sepolicy/nvram_daemon.te

   1 type nvram_daemon_exec, exec_type, file_type;
   2 type nvram_daemon, domain, domain_deprecated;
   3
   4 init_daemon_domain(nvram_daemon)
   5
   6 allow nvram_daemon self:capability { fowner dac_override dac_read_search chown fsetid };
   7 allow nvram_daemon nvram_device:blk_file rw_file_perms;
   8 allow nvram_daemon nvdata_device:blk_file rw_file_perms;
   9 allow nvram_daemon nvdata_file:dir create_dir_perms;
  10 allow nvram_daemon nvdata_file:file create_file_perms;
  11 allow nvram_daemon nvdata_file:lnk_file r_file_perms;
  12 allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
  13 allow nvram_daemon als_ps_device:chr_file r_file_perms;
  14 allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
  15 allow nvram_daemon gsensor_device:chr_file r_file_perms;
  16 allow nvram_daemon msensor_device:chr_file r_file_perms;
  17 allow nvram_daemon gyroscope_device:chr_file r_file_perms;
  18 allow nvram_daemon toolbox_exec:file rx_file_perms;
  19
  20 allow nvram_daemon proinfo_device:blk_file rw_file_perms;
  21 allow nvram_daemon nvram_prop:property_service set;
  22 allow nvram_daemon wmt_prop:property_service set;
  23
  24 allow nvram_daemon block_device:dir search;
  25
  26 unix_socket_connect(nvram_daemon, property, init)