* taken from https://github.com/lineage-geminipda/android_device_planet_geminipda
Change-Id: I80708a4650646ecd870b60217cafc0212aa2022e
--- /dev/null
+attribute mtk_property_type;
--- /dev/null
+# nvram
+allow audioserver nvdata_file:dir rw_dir_perms;
+allow audioserver nvdata_file:file create_file_perms;
+allow audioserver nvdata_file:lnk_file r_file_perms;
+allow audioserver ccci_device:chr_file rw_file_perms;
+
+# fm radio
+allow audioserver fm_device:chr_file rw_file_perms;
+
+# Audio
+allow audioserver sysfs:file { open read write };
+allow audioserver sysfs_devinfo:file { open read write };
+allow audioserver sysfs_ccci:file r_file_perms;
+allow audioserver sysfs_ccci:dir search;
+allow audioserver audiohal_prop:property_service set;
--- /dev/null
+# Allow access to the hardware node
+allow bluetooth stpbt_device:chr_file rw_file_perms;
+
+# Allow nvram access
+allow bluetooth nvdata_file:dir search;
+allow bluetooth nvdata_file:file rw_file_perms;
+allow bluetooth nvdata_file:lnk_file r_file_perms;
+
+allow bluetooth block_device:dir search;
--- /dev/null
+type ccci_fsd_exec, exec_type, file_type;
+type ccci_fsd, domain, domain_deprecated;
+
+init_daemon_domain(ccci_fsd)
+
+allow ccci_fsd ccci_device:chr_file rw_file_perms;
+allow ccci_fsd ccci_cfg_file:dir create_dir_perms;
+allow ccci_fsd ccci_cfg_file:file create_file_perms;
+allow ccci_fsd nvdata_file:dir create_dir_perms;
+allow ccci_fsd nvdata_file:file create_file_perms;
+allow ccci_fsd nvdata_file:lnk_file r_file_perms;
+allow ccci_fsd protect_f_data_file:dir create_dir_perms;
+allow ccci_fsd protect_f_data_file:file create_file_perms;
+allow ccci_fsd protect_s_data_file:dir create_dir_perms;
+allow ccci_fsd protect_s_data_file:file create_file_perms;
+allow ccci_fsd sysfs_ccci:file rw_file_perms;
+allow ccci_fsd sysfs_ccci:dir search;
+allow ccci_fsd sysfs_wake_lock:file rw_file_perms;
--- /dev/null
+type ccci_mdinit_exec, exec_type, file_type;
+type ccci_mdinit, domain, domain_deprecated;
+
+init_daemon_domain(ccci_mdinit)
+
+allow ccci_mdinit ccci_device:chr_file rw_file_perms;
+allow ccci_mdinit ccci_cfg_file:dir create_dir_perms;
+allow ccci_mdinit ccci_cfg_file:file create_file_perms;
+allow ccci_mdinit nvdata_file:dir rw_dir_perms;
+allow ccci_mdinit nvdata_file:file create_file_perms;
+allow ccci_mdinit nvdata_file:lnk_file r_file_perms;
+allow ccci_mdinit sysfs_ccci:dir search;
+allow ccci_mdinit sysfs_ccci:file rw_file_perms;
+allow ccci_mdinit sysfs_wake_lock:file rw_file_perms;
+allow ccci_mdinit sysfs_devinfo:file r_file_perms;
+
+allow ccci_mdinit nvram_device:blk_file rw_file_perms;
+allow ccci_mdinit mtk_md_prop:property_service set;
+
+allow ccci_mdinit ctl_ccci_fsd_prop:property_service set;
+allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set;
+allow ccci_mdinit ctl_rildaemon_prop:property_service set;
+allow ccci_mdinit radio_prop:property_service set;
+allow ccci_mdinit ril_mux_report_case_prop:property_service set;
+
+allow ccci_mdinit mdlog_data_file:file r_file_perms;
+allow ccci_mdinit mdlog_data_file:dir r_dir_perms;
+
+unix_socket_connect(ccci_mdinit, property, init)
--- /dev/null
+type conn_launcher_exec, exec_type, file_type;
+type conn_launcher, domain, domain_deprecated;
+
+init_daemon_domain(conn_launcher)
+
+allow conn_launcher stpwmt_device:chr_file rw_file_perms;
+allow conn_launcher wmt_prop:property_service set;
+
+unix_socket_connect(conn_launcher, property, init)
--- /dev/null
+# Radio devices
+type ccci_device, dev_type;
+type stpbt_device, dev_type;
