avc: denied { execute_no_trans } for 115# path="/system/vendor/bin/aee_archive" dev="mmcblk0p26" ino=2355 116# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:vendor_file:s0 117# tclass=file permissive=0 118allow aee_aedv vendor_file:file execute_no_trans; 119 120# Purpose: debugfs files 121allow aee_aedv debugfs_binder:dir r_dir_perms; 122allow aee_aedv debugfs_binder:file r_file_perms; 123allow aee_aedv debugfs_blockio:file r_file_perms; 124allow aee_aedv debugfs_fb:dir search; 125allow aee_aedv debugfs_fb:file r_file_perms; 126allow aee_aedv debugfs_fuseio:dir search; 127allow aee_aedv debugfs_fuseio:file r_file_perms; 128allow aee_aedv debugfs_ged:dir search; 129allow aee_aedv debugfs_ged:file r_file_perms; 130allow aee_aedv debugfs_rcu:dir search; 131allow aee_aedv debugfs_shrinker_debug:file r_file_perms; 132allow aee_aedv debugfs_wakeup_sources:file r_file_perms; 133allow aee_aedv debugfs_dmlog_debug:file r_file_perms; 134allow aee_aedv debugfs_page_owner_slim_debug:file r_file_perms; 135allow aee_aedv debugfs_ion_mm_heap:dir search; 136allow aee_aedv debugfs_ion_mm_heap:file r_file_perms; 137allow aee_aedv debugfs_ion_mm_heap:lnk_file read; 138allow aee_aedv debugfs_cpuhvfs:dir search; 139allow aee_aedv debugfs_cpuhvfs:file r_file_perms; 140allow aee_aedv debugfs_emi_mbw_buf:file r_file_perms; 141allow aee_aedv debugfs_vpu_device_dbg:file r_file_perms; 142allow aee_aedv debugfs_vpu_memory:file r_file_perms; 143allow aee_aedv debugfs_apusys_midware_register_all:file r_file_perms; 144allow aee_aedv debugfs_apusys_mdla_memory:file r_file_perms; 145allow aee_aedv debugfs_apusys_mnoc_sta_dump:file r_file_perms; 146allow aee_aedv debugfs_apusys_debug_log:file r_file_perms; 147allow aee_aedv debugfs_apusys_midware_mem:file r_file_perms; 148 149# Purpose: 150# 01-01 00:02:46.390 3315 3315 W aee_dumpstatev: type=1400 audit(0.0:4728): 151# avc: denied { read } for name="interrupts" dev="proc" ino=4026533608 scontext= 152# u:r:aee_aedv:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file permissive=0 153allow aee_aedv proc_interrupts:file read; 154 155# Purpose: 156# 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497): 157# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev= 158# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r: 159# tracing_shell_writable:s0 tclass=file permissive=1 160allow aee_aedv debugfs_tracing:file rw_file_perms; 161 162# Purpose: 163# 01-01 00:05:16.730 3566 3566 W dmesg : type=1400 audit(0.0:5173): avc: 164# denied { read } for name="kmsg" dev="tmpfs" ino=12292 scontext=u:r:aee_aedv: 165# s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 166allow aee_aedv kmsg_device:chr_file read; 167 168# Purpose: 169# 01-01 00:05:17.720 3567 3567 W ps : type=1400 audit(0.0:5192): avc: 170# denied { getattr } for path="/proc/3421" dev="proc" ino=78975 scontext=u:r: 171# aee_aedv:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=dir permissive=0 172allow aee_aedv platform_app:dir r_dir_perms; 173allow aee_aedv platform_app:file r_file_perms; 174 175# Purpose: 176# 01-01 00:05:17.750 3567 3567 W ps : type=1400 audit(0.0:5193): avc: 177# denied { getattr } for path="/proc/3461" dev="proc" ino=11013 scontext=u:r: 178# aee_aedv:s0 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=dir permissive=0 179allow aee_aedv