• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# ==============================================
2# MTK Policy Rule
3# ==============================================
4
5# Purpose: aee_dumpstate set surfaceflinger property
6set_prop(dumpstate, system_mtk_debug_bq_dump_prop)
7
8# Purpose: access for SYS_MEMORY_INFO
9allow dumpstate fuse:dir { w_dir_perms };
10allow dumpstate fuse:file { write create open setattr append };
11
12# Purpose: mnt/user/*
13allow dumpstate mnt_user_file:dir search;
14allow dumpstate mnt_user_file:lnk_file read;
15
16# Purpose: /storage/*
17allow dumpstate storage_file:lnk_file read;
18
19# Purpose: timer_intval. this is neverallow
20#allow dumpstate app_data_file:dir search;
21allow dumpstate kmsg_device:chr_file r_file_perms;
22
23# Purpose:
24# 01-01 18:00:35.600  7723  7723 I ps      : type=1400 audit(0.0:63712): avc:
25# denied { ioctl } for path="/storage/emulated/0/mtklog/aee_exp/temp/db.PQtNt4/
26# SYS_ALL_THREADS" dev="fuse" ino=209 ioctlcmd=5401 scontext=u:r:dumpstate:s0
27# tcontext=u:object_r:fuse:s0 tclass=file permissive=1
28allow dumpstate fuse:file ioctl;
29
30# Purpose:
31# 01-01 17:59:14.440  7664  7664 I aee_dumpstate: type=1400 audit(0.0:63497):
32# avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev=
33# "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r:
34# tracing_shell_writable:s0 tclass=file permissive=1
35allow dumpstate debugfs_tracing:file { write read open };
36
37# Data : WK17.03
38# Purpose: Allow to access gpu
39allow dumpstate gpu_device:dir search;
40
41# Date: 2017/07/11
42# Purpose: 01-01 08:30:57.474   286   286 E SELinux : avc:  denied  { find } for interface=
43# android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext=
44# u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager
45hal_client_domain(dumpstate, hal_camera)
46allow dumpstate hal_camera_hwservice:hwservice_manager find;
47
48#Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb
49userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };')
50
51# Purpose: Allow dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
52allow dumpstate sysfs_vibrator:file write;
53
54# Purpose : Allow dumpstate self to sys_nice
55allow dumpstate self:capability sys_nice;
56
57# Date: W1826
58# Purpose : mobile_log_d exec 'logcat -L' via dumpstate
59allow dumpstate mobile_log_d:fd use;
60allow dumpstate mobile_log_d:fifo_file write;
61allow dumpstate mobile_log_d:unix_stream_socket { read write };
62
63# Date : 2020/05/21
64# Operation : fix dumpstate dump fail
65# Purpose : type=1400 audit(0.0:24312): avc: denied { sys_admin } for
66#           capability=21 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0
67#           tclass=capability permissive=0
68allow dumpstate self:capability sys_admin;
69