sepolicy/factory.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195

# ==============================================
# Policy File of /system/binfactory Executable File 


# ==============================================
# Type Declaration
# ==============================================

type factory_exec , exec_type, file_type;
type factory ,domain;

# ==============================================
# Android Policy Rule
# ==============================================

# ==============================================
# NSA Policy Rule
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================

#permissive factory;
init_daemon_domain(factory)
file_type_auto_trans(factory, system_data_file, factory_data_file)
#unconfined_domain(factory)

#============= factory ==============
allow factory FM50AF_device:chr_file { read write ioctl open };
allow factory AD5820AF_device:chr_file { read write ioctl open };
allow factory DW9714AF_device:chr_file { read write ioctl open };
allow factory DW9714A_device:chr_file { read write ioctl open };
allow factory LC898122AF_device:chr_file { read write ioctl open };
allow factory LC898212AF_device:chr_file { read write ioctl open };
allow factory BU6429AF_device:chr_file { read write ioctl open };
allow factory DW9718AF_device:chr_file { read write ioctl open };
allow factory BU64745GWZAF_device:chr_file { read write ioctl open };
allow factory MAINAF_device:chr_file { read write ioctl open };
allow factory MAIN2AF_device:chr_file { read write ioctl open };
allow factory SUBAF_device:chr_file { read write ioctl open };
allow factory MTK_SMI_device:chr_file { read ioctl open };
allow factory accdet_device:chr_file { read ioctl open };
allow factory als_ps_device:chr_file { read ioctl open };
allow factory ashmem_device:chr_file execute;
allow factory audio_device:chr_file { read write ioctl open };
allow factory camera_isp_device:chr_file { read write ioctl open };
allow factory camera_pipemgr_device:chr_file { read ioctl open };
allow factory camera_sysram_device:chr_file { read ioctl open };
allow factory ccci_device:chr_file { read write ioctl open };
allow factory MT_pmic_cali_device:chr_file { read ioctl open };
allow factory barometer_device:chr_file { read ioctl open };
allow factory humidity_device:chr_file { read ioctl open };
allow factory mtk_kpd_device:chr_file { read ioctl open };
allow factory ebc_device:chr_file { read write open };
allow factory fm_device:chr_file { read write ioctl open };
allow factory fuse:dir { read search open };
allow factory gps_device:chr_file { read write open };
allow factory graphics_device:chr_file { read write ioctl open };
allow factory gsensor_device:chr_file { read ioctl open };
allow factory gsm0710muxd_device:chr_file { read write ioctl open };
allow factory gyroscope_device:chr_file { read ioctl open };
allow factory init:unix_stream_socket connectto;
allow factory input_device:chr_file { read ioctl open };
allow factory input_device:dir { read open };
allow factory kd_camera_flashlight_device:chr_file { read write ioctl open };
allow factory kd_camera_hw_device:chr_file { read write ioctl open };
allow factory kernel:system module_request;
allow factory misc_sd_device:chr_file { read ioctl open };
allow factory mnld_device:chr_file { read write ioctl open };
allow factory mnld_exec:file { read execute open execute_no_trans };
allow factory MPED_exec:file { read execute open execute_no_trans };
allow factory mtkFlpDaemon_exec:file { read execute open execute_no_trans };
allow factory msensor_device:chr_file { read ioctl open };
allow factory mt6605_device:chr_file { read write ioctl open getattr };
allow factory node:tcp_socket node_bind;
allow factory nvram_data_file:dir { write read open add_name getattr setattr};
allow factory nvram_data_file:file { write getattr setattr read create open };
allow factory nvram_device:chr_file { read write ioctl open };
allow factory nvram_device:blk_file { read write open ioctl};
allow factory userdata_block_device:blk_file rw_file_perms;
allow factory mmcblk0_block_device:blk_file rw_file_perms;
allow factory mmcblk1_block_device:blk_file rw_file_perms;
allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
allow factory nvdata_device:blk_file rw_file_perms;
allow factory self:capability sys_boot;
#allow factory platformblk_device:dir search;
allow factory port:tcp_socket { name_bind name_connect };
allow factory property_socket:sock_file write;
allow factory rtc_device:chr_file { read write ioctl open };
allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time };
allow factory self:netlink_route_socket { bind create };
allow factory self:process execmem;
allow factory self:tcp_socket { setopt read bind create accept write connect listen };
allow factory self:udp_socket { create ioctl };
allow factory stpbt_device:chr_file { read write open };
allow factory sysfs:file write;
allow factory sysfs_wake_lock:file { read write open };
allow factory system_data_file:dir { write remove_name add_name };
#allow factory system_data_file:file { write create unlink open };
allow factory system_data_file:sock_file { write create unlink setattr };
allow factory system_file:file execute_no_trans;
#allow factory tmpfs:lnk_file read;
allow factory ttyGS_device:chr_file { read write open };
allow factory wmtWifi_device:chr_file { write open };
allow factory nvram_data_file:dir { create_dir_perms };
allow factory nvram_data_file:file { create_file_perms };
allow factory nvram_data_file:lnk_file read;
allow factory nvdata_file:dir { create_dir_perms };
allow factory nvdata_file:file { create_file_perms };
allow factory cct_data_file:dir { create_dir_perms };
allow factory cct_data_file:file { create_file_perms };
allow factory self:capability { sys_nice sys_time };
allow factory system_data_file:dir { write add_name };
allow factory rootfs:dir mounton;
allow factory vfat:dir { read open search mounton };
allow factory vfat:filesystem { mount unmount };
allow factory block_device:dir search;
allow factory graphics_device:dir search;
allow factory input_device:dir search;
allow factory self:capability sys_admin;
allow factory self:capability sys_boot;
allow factory labeledfs:filesystem unmount;
allow factory nvram_device:blk_file { getattr ioctl };
allow factory shell_exec:file execute;
allow factory MT_pmic_adc_cali_device:chr_file { read write ioctl open};
allow factory audio_device:dir search;
allow factory nvram_data_file:dir search;
allow factory audiohal_prop:property_service set;
allow factory pmic_ftm_device:chr_file { read write ioctl open};
allow factory powerctl_prop:property_service set;
allow factory ttyGS_device:chr_file { read write open ioctl};
allow factory ttyMT_device:chr_file { read write open ioctl};
allow factory irtx_device:chr_file { read write ioctl open };
allow factory devpts:chr_file { read write getattr ioctl };
allow factory vfat:dir search;
allow factory hrm_device:chr_file { read ioctl open };
allow factory debugfs:file { read write open };

# Date: WK14.47
# Operation : Migration
# Purpose : CCCI
allow factory eemcs_device:chr_file { read write ioctl open };

# Purpose : SDIO
allow factory ttySDIO_device:chr_file { read write ioctl open };

# Date: WK15.01
# Purpose : OTG Mount
allow factory fuse:dir mounton;
# Date: WK15.07
# Purpose : use c2k flight mode;
allow factory vmodem_device:chr_file { read write ioctl open };

# Date: WK15.13
# Purpose: for nand project
allow factory mtd_device:dir search;
allow factory mtd_device:chr_file { read write ioctl open };
allow factory mtd_device:chr_file rw_file_perms;
allow factory self:capability sys_resource;
allow factory pro_info_device:chr_file { read write ioctl open};

# Data: WK15.28
# Purpose: for mt-ramdump reset
allow factory proc_mrdump_rst:file w_file_perms;

#Date: WK15.31
#Purpose: define factory_data_file instead of system_data_file
# because system_data_file is sensitive partition from M
allow factory self:capability2 block_suspend;
allow factory storage_file:dir { write create add_name search mounton };
allow factory factory_data_file:file { write create unlink open };
allow factory shell_exec:file { read open };
allow resize block_device:dir search;

# Date: WK15.44
# Purpose: factory idle current status
allow factory factory_idle_state_prop:property_service set;

# Date: WK15.46
# Purpose: gps factory mode
allow factory agpsd_data_file:dir search;
allow factory apk_data_file:dir write;
allow factory gps_data_file:dir { read search };
allow factory shell_exec:file execute_no_trans;
allow factory storage_file:lnk_file read;

#Date: WK15.48
#Purpose: capture for factory mode
allow factory devmap_device:chr_file { read ioctl open };
allow factory fuse:dir { write create add_name };
allow factory fuse:file { read write create open getattr };
allow factory mnt_user_file:dir search;
allow factory mnt_user_file:lnk_file read;
allow factory storage_file:lnk_file read;