untrusted_app_25:dir getattr; 180 181# Purpose: 182# 01-01 00:05:17.650 3567 3567 W ps : type=1400 audit(0.0:5179): avc: 183# denied { getattr } for path="/proc/2712" dev="proc" ino=65757 scontext=u:r: 184# aee_aedv:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0 185allow aee_aedv untrusted_app:dir getattr; 186 187# Purpose: 188# 01-01 00:05:17.650 3567 3567 W ps : type=1400 audit(0.0:5180): avc: 189# denied { getattr } for path="/proc/2747" dev="proc" ino=66659 scontext=u:r: 190# aee_aedv:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=dir permissive=0 191allow aee_aedv priv_app:dir getattr; 192 193# Purpose: 194# 01-01 00:05:16.270 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5153): 195# avc: denied { open } for path="/proc/interrupts" dev="proc" ino=4026533608 196# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:proc_interrupts:s0 tclass=file 197# permissive=0 198allow aee_aedv proc_interrupts:file r_file_perms; 199 200# Purpose: 201# 01-01 00:05:16.620 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5171): 202# avc: denied { read } for name="route" dev="proc" ino=4026533633 scontext=u:r: 203# aee_aedv:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 204allow aee_aedv proc_net:file read; 205 206# Purpose: 207# 01-01 00:05:16.610 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5168): 208# avc: denied { read } for name="zoneinfo" dev="proc" ino=4026533664 scontext= 209# u:r:aee_aedv:s0 tcontext=u:object_r:proc_zoneinfo:s0 tclass=file permissive=0 210allow aee_aedv proc_zoneinfo:file read; 211 212# Purpose: 213# 01-01 00:05:17.840 3554 3554 W aee_dumpstatev: type=1400 audit(0.0:5200): 214# avc: denied { search } for name="leds" dev="sysfs" ino=6217 scontext=u:r: 215# aee_aedv:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=0 216allow aee_aedv sysfs_leds:dir search; 217allow aee_aedv sysfs_leds:file r_file_perms; 218 219# Purpose: 220# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5592): avc: denied 221# { search } for name="ccci" dev="sysfs" ino=6026 scontext=u:r:aee_aedv:s0 tcontext=u:object_r: 222# sysfs_ccci:s0 tclass=dir permissive=1 223# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5593): avc: denied { read } 224# for name="md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:sysfs_ccci:s0 225# tclass=file permissive=1 226# 01-01 00:03:45.790 3651 3651 I aee_dumpstatev: type=1400 audit(0.0:5594): avc: denied { open } 227# for path="/sys/kernel/ccci/md_chn" dev="sysfs" ino=6035 scontext=u:r:aee_aedv:s0 tcontext=u: 228# object_r:sysfs_ccci:s0 tclass=file permissive=1 229allow aee_aedv sysfs_ccci:dir search; 230allow aee_aedv sysfs_ccci:file r_file_perms; 231 232# Purpose: 233# 01-01 00:03:44.330 3658 3658 I aee_dumpstatev: type=1400 audit(0.0:5411): avc: denied 234# { execute_no_trans } for path="/vendor/bin/toybox_vendor" dev="mmcblk0p26" ino=250 scontext=u:r: 235# aee_aedv:s0 tcontext=u:object_r:vendor_toolbox_exec:s0 tclass=file permissive=1 236allow aee_aedv vendor_toolbox_exec:file rx_file_perms; 237 238# Purpose: 239# 01-01 00:12:06.320000 4145 4145 W dmesg : type=1400 audit(0.0:826): avc: denied { open } for 240# path="/dev/kmsg" dev="tmpfs" ino=10875 scontext=u:r:aee_aedv:s0 tcontext=u:object_r:kmsg_device: 241# s0 tclass=chr_file permissive=0 242# 01-01 00:42:33.070000 4171 4171 W dmesg : type=1400 