1# ============================================== 2# Policy File of /vendor/bin/meta_tst Executable File 3 4 5 6# ============================================== 7# Type Declaration 8# ============================================== 9type meta_tst, domain; 10type meta_tst_exec , exec_type, file_type, vendor_file_type; 11init_daemon_domain(meta_tst) 12 13# ============================================== 14# MTK Policy Rule 15# ============================================== 16 17# Date: WK16.12 18# Operation : Migration 19# Purpose : for meta mode device node USB 20allow meta_tst ttyGS_device:chr_file rw_file_perms; 21 22# Date: WK16.12 23# Operation : Migration 24# Purpose : for meta mode device node UART 25allow meta_tst ttyMT_device:chr_file rw_file_perms; 26 27# Date: WK17.12 28# Operation : Migration 29# Purpose : for meta mode device node UART 30allow meta_tst ttyS_device:chr_file rw_file_perms; 31 32# Date: WK16.12 33# Operation : Migration 34# Purpose : for meta mode device node CCCI 35allow meta_tst ccci_device:chr_file rw_file_perms; 36allow meta_tst eemcs_device:chr_file rw_file_perms; 37allow meta_tst emd_device:chr_file rw_file_perms; 38allow meta_tst ttyACM_device:chr_file rw_file_perms; 39allow meta_tst mdlog_device:chr_file rw_file_perms; 40 41# Data: WK15.07 42# Purpose : SDIO 43allow meta_tst ttySDIO_device:chr_file rw_file_perms; 44 45# Date: WK16.12 46# Operation : Migration 47# Purpose : for meta mode file system 48allow meta_tst bootdevice_block_device:blk_file rw_file_perms; 49allow meta_tst mmcblk1_block_device:blk_file rw_file_perms; 50allow meta_tst userdata_block_device:blk_file rw_file_perms; 51allow meta_tst cache_block_device:blk_file rw_file_perms; 52 53# Date: WK16.12 54# Operation : Migration 55# Purpose : for meta mode nvram 56allow meta_tst nvram_data_file:dir create_dir_perms; 57allow meta_tst nvram_data_file:file create_file_perms; 58allow meta_tst nvram_data_file:lnk_file r_file_perms; 59allow meta_tst nvdata_file:lnk_file r_file_perms; 60allow meta_tst nvdata_file:dir create_dir_perms; 61allow meta_tst nvdata_file:file create_file_perms; 62allow meta_tst nvram_device:chr_file rw_file_perms; 63allow meta_tst nvram_device:blk_file rw_file_perms; 64allow meta_tst nvdata_device:blk_file rw_file_perms; 65 66# Date: WK14.47 67# Operation : Migration 68# Purpose : for meta mode audio 69allow meta_tst audio_device:chr_file rw_file_perms; 70allow meta_tst audio_device:dir r_dir_perms; 71allow meta_tst audio_ipi_device:chr_file rw_file_perms; 72set_prop(meta_tst, vendor_mtk_audiohal_prop) 73 74# Date: WK16.12 75# Operation : Migration 76# Purpose : for meta mode RTC and PMIC 77allow meta_tst rtc_device:chr_file r_file_perms; 78allow meta_tst MT_pmic_adc_cali_device:chr_file rw_file_perms; 79 80# Date: WK14.46 81# Operation : Migration 82# Purpose : Camera 83allow meta_tst devmap_device:chr_file rw_file_perms; 84allow meta_tst camera_pipemgr_device:chr_file rw_file_perms; 85allow meta_tst MTK_SMI_device:chr_file rw_file_perms; 86allow meta_tst camera_isp_device:chr_file rw_file_perms; 87allow meta_tst camera_sysram_device:chr_file r_file_perms; 88allow meta_tst kd_camera_flashlight_device:chr_file rw_file_perms; 89allow meta_tst kd_camera_hw_device:chr_file rw_file_perms; 90allow meta_tst AD5820AF_device:chr_file rw_file_perms; 91allow meta_tst DW9714AF_device:chr_file rw_file_perms; 92allow meta_tst DW9714A_device:chr_file