• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# ==============================================
2# Policy File of /system/bin/ccci_mdinit Executable File
3
4# ==============================================
5# Type Declaration
6# ==============================================
7type ccci_mdinit_exec , exec_type, file_type, vendor_file_type;
8type ccci_mdinit ,domain;
9
10# ==============================================
11# MTK Policy Rule
12# ==============================================
13init_daemon_domain(ccci_mdinit)
14wakelock_use(ccci_mdinit)
15
16#=============allow ccci_mdinit to start c2krild==============
17set_prop(ccci_mdinit, vendor_mtk_ctl_viarild_prop)
18#=============allow ccci_mdinit to start/stop rild, mdlogger==============
19set_prop(ccci_mdinit, system_mtk_ctl_mdlogger_prop)
20set_prop(ccci_mdinit, system_mtk_ctl_emdlogger1_prop)
21set_prop(ccci_mdinit, system_mtk_ctl_emdlogger2_prop)
22set_prop(ccci_mdinit, system_mtk_ctl_emdlogger3_prop)
23set_prop(ccci_mdinit, vendor_mtk_ctl_gsm0710muxd_prop)
24set_prop(ccci_mdinit, vendor_mtk_ctl_ril-daemon-mtk_prop)
25set_prop(ccci_mdinit, vendor_mtk_ctl_fusion_ril_mtk_prop)
26set_prop(ccci_mdinit, vendor_mtk_ctl_ril-proxy_prop)
27set_prop(ccci_mdinit, vendor_mtk_ril_active_md_prop)
28set_prop(ccci_mdinit, vendor_mtk_md_prop)
29set_prop(ccci_mdinit, vendor_mtk_net_cdma_mdmstat_prop)
30set_prop(ccci_mdinit, ctl_start_prop)
31#=============allow ccci_mdinit to get vendor_mtk_tel_switch_prop==============
32get_prop(ccci_mdinit, vendor_mtk_tel_switch_prop)
33
34#=============allow ccci_mdinit to start/stop fsd==============
35set_prop(ccci_mdinit, vendor_mtk_ctl_ccci_fsd_prop)
36set_prop(ccci_mdinit, vendor_mtk_ctl_ccci2_fsd_prop)
37set_prop(ccci_mdinit, vendor_mtk_ctl_ccci3_fsd_prop)
38
39# GOOGLE: Commented out for b/169606103
40#get_prop(ccci_mdinit, vendor_default_prop)
41get_prop(ccci_mdinit, system_mtk_init_svc_emdlogger1_prop)
42get_prop(ccci_mdinit, system_mtk_init_svc_aee_aedv_prop)
43
44allow ccci_mdinit ccci_device:chr_file rw_file_perms;
45allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms;
46
47#=============allow ccci_mdinit to access MD NVRAM==============
48allow ccci_mdinit nvram_data_file:dir rw_dir_perms;
49allow ccci_mdinit nvram_data_file:file create_file_perms;
50allow ccci_mdinit nvram_data_file:lnk_file read;
51allow ccci_mdinit nvdata_file:lnk_file read;
52allow ccci_mdinit nvdata_file:dir rw_dir_perms;
53allow ccci_mdinit nvdata_file:file create_file_perms;
54allow ccci_mdinit nvram_device:chr_file rw_file_perms;
55
56#=============allow ccci_mdinit to access ccci config==============
57allow ccci_mdinit protect_f_data_file:dir rw_dir_perms;
58allow ccci_mdinit protect_f_data_file:file create_file_perms;
59#=============allow ccci_mdinit to property==============
60allow ccci_mdinit protect_s_data_file:dir rw_dir_perms;
61allow ccci_mdinit protect_s_data_file:file create_file_perms;
62allow ccci_mdinit nvram_device:blk_file rw_file_perms;
63allow ccci_mdinit nvdata_device:blk_file rw_file_perms;
64
65set_prop(ccci_mdinit, vendor_mtk_ril_mux_report_case_prop)
66
67allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
68allow ccci_mdinit ccci_cfg_file:file create_file_perms;
69#===============security relate ==========================
70allow ccci_mdinit preloader_device:chr_file rw_file_perms;
71allow ccci_mdinit misc_sd_device:chr_file r_file_perms;
72allow ccci_mdinit sec_ro_device:chr_file r_file_perms;
73
74allow ccci_mdinit custom_file:dir r_dir_perms;
75allow ccci_mdinit custom_file:file r_file_perms;
76
77# Purpose : for nand partition access
78allow ccci_mdinit mtd_device:dir search;
79allow ccci_mdinit mtd_device:chr_file rw_file_perms;
80allow ccci_mdinit devmap_device:chr_file r_file_perms;
81# Purpose : for device bring up, not to block early migration/sanity
82allow ccci_mdinit proc_lk_env:file rw_file_perms;
83allow ccci_mdinit para_block_device:blk_file rw_file_perms;
84#============= ccci_mdinit sysfs related ==============
85allow ccci_mdinit sysfs_ccci:dir search;
86allow ccci_mdinit sysfs_ccci:file rw_file_perms;
87allow ccci_mdinit sysfs_ssw:dir search;
88allow ccci_mdinit sysfs_ssw:file r_file_perms;
89allow ccci_mdinit sysfs_boot_info:file r_file_perms;
90
91# Purpose : Allow ccci_mdinit to open and read/write /proc/bootprof
92allow ccci_mdinit proc_bootprof:file rw_file_perms;
93
94# Date : WK18.21
95# Operation: P migration
96# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
97allow ccci_mdinit mnt_vendor_file:dir search;
98
99# Purpose : Allow ccci_mdinit call sysenv_get and sysenv_set
100allow ccci_mdinit block_device:dir search;
101allow ccci_mdinit metadata_file:dir search;
102allow ccci_mdinit proc_cmdline:file r_file_perms;
103allow ccci_mdinit sysfs_dt_firmware_android:dir search;
104
105# Date : 2020-07-06
106# Purpose: no trigger avc log when call nvram api
107dontaudit ccci_mdinit gsi_metadata_file:dir search;
108
109