audit(0.0:1343): avc: denied 243# { syslog_read } for scontext=u:r:aee_aedv:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0 244allow aee_aedv kmsg_device:chr_file r_file_perms; 245allow aee_aedv kernel:system syslog_read; 246 247# Purpose: 248# 01-01 00:12:37.890000 4162 4162 W aee_dumpstatev: type=1400 audit(0.0:914): avc: denied 249# { read } for name="meminfo" dev="proc" ino=4026533612 scontext=u:r:aee_aedv:s0 tcontext=u: 250# object_r:proc_meminfo:s0 tclass=file permissive=0 251allow aee_aedv proc_meminfo:file r_file_perms; 252 253# Purpose: 254# 01-01 00:08:39.900000 3833 3833 W aee_dumpstatev: type=1400 audit(0.0:371): avc: denied 255# { open } for path="/proc/3833/net/route" dev="proc" ino=4026533632 scontext=u:r:aee_aedv:s0 256# tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 257allow aee_aedv proc_net:file r_file_perms; 258 259# Purpose: 260# 01-01 00:08:39.880000 3833 3833 W aee_dumpstatev: type=1400 audit(0.0:370): avc: denied 261# { open } for path="/proc/zoneinfo" dev="proc" ino=4026533663 scontext=u:r:aee_aedv:s0 tcontext= 262# u:object_r:proc_zoneinfo:s0 tclass=file permissive=0 263allow aee_aedv proc_zoneinfo:file r_file_perms; 264 265# Purpose: 266# 01-01 00:33:27.750000 338 338 W aee_aedv: type=1400 audit(0.0:98): avc: denied { read } 267# for name="fstab.mt6755" dev="rootfs" ino=1082 scontext=u:r:aee_aedv:s0 tcontext=u:object_r: 268# rootfs:s0 tclass=file permissive=0 269allow aee_aedv rootfs:file r_file_perms; 270 271# Purpose: 272# 01-01 00:33:28.340000 338 338 W aee_aedv: type=1400 audit(0.0:104): avc: denied { search } 273# for name="dynamic_debug" dev="debugfs" ino=8182 scontext=u:r:aee_aedv:s0 tcontext=u:object_r: 274# debugfs_dynamic_debug:s0 tclass=dir permissive=0 275allow aee_aedv debugfs_dynamic_debug:dir search; 276allow aee_aedv debugfs_dynamic_debug:file r_file_perms; 277 278# Purpose: 279# [ 241.001976] <1>.(1)[209:logd.auditd]type=1400 audit(1262304586.172:515): avc: denied { read } 280# for pid=1978 comm="aee_aedv64" name="atag,devinfo" dev="sysfs" ino=2349 scontext=u:r:aee_aedv:s0 281# tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 282allow aee_aedv sysfs_mrdump:file rw_file_perms; 283allow aee_aedv sysfs_memory:file r_file_perms; 284 285# Purpose: Allow aee_aedv to use HwBinder IPC. 286hwbinder_use(aee_aedv) 287get_prop(aee_aedv, hwservicemanager_prop) 288 289# Purpose: Allow aee_aedv access to vendor/bin/mtkcam-debug, which in turn invokes ICameraProvider 290# - avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=2956 291# scontext=u:r:aee_aedv:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager 292# - Transaction error in ICameraProvider::debug: Status(EX_TRANSACTION_FAILED) 293hal_client_domain(aee_aedv, hal_camera) 294allow aee_aedv hal_camera_hwservice:hwservice_manager { find }; 295binder_call(aee_aedv, mtk_hal_camera) 296 297# Purpose: allow aee to read /sys/fs/selinux/enforce to get selinux status 298allow aee_aedv selinuxfs:file r_file_perms; 299 300# Purpose: Allow aee_aedv to read /proc/pid/exe 301#allow aee_aedv exec_type:file r_file_perms; 302 303# Purpose: mrdump db flow and pre-allocation 304# mrdump db flow 305allow aee_aedv sysfs_dt_firmware_android:dir search; 306allow aee_aedv sysfs_dt_firmware_android:file r_file_perms; 307allow aee_aedv kernel:system module_request; 