From 848bf57127be9d01fd1df4aab95737855456afee Mon Sep 17 00:00:00 2001 From: Chunyan Zhang Date: Tue, 13 Mar 2018 10:53:51 +0800 Subject: import from mediatek/master to mediatek/alps-mp-o1.mp1 --- non_plat/aee_core_forwarder.te | 113 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 non_plat/aee_core_forwarder.te (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te new file mode 100644 index 0000000..82f5c7f --- /dev/null +++ b/non_plat/aee_core_forwarder.te @@ -0,0 +1,113 @@ +# ============================================== +# Policy File of /vendor/bin/aee_core_forwarder Executable File + +# ============================================== +# Type Declaration +# ============================================== +type aee_core_forwarder_exec, exec_type, file_type, vendor_file_type; +type aee_core_forwarder, domain; + +# ============================================== +# MTK Policy Rule +# ============================================== +init_daemon_domain(aee_core_forwarder) + +#/data/core/zcorexxx.zip +allow aee_core_forwarder aee_core_data_file:dir relabelto; +allow aee_core_forwarder aee_core_data_file:dir create_dir_perms; +allow aee_core_forwarder aee_core_data_file:file create_file_perms; +allow aee_core_forwarder system_data_file:dir { write relabelfrom create add_name }; + +#mkdir /sdcard/mtklog/aee_exp and write /sdcard/mtklog/aee_exp/zcorexxx.zip +allow aee_core_forwarder sdcard_type:dir create_dir_perms; +allow aee_core_forwarder sdcard_type:file create_file_perms; +allow aee_core_forwarder self:capability fsetid; +allow aee_core_forwarder aee_exp_data_file:dir create_dir_perms; +allow aee_core_forwarder aee_exp_data_file:file create_file_perms; + +#mkdir(path, mode) +allow aee_core_forwarder self:capability dac_override; + +#read STDIN_FILENO +allow aee_core_forwarder kernel:fifo_file read; + +#read /proc//cmdline +allow aee_core_forwarder domain:dir r_dir_perms; +allow aee_core_forwarder domain:file r_file_perms; + +#get wake_lock to avoid system suspend when coredump is generating +allow aee_core_forwarder sysfs_wake_lock:file rw_file_perms; + +# Date : 2015/07/11 +# Operation : Migration +# Purpose : for mtk debug mechanism +allow aee_core_forwarder self:capability2 block_suspend; + +# Date : 2015/07/21 +# Operation : Migration +# Purpose : for generating core dump on sdcard +allow aee_core_forwarder mnt_user_file:dir search; +allow aee_core_forwarder mnt_user_file:lnk_file read; +allow aee_core_forwarder storage_file:dir search; +allow aee_core_forwarder storage_file:lnk_file read; + +# Date : 2016/03/05 +# Operation : selinux waring fix +# Purpose : avc: denied { search } for pid=15909 comm="aee_core_forwar" +# name="15493" dev="proc" ino=112310 scontext=u:r:aee_core_forwarder:s0 +# tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0 +dontaudit aee_core_forwarder untrusted_app:dir search; + +# Date : 2016/04/18 +# Operation : N0 Migration +# Purpose : access for pipefs +allow aee_core_forwarder kernel:fd use; +# Purpose : read AEE persist property +allow aee_core_forwarder persist_aee_prop:file r_file_perms; +# Purpose: search root dir "/" +allow aee_core_forwarder tmpfs:dir search; +# Purpose : read /selinux_version +allow aee_core_forwarder rootfs:file r_file_perms; + +# Data : 2016/06/13 +# Operation : fix sys_ptrace selinux warning +# Purpose : type=1400 audit(1420070409.080:177): avc: denied { sys_ptrace } for pid=3136 +# comm="aee_core_forwar" capability=19 scontext=u:r:aee_core_forwarder:s0 +# tcontext=u:r:aee_core_forwarder:s0 tclass=capability permissive=0 +dontaudit aee_core_forwarder self:capability sys_ptrace; + +# Data : 2016/06/24 +# Operation : fix media_rw_data_file access selinux warning +# Purpose : +# type=1400 audit(0.0:6511): avc: denied { search } for name="db.p08JgF" +# dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0 +# tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 +# type=1400 audit(0.0:6512): avc: denied { write } for