# ============================================== # Policy File of /system/bin/ccci_mdinit Executable File # ============================================== # Type Declaration # ============================================== type ccci_mdinit_exec , exec_type, file_type, vendor_file_type; type ccci_mdinit ,domain; # ============================================== # MTK Policy Rule # ============================================== init_daemon_domain(ccci_mdinit) wakelock_use(ccci_mdinit) #=============allow ccci_mdinit to start gsm0710muxd============== set_prop(ccci_mdinit, ctl_gsm0710muxd_prop) #=============allow ccci_mdinit to start emcsmdlogger============== set_prop(ccci_mdinit, ctl_mdlogger_prop) #=============allow ccci_mdinit to start c2krild============== set_prop(ccci_mdinit, ctl_viarild_prop) #=============allow ccci_mdinit to start/stop rild, mdlogger============== set_prop(ccci_mdinit, ctl_mdlogger_prop) set_prop(ccci_mdinit, ctl_emdlogger1_prop) set_prop(ccci_mdinit, ctl_emdlogger2_prop) set_prop(ccci_mdinit, ctl_emdlogger3_prop) set_prop(ccci_mdinit, ctl_dualmdlogger_prop) set_prop(ccci_mdinit, ctl_gsm0710muxd_prop) set_prop(ccci_mdinit, ctl_gsm0710muxd-s_prop) set_prop(ccci_mdinit, ctl_gsm0710muxd-d_prop) #set_prop(ccci_mdinit, ctl_rildaemon_prop) set_prop(ccci_mdinit, ctl_ril-daemon-mtk_prop) set_prop(ccci_mdinit, ctl_fusion_ril_mtk_prop) set_prop(ccci_mdinit, ctl_ril-daemon-s_prop) set_prop(ccci_mdinit, ctl_ril-daemon-d_prop) set_prop(ccci_mdinit, ctl_ril-proxy_prop) set_prop(ccci_mdinit, ril_active_md_prop) set_prop(ccci_mdinit, mtk_md_prop) #set_prop(ccci_mdinit, radio_prop) set_prop(ccci_mdinit, net_cdma_mdmstat) set_prop(ccci_mdinit, ctl_start_prop) #=============allow ccci_mdinit to get tel_switch_prop============== get_prop(ccci_mdinit, tel_switch_prop) #=============allow ccci_mdinit to start/stop fsd============== set_prop(ccci_mdinit, ctl_ccci_fsd_prop) set_prop(ccci_mdinit, ctl_ccci2_fsd_prop) set_prop(ccci_mdinit, ctl_ccci3_fsd_prop) get_prop(ccci_mdinit, vendor_default_prop) get_prop(ccci_mdinit, init_svc_emdlogger1_prop) get_prop(ccci_mdinit, init_svc_aee_aedv_prop) allow ccci_mdinit ccci_device:chr_file rw_file_perms; allow ccci_mdinit ccci_monitor_device:chr_file rw_file_perms; #=============allow ccci_mdinit to access MD NVRAM============== allow ccci_mdinit nvram_data_file:dir rw_dir_perms; allow ccci_mdinit nvram_data_file:file create_file_perms; allow ccci_mdinit nvram_data_file:lnk_file read; allow ccci_mdinit nvdata_file:lnk_file read; allow ccci_mdinit nvdata_file:dir rw_dir_perms; allow ccci_mdinit nvdata_file:file create_file_perms; allow ccci_mdinit nvram_device:chr_file rw_file_perms; #=============allow ccci_mdinit to access ccci config============== allow ccci_mdinit protect_f_data_file:dir rw_dir_perms; allow ccci_mdinit protect_f_data_file:file create_file_perms; #=============allow ccci_mdinit to property============== allow ccci_mdinit protect_s_data_file:dir rw_dir_perms; allow ccci_mdinit protect_s_data_file:file create_file_perms; allow ccci_mdinit nvram_device:blk_file rw_file_perms; allow ccci_mdinit nvdata_device:blk_file rw_file_perms; set_prop(ccci_mdinit, ril_mux_report_case_prop) allow ccci_mdinit ccci_cfg_file:dir create_dir_perms; allow ccci_mdinit ccci_cfg_file:file create_file_perms; #===============security relate ========================== allow ccci_mdinit preloader_device:chr_file rw_file_perms; allow ccci_mdinit misc_sd_device:chr_file r_file_perms; allow ccci_mdinit sec_ro_device:chr_file r_file_perms; allow ccci_mdinit custom_file:dir r_dir_perms; allow ccci_mdinit custom_file:file r_file_perms; # Purpose : for nand partition access allow ccci_mdinit mtd_device:dir search; allow ccci_mdinit mtd_device:chr_file rw_file_perms; allow ccci_mdinit devmap_device:chr_file r_file_perms; # Purpose : for device bring up, not to block early migration/sanity allow ccci_mdinit proc_lk_env:file rw_file_perms; allow ccci_mdinit para_block_device:blk_file rw_file_perms; #============= ccci_mdinit sysfs related ============== allow ccci_mdinit sysfs_ccci:dir search; allow ccci_mdinit sysfs_ccci:file rw_file_perms; allow ccci_mdinit sysfs_ssw:dir search; allow ccci_mdinit sysfs_ssw:file r_file_perms; allow ccci_mdinit sysfs_boot_mode:file { read open }; # Purpose : Allow ccci_mdinit to open and read/write /proc/bootprof allow ccci_mdinit proc_bootprof:file rw_file_perms; # Date : WK18.21 # Operation: P migration # Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() allow ccci_mdinit mnt_vendor_file:dir search; # Purpose : Allow ccci_mdinit call sysenv_get and sysenv_set allow ccci_mdinit block_device:dir search; allow ccci_mdinit metadata_file:dir search; allow ccci_mdinit proc_cmdline:file r_file_perms; allow ccci_mdinit sysfs_dt_firmware_android:dir search;