• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# ==============================================
2# Policy File of /vendor/binnvram_daemon Executable File
3
4
5# ==============================================
6# Type Declaration
7# ==============================================
8
9type nvram_daemon_exec , exec_type, file_type, vendor_file_type;
10type nvram_daemon ,domain;
11
12# ==============================================
13# MTK Policy Rule
14# ==============================================
15
16init_daemon_domain(nvram_daemon)
17
18
19
20# Date : WK14.31
21# Operation : Migration
22# Purpose : the device is used to store Nvram backup data that can not be lost.
23allow nvram_daemon nvram_device:blk_file rw_file_perms;
24allow nvram_daemon nvdata_device:blk_file rw_file_perms;
25
26# Date : WK14.35
27# Operation : chown folder and file permission
28# Purpose : ensure nvram user can access nvram file normally when upgrade from KK/KK.AOSP to L.
29allow nvram_daemon nvram_data_file:dir create_dir_perms;
30allow nvram_daemon nvram_data_file:file create_file_perms;
31allow nvram_daemon nvram_data_file:lnk_file read;
32allow nvram_daemon nvdata_file:lnk_file read;
33allow nvram_daemon nvdata_file:dir create_dir_perms;
34allow nvram_daemon nvdata_file:file create_file_perms;
35
36allow nvram_daemon als_ps_device:chr_file r_file_perms;
37allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
38allow nvram_daemon gsensor_device:chr_file r_file_perms;
39allow nvram_daemon gyroscope_device:chr_file r_file_perms;
40
41# Purpose: for property set
42allow nvram_daemon self:capability { fowner chown fsetid };
43
44# Purpose: for backup
45allow nvram_daemon nvram_device:chr_file rw_file_perms;
46allow nvram_daemon pro_info_device:chr_file rw_file_perms;
47
48allow nvram_daemon block_device:dir search;
49
50# Purpose: for nand project
51allow nvram_daemon mtd_device:dir search;
52allow nvram_daemon mtd_device:chr_file rw_file_perms;
53
54# Purpose: for fstab parser
55allow nvram_daemon kmsg_device:chr_file w_file_perms;
56allow nvram_daemon proc_lk_env:file rw_file_perms;
57
58# Purpose: property set
59set_prop(nvram_daemon, vendor_mtk_service_nvram_init_prop)
60
61# Purpose: copy /fstab*
62allow nvram_daemon rootfs:dir { read open };
63allow nvram_daemon rootfs:file r_file_perms;
64
65# Purpose: remove /data/nvram link
66allow nvram_daemon nvram_data_file:lnk_file unlink;
67
68# Purpose: for setting property
69set_prop(nvram_daemon, vendor_mtk_service_nvram_init_prop)
70
71#WK17.26 camera 8163
72allow nvram_daemon sysfs:dir read;
73
74# Date : WK18.16
75# Operation: P migration
76# Purpose: Allow nvram_daemon to get vendor_mtk_tel_switch_prop
77get_prop(nvram_daemon, vendor_mtk_tel_switch_prop)
78
79# Date : WK18.21
80# Operation: P migration
81# Purpose: Allow nvram_daemon to search /mnt/vendor/nvdata for fstab
82allow nvram_daemon mnt_vendor_file:dir search;
83allow nvram_daemon self:capability { fowner chown fsetid };
84
85allow nvram_daemon sysfs_boot_mode:file r_file_perms;
86
87# Allow ReadDefaultFstab().
88read_fstab(nvram_daemon)
89