308allow aee_aedv metadata_file:dir search; 309# pre-allocation 310allow aee_aedv self:capability linux_immutable; 311allow aee_aedv userdata_block_device:blk_file { read write open }; 312allow aee_aedv para_block_device:blk_file rw_file_perms; 313allow aee_aedv mrdump_device:blk_file rw_file_perms; 314allowxperm aee_aedv aee_dumpsys_vendor_file:file ioctl { 315 FS_IOC_GETFLAGS 316 FS_IOC_SETFLAGS 317 F2FS_IOC_GET_PIN_FILE 318 F2FS_IOC_SET_PIN_FILE 319 FS_IOC_FIEMAP 320}; 321 322# Purpose: allow vendor aee read lowmemorykiller logs 323# file path: /sys/module/lowmemorykiller/parameters/ 324allow aee_aedv sysfs_lowmemorykiller:dir search; 325allow aee_aedv sysfs_lowmemorykiller:file r_file_perms; 326 327# Purpose: Allow aee read /sys/class/misc/scp/scp_dump 328allow aee_aedv sysfs_scp:dir r_dir_perms; 329allow aee_aedv sysfs_scp:file r_file_perms; 330 331# Purpose: Allow aee read /sys/class/misc/adsp/adsp_dump 332allow aee_aedv sysfs_adsp:dir r_dir_perms; 333allow aee_aedv sysfs_adsp:file r_file_perms; 334 335# Purpose: allow aee_aedv self to fsetid/sys_nice/chown/fowner/kill 336allow aee_aedv self:capability { fsetid sys_nice chown fowner kill }; 337 338# Purpose: allow aee_aedv to read /proc/buddyinfo 339allow aee_aedv proc_buddyinfo:file r_file_perms; 340 341# Purpose: allow aee_aedv to read /proc/cmdline 342allow aee_aedv proc_cmdline:file r_file_perms; 343 344# Purpose: allow aee_aedv to read /proc/slabinfo 345allow aee_aedv proc_slabinfo:file r_file_perms; 346 347# Purpose: allow aee_aedv to read /proc/stat 348allow aee_aedv proc_stat:file r_file_perms; 349 350# Purpose: allow aee_aedv to read /proc/version 351allow aee_aedv proc_version:file r_file_perms; 352 353# Purpose: allow aee_aedv to read /proc/vmallocinfo 354allow aee_aedv proc_vmallocinfo:file r_file_perms; 355 356# Purpose: allow aee_aedv to read /proc/vmstat 357allow aee_aedv proc_vmstat:file r_file_perms; 358 359# Purpose: Allow aee_aedv to read /proc/cpu/alignment 360allow aee_aedv proc_cpu_alignment:file w_file_perms; 361 362# Purpose: Allow aee_aedv to read /proc/gpulog 363allow aee_aedv proc_gpulog:file r_file_perms; 364 365# Purpose: Allow aee_aedv to read /proc/chip/hw_ver 366allow aee_aedv proc_chip:file r_file_perms; 367 368# Purpose: Allow aee_aedv to read /proc/sched_debug 369allow aee_aedv proc_sched_debug:file r_file_perms; 370 371# Purpose: Allow aee_aedv to read /proc/atf_log 372allow aee_aedv proc_atf_log:dir search; 373 374# Purpose: Allow aee_aedv to read /proc/last_kmsg 375allow aee_aedv proc_last_kmsg:file r_file_perms; 376 377# Purpose: Allow aee_aedv to access /sys/devices/virtual/timed_output/vibrator/enable 378allow aee_aedv sysfs_vibrator_setting:dir search; 379allow aee_aedv sysfs_vibrator_setting:file w_file_perms; 380allow aee_aedv sysfs_vibrator:dir search; 381 382# Purpose: Allow aee_aedv to read /sys/kernel/debug/rcu/rcu_callback_log 383allow aee_aedv debugfs_rcu:file r_file_perms; 384 385# Purpose: Allow aee_aedv to read /proc/ufs_debug 386allow aee_aedv proc_ufs_debug:file rw_file_perms; 387 388# Purpose: Allow aee_aedv to read /proc/msdc_debug 389allow aee_aedv proc_msdc_debug:file r_file_perms; 390 391# Purpose: Allow aee_aedv to read /proc/pidmap 392allow aee_aedv proc_pidmap:file r_file_perms; 393 394# Purpose: Allow aee_aedv to read /sys/power/vcorefs/vcore_debug 