• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# ==============================================
2# Policy File of /vendor/bin/mnld Executable File
3
4# ==============================================
5# Type Declaration
6# ==============================================
7type mnld, domain;
8type mnld_exec, exec_type, file_type, vendor_file_type;
9typeattribute mnld mlstrustedsubject;
10
11# ==============================================
12# MTK Policy Rule
13# ==============================================
14# STOPSHIP: Permissive is not allowed. CTS violation!
15init_daemon_domain(mnld)
16
17net_domain(mnld)
18# Purpose : For communicate with AGPSD by socket
19allow mnld agpsd_data_file:dir create_dir_perms;
20allow mnld agpsd_data_file:sock_file create_file_perms;
21allow mnld mtk_agpsd:unix_dgram_socket sendto;
22allow mnld sysfs_wake_lock:file rw_file_perms;
23# Purpose : For access NVRAM data
24allow mnld nvram_data_file:dir create_dir_perms;
25allow mnld nvram_data_file:file create_file_perms;
26allow mnld nvram_data_file:lnk_file read;
27allow mnld nvdata_file:lnk_file read;
28allow mnld nvram_device:blk_file rw_file_perms;
29allow mnld nvram_device:chr_file rw_file_perms;
30allow mnld nvdata_file:dir create_dir_perms;
31allow mnld nvdata_file:file create_file_perms;
32# Purpose : For access kernel device
33allow mnld mnld_data_file:dir rw_dir_perms;
34allow mnld mnld_data_file:sock_file create_file_perms;
35allow mnld mnld_device:chr_file rw_file_perms;
36allow mnld mnld_data_file:file rw_file_perms;
37allow mnld mnld_data_file:file create_file_perms;
38allow mnld mnld_data_file:fifo_file create_file_perms;
39# Purpose : For init process
40allow mnld init:udp_socket { read write };
41
42# Send the message to the LBS HIDL Service to forward to applications
43allow mnld lbs_hidl_service:unix_dgram_socket sendto;
44
45# Send the message to the merged hal Service to forward to applications
46allow mnld merged_hal_service:unix_dgram_socket sendto;
47
48# Purpose : For access system data
49allow mnld block_device:dir search;
50set_prop(mnld, vendor_mtk_mnld_prop)
51allow mnld mdlog_device:chr_file { read write };
52allow mnld self:capability { fsetid };
53allow mnld stpbt_device:chr_file { read write };
54allow mnld gpsdl_device:chr_file { read write };
55allow mnld ttyGS_device:chr_file { read write };
56# Purpose : For file system operations
57allow mnld sdcard_type:dir search;
58allow mnld sdcard_type:dir write;
59allow mnld sdcard_type:dir add_name;
60allow mnld sdcard_type:file create;
61allow mnld sdcard_type:file rw_file_perms;
62allow mnld sdcard_type:file create_file_perms;
63allow mnld sdcard_type:dir { read remove_name create open };
64allow mnld tmpfs:lnk_file { read create open };
65allow mnld mtd_device:dir search;
66allow mnld mnt_user_file:lnk_file read;
67allow mnld mnt_user_file:dir search;
68allow mnld gps_data_file:dir { create_dir_perms unlink };
69allow mnld gps_data_file:file { read write open create getattr append setattr unlink lock rename };
70allow mnld gps_data_file:lnk_file read;
71
72allow mnld storage_file:lnk_file read;
73
74# Date : WK15.30
75# Operation : Migration
76# Purpose : for device bring up, not to block early migration/sanity
77allow mnld proc_lk_env:file rw_file_perms;
78
79# For HIDL, communicate mtk_hal_gnss instead of system_server
80allow mnld mtk_hal_gnss:unix_dgram_socket sendto;
81
82# Purpose : MPE sensor HIDL policy
83hwbinder_use(mnld);
84binder_call(mnld, system_server)
85allow mnld fwk_sensor_hwservice:hwservice_manager find;
86get_prop(mnld, hwservicemanager_prop)
87allow mnld debugfs_tracing:file { open write };
88
89allow mnld mnt_vendor_file:dir search;
90
91#get waks_alarm timer create prop
92allow mnld mnld:capability2 wake_alarm;
93
94# Date : WK18.26
95# Purpose : for atci gps test
96allow mnld atci_service:unix_dgram_socket sendto;
97
98allow mnld sysfs_boot_mode:file { read open };
99
100set_prop(mnld, vendor_mtk_radio_prop)
101
102allow mnld proc_cmdline:file r_file_perms;
103allow mnld sysfs_dt_firmware_android:dir search;
104allow mnld sysfs_dt_firmware_android:file r_file_perms;
105allow mnld metadata_file:dir search;
106#for mnld get screen on/off
107allow mnld sysfs_leds:dir search;
108allow mnld sysfs_leds:file r_file_perms;
109#Add for /nvcfg/almanac.dat
110allow mnld nvcfg_file:dir w_dir_perms;
111allow mnld nvcfg_file:file create_file_perms;
112