name="db.p08JgF" +# dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0 +# tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 +# type=1400 audit(0.0:6513): avc: denied { add_name } for name="CURRENT.dbg" +# scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 +# tclass=dir permissive=1 +# type=1400 audit(0.0:6514): avc: denied { create } for name="CURRENT.dbg" +# scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 +# tclass=file permissive=1 +# type=1400 audit(0.0:6515): avc: denied { write open } for +# path="/data/media/0/mtklog/aee_exp/temp/db.p08JgF/CURRENT.dbg" dev="dm-0" +# ino=540952 scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 +# tclass=file permissive=1 +allow aee_core_forwarder media_rw_data_file:dir w_dir_perms; +allow aee_core_forwarder media_rw_data_file:file { create open write }; + +# Data : 2017/03/08 +# Operation : fix aee_core_forwarder connect to aee_aedv +# Purpose : type=1400 audit(0.0:6594): avc: denied { connectto } for +# path=00616E64726F69643A6165655F616564 scontext=u:r:aee_core_forwarder:s0 +# tcontext=u:r:aee_aedv:s0 tclass=unix_stream_socket permissive=0 +allow aee_core_forwarder aee_aedv:unix_stream_socket connectto; + +# Data : 2017/08/04 +# Operation : fix sys_nice selinux warning +# Purpose : type=1400 audit(0.0:50): avc: denied { sys_nice } for capability=23 +# scontext=u:r:aee_core_forwarder:s0 tcontext=u:r:aee_core_forwarder:s0 +# tclass=capability permissive=0 +allow aee_core_forwarder self:capability sys_nice; -- cgit v1.2.3 From ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d Mon Sep 17 00:00:00 2001 From: mtk12101 Date: Sat, 17 Mar 2018 17:14:48 +0800 Subject: [ALPS03825066] Resolve vendor violates [Detail] Google add new neverallows rules on android P, some rule violate the rules [Solution] Remove the rules which violate google new rules Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/aee_core_forwarder.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te index 82f5c7f..3258c52 100644 --- a/non_plat/aee_core_forwarder.te +++ b/non_plat/aee_core_forwarder.te @@ -26,7 +26,7 @@ allow aee_core_forwarder aee_exp_data_file:dir create_dir_perms; allow aee_core_forwarder aee_exp_data_file:file create_file_perms; #mkdir(path, mode) -allow aee_core_forwarder self:capability dac_override; +#allow aee_core_forwarder self:capability dac_override; #read STDIN_FILENO allow aee_core_forwarder kernel:fifo_file read; -- cgit v1.2.3 From 3954cad7a1428cda694d8428c2235a78aa6e7cc8 Mon Sep 17 00:00:00 2001 From: Bo Ye Date: Mon, 19 Mar 2018 14:09:26 +0800 Subject: [ALPS03825066] P migration selinux build failed fix 1. Mark polices which accessing proc/sysfs file system 2. Add violator attribute to modules violate vendor/system rule. Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/aee_core_forwarder.te | 1 + 1 file changed, 1 insertion(+) (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te index 3258c52..ba5cb23 100644 --- a/non_plat/aee_core_forwarder.te +++ b/non_plat/aee_core_forwarder.te @@ -16,6 +16,7 @@ init_daemon_domain(aee_core_forwarder) allow aee_core_forwarder aee_core_data_file:dir relabelto; allow aee_core_forwarder aee_core_data_file:dir create_dir_perms; allow aee_core_forwarder aee_core_data_file:file create_file_perms; +typeattribute aee_core_forwarder data_between_core_and_vendor_violators; allow aee_core_forwarder system_data_file:dir { write relabelfrom create add_name }; #mkdir /sdcard/mtklog/aee_exp and write /sdcard/mtklog/aee_exp/zcorexxx.zip -- cgit v1.2.3 From 5a583b375a0d33032e8004e1818f05c75363e4f5 Mon Sep 17 00:00:00 2001 From: mtk11285 Date: Wed, 25 Apr 2018 20:30:40 +0800 Subject: [ALPS03841705] modify aee_core_forwarder selinux rule [Detail] transfer aee_core_forwarder form /vendor/bin to /system/bin, so modify aee_core_forwarder selinux rule. [Solution] Change-Id: I9ff1d0b5d521ce2f09780146f6b75c5378d03d4d CR-Id: ALPS03841705 Feature: Android Exception Engine(AEE) --- non_plat/aee_core_forwarder.te | 114 ----------------------------------------- 