395allow aee_aedv sysfs_vcore_debug:file r_file_perms; 396 397# Purpose: Allow aee_aedv to read /sys/devices/virtual/BOOT/BOOT/boot/boot_mode 398allow aee_aedv sysfs_boot_mode:file r_file_perms; 399 400#Purpose: Allow aee_aedv to read/write /sys/kernel/debug/tracing/buffer_total_size_kb 401userdebug_or_eng(` 402allow aee_aedv debugfs_tracing_debug:file { rw_file_perms }; 403') 404 405#Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace 406allow aee_aedv proc_slabtrace:file r_file_perms; 407 408#Purpose: Allow aee_aedv to read /proc/mtk_cmdq_debug/status 409allow aee_aedv proc_cmdq_debug:file r_file_perms; 410 411# temp solution 412# GOOGLE: Commented out for b/169606103 413#get_prop(aee_aedv, vendor_default_prop) 414 415#data/dipdebug 416allow aee_aedv aee_dipdebug_vendor_file:dir r_dir_perms; 417allow aee_aedv aee_dipdebug_vendor_file:file r_file_perms; 418allow aee_aedv proc_isp_p2:dir r_dir_perms; 419allow aee_aedv proc_isp_p2:file r_file_perms; 420 421allow aee_aedv connsyslog_data_vendor_file:file r_file_perms; 422allow aee_aedv connsyslog_data_vendor_file:dir r_dir_perms; 423 424# Purpose: Allow aee_aedv to read the /proc/*/exe of vendor process 425allow aee_aedv vendor_file_type:file r_file_perms; 426 427# Purpose: Allow aee_aedv to read /sys/kernel/debug/smi_mon 428allow aee_aedv debugfs_smi_mon:file r_file_perms; 429 430# Purpose: Allow aee_aedv to read /proc/isp_p2/isp_p2_kedump 431allow aee_aedv proc_isp_p2_kedump:file r_file_perms; 432 433# Purpose: Allow aee_aedv to read /sys/kernel/debug/vpu/vpu_memory 434allow aee_aedv debugfs_vpu_memory:file r_file_perms; 435 436# Purpose: Allow aee_aedv to read /proc/cpuhvfs/dbg_repo 437allow aee_aedv proc_dbg_repo:file r_file_perms; 438 439# Purpose: Allow aee_aedv to read /proc/pl_lk 440allow aee_aedv proc_pl_lk:file r_file_perms; 441 442allow aee_aedv proc_aed_reboot_reason:file r_file_perms; 443 444# Purpose: Allow aee_aedv to write /proc/sys/vm/drop_caches 445allow aee_aedv proc_drop_caches:file rw_file_perms; 446 447allow aee_aedv proc_wmt_aee:file r_file_perms; 448 449allow aee_aedv proc_aed:file rw_file_perms; 450allow aee_aedv proc_aed:dir r_dir_perms; 451allow aee_aedv proc_ppm:dir r_dir_perms; 452 453allow aee_aedv dpm_block_device:blk_file r_file_perms; 454allow aee_aedv boot_para_block_device:blk_file rw_file_perms; 455 456allow aee_aedv proc_modules:file r_file_perms; 457 458set_prop(aee_aedv, powerctl_prop) 459 460allow aee_aedv debugfs_apusys_power_fail_log:file r_file_perms; 461 462allow aee_aedv proc_ccci_dump:file r_file_perms; 463allow aee_aedv proc_log_much:file r_file_perms; 464 465# Purpose: Allow aee_aedv to read /sys/kernel/tracing/instances/mmstat/trace 466allow aee_aedv debugfs_tracing_instances:dir r_dir_perms; 467allow aee_aedv debugfs_tracing_instances:file r_file_perms; 468 469allow aee_aedv binderfs_logs:dir r_dir_perms; 470allow aee_aedv binderfs_logs:file r_file_perms; 471 472allow aee_aedv proc_ion:dir r_dir_perms; 473allow aee_aedv proc_ion:file r_file_perms; 474allow aee_aedv proc_m4u_dbg:dir r_dir_perms; 475allow aee_aedv proc_m4u_dbg:file r_file_perms; 476allow aee_aedv proc_mtkfb:file r_file_perms; 477 478allow aee_aedv debugfs_cmdq:file r_file_perms; 479 480allow aee_aedv sysfs_dvfsrc_dbg:dir r_dir_perms; 481allow aee_aedv sysfs_dvfsrc_dbg:file r_file_perms; 482