1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# volume manager 6 7# Date : WK16.19 8# Operation : Migration 9# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts 10allow vold iso9660:filesystem unmount; 11 12# Date : WK16.19 13# Operation : Migration 14# Purpose : vold will traverse /proc when remountUid(). 15# It will trigger violation if mtk customize some label in /proc. 16# However, we should ignore the violation if the processes never access the storage. 17dontaudit vold proc_mtkcooler:dir { read open }; 18dontaudit vold proc_mtktz:dir { read open }; 19dontaudit vold proc_thermal:dir { read open }; 20 21# Date : WK18.30 22# Operation : Migration 23# Purpose : vold create mdlog folder in data for meta mode. 24allow vold mdlog_data_file:dir { create_dir_perms }; 25 26allow vold mtd_device:blk_file rw_file_perms; 27 28# dontaudit for fstrim on 'vendor' folder 29dontaudit vold nvdata_file:dir r_dir_perms; 30dontaudit vold nvcfg_file:dir r_dir_perms; 31dontaudit vold protect_f_data_file:dir r_dir_perms; 32dontaudit vold protect_s_data_file:dir r_dir_perms; 33 34# execute mke2fs when format as internal 35allow vold cache_block_device:blk_file getattr; 36allowxperm vold dm_device:blk_file ioctl { 37 BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET 38}; 39allow vold nvcfg_block_device:blk_file getattr; 40allow vold nvdata_device:blk_file getattr; 41allow vold proc_swaps:file r_file_perms; 42allow vold protect1_block_device:blk_file getattr; 43allow vold protect2_block_device:blk_file getattr; 44allow vold proc_swaps:file getattr; 45allow vold swap_block_device:blk_file getattr; 46