1 file changed, 114 deletions(-) delete mode 100644 non_plat/aee_core_forwarder.te (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te deleted file mode 100644 index ba5cb23..0000000 --- a/non_plat/aee_core_forwarder.te +++ /dev/null @@ -1,114 +0,0 @@ -# ============================================== -# Policy File of /vendor/bin/aee_core_forwarder Executable File - -# ============================================== -# Type Declaration -# ============================================== -type aee_core_forwarder_exec, exec_type, file_type, vendor_file_type; -type aee_core_forwarder, domain; - -# ============================================== -# MTK Policy Rule -# ============================================== -init_daemon_domain(aee_core_forwarder) - -#/data/core/zcorexxx.zip -allow aee_core_forwarder aee_core_data_file:dir relabelto; -allow aee_core_forwarder aee_core_data_file:dir create_dir_perms; -allow aee_core_forwarder aee_core_data_file:file create_file_perms; -typeattribute aee_core_forwarder data_between_core_and_vendor_violators; -allow aee_core_forwarder system_data_file:dir { write relabelfrom create add_name }; - -#mkdir /sdcard/mtklog/aee_exp and write /sdcard/mtklog/aee_exp/zcorexxx.zip -allow aee_core_forwarder sdcard_type:dir create_dir_perms; -allow aee_core_forwarder sdcard_type:file create_file_perms; -allow aee_core_forwarder self:capability fsetid; -allow aee_core_forwarder aee_exp_data_file:dir create_dir_perms; -allow aee_core_forwarder aee_exp_data_file:file create_file_perms; - -#mkdir(path, mode) -#allow aee_core_forwarder self:capability dac_override; - -#read STDIN_FILENO -allow aee_core_forwarder kernel:fifo_file read; - -#read /proc//cmdline -allow aee_core_forwarder domain:dir r_dir_perms; -allow aee_core_forwarder domain:file r_file_perms; - -#get wake_lock to avoid system suspend when coredump is generating -allow aee_core_forwarder sysfs_wake_lock:file rw_file_perms; - -# Date : 2015/07/11 -# Operation : Migration -# Purpose : for mtk debug mechanism -allow aee_core_forwarder self:capability2 block_suspend; - -# Date : 2015/07/21 -# Operation : Migration -# Purpose : for generating core dump on sdcard -allow aee_core_forwarder mnt_user_file:dir search; -allow aee_core_forwarder mnt_user_file:lnk_file read; -allow aee_core_forwarder storage_file:dir search; -allow aee_core_forwarder storage_file:lnk_file read; - -# Date : 2016/03/05 -# Operation : selinux waring fix -# Purpose : avc: denied { search } for pid=15909 comm="aee_core_forwar" -# name="15493" dev="proc" ino=112310 scontext=u:r:aee_core_forwarder:s0 -# tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0 -dontaudit aee_core_forwarder untrusted_app:dir search; - -# Date : 2016/04/18 -# Operation : N0 Migration -# Purpose : access for pipefs -allow aee_core_forwarder kernel:fd use; -# Purpose : read AEE persist property -allow aee_core_forwarder persist_aee_prop:file r_file_perms; -# Purpose: search root dir "/" -allow aee_core_forwarder tmpfs:dir search; -# Purpose : read /selinux_version -allow aee_core_forwarder rootfs:file r_file_perms; - -# Data : 2016/06/13 -# Operation : fix sys_ptrace selinux warning -# Purpose : type=1400 audit(1420070409.080:177): avc: denied { sys_ptrace } for pid=3136 -# comm="aee_core_forwar" capability=19 scontext=u:r:aee_core_forwarder:s0 -# tcontext=u:r:aee_core_forwarder:s0 tclass=capability permissive=0 -dontaudit aee_core_forwarder self:capability sys_ptrace; - -# Data : 2016/06/24 -# Operation : fix media_rw_data_file access selinux warning -# Purpose : -# type=1400 audit(0.0:6511): avc: denied { search } for name="db.p08JgF" -# dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0 -# tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 -# type=1400 audit(0.0:6512): avc: denied { write } for name="db.p08JgF" -# dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0 -# tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 -# type=1400 audit(0.0:6513): avc: denied { add_name } for name="CURRENT.dbg" -# scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 -# tclass=dir permissive=1 -# type=1400 audit(0.0:6514): avc: denied { create } for name="CURRENT.dbg" -# scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 -# tclass=file permissive=1 -# type=1400 audit(0.0:6515): avc: denied { write open } for -# path="/data/media/0/mtklog/aee_exp/temp/db.p08JgF/CURRENT.dbg" dev="dm-0" -# ino=540952 scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 -# tclass=file permissive=1 -allow aee_core_forwarder media_rw_data_file:dir w_dir_perms; -allow aee_core_forwarder media_rw_data_file:file { create open write }; - -# Data : 2017/03/08 -# Operation : fix aee_core_forwarder connect to aee_aedv -# Purpose : type=1400 audit(0.0:6594): avc: denied { connectto } for -# path=00616E64726F69643A6165655F616564 scontext=u:r:aee_core_forwarder:s0 -# tcontext=u:r:aee_aedv:s0 tclass=unix_stream_socket permissive=0 -allow aee_core_forwarder aee_aedv:unix_stream_socket connectto; - -# Data : 2017/08/04 -# Operation : fix sys_nice selinux warning -# Purpose : type=1400 audit(0.0:50): avc: denied { sys_nice } for capability=23 -# scontext=u:r:aee_core_forwarder:s0 tcontext=u:r:aee_core_forwarder:s0 -# tclass=capability permissive=0 -allow aee_core_forwarder self:capability sys_nice; -- cgit v1.2.3 From 7ad2c5df75565153ccec471f0eb2224c912515cd Mon Sep 17 00:00:00 2001 From: mtk11285 Date: Thu, 17 May 2018 09:52:09 +0800 Subject: [ALPS03841705] AEE porting on Android P about selinux [Detail] 1. add some rules 2. transfer aee_core_forwarder domain form kerenl to aee_core_forwarder Change-Id: I9b576e3937d04b5848baeb156718d0469fa05a75 CR-Id: ALPS03841705 Feature: Android Exception Engine(AEE) --- non_plat/aee_core_forwarder.te | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 non_plat/aee_core_forwarder.te (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te new file mode 100644 index 0000000..a3427ef --- /dev/null +++ b/non_plat/aee_core_forwarder.te @@ -0,0 +1,9 @@ +# ============================================== +# Policy File of /system/bin/aee_core_forwarder Executable File + +# ============================================== +# MTK Policy Rule +# ============================================== + +allow aee_core_forwarder aee_exp_data_file:dir { write add_name search }; +allow aee_core_forwarder aee_exp_data_file:file { write create open getattr }; -- cgit v1.2.3 From 46901e2900a497c472b8a7c01f1350bdd28bbdae Mon Sep 17 00:00:00 2001 From: Juju Sung Date: Wed, 20 Mar 2019 23:52:09 +0800 Subject: [ALPS04357449] Sepolicy: workaround for denied policy [Detail] Set proc node specific node - hraphic_composer - bootanimation - aee_core_forwarder - surfaceflinger Change-Id: I89a1ab578a2841d3a16718153d5a716ad45c399b CR-Id: ALPS04357449 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/aee_core_forwarder.te | 1 + 1 file changed, 1 insertion(+) (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te index a3427ef..255df42 100644 --- a/non_plat/aee_core_forwarder.te +++ b/non_plat/aee_core_forwarder.te @@ -7,3 +7,4 @@ allow aee_core_forwarder aee_exp_data_file:dir { write add_name search }; allow aee_core_forwarder aee_exp_data_file:file { write create open getattr }; +allow aee_core_forwarder hwservicemanager_prop:file { read open getattr }; -- cgit v1.2.3 From 5a2b7e3fdc826a7ca6bc70a3810f14c1661e7d79 Mon Sep 17 00:00:00 2001 From: Shanshan Guo Date: Fri, 14 Jun 2019 15:50:27 +0800 Subject: [ALPS04639771] SEPolicy: Modify workaround [Detail] There is a workaround for bring-up, now it needs to be modified. [Solution] 1.Split workaround to sepcial *.te 2.Modify ged sepolicy 3.Modify mistake 4.Add sepolicy Change-Id: I0894de45e014a5eae754e35b57fbc9b21bc4bf90 CR-Id: ALPS04639771 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/aee_core_forwarder.te | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te index 255df42..2a6d951 100644 --- a/non_plat/aee_core_forwarder.te +++ b/non_plat/aee_core_forwarder.te @@ -8,3 +8,11 @@ allow aee_core_forwarder aee_exp_data_file:dir { write add_name search }; allow aee_core_forwarder aee_exp_data_file:file { write create open getattr }; allow aee_core_forwarder hwservicemanager_prop:file { read open getattr }; + +# Date: 2019/06/14 +# Operation : Migration +# Purpose : interface=android.system.suspend::ISystemSuspend for aee_core_forwarder +wakelock_use(aee_core_forwarder) +allow aee_core_forwarder aee_aed:unix_stream_socket connectto; +allow aee_core_forwarder aee_core_data_file:dir read; +hwbinder_use(aee_core_forwarder) -- cgit v1.2.3 From 4031a4610757debf0aa0de48408c72517fd61bcb Mon Sep 17 00:00:00 2001 From: Huaiming Li Date: Wed, 23 Oct 2019 19:01:41 +0800 Subject: [ALPS04758557] fix aee high risk rules 1. fix some aee high risk rules Change-Id: I637d723cba54ba7119d15617bd2935a4b00dd6c5 CR-Id: ALPS04758557 Feature: Android Exception Engine(AEE) --- non_plat/aee_core_forwarder.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te index 2a6d951..43e97fe 100644 --- a/non_plat/aee_core_forwarder.te +++ b/non_plat/aee_core_forwarder.te @@ -7,12 +7,12 @@ allow aee_core_forwarder aee_exp_data_file:dir { write add_name search }; allow aee_core_forwarder aee_exp_data_file:file { write create open getattr }; -allow aee_core_forwarder hwservicemanager_prop:file { read open getattr }; +get_prop(aee_core_forwarder, hwservicemanager_prop) # Date: 2019/06/14 # Operation : Migration # Purpose : interface=android.system.suspend::ISystemSuspend for aee_core_forwarder wakelock_use(aee_core_forwarder) allow aee_core_forwarder aee_aed:unix_stream_socket connectto; -allow aee_core_forwarder aee_core_data_file:dir read; +allow aee_core_forwarder aee_core_data_file:dir r_dir_perms; hwbinder_use(aee_core_forwarder) -- cgit v1.2.3 From 62292957338968e7a57a9376649d07faf138787a Mon Sep 17 00:00:00 2001 From: mtk11285 Date: Tue, 18 Feb 2020 14:58:04 +0800 Subject: [ALPS04991295] create minicoredump/coredump fail 1. allow crash_dump to read/write /data/aee_exp 2. add mlstrustedobject attribute 3. use rw_dir_perms/create_file_perms to replace open/write... Change-Id: I05ec01fbf54d1d797675918c962dc0b5c3828755 CR-Id: ALPS04991295 Feature: Android Exception Engine(AEE) --- non_plat/aee_core_forwarder.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te index 43e97fe..6bba652 100644 --- a/non_plat/aee_core_forwarder.te +++ b/non_plat/aee_core_forwarder.te @@ -5,8 +5,8 @@ # MTK Policy Rule # ============================================== -allow aee_core_forwarder aee_exp_data_file:dir { write add_name search }; -allow aee_core_forwarder aee_exp_data_file:file { write create open getattr }; +allow aee_core_forwarder aee_exp_data_file:dir rw_dir_perms; +allow aee_core_forwarder aee_exp_data_file:file create_file_perms; get_prop(aee_core_forwarder, hwservicemanager_prop) # Date: 2019/06/14 -- cgit v1.2.3 From e457b72f6af9882c5f385fdfe4fdbe365c1a31aa Mon Sep 17 00:00:00 2001 From: mtk11285 Date: Mon, 9 Mar 2020 15:48:48 +0800 Subject: [ALPS04991295] relable aee_aed/aee_aed64 to crash_dump replace all rules about aee_aed with crash_dump Change-Id: I961afb2ed493860166694bca6b636635053c723d CR-Id: ALPS04991295 Feature: Android Exception Engine(AEE) --- non_plat/aee_core_forwarder.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'non_plat/aee_core_forwarder.te') diff --git a/non_plat/aee_core_forwarder.te b/non_plat/aee_core_forwarder.te index 6bba652..2619bf6 100644 --- a/non_plat/aee_core_forwarder.te +++ b/non_plat/aee_core_forwarder.te @@ -13,6 +13,6 @@ get_prop(aee_core_forwarder, hwservicemanager_prop) # Operation : Migration # Purpose : interface=android.system.suspend::ISystemSuspend for aee_core_forwarder wakelock_use(aee_core_forwarder) -allow aee_core_forwarder aee_aed:unix_stream_socket connectto; +allow aee_core_forwarder crash_dump:unix_stream_socket connectto; allow aee_core_forwarder aee_core_data_file:dir r_dir_perms; hwbinder_use(aee_core_forwarder) -- cgit v1.2.3