rw_file_perms; 93allow meta_tst LC898122AF_device:chr_file rw_file_perms; 94allow meta_tst LC898212AF_device:chr_file rw_file_perms; 95allow meta_tst BU6429AF_device:chr_file rw_file_perms; 96allow meta_tst DW9718AF_device:chr_file rw_file_perms; 97allow meta_tst BU64745GWZAF_device:chr_file rw_file_perms; 98allow meta_tst MAINAF_device:chr_file rw_file_perms; 99allow meta_tst MAIN2AF_device:chr_file rw_file_perms; 100allow meta_tst MAIN3AF_device:chr_file rw_file_perms; 101allow meta_tst MAIN4AF_device:chr_file rw_file_perms; 102allow meta_tst SUBAF_device:chr_file rw_file_perms; 103allow meta_tst SUB2AF_device:chr_file rw_file_perms; 104 105# Date: WK16.12 106# Operation : Migration 107# Purpose : meta mode LCM 108allow meta_tst graphics_device:chr_file rw_file_perms; 109allow meta_tst graphics_device:dir search; 110 111# Date: WK16.12 112# Operation : Migration 113# Purpose : meta mode sensor 114allow meta_tst als_ps_device:chr_file r_file_perms; 115allow meta_tst gsensor_device:chr_file r_file_perms; 116allow meta_tst msensor_device:chr_file r_file_perms; 117allow meta_tst gyroscope_device:chr_file r_file_perms; 118 119# Date: WK16.12 120# Operation : Migration 121# Purpose : meta mode FM 122allow meta_tst fm_device:chr_file rw_file_perms; 123allow meta_tst FM50AF_device:chr_file rw_file_perms; 124 125# Date: WK16.12 126# Operation : Migration 127# Purpose : meta mode wifi 128allow meta_tst wmtWifi_device:chr_file w_file_perms; 129 130# Date: WK16.12 131# Operation : Migration 132# Purpose : meta mode BT 133allow meta_tst stpbt_device:chr_file rw_file_perms; 134 135# Date: WK16.12 136# Operation : Migration 137# Purpose : meta mode GPS 138allow meta_tst gps_data_file:dir { write add_name search remove_name unlink}; 139allow meta_tst gps_data_file:file { read write open create getattr append setattr unlink lock}; 140allow meta_tst gps_data_file:lnk_file read; 141allow meta_tst tmpfs:lnk_file read; 142allow meta_tst agpsd_data_file:dir search; 143allow meta_tst agpsd_data_file:sock_file write; 144allow meta_tst mnld_device:chr_file rw_file_perms; 145allow meta_tst mnld_exec:file rx_file_perms; 146set_prop(meta_tst, vendor_mtk_mnld_prop) 147 148#Date WK14.49 149#Operation : Migration 150#Purpose : DRM key installation 151allow meta_tst key_install_data_file:dir w_dir_perms; 152allow meta_tst key_install_data_file:file create_file_perms; 153 154# Date: WK14.51 155# Purpose : set/get cryptfs cfg in sys env 156allow meta_tst misc_device:chr_file rw_file_perms; 157allow meta_tst proc_lk_env:file rw_file_perms; 158 159# Purpose : FT_EMMC_OP_FORMAT_TCARD 160allow meta_tst block_device:blk_file getattr; 161allow meta_tst system_block_device:blk_file getattr; 162 163# Date: WK15.52 164# Purpose : NVRAM related LID 165allow meta_tst pro_info_device:chr_file rw_file_perms; 166 167# Date: WK15.13 168# Purpose: for nand project 169allow meta_tst mtd_device:dir search; 170allow meta_tst mtd_device:chr_file rw_file_perms; 171 172# Date: WK16.17 173# Purpose: N Migration For ccci sysfs node 174allow meta_tst sysfs_ccci:dir search; 175allow meta_tst sysfs_ccci:file r_file_perms; 176 177#Date: W18.22 178# Purpose: P Migration meta_tst get com port type/uart port info/boot mode/usb state/usb close 179allow meta_tst sysfs_comport_type:file rw_file_perms; 180allow meta_tst sysfs_uart_info:file rw_file_perms; 181allow meta_tst sysfs_boot_mode:file rw_file_perms; 182allow meta_tst sysfs_boot_type:file r_file_perms; 183allow meta_tst sysfs_android_usb:file rw_file_perms; 184allow meta_tst sysfs_android_usb:dir search; 185allow meta_tst sysfs_usb_nonplat:file rw_file_perms; 186allow meta_tst sysfs_usb_nonplat:dir search; 187allow meta_tst sysfs_batteryinfo:file rw_file_perms; 188allow meta_tst sysfs_batteryinfo:dir search; 189 190#Date: W16.17 191# Purpose: N Migration For meta_tst load MD NVRAM database 192# Detail avc log: [04-23-20:41:58][ 160.687655] <1>.