[GitHub/mt8127/android_device_alcatel_ttab.git] / sepolicy / nvram_daemon.te

type nvram_daemon_exec, exec_type, file_type;
type nvram_daemon, domain, domain_deprecated;

init_daemon_domain(nvram_daemon)

allow nvram_daemon self:capability { fowner dac_override dac_read_search chown fsetid };
allow nvram_daemon nvram_device:blk_file rw_file_perms;
allow nvram_daemon nvdata_device:blk_file rw_file_perms;
allow nvram_daemon nvdata_file:dir create_dir_perms;
allow nvram_daemon nvdata_file:file create_file_perms;
allow nvram_daemon nvdata_file:lnk_file r_file_perms;
allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
allow nvram_daemon als_ps_device:chr_file r_file_perms;
allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
allow nvram_daemon gsensor_device:chr_file r_file_perms;
allow nvram_daemon msensor_device:chr_file r_file_perms;
allow nvram_daemon gyroscope_device:chr_file r_file_perms;
allow nvram_daemon toolbox_exec:file rx_file_perms;

allow nvram_daemon proinfo_device:blk_file rw_file_perms;
allow nvram_daemon nvram_prop:property_service set;
allow nvram_daemon wmt_prop:property_service set;

allow nvram_daemon block_device:dir search;

unix_socket_connect(nvram_daemon, property, init)

allow nvram_daemon sysfs_boot_mode:file { read open };
allow nvram_daemon sysfs:file { write };
allow nvram_daemon system_prop:property_service { set };

allow nvram_daemon nvram_device:chr_file { read write open };
allow nvram_daemon mmc_device:blk_file { read write open };
allow nvram_daemon proinfo_device:chr_file { read write open ioctl };
Commit	Line	Data
ce9dd018 S	1	type nvram_daemon_exec, exec_type, file_type;
	2	type nvram_daemon, domain, domain_deprecated;
	3
	4	init_daemon_domain(nvram_daemon)
	5
	6	allow nvram_daemon self:capability { fowner dac_override dac_read_search chown fsetid };
	7	allow nvram_daemon nvram_device:blk_file rw_file_perms;
	8	allow nvram_daemon nvdata_device:blk_file rw_file_perms;
	9	allow nvram_daemon nvdata_file:dir create_dir_perms;
	10	allow nvram_daemon nvdata_file:file create_file_perms;
	11	allow nvram_daemon nvdata_file:lnk_file r_file_perms;
	12	allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
	13	allow nvram_daemon als_ps_device:chr_file r_file_perms;
	14	allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
	15	allow nvram_daemon gsensor_device:chr_file r_file_perms;
	16	allow nvram_daemon msensor_device:chr_file r_file_perms;
	17	allow nvram_daemon gyroscope_device:chr_file r_file_perms;
	18	allow nvram_daemon toolbox_exec:file rx_file_perms;
	19
	20	allow nvram_daemon proinfo_device:blk_file rw_file_perms;
	21	allow nvram_daemon nvram_prop:property_service set;
	22	allow nvram_daemon wmt_prop:property_service set;
	23
	24	allow nvram_daemon block_device:dir search;
	25
	26	unix_socket_connect(nvram_daemon, property, init)
5244c9e3 S	27
	28	allow nvram_daemon sysfs_boot_mode:file { read open };
	29	allow nvram_daemon sysfs:file { write };
	30	allow nvram_daemon system_prop:property_service { set };
9562b311 S	31
	32	allow nvram_daemon nvram_device:chr_file { read write open };
	33	allow nvram_daemon mmc_device:blk_file { read write open };
	34	allow nvram_daemon proinfo_device:chr_file { read write open ioctl };