+type stpgps_device, dev_type;
+type stpwmt_device, dev_type;
+type hwmsensor_device, dev_type;
+type wmtWifi_device, dev_type;
+type wmtdetect_device, dev_type;
+type gsm0710muxd_device, dev_type;
+type mdlog_device, dev_type;
+type pmic_adc_device, dev_type;
+
+# Sensors
+type als_ps_device, dev_type;
+type mtk-adc-cali_device, dev_type;
+type gsensor_device, dev_type;
+type msensor_device, dev_type;
+type gyroscope_device, dev_type;
+
+# Media
+type accdet_device, dev_type;
+type devmap_device, dev_type;
+type fm_device, dev_type;
+type Vcodec_device, dev_type;
+type M4U_device_device, dev_type;
+type mtk_smi_device, dev_type;
+
+# SPM
+type spm_device, dev_type;
+
+# NFC
+type mt6605_device, dev_type;
+
+# Fingerprint
+type esfp0_device, dev_type;
+type madev0_device, dev_type;
+
+# IR
+type irtx_device, dev_type;
+
+# Block devices
+type proinfo_device, dev_type;
+type nvram_device, dev_type;
+type nvdata_device, dev_type;
+type protect1_device, dev_type;
+type protect2_device, dev_type;
+type logo_block_device, dev_type;
+type para_block_device, dev_type;
+type mmc_device, dev_type;
--- /dev/null
+get_prop(domain, mtk_property_type)
--- /dev/null
+allow drmserver sysfs_devinfo:file { open read write };
\ No newline at end of file
--- /dev/null
+type em_svr_exec, exec_type, file_type;
+type em_svr, domain, domain_deprecated;
+
+init_daemon_domain(em_svr)
+
+allow em_svr gsensor_device:chr_file { read ioctl open };
+allow em_svr gyroscope_device:chr_file { read ioctl open };
+allow em_svr nvdata_file:dir { write read open add_name search };
+allow em_svr nvdata_file:file { write getattr setattr read create open };
\ No newline at end of file
--- /dev/null
+type etsd_exec, exec_type, file_type;
+type etsd, domain, domain_deprecated;
+
+init_daemon_domain(etsd)
+binder_use(etsd)
+
+allow etsd etsd_service:service_manager { add find };
+
+allow etsd esfp0_device:chr_file rw_file_perms;
+
+use_keystore(etsd)
+allow etsd keystore:keystore_key { add_auth };
+
+allow etsd self:capability { dac_override dac_read_search };
\ No newline at end of file
--- /dev/null
+type factory_exec, exec_type, file_type;
+type factory, domain, domain_deprecated;
+
+init_daemon_domain(factory)
+net_domain(factory)
+
+allow factory serial_device:chr_file rw_file_perms;
+
+# Hardware nodes
+allow factory accdet_device:chr_file r_file_perms;
+allow factory ashmem_device:chr_file execute;
+allow factory audio_device:dir r_dir_perms;
+allow factory audio_device:chr_file rw_file_perms;
+allow factory camera_device:chr_file rw_file_perms;
+allow factory ccci_device:chr_file rw_file_perms;
+allow factory devmap_device:chr_file r_file_perms;
+allow factory fm_device:chr_file rwx_file_perms;
+allow factory gsm0710muxd_device:chr_file rw_file_perms;
+allow factory graphics_device:dir search;
+allow factory graphics_device:chr_file rw_file_perms;
+allow factory input_device:dir r_dir_perms;
+allow factory input_device:chr_file r_file_perms;
+allow factory pmic_adc_device:chr_file rw_file_perms;
+allow factory rtc_device:chr_file rw_file_perms;
+allow factory stpbt_device:chr_file rw_file_perms;
+allow factory wmtWifi_device:chr_file rw_file_perms;
+
+# NVRAM
+allow factory nvdata_file:dir create_dir_perms;
+allow factory nvdata_file:file create_file_perms;
+allow factory nvdata_device:blk_file rw_file_perms;
+allow factory nvram_device:blk_file rw_file_perms;
+allow factory proinfo_device:blk_file rw_file_perms;
+
+# Storage
+allow factory mnt_user_file:dir search;
