1# ============================================== 2# MTK Policy Rule 3# ============ 4 5# Date : WK14.34 6# Operation : Migration 7# Purpose : for L early bring up: add for nvram command in init rc files 8allow init nvram_data_file:dir create_dir_perms; 9allow init nvram_data_file:lnk_file r_file_perms; 10allow init nvdata_file:lnk_file r_file_perms; 11allow init nvdata_file:dir create_file_perms; 12 13#============= init ============== 14# Date : W14.42 15# Operation : Migration 16# Purpose : for L : add for partition (chown/chmod) 17allow init block_device:blk_file setattr; 18allow init system_block_device:blk_file setattr; 19allow init nvram_device:blk_file setattr; 20allow init seccfg_block_device:blk_file setattr; 21allow init secro_block_device:blk_file setattr; 22allow init frp_block_device:blk_file setattr; 23allow init logo_block_device:blk_file setattr; 24allow init para_block_device:blk_file setattr; 25allow init recovery_block_device:blk_file setattr; 26 27# Date : WK15.30 28# Operation : Migration 29# Purpose : format wiped partition with "formattable" and "check" flag in fstab file 30allow init protect1_block_device:blk_file rw_file_perms; 31allow init protect2_block_device:blk_file rw_file_perms; 32allow init userdata_block_device:blk_file rw_file_perms; 33allow init cache_block_device:blk_file rw_file_perms; 34allow init nvdata_device:blk_file w_file_perms; 35allow init persist_block_device:blk_file rw_file_perms; 36allow init nvcfg_block_device:blk_file rw_file_perms; 37allow init odm_block_device:blk_file rw_file_perms; 38allow init oem_block_device:blk_file rw_file_perms; 39allow init para_block_device:blk_file w_file_perms; 40 41# Date : WK15.32 42# Operation : Migration 43# Purpose : disable AT_SECURE for LD_PRELOAD 44#userdebug_or_eng(` 45# allow init { domain -lmkd -crash_dump -llkd -mediaswcodec }:process noatsecure; 46#') 47 48# Date : WK16.26 49# Operation : Access dynamic_debug control file 50# Purpose : For MobileLog on/off pr_debug on user/userdebug load 51allow init debugfs_dynamic_debug:file write; 52 53# Date : W16.28 54# Operation : Migration 55# Purpose : enable modules capability 56allow init self:capability sys_module; 57allow init kernel:system module_request; 58 59# Date : WK16.35 60# Operation : Migration 61# Purpose : create symbolic link from /mnt/sdcard to /sdcard 62allow init tmpfs:lnk_file create; 63 64# Date:W17.07 65# Operation : bt hal 66# Purpose : bt hal interface permission 67allow init mtk_hal_bluetooth_exec:file getattr; 68 69# Date : WK17.02 70# Purpose: Fix audio hal service fail 71allow init mtk_hal_audio_exec:file getattr; 72 73# Date : W17.20 74# Purpose: Enable PRODUCT_FULL_TREBLE 75allow init vendor_block_device:lnk_file relabelto; 76 77# Date : WK17.21 78# Purpose: Fix gnss hal service fail 79allow init mtk_hal_gnss_exec:file getattr; 80 81# Fix boot up violation 82allow init debugfs_tracing_instances:file relabelfrom; 83 84# Date: W17.22 85# Operation : New Feature 86# Purpose : Add for A/B system 87allow init kernel:system module_request; 88allow init nvdata_file:dir mounton; 89allow init oemfs:dir mounton; 90allow init protect_f_data_file:dir mounton; 91allow init protect_s_data_file:dir mounton; 92allow init nvcfg_file:dir mounton; 93allow init persist_data_file:dir mounton; 94allow init tmpfs:lnk_file create; 95 96# boot process denial clean up 97allow init debugfs_ged:file w_file_perms; 98 99 100 101# Date : WK17.39 102# Operation : able to relabel mntl block device link 103# Purpose : Correct permission for mntl 104allow init block_device:lnk_file relabelfrom; 105allow init expdb_block_device:lnk_file relabelto; 106allow init mcupmfw_block_device:lnk_file relabelto; 107allow init tee_block_device:lnk_file relabelto; 108 109# Date : WK17.43 110# Operation : able to insert fpsgo kernel module 111# Purpose : Correct permission for fpsgo 112allow init rootfs:system module_load; 113 114# Date: W17.43 115# Operation : module load 116# Purpose : insmod LKM under /vendor (connsys module KO) 117allow init vendor_file:system module_load; 118 119# Date : WK17.46 120# Operation : feature porting 121# Purpose : kernel module verification 122allow init kernel:key search; 123 124# Date : WK17.50 125# Operation : boost cpu while booting 126# Purpose : enhance boottime 127allow init proc_perfmgr:file write; 128allow init proc_wmtdbg:file w_file_perms; 129 130# Date : W18.20 131# Operation : mount soc vendor's partition when booting 132allow init mnt_vendor_file:dir mounton; 133 134# Date : W19.28 135# Purpose: Allow to setattr /proc/last_kmsg 136allow init proc_last_kmsg:file setattr; 137# Purpose: Allow to write /proc/cpu/alignment 138allow init proc_cpu_alignment:file w_file_perms; 139 140# Purpose: Allow to relabelto for selinux_android_restorecon 141allow init boot_block_device:lnk_file relabelto; 142allow init vbmeta_block_device:lnk_file relabelto; 143 144# Purpose: Allow to write /proc/mtprintk 145allow init proc_mtprintk:file w_file_perms; 146