(1)[230:logd.auditd]type= 193#1400 audit(1262304165.560:24): avc: denied { read } for pid=228 comm= 194#"meta_tst" name="mddb" dev="mmcblk0p20" ino=664 scontext=u:r:meta_tst: 195#s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 196allow meta_tst system_file:dir r_dir_perms; 197 198# Date: WK16.18 199# Purpose: for CCCI reboot modem 200allow meta_tst gsm0710muxd_device:chr_file rw_file_perms; 201 202# Date : WK16.35 203# Purpose : Update camera flashlight driver device file 204allow meta_tst flashlight_device:chr_file rw_file_perms; 205 206#Date: W16.36 207# Purpose: meta_tst use libmeta_rat to write libsysenv 208# Detail avc log:[ 25.307141] .(5)[264:logd.auditd]type=1400 audit(1469438818.570:7): 209#avc: denied { read write } for pid=312 comm="meta_tst" name="mmcblk0p2" dev="tmpfs" 210#ino=4561 scontext=u:r:meta_tst:s0 tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0 211allow meta_tst para_block_device:blk_file { read write open }; 212 213#Date: W16.44 214allow meta_tst nvcfg_file:dir { search read open }; 215 216#Date: W16.45 217# Purpose : Allow unmount sdcardfs mounted on /data/media 218allow meta_tst sdcard_type:filesystem unmount; 219allow meta_tst storage_stub_file:dir search; 220 221# Date : WK16.19 222# Operation: meta_tst set persist.meta.connecttype property 223# Purpose: Switch meta connect type, set persist.meta.connecttype as "wifi" or "usb". 224set_prop(meta_tst, vendor_mtk_meta_connecttype_prop) 225 226# Date : WK16.23 227# Purpose: support meta_tst check key event 228allow meta_tst input_device:dir r_dir_perms; 229allow meta_tst input_device:chr_file r_file_perms; 230 231# Date : WK16.29 232# Purpose: support meta mode show string on screen 233allow meta_tst ashmem_device:chr_file execute; 234 235#Date: W16.50 236# Purpose : Allow meta_tst stop service which occupy data partition. 237set_prop(meta_tst, ctl_default_prop) 238 239#Date: W17.25 240# Purpose : Allow meta_tst stop service which occupy data partition. 241set_prop(meta_tst, system_mtk_ctl_emdlogger1_prop) 242 243#Date: W17.27 244# Purpose: STMicro NFC solution integration 245allow meta_tst vendor_file:file { getattr execute execute_no_trans read open }; 246set_prop(meta_tst, hwservicemanager_prop) 247hwbinder_use(meta_tst); 248allow meta_tst debugfs_tracing:file { open write }; 249 250# Date: W17.29 251# Purpose : Allow meta_tst to call vendor.mediatek.hardware.keymaster_attestation@1.0-service. 