+allow factory mmc_device:blk_file rw_file_perms;
+allow factory storage_file:dir r_dir_perms;
+allow factory storage_file:lnk_file r_file_perms;
+allow factory storage_file:file r_file_perms;
+
+# Configuration
+allow factory sysfs:file write;
+allow factory sysfs_gps_file:dir r_dir_perms;
+allow factory sysfs_gps_file:file rw_file_perms;
+
+# Sensors
+allow factory als_ps_device:chr_file r_file_perms;
+allow factory gsensor_device:chr_file rw_file_perms;
+allow factory msensor_device:chr_file rw_file_perms;
+
+# GPS
+allow factory agpsd_data_file:dir r_dir_perms;
+allow factory agpsd_data_file:sock_file write;
+allow factory stpgps_device:chr_file rw_file_perms;
+allow factory gps_device:chr_file rw_file_perms;
+allow factory mnld_data_file:dir rw_dir_perms;
+allow factory mnld_data_file:file rw_file_perms;
+allow factory mnld_exec:file rx_file_perms;
+allow factory mnld_prop:property_service set;
+
+# Other capabilities
+allow factory self:capability { dac_override net_admin net_raw sys_nice sys_time };
+allow factory self:process execmem;
+allow factory audiohal_prop:property_service set;
+
+unix_socket_connect(factory, property, init);
--- /dev/null
+type protect_s_data_file, file_type, data_file_type;
+type protect_f_data_file, file_type, data_file_type;
+
+type nvdata_file, file_type, data_file_type;
+
+type agpsd_data_file, file_type, data_file_type;
+type mnld_data_file, file_type, data_file_type;
+type ccci_cfg_file, file_type, data_file_type;
+type logmisc_data_file, file_type, data_file_type;
+type mdlog_data_file, file_type, data_file_type;
+type thermal_manager_data_file, file_type, data_file_type;
+
+type sysfs_gps_file, fs_type, sysfs_type;
+type sysfs_ccci, fs_type, sysfs_type;
+type sysfs_devinfo, fs_type, sysfs_type;
+type sysfs_membw, fs_type, sysfs_type;
+type sysfs_boot_mode, fs_type, sysfs_type;
+type sysfs_ddr_type, fs_type, sysfs_type;
+
+type msensord_daemon_sysfs, fs_type, sysfs_type;
+
+type display_color_sysfs, fs_type, sysfs_type;
+type gyro_orientation_sysfs, fs_type, sysfs_type;
+type fast_charge_sysfs, fs_type, sysfs_type;
+type smartwake_sysfs, fs_type, sysfs_type;
+type perf_control_sysfs, fs_type, sysfs_type;
+
+type proc_mtkcooler, fs_type;
+type proc_mtktz, fs_type;
+type proc_thermal, fs_type;
+type proc_wmt, fs_type;
+
+type agpsd_socket, file_type;
+type mnld_socket, file_type;
+type mal_mfi_socket, file_type;
+
+type nfc_socket, file_type;
+
--- /dev/null
+# Services
+/(system|system\/vendor|vendor)/bin/6620_launcher u:object_r:conn_launcher_exec:s0
+/(system|system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
+/(system|system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
+/(system|system\/vendor|vendor)/bin/md_ctrl u:object_r:md_ctrl_exec:s0
+/(system|system\/vendor|vendor)/bin/fuelgauged u:object_r:fuelgauged_exec:s0
+/(system|system\/vendor|vendor)/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
+/(system|system\/vendor|vendor)/xbin/mnld u:object_r:mnld_exec:s0
+/(system|system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0
+/(system|system\/vendor|vendor)/bin/muxreport u:object_r:muxreport_exec:s0
+/(system|system\/vendor|vendor)/bin/msensord u:object_r:msensord_exec:s0
+/(system|system\/vendor|vendor)/bin/qmc6983d u:object_r:qmc6983d_exec:s0
+/(system|system\/vendor|vendor)/bin/mxg2320d u:object_r:mxg2320d_exec:s0
+/(system|system\/vendor|vendor)/bin/memsicd3416x u:object_r:memsicd3416x_exec:s0
+/(system|system\/vendor|vendor)/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
