[GitHub/LineageOS/android_device_samsung_universal7580-common.git] / sepolicy / init.te

# Mount debugfs on /sys/kernel/debug.
allow init debugfs:dir mounton;

# Mount EFS on /efs
allow init efs_file:dir  mounton;

# /dev/block/mmcblk0p[0-9]
allow init emmcblk_device:blk_file rw_file_perms;

allow init block_device:lnk_file setattr;
allow init tmpfs:lnk_file create_file_perms;

# /sys/class/power_supply/battery and /sys/class/android_usb/android0
allow init sysfs_usb_supply:file { rw_file_perms setattr };

# /data
allow init sdcardd_exec:file r_file_perms;

# sysfs iio:device[0-9]
allow init sysfs:lnk_file setattr;

# sysfs ion device
allow init sysfs_ion:file setattr;

# sysfs usb device
allow init sysfs_android_usb:file setattr;

# read/chown mDNIE symlinks
allow init sysfs_mdnie:lnk_file { r_file_perms setattr };
allow init sysfs_mdnie:file rw_file_perms;

# read/chown camera firmware
allow init sysfs_camera:file { relabelto setattr };
allow init sysfs_camera:filesystem associate;

# WiFi firmware permissions
allow init sysfs_wifi:file setattr;

# Input devices
allow init sysfs_input:file { rw_file_perms setattr };

# BT permissions
allow init sysfs_bluetooth_writable:file setattr;

# GPS permissions
allow init sysfs_gps:lnk_file read;
allow init sysfs_gps:file { rw_file_perms setattr };
allow init gps_data_file:fifo_file write;
allow init gps_data_file:file lock;
allow init gps_device:chr_file { open read write };

# CPU permissions
allow init sysfs_devices_system_cpu:file rw_file_perms;

# sswap permissions
allow init sswap_device:blk_file write;
allow init sysfs_sswap:file { open write };

# Block device sysfs
allow init sysfs_block:file rw_file_perms;

# Audio Jack
allow init sysfs_jack:file setattr;

unix_socket_connect(init, property, rild)

allow init { domain -lmkd -crash_dump }:process noatsecure;

# Allow access to /proc/device-tree nodes
r_dir_file(init, proc_dt_firmware)

allow init sysfs_mmc:file { w_file_perms setattr };
allow init sysfs_net:file rw_file_perms;
allow init sysfs_graphics:file { rw_file_perms setattr };
allow init sysfs_light:file { rw_file_perms setattr };
allow init sysfs_light:lnk_file { rw_file_perms setattr };
allow init sysfs_mdnie:file setattr;
allow init sysfs_sec:file { rw_file_perms setattr };
allow init sysfs_sec:lnk_file read;
allow init sysfs_sensors:file { rw_file_perms setattr };
allow init sysfs_sensors:lnk_file read;
allow init sysfs_multipdp:file setattr;

# Proc files
allow init proc_reset_reason:file rw_file_perms;
allow init proc_vm:file rw_file_perms;
allow init proc_simslot_count:file rw_file_perms;
allow init proc_sec:file rw_file_perms;

# Sockets
allow init socket_device:sock_file { read write getattr setattr create unlink };
Commit	Line	Data
c1a50488 DW	1	# Mount debugfs on /sys/kernel/debug.
	2	allow init debugfs:dir mounton;
	3
	4	# Mount EFS on /efs
	5	allow init efs_file:dir mounton;
	6
	7	# /dev/block/mmcblk0p[0-9]
	8	allow init emmcblk_device:blk_file rw_file_perms;
	9
ee133eb7	10	allow init block_device:lnk_file setattr;
c1a50488 DW	11	allow init tmpfs:lnk_file create_file_perms;
	12
	13	# /sys/class/power_supply/battery and /sys/class/android_usb/android0
c63278d0	14	allow init sysfs_usb_supply:file { rw_file_perms setattr };
c1a50488	15
c1a50488 DW	16	# /data
	17	allow init sdcardd_exec:file r_file_perms;
	18
	19	# sysfs iio:device[0-9]
	20	allow init sysfs:lnk_file setattr;
	21
c63278d0 DW	22	# sysfs ion device
	23	allow init sysfs_ion:file setattr;
	24
	25	# sysfs usb device
	26	allow init sysfs_android_usb:file setattr;
	27
c1a50488	28	# read/chown mDNIE symlinks
ee133eb7 JA	29	allow init sysfs_mdnie:lnk_file { r_file_perms setattr };
ee133eb7 JA	30	allow init sysfs_mdnie:file rw_file_perms;
c1a50488 DW	31
c1a50488 DW	32	# read/chown camera firmware
c63278d0 DW	33	allow init sysfs_camera:file { relabelto setattr };
	34	allow init sysfs_camera:filesystem associate;
	35
	36	# WiFi firmware permissions
	37	allow init sysfs_wifi:file setattr;
	38
	39	# Input devices
	40	allow init sysfs_input:file { rw_file_perms setattr };
	41
	42	# BT permissions
	43	allow init sysfs_bluetooth_writable:file setattr;
	44
	45	# GPS permissions
	46	allow init sysfs_gps:lnk_file read;
1d6bb0a1 DW	47	allow init sysfs_gps:file { rw_file_perms setattr };
	48	allow init gps_data_file:fifo_file write;
	49	allow init gps_data_file:file lock;
	50	allow init gps_device:chr_file { open read write };
c63278d0 DW	51
	52	# CPU permissions
	53	allow init sysfs_devices_system_cpu:file rw_file_perms;
	54
0df5b0cd DW	55	# sswap permissions
	56	allow init sswap_device:blk_file write;
	57	allow init sysfs_sswap:file { open write };
	58
c63278d0 DW	59	# Block device sysfs
	60	allow init sysfs_block:file rw_file_perms;
	61
	62	# Audio Jack
	63	allow init sysfs_jack:file setattr;
c1a50488 DW	64
c1a50488 DW	65	unix_socket_connect(init, property, rild)
93f72ed5 EC	66
93f72ed5 EC	67	allow init { domain -lmkd -crash_dump }:process noatsecure;
c63278d0 DW	68
	69	# Allow access to /proc/device-tree nodes
	70	r_dir_file(init, proc_dt_firmware)
	71
	72	allow init sysfs_mmc:file { w_file_perms setattr };
	73	allow init sysfs_net:file rw_file_perms;
	74	allow init sysfs_graphics:file { rw_file_perms setattr };
	75	allow init sysfs_light:file { rw_file_perms setattr };
62865c85	76	allow init sysfs_light:lnk_file { rw_file_perms setattr };
ee133eb7	77	allow init sysfs_mdnie:file setattr;
c63278d0 DW	78	allow init sysfs_sec:file { rw_file_perms setattr };
	79	allow init sysfs_sec:lnk_file read;
	80	allow init sysfs_sensors:file { rw_file_perms setattr };
	81	allow init sysfs_sensors:lnk_file read;
	82	allow init sysfs_multipdp:file setattr;
	83
	84	# Proc files
	85	allow init proc_reset_reason:file rw_file_perms;
b1e82b80	86	allow init proc_vm:file rw_file_perms;
c63278d0	87	allow init proc_simslot_count:file rw_file_perms;
b1e82b80	88	allow init proc_sec:file rw_file_perms;
c63278d0 DW	89
c63278d0 DW	90	# Sockets
b1e82b80	91	allow init socket_device:sock_file { read write getattr setattr create unlink };