1# ============================================== 2# Policy File of /system/bin/mtkrild Executable File 3 4# ============================================== 5# Type Declaration 6# ============================================== 7type mtkrild_exec , exec_type, file_type, vendor_file_type; 8type mtkrild ,domain; 9 10# ============================================== 11# MTK Policy Rule 12# ============================================== 13init_daemon_domain(mtkrild) 14net_domain(mtkrild) 15 16# Trigger module auto-load. 17allow mtkrild kernel:system module_request; 18 19# Capabilities assigned for mtkrild 20allow mtkrild self:capability { setuid net_admin net_raw }; 21 22# Control cgroups 23allow mtkrild cgroup:dir create_dir_perms; 24 25# Property service 26# allow set RIL related properties (radio./net./system./etc) 27set_prop(mtkrild, vendor_mtk_ril_active_md_prop) 28 29# allow set muxreport control properties 30set_prop(mtkrild, vendor_mtk_ril_cdma_report_prop) 31set_prop(mtkrild, vendor_mtk_ril_mux_report_case_prop) 32set_prop(mtkrild, vendor_mtk_ctl_muxreport-daemon_prop) 33 34#Dat: 2017/02/14 35#Purpose: allow set telephony Sensitive property 36set_prop(mtkrild, vendor_mtk_telephony_sensitive_prop) 37 38# Access to wake locks 39wakelock_use(mtkrild) 40 41# Allow access permission to efs files 42allow mtkrild efs_file:dir create_dir_perms; 43allow mtkrild efs_file:file create_file_perms; 44allow mtkrild bluetooth_efs_file:file r_file_perms; 45allow mtkrild bluetooth_efs_file:dir r_dir_perms; 46 47# Allow access permission to dir/files 48# (radio data/system data/proc/etc) 49# Violate Android P rule 50allow mtkrild sdcardfs:dir r_dir_perms; 51# Violate Android P rule 52#allow mtkrild system_file:file x_file_perms; 53allow mtkrild proc_net:file w_file_perms; 54 55# Set and get routes directly via netlink. 56allow mtkrild self:netlink_route_socket nlmsg_write; 57 58# Allow read/write to devices/files 59allow mtkrild mtk_radio_device:dir search; 60allow mtkrild radio_device:chr_file rw_file_perms; 61allow mtkrild radio_device:blk_file r_file_perms; 62allow mtkrild mtd_device:dir search; 63# Allow read/write to tty devices 64allow mtkrild tty_device:chr_file rw_file_perms; 65allow mtkrild eemcs_device:chr_file { rw_file_perms }; 66 67#allow mtkrild Vcodec_device:chr_file { rw_file_perms }; 68allow mtkrild devmap_device:chr_file { r_file_perms }; 69allow mtkrild devpts:chr_file { rw_file_perms }; 70allow mtkrild ccci_device:chr_file { rw_file_perms }; 71allow mtkrild misc_device:chr_file { rw_file_perms }; 72allow mtkrild proc_lk_env:file rw_file_perms; 73#allow mtkrild bootdevice_block_device:blk_file { rw_file_perms }; 74allow mtkrild para_block_device:blk_file { rw_file_perms }; 75 76# Allow dir search, fd uses 77allow mtkrild block_device:dir search; 78allow mtkrild platform_app:fd use; 79allow mtkrild radio:fd use; 80 81# For MAL MFI 82allow mtkrild mal_mfi_socket:sock_file { w_file_perms }; 83 84# For ccci sysfs node 85allow mtkrild sysfs_ccci:dir search; 86allow mtkrild sysfs_ccci:file r_file_perms; 87 88#For Kryptowire mtklog issue 89allow mtkrild aee_aedv:unix_stream_socket connectto; 90# Allow ioctl in order to control network interface 91allowxperm mtkrild self:udp_socket ioctl {SIOCDELRT SIOCSIFFLAGS SIOCSIFADDR SIOCKILLADDR SIOCDEVPRIVATE SIOCDEVPRIVATE_1}; 92 93# Allow to use vendor binder 94vndbinder_use(mtkrild) 95 96# Allow to trigger IPv6 RS 97allow mtkrild node:rawip_socket node_bind; 98 99#Date : W18.15 100#Purpose: allow rild access to vendor.ril.ipo system property 101set_prop(mtkrild, vendor_mtk_ril_ipo_prop) 102 103# Date : WK18.16 104# Operation: P migration 105# Purpose: Allow mtkrild to get vendor_mtk_tel_switch_prop 106get_prop(mtkrild, vendor_mtk_tel_switch_prop) 107 108#Date: W1817 109#Purpose: allow rild access property of vendor_mtk_radio_prop 110set_prop(mtkrild, vendor_mtk_radio_prop) 111 112# Date : WK18.26 113# Operation: P migration 114# Purpose: Allow carrier express HIDL to set vendor property 115set_prop(mtkrild, vendor_mtk_cxp_vendor_prop) 116allow mtkrild mnt_vendor_file:dir search; 117allow mtkrild mnt_vendor_file:file create_file_perms; 118allow mtkrild nvdata_file:dir create_dir_perms; 119allow mtkrild nvdata_file:file create_file_perms; 120 121# Date : WK18.31 122# Operation: P migration 123# Purpose: Allow supplementary service HIDL to set vendor property 124set_prop(mtkrild, vendor_mtk_ss_vendor_prop) 125 126# Date : WK19.43 127# Purpose: Allow wfc module from rild read system property from wfc module 128get_prop(mtkrild, vendor_mtk_wfc_serv_prop) 129 130# Date : 2020/06/11 131# Operation: R migration 132# Purpose: Allow mtkrild to get system_boot_reason_prop 133get_prop(mtkrild, system_boot_reason_prop) 134