+/(system|system\/vendor|vendor)/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
+/(system|system\/vendor|vendor)/bin/pq u:object_r:pq_exec:s0
+/(system|system\/vendor|vendor)/bin/terservice u:object_r:terservice_exec:s0
+/(system|system\/vendor|vendor)/bin/thermal u:object_r:thermal_exec:s0
+/(system|system\/vendor|vendor)/bin/thermald u:object_r:thermald_exec:s0
+/(system|system\/vendor|vendor)/bin/thermal_manager u:object_r:thermal_manager_exec:s0
+/(system|system\/vendor|vendor)/bin/thermalloadalgod u:object_r:thermalloadalgo_exec:s0
+/(system|system\/vendor|vendor)/bin/mtkrild u:object_r:ril-daemon-mtk_exec:s0
+/(system|system\/vendor|vendor)/bin/mtkmal u:object_r:mtkmal_exec:s0
+/(system|system\/vendor|vendor)/bin/wifi2agps u:object_r:wifi2agps_exec:s0
+/(system|system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0
+/(system|system\/vendor|vendor)/bin/wmt_launcher u:object_r:conn_launcher_exec:s0
+/(system|system\/vendor|vendor)/bin/em_svr u:object_r:em_svr_exec:s0
+/(system|system\/vendor|vendor)/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
+/(system|system\/vendor|vendor)/bin/etsd u:object_r:etsd_exec:s0
+/(system|system\/vendor|vendor)/bin/ged_srv u:object_r:ged_srv_exec:s0
+/(system|system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0
+
+
+# Meta mode
+/(system|system\/vendor|vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0
+/(system|system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0
+
+# Files from firmware/nv partitions
+/protect_f(/.*)? u:object_r:protect_f_data_file:s0
+/protect_s(/.*)? u:object_r:protect_s_data_file:s0
+/nvdata(/.*)? u:object_r:nvdata_file:s0
+/data/nvram(/.*)? u:object_r:nvdata_file:s0
+
+# Hardware nodes
+/dev/accdet u:object_r:accdet_device:s0
+/dev/devmap u:object_r:devmap_device:s0
+/dev/ttyC2 u:object_r:gps_device:s0
+/dev/ttyGS0 u:object_r:serial_device:s0
+/dev/gps(/.*)? u:object_r:gps_device:s0
+/dev/mali[0-9]* u:object_r:gpu_device:s0
+/dev/mali.* u:object_r:gpu_device:s0
+/dev/mtk_disp.* u:object_r:graphics_device:s0
+/dev/sw_sync u:object_r:graphics_device:s0
+/dev/stpbt(/.*)? u:object_r:stpbt_device:s0
+/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0
+/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0
+/dev/camera-isp u:object_r:camera_device:s0
+/dev/camera-fdvt u:object_r:camera_device:s0
+/dev/kd_camera_hw u:object_r:camera_device:s0
+/dev/kd_camera_flashlight u:object_r:camera_device:s0
+/dev/MAINAF u:object_r:camera_device:s0
+/dev/mtk_jpeg(/.*) u:object_r:camera_device:s0
+/dev/DW9714AF(/.*)? u:object_r:camera_device:s0
+/dev/FM50AF(/.*)? u:object_r:camera_device:s0
+/dev/CAM_CAL_DRV(/.*)? u:object_r:camera_device:s0
+/dev/MTK_SMI u:object_r:mtk_smi_device:s0
+/dev/MT_pmic_adc_cali u:object_r:pmic_adc_device:s0
+/dev/als_ps(/.*)? u:object_r:als_ps_device:s0
+/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0
+/dev/ccci.* u:object_r:ccci_device:s0
+/dev/gsensor(/.*)? u:object_r:gsensor_device:s0
+/dev/msensor(/.*)? u:object_r:msensor_device:s0
+/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0
+/dev/stpgps(/.*)? u:object_r:stpgps_device:s0
+/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0
+/dev/wmtdetect u:object_r:wmtdetect_device:s0
+/dev/ttyC0 u:object_r:gsm0710muxd_device:s0
+/dev/ttyC1 u:object_r:mdlog_device:s0
+/dev/radio(/.*)? u:object_r:radio_device:s0
+/dev/fm u:object_r:fm_device:s0
+/dev/Vcodec u:object_r:Vcodec_device:s0
+/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0
+/dev/spm u:object_r:spm_device:s0