252hal_client_domain(meta_tst, mtk_hal_keyattestation) 253 254# Date : WK17.30 255# Operation : Android O migration 256# Purpose : add sepolicy for accessing sysfs_leds 257allow meta_tst sysfs_leds:lnk_file read; 258allow meta_tst sysfs_leds:file rw_file_perms; 259allow meta_tst sysfs_leds:dir r_dir_perms; 260 261# Date: WK17.43 262# Purpose: add permission for meta_tst access md image 263allow meta_tst md_block_device:blk_file { read open }; 264allow meta_tst mddb_data_file:file { create open write read getattr}; 265allow meta_tst mddb_data_file:dir { search write add_name create getattr read open }; 266 267# Date: W17.43 268# Purpose : Allow meta_tst to call Audio HAL service 269binder_call(meta_tst, mtk_hal_audio) 270allow meta_tst mtk_hal_audio:binder call; 271#allow meta_tst hal_audio_hwservice:hwservice_manager find; 272allow meta_tst mtk_audiohal_data_file:dir {read search open}; 273allow meta_tst audio_device:chr_file rw_file_perms; 274allow meta_tst audio_device:dir w_dir_perms; 275 276#Data:W1745 277# Purpose : Allow meta_tst to open and read proc/bootprof 278allow meta_tst proc_bootprof:file {write open read}; 279 280# Date:W17.51 281# Operation : lbs hal 282# Purpose : lbs hidl interface permission 283hal_client_domain(meta_tst, mtk_hal_lbs) 284 285# Data:W1750 286# Purpose : Allow meta_tst to access mtd device 287allow meta_tst mtd_device:blk_file rw_file_perms; 288 289#Date: W17.51 290#Purpose : Allow meta_tst to access pesist.atm.mdmode in ATM. 291set_prop(meta_tst, vendor_mtk_atm_mdmode_prop) 292 293#Date: W17.51 294#Purpose : Allow meta_tst to access pesist.atm.ipaddress in ATM. 295set_prop(meta_tst, vendor_mtk_atm_ipaddr_prop) 296 297# Date : WK18.16 298# Operation: P migration 299# Purpose: Allow meta_tst to get vendor_mtk_tel_switch_prop 300get_prop(meta_tst, vendor_mtk_tel_switch_prop) 301 302# Date : WK18.21 303# Operation: P migration 304# Purpose : Allow meta_tst to call nvram hal 305allow meta_tst nvram_agent_binder_hwservice:hwservice_manager find; 306allow meta_tst nvram_agent_binder:binder call; 307 308# Date : WK18.21 309# Operation: P migration 310# Purpose : Allow meta_tst to write misc partition 311allow meta_tst block_device:dir search; 312 313# Date : W18.24 314# Operation: P migration 315# Purpose : Allow meta_tst to access tpd sysfs nodes for CTP test 316allow meta_tst sysfs_tpd_setting:dir search; 317allow meta_tst sysfs_tpd_setting:file { read getattr open }; 318 319# Date : WK18.24 320# Operation: P migration 321# Purpose : Allow meta_tst to unmount partition, stop service, and then erase partition 322allow meta_tst vendor_shell_exec:file { read execute open execute_no_trans }; 323allow meta_tst vendor_toolbox_exec:file { execute_no_trans }; 324allow meta_tst labeledfs:filesystem { unmount }; 325allow meta_tst proc_cmdline:file { read open getattr }; 326allow meta_tst meta_tst:capability { sys_admin }; 327allow meta_tst sysfs_dt_firmware_android:file { read open getattr }; 328allow meta_tst sysfs_dt_firmware_android:dir { read open search }; 329# Purpose : Allow meta_tst to communicate with driver thru socket 330allow meta_tst meta_tst:capability { sys_module net_admin net_raw }; 331allow meta_tst self:udp_socket { create ioctl }; 332allowxperm meta_tst self:udp_socket ioctl priv_sock_ioctls; 333 334# Date : WK18.25 335# Operation: P migration 336# Purpose : GPS test, Allow meta_tst to write/connect tcp socket 337allow meta_tst node:tcp_socket node_bind; 338allow meta_tst port:tcp_socket { name_bind name_connect }; 339allow meta_tst self:capability net_raw; 340allow meta_tst self:tcp_socket { setopt bind create listen accept connect }; 341allow meta_tst self:tcp_socket { read write }; 342allow meta_tst self:udp_socket { write connect }; 343 344# Date : WK18.28 345# Operation: P migration 346# Purpose : AUDIO test, Allow meta_tst to write/read asound 347allow meta_tst