• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# ==============================================
2# Policy File of /vendor/bin/rild Executable File
3
4# ==============================================
5# Type Declaration
6# ==============================================
7
8# ==============================================
9# MTK Policy Rule
10# ==============================================
11# Access to wake locks
12wakelock_use(rild)
13# Trigger module auto-load.
14allow rild kernel:system module_request;
15
16# Capabilities assigned for rild
17allow rild self:capability { setuid net_admin net_raw };
18
19# Control cgroups
20allow rild cgroup:dir create_dir_perms;
21
22# Property service
23# allow set RIL related properties (radio./net./system./etc)
24set_prop(rild, vendor_mtk_ril_active_md_prop)
25# allow set muxreport control properties
26set_prop(rild, vendor_mtk_ril_cdma_report_prop)
27set_prop(rild, vendor_mtk_ril_mux_report_case_prop)
28set_prop(rild, vendor_mtk_ctl_muxreport-daemon_prop)
29
30# Access to wake locks
31wakelock_use(rild)
32
33# Allow access permission to efs files
34allow rild efs_file:dir create_dir_perms;
35allow rild efs_file:file create_file_perms;
36allow rild bluetooth_efs_file:file r_file_perms;
37allow rild bluetooth_efs_file:dir r_dir_perms;
38
39# Allow access permission to dir/files
40# (radio data/system data/proc/etc)
41# Violate Android P rule
42allow rild sdcardfs:dir r_dir_perms;
43#allow rild system_file:file x_file_perms;
44allow rild proc_net:file w_file_perms;
45
46# Allow rild to create and use netlink sockets.
47# Set and get routes directly via netlink.
48allow rild self:netlink_route_socket nlmsg_write;
49
50# Allow read/write to devices/files
51allow rild mtk_radio_device:dir search;
52allow rild radio_device:chr_file rw_file_perms;
53allow rild radio_device:blk_file r_file_perms;
54allow rild mtd_device:dir search;
55# Allow read/write to tty devices
56allow rild tty_device:chr_file rw_file_perms;
57allow rild eemcs_device:chr_file { rw_file_perms };
58
59#allow rild Vcodec_device:chr_file { rw_file_perms };
60allow rild devmap_device:chr_file { r_file_perms };
61allow rild devpts:chr_file { rw_file_perms };
62allow rild ccci_device:chr_file { rw_file_perms };
63allow rild misc_device:chr_file { rw_file_perms };
64allow rild proc_lk_env:file rw_file_perms;
65allow rild sysfs_vcorefs_pwrctrl:file { w_file_perms };
66#allow rild bootdevice_block_device:blk_file { rw_file_perms };
67allow rild para_block_device:blk_file { rw_file_perms };
68
69# Allow dir search, fd uses
70allow rild block_device:dir search;
71allow rild platform_app:fd use;
72allow rild radio:fd use;
73
74# For MAL MFI
75allow rild mal_mfi_socket:sock_file { w_file_perms };
76
77# For ccci sysfs node
78allow rild sysfs_ccci:dir search;
79allow rild sysfs_ccci:file r_file_perms;
80
81#Date : W17.18
82#Purpose: Treble SEpolicy denied clean up
83add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice)
84allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find;
85
86#Date : W17.21
87#Purpose: Grant permission to access binder dev node
88vndbinder_use(rild)
89
90#Dat: 2017/03/27
91#Purpose: allow set telephony Sensitive property
92set_prop(rild, vendor_mtk_telephony_sensitive_prop)
93
94# For AGPSD
95allow rild mtk_agpsd:unix_stream_socket connectto;
96
97#Date: 2017/12/6
98#Purpose: allow set the RS times for /proc/sys/net/ipv6/conf/ccmniX/router_solicitations
99allow rild vendor_shell_exec:file {execute_no_trans};
100allow rild vendor_toolbox_exec:file {execute_no_trans};
101
102# Date : WK18.16
103# Operation: P migration
104# Purpose: Allow rild to get vendor_mtk_tel_switch_prop
105get_prop(rild, vendor_mtk_tel_switch_prop)
106
107#Date: W1817
108#Purpose: allow rild access property of vendor_mtk_radio_prop
109set_prop(rild, vendor_mtk_radio_prop)
110
111#Date : W18.21
112#Purpose: allow rild access to vendor.ril.ipo system property
113set_prop(rild, vendor_mtk_ril_ipo_prop)
114
115# Date : WK18.26
116# Operation: P migration
117# Purpose: Allow carrier express HIDL to set vendor property
118set_prop(rild, vendor_mtk_cxp_vendor_prop)
119allow rild mnt_vendor_file:dir search;
120allow rild mnt_vendor_file:file create_file_perms;
121allow rild nvdata_file:dir create_dir_perms;
122allow rild nvdata_file:file create_file_perms;
123
124#Date : W18.29
125#Purpose: allow rild access binder to mtk_hal_secure_element
126allow rild mtk_hal_secure_element:binder call;
127
128# Date : WK18.31
129# Operation: P migration
130# Purpose: Allow supplementary service HIDL to set vendor property
131set_prop(rild, vendor_mtk_ss_vendor_prop)
132
133# Date : 2018/2/27
134# Purpose : for NVRAM recovery mechanism
135set_prop(rild, powerctl_prop)
136
137# Date: 2019/06/14
138# Operation : Migration
139allow rild proc_cmdline:file r_file_perms;
140
141# Date: 2019/07/18
142# Operation: AP wifi path
143# Purpose: Allow packet can be filtered by RILD process
144allow rild self:netlink_netfilter_socket { create_socket_perms_no_ioctl };
145
146# Date : 2019/08/29
147# Purpose: Allow rild to access proc/aed/reboot-reason
148allow rild proc_aed_reboot_reason:file rw_file_perms;
149
150# Date : WK19.43
151# Purpose: Allow wfc module from rild read system property from wfc module
152get_prop(rild, vendor_mtk_wfc_serv_prop)
153
154# Date: 2019/11/15
155# Operation: RILD init flow
156# Purpose: To handle illegal rild started
157set_prop(rild, vendor_mtk_gsm0710muxd_prop)
158
159# Date : 2019/10/29
160# Operation: imstestmode
161# Purpose: Allow HIDL to set vendor property
162set_prop(rild, vendor_mtk_imstestmode_prop)
163
164# Date : 2020/06/11
165# Operation: R migration
166# Purpose: Allow rild to get system_boot_reason_prop
167get_prop(rild, system_boot_reason_prop)
168