+/dev/mt6605 u:object_r:mt6605_device:s0
+/dev/esfp0 u:object_r:esfp0_device:s0
+/dev/madev0 u:object_r:madev0_device:s0
+/dev/irtx u:object_r:irtx_device:s0
+
+# Sockets
+/dev/socket/rild[2-4] u:object_r:rild_socket:s0
+/dev/socket/rild-atci u:object_r:rild_socket:s0
+/dev/socket/rild-ims u:object_r:rild_socket:s0
+/dev/socket/rild-mtk-modem u:object_r:rild_socket:s0
+/dev/socket/rild-mtk-ut u:object_r:rild_socket:s0
+/dev/socket/rild-mtk-ut-2 u:object_r:rild_socket:s0
+/dev/socket/rild-oem u:object_r:rild_socket:s0
+/dev/socket/mal-mfi u:object_r:mal_mfi_socket:s0
+/dev/socket/agpsd u:object_r:agpsd_socket:s0
+/dev/socket/agpsd[2-3] u:object_r:agpsd_socket:s0
+/dev/socket/mnld u:object_r:mnld_socket:s0
+
+# Block devices
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/boot u:object_r:boot_block_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/proinfo u:object_r:proinfo_device:s0
+/dev/block/platform/mtk-msdc\.0/by-name/proinfo u:object_r:proinfo_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/nvram u:object_r:nvram_device:s0
+/dev/block/platform/mtk-msdc\.0/by-name/nvram u:object_r:nvram_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/nvdata u:object_r:nvdata_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/logo u:object_r:logo_block_device:s0
+/dev/block/platform/mtk-msdc\.0/by-name/logo u:object_r:logo_block_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect1 u:object_r:protect1_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/protect2 u:object_r:protect2_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/cache u:object_r:cache_block_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/recovery u:object_r:recovery_block_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/metadata u:object_r:metadata_block_device:s0
+/dev/block/platform/mtk-msdc\.0/[0-9]+\.(msdc|MSDC)0/by-name/para u:object_r:para_block_device:s0
+/dev/block/mmcblk1 u:object_r:mmc_device:s0
+/dev/block/zram0 u:object_r:swap_block_device:s0
+
+# Sysfs nodes
+/sys/devices/virtual/gpsdrv(/.*)? u:object_r:sysfs_gps_file:s0
+/sys/kernel/ccci(/.*)? u:object_r:sysfs_ccci:s0
+/sys/bus/platform/drivers/dev_info/dev_info u:object_r:sysfs_devinfo:s0
+/sys/bus/platform/drivers/mem_bw_ctrl/concurrency_scenario u:object_r:sysfs_membw:s0
+/sys/bus/platform/drivers/ddr_type/ddr_type u:object_r:sysfs_ddr_type:s0
+/sys/devices/virtual/BOOT/BOOT/boot/boot_mode u:object_r:sysfs_boot_mode:s0
+/sys/devices/platform/mtk_disp_mgr.0/rgb u:object_r:livedisplay_sysfs:s0
+/sys/bus/platform/drivers/msensor/daemon u:object_r:msensord_daemon_sysfs:s0
+/sys/bus/platform/drivers/gyroscope/gyro_orientation u:object_r:gyro_orientation_sysfs:s0
+/sys/kernel/charge_levels/quick_charge_enable u:object_r:fast_charge_sysfs:s0
+/sys/kernel/charge_levels/charge_level_ac u:object_r:fast_charge_sysfs:s0
+/sys/kernel/charge_levels/charge_level_usb u:object_r:fast_charge_sysfs:s0
+/sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq u:object_r:perf_control_sysfs:s0
+/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq u:object_r:perf_control_sysfs:s0
+/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor u:object_r:perf_control_sysfs:s0
+/sys/block/mmcblk0/queue/scheduler u:object_r:perf_control_sysfs:s0
+/sys/devices/.*/queue/scheduler u:object_r:perf_control_sysfs:s0
+
+# Config/Runtime files
+/data/agps_supl(/.*)? u:object_r:agpsd_data_file:s0
+/data/app/cache.dat u:object_r:mnld_data_file:s0
+/data/gps_mnl(/.*)? u:object_r:mnld_data_file:s0
+/data/misc/gps(/.*)? u:object_r:mnld_data_file:s0
+/data/misc/GPS_CHIP.cfg u:object_r:mnld_data_file:s0
+/data/misc/gps.conf u:object_r:mnld_data_file:s0
+/data/misc/mnl_nlp.dat u:object_r:mnld_data_file:s0
+/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
+/data/log_temp(/.*)? u:object_r:logmisc_data_file:s0
+/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
+/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
+/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0
+/data/.tp(/.*)? u:object_r:thermal_manager_data_file:s0
+/data/nfc_socket(/.*)? u:object_r:nfc_socket:s0
+
+# Sysfs nodes
+/sys/devices/soc/soc:touch@/smartwake_active u:object_r:smartwake_sysfs:s0
+/sys/devices/soc/soc:touch@/wakeup_gesture u:object_r:smartwake_sysfs:s0
\ No newline at end of file
--- /dev/null
+allow fsck protect1_device:blk_file rw_file_perms;
+allow fsck protect2_device:blk_file rw_file_perms;
+allow fsck nvdata_device:blk_file rw_file_perms;
--- /dev/null
+# External storage
+allow fsck_untrusted self:capability sys_admin;
\ No newline at end of file
--- /dev/null
+type fuelgauged_exec, exec_type, file_type;
+type fuelgauged, domain, domain_deprecated;
+
+init_daemon_domain(fuelgauged)
+
+allow fuelgauged self:netlink_socket create_socket_perms;
+allow fuelgauged kmsg_device:chr_file w_file_perms;
--- /dev/null
+type ged_srv, domain, domain_deprecated;
+type ged_srv_exec, exec_type, file_type;
+
+init_daemon_domain(ged_srv)
+
+binder_use(ged_srv)
+binder_service(ged_srv)
+binder_call(ged_srv, system_server)
+
+allow ged_srv servicemanager:binder call;
+allow ged_srv surfaceflinger:binder call;
+allow ged_srv surfaceflinger_service:service_manager find;
+allow ged_srv self:netlink_kobject_uevent_socket { bind create setopt read};
+allow ged_srv sysfs_boot_mode:file r_file_perms;
--- /dev/null
+genfscon proc /driver/thermal u:object_r:proc_thermal:s0
+genfscon proc /driver/wmt u:object_r:proc_wmt:s0
+genfscon proc /mtkcooler u:object_r:proc_mtkcooler:s0
+genfscon proc /mtktz u:object_r:proc_mtktz:s0
--- /dev/null
+type gsm0710muxd_exec, exec_type, file_type;
+type gsm0710muxd, domain, domain_deprecated;
+
+init_daemon_domain(gsm0710muxd)
+
+allow gsm0710muxd gsm0710muxd_device:chr_file rw_file_perms;
+allow gsm0710muxd radio_device:dir w_dir_perms;
+allow gsm0710muxd radio_device:lnk_file create_file_perms;
+allow gsm0710muxd devpts:chr_file setattr;
+allow gsm0710muxd self:capability { setuid fowner chown };
+allow gsm0710muxd sysfs_ccci:dir search;
+allow gsm0710muxd sysfs_ccci:file r_file_perms;
+
+allow gsm0710muxd ctl_rildaemon_prop:property_service set;
+allow gsm0710muxd radio_prop:property_service set;
+allow gsm0710muxd ril_mux_report_case_prop:property_service set;
+
+unix_socket_connect(gsm0710muxd, property, init)
--- /dev/null
+allow healthd device:dir r_dir_perms;
--- /dev/null
+allow init ccci_device:chr_file { write ioctl };
+allow init devpts:chr_file ioctl;
+
+# Allow init to format formattable partitions…partitions
+allow init nvdata_device:blk_file write;
+allow init protect1_device:blk_file write;
+allow init protect2_device:blk_file write;
+
+allow init socket_device:sock_file { create setattr unlink };
--- /dev/null
+allow kernel nvdata_file:dir search;
+allow kernel nvdata_file:file r_file_perms;
+allow kernel self:capability dac_override;
+allow kernel wifi_data_file:dir search;
+allow kernel wifi_data_file:file r_file_perms;
+
--- /dev/null
+type kpoc_charger, domain, domain_deprecated;
+type kpoc_charger_exec, exec_type, file_type;
+
+init_daemon_domain(kpoc_charger)
+
+allow kpoc