proc_asound:dir { read search open }; 348allow meta_tst proc_asound:file { read open getattr write }; 349allow meta_tst mtk_audiohal_data_file:dir { read search open }; 350allow meta_tst sysfs_headset:file { read open }; 351 352# Date: W18.05 353# Purpose : Allow meta_tst to use socket for listening uevent 354allow meta_tst meta_tst:netlink_kobject_uevent_socket { read bind create setopt }; 355 356# Date : WK18.28 357# Operation: P migration 358# Purpose : 359set_prop(meta_tst, vendor_mtk_usb_prop) 360 361# Date: W18.29 362# Operation: Catch log 363# Purpose : meta connect with loghidlserver by socket. 364allow meta_tst loghidlvendorservice:unix_stream_socket connectto; 365 366# Date: W18.32 367# Operation: Android P migration 368# Purpose : Allow meta_tst to set powerctl property 369# avc: denied { set } for property=sys.powerctl pid=330 uid=0 gid=1001 scontext=u:r:meta_tst:s0 370# tcontext=u:object_r:powerctl_prop:s0 tclass=property_service permissive=0 371set_prop(meta_tst, powerctl_prop) 372 373# Date: W18.33 374# Operation: Android P migration 375# Purpose : Allow meta_tst to set system clock 376# avc: denied { sys_time } for capability=25 scontext=u:r:meta_tst:s0 tcontext=u:r:meta_tst:s0 tclass=capability permissive=0 377allow meta_tst self:capability sys_time; 378 379# Data: W18.35 380# Operation: Android P migration 381# Purpose : check usb online status 382# avc: denied { search } for name="power_supply" dev="sysfs" ino=8712 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0 383# avc: denied { read } for name="online" dev="sysfs" ino=8764 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0 384# avc: denied { open } for path="/sys/devices/platform/mt_charger/power_supply/usb/online" dev="sysfs" ino=8764 scontext=u:r:meta_tst:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0 385allow meta_tst sysfs_batteryinfo:dir search; 386allow meta_tst sysfs_batteryinfo:file {read open}; 387 388# Data: W18.42 389# Operation: Android P migration 390# Purpose : add socket permission for meta 391allow meta_tst fwmarkd_socket:sock_file write; 392 393#Date: W18.42 394# Operation: Android P migration 395# Purpose : Add ATM meta mvram sepolicy 396allow meta_tst mnt_vendor_file:dir search; 397 398# Date : WK18.44 399# Operation: P migration 400# Purpose : adsp 401allow meta_tst adsp_device:chr_file rw_file_perms; 402 403# Date : WK19.08 404# Operation: P migration 405# Purpose : audio scp recovery 406allow meta_tst audio_scp_device:chr_file r_file_perms; 407 408# Date : WK19.50 409# Purpose: Allow bt process or tool to control bt_dbg 410allow meta_tst proc_btdbg:file rw_file_perms; 411 412# Date : WK20.07 413# Operation: R migration 414# Purpose : Add permission for new device node. 415allow meta_tst sysfs_boot_info:file r_file_perms; 416allow meta_tst proc_bootprof:file getattr; 417allow meta_tst sysfs_meta_info:file r_file_perms; 418 419# Date : WK20.16 420# Operation: R migration 421# Purpose : Allow meta_tst to access /sys/power/* 422allow meta_tst sysfs_power:file rw_file_perms; 423allow meta_tst sysfs_power:dir r_dir_perms; 424allow meta_tst self:capability2 {block_suspend}; 425 426# Date : WK20.14 427# Purpose: Allow meta connect GPS MNLD 428allow meta_tst mnld:unix_stream_socket connectto; 429 430# Date : WK20.25 431# Operation: Android R migration 432# Purpose : for sensor test 433allow meta_tst hf_manager_device:chr_file rw_file_perms; 434