1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# New added for moving to /system 6type mobile_log_d_exec, system_file_type, exec_type, file_type; 7typeattribute mobile_log_d coredomain; 8typeattribute mobile_log_d mlstrustedsubject; 9 10init_daemon_domain(mobile_log_d) 11 12#syslog module 13allow mobile_log_d kernel:system syslog_mod; 14 15#GMO project 16dontaudit mobile_log_d untrusted_app:fd use; 17dontaudit mobile_log_d isolated_app:fd use; 18 19#debug property set 20set_prop(mobile_log_d, debug_prop) 21 22#socket connect and write 23unix_socket_connect(mobile_log_d, logdr, logd); 24 25#capability 26allow mobile_log_d self:capability { setuid setgid chown fowner fsetid }; 27allow mobile_log_d self:capability { setuid chown setgid }; 28allow mobile_log_d self:capability2 syslog; 29 30#aee mode switch 31allow mobile_log_d system_file:file execute_no_trans; 32 33#shell command 34allow mobile_log_d shell_exec:file rx_file_perms; 35 36# execute logcat command 37allow mobile_log_d logcat_exec:file rx_file_perms; 38 39# execute 'logcat -L' via dumpstate 40domain_auto_trans(mobile_log_d, logcat_exec, dumpstate) 41 42#general storage access 43allow mobile_log_d storage_file:dir create_dir_perms; 44allow mobile_log_d storage_file:file create_file_perms; 45allow mobile_log_d storage_file:lnk_file create_file_perms; 46allow mobile_log_d mnt_user_file:dir create_dir_perms; 47allow mobile_log_d mnt_user_file:lnk_file create_file_perms; 48allow mobile_log_d sdcard_type:dir create_dir_perms; 49allow mobile_log_d sdcard_type:file create_file_perms; 50 51#factory mode vfat access 52allow mobile_log_d vfat:dir create_dir_perms; 53allow mobile_log_d vfat:file create_file_perms; 54 55#chiptest mode storage access 56allow mobile_log_d mnt_media_rw_file:dir create_dir_perms; 57allow mobile_log_d mnt_media_rw_file:lnk_file create_file_perms; 58 59#system/bin/toybox for using 'sh' command 60allow mobile_log_d toolbox_exec:file rx_file_perms; 61 62#selinux_version access 63allow mobile_log_d rootfs:file r_file_perms; 64 65#dev/__properties__ access 66get_prop(mobile_log_d, device_logging_prop) 67get_prop(mobile_log_d, mmc_prop) 68get_prop(mobile_log_d, safemode_prop) 69 70# purpose: allow MobileLog to access storage in N version 71allow mobile_log_d media_rw_data_file:file create_file_perms; 72allow mobile_log_d media_rw_data_file:dir create_dir_perms; 73 74# access debugfs/tracing/instances/ 75allow mobile_log_d debugfs_tracing:dir create_dir_perms; 76#allow mobile_log_d debugfs_tracing:file create_file_perms; 77allow mobile_log_d debugfs_tracing_instances:dir create_dir_perms; 78allow mobile_log_d debugfs_tracing_instances:file create_file_perms; 79 80#data/debuglog 81allow mobile_log_d debuglog_data_file:dir {relabelto create_dir_perms}; 82allow mobile_log_d debuglog_data_file:file create_file_perms; 83 84#mcupm 85allow mobile_log_d mcupm_device:chr_file r_file_perms; 86allow mobile_log_d sysfs_mcupm:file w_file_perms; 87allow mobile_log_d sysfs_mcupm:dir search; 88 89allow mobile_log_d sysfs_boot_info:file r_file_perms; 90 91#for logpost feature 92userdebug_or_eng(` 93 allow mobile_log_d domain:dir r_dir_perms; 94 allow mobile_log_d domain:{file lnk_file} r_file_perms; 95 allow mobile_log_d dnsproxyd_socket:sock_file write; 96 allow mobile_log_d self:udp_socket create; 97 allow mobile_log_d netd:unix_stream_socket connectto; 98 allow mobile_log_d self:tcp_socket getopt; 99 allow mobile_log_d fwmarkd_socket:sock_file write; 100 set_prop(mobile_log_d, system_mtk_mobile_log_post_prop) 101') 102 103#mobile itself property 104set_prop(mobile_log_d, system_mtk_mobile_log_prop) 105 106# purpose: allow mobile_log_d to read persist.vendor.mtk.aee 107get_prop(mobile_log_d, system_mtk_persist_mtk_aee_prop) 108