sepolicy/cpboot-daemon.te

   1 # modem daemon sec label
   2 type cpboot-daemon, domain;
   3 type cpboot-daemon_exec, exec_type, file_type, vendor_file_type;
   4
   5 net_domain(cpboot-daemon)
   6 init_daemon_domain(cpboot-daemon)
   7 wakelock_use(cpboot-daemon)
   8 set_prop(cpboot-daemon, modemloader_prop)
   9
  10 allow cpboot-daemon self:capability { setuid setgid };
  11
  12 # FIXME neverallow rule
  13 # allow cpboot-daemon self:capability mknod;
  14 allow cpboot-daemon kernel:system syslog_read;
  15 allow cpboot-daemon cgroup:dir create_dir_perms;
  16
  17 # /dev/log/*
  18 #allow cpboot-daemon log_device:dir r_dir_perms;
  19 #allow cpboot-daemon log_device:chr_file rw_file_perms;
  20 # /dev/kmsg (write to kernel log)
  21 allow cpboot-daemon kmsg_device:chr_file rw_file_perms;
  22
  23 # /dev/umts_boot0
  24 allow cpboot-daemon mif_device:chr_file rw_file_perms;
  25 # /dev/mbin0
  26 allow cpboot-daemon emmcblk_device:blk_file r_file_perms;
  27 # /dev/spi_boot_link
  28 allow cpboot-daemon radio_device:chr_file rw_file_perms;
  29 # /dev/block/mmcblk0p13
  30 allow cpboot-daemon block_device:dir r_dir_perms;
  31 allow cpboot-daemon radio_block_device:blk_file r_file_perms;
  32
  33 # /dev/mipi-lli/lli_control
  34 allow cpboot-daemon sysfs_mipi:file rw_file_perms;
  35
  36 # /efs
  37 allow cpboot-daemon efs_file:dir r_dir_perms;
  38
  39 # /efs/nv_data.bin
  40 allow cpboot-daemon bin_nv_data_efs_file:file rw_file_perms;
  41 allow cpboot-daemon efs_file:file rw_file_perms;
  42
  43 # /proc/cmdline
  44 allow cpboot-daemon proc:file r_file_perms;
  45
  46 # set properties on boot
  47 set_prop(cpboot-daemon, cpboot-daemon_prop)
  48 set_prop(cpboot-daemon, radio_prop)
  49 set_prop(cpboot-daemon, system_prop)