blob: dc602f86d643e919fd6af44e3ca316e1ce068813 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
##
# Trustonic TEE (mobicore) daemon
#
# ==============================================
# Type Declaration
# ==============================================
type mobicore, domain;
type mobicore_exec, exec_type, file_type;
type mobicore_admin_device, dev_type;
type mobicore_user_device, dev_type;
type mobicore_tui_device, dev_type;
type mobicore_data_file, file_type, data_file_type;
# ==============================================
# Type Declaration for secmem
# ==============================================
type proc_secmem, fs_type;
# genfscon proc /secmem0 u:object_r:proc_secmem:s0;
# ==============================================
# MTK Policy Rule
# ==============================================
# permissive mobicore;
init_daemon_domain(mobicore)
allow mobicore self:capability { dac_override };
allow mobicore mobicore_admin_device:chr_file rw_file_perms;
allow mobicore mobicore_user_device:chr_file rw_file_perms;
allow mobicore mobicore_data_file:dir rw_dir_perms;
allow mobicore mobicore_data_file:file create_file_perms;
allow mobicore self:netlink_socket create_socket_perms;
allow mobicore apk_data_file:dir write;
allow mobicore mobicore_data_file:dir create;
allow mobicore mobicore_data_file:file rw_file_perms;
|
