# ============================================== # Policy File of /system/bin/mtkmal Executable File # ============================================== # Type Declaration # ============================================== type mtkmal, domain; type mtkmal_exec, exec_type, file_type; # ============================================== # MTK Policy Rule # ============================================== # permissive mtkmal; init_daemon_domain(mtkmal) # Date : WK15.33 # Operation : Migration # Purpose : for MTKMAL # Basic allow mtkmal socket_device:sock_file write; allow mtkmal device:dir write; allow mtkmal device:dir add_name; allow mtkmal device:lnk_file create; allow mtkmal device:dir remove_name; allow mtkmal device:lnk_file unlink; # ============================================== # TODO: NOT to use device iimmediately, instead of a new label for /dev/radio # allow mtkmal XXX_radio_device:chr_file { open read write ioctl }; # ============================================== allow mtkmal radio_tmpfs:file write; allow mtkmal tmpfs:lnk_file read; # MAL mode allow mtkmal persist_mal_prop:property_service set; # VzW APN table allow mtkmal system_data_file:dir { read write open add_name remove_name }; allow mtkmal mal_data_file:dir create_dir_perms; allow mtkmal mal_data_file:file create_file_perms; # ATCP allow mtkmal devpts:chr_file { open read write ioctl }; allow mtkmal devpts:chr_file { getattr setattr }; # Netlink allow mtkmal self:netlink_route_socket { bind create write nlmsg_read }; # RILPROXY allow mtkmal rilproxy:unix_stream_socket connectto; # RILD connection allow mtkmal mtkrild:unix_stream_socket connectto; allow mtkmal rild_mal_socket:sock_file write; allow mtkmal rild_mal_at_socket:sock_file write; allow mtkmal rild_mal_md2_socket:sock_file write; allow mtkmal rild_mal_at_md2_socket:sock_file write; # IMCB connection allow mtkmal volte_imcb:unix_stream_socket connectto; allow mtkmal volte_imsa1_socket:sock_file write; # IMSM connection allow mtkmal mtkmal:unix_stream_socket connectto; allow mtkmal mal_mfi_socket:sock_file write; # NETd allow mtkmal netd:unix_stream_socket connectto; allow mtkmal netd_socket:sock_file write; # INIT allow mtkmal init:unix_stream_socket connectto; allow mtkmal property_socket:sock_file write; allow mtkmal ctl_volte_imcb_prop:property_service set; allow mtkmal ctl_volte_ua_prop:property_service set; allow mtkmal ctl_volte_stack_prop:property_service set; allow mtkmal volte_prop:property_service set; allow mtkmal ril_mux_report_case_prop:property_service set; allow mtkmal radio_prop:property_service set; allow mtkmal self:capability { setuid setgid }; allow mtkmal system_file:file execute_no_trans; allow mtkmal shell_exec:file { read execute open execute_no_trans }; # ePDGa allow mtkmal devpts:chr_file setattr; allow mtkmal epdg_wod:unix_stream_socket connectto; allow mtkmal wod_sim_socket:sock_file write; allow mtkmal wod_action_socket:sock_file write; allow mtkmal self:udp_socket { create ioctl }; allow mtkmal device:dir write; allow mtkmal device:dir add_name; allow mtkmal self:netlink_route_socket { write nlmsg_write read bind create nlmsg_read }; allow mtkmal device:lnk_file create; #for RAN access wpa unix_socket_send(mtkmal, wpa, wpa) allow mtkmal wpa_socket:dir rw_dir_perms; allow mtkmal wpa_socket:sock_file create_file_perms; allow mtkmal wifi_data_file:dir create_dir_perms; allow mtkmal wifi_data_file:file create_file_perms; allow mtkmal wpa:unix_dgram_socket sendto; allow wpa mtkmal:unix_stream_socket connectto; allow wpa mtkmal:unix_dgram_socket sendto; allow wpa init:unix_dgram_socket sendto; #for access to wfca allow mtkmal wfca:unix_stream_socket connectto; #for timer allow mtkmal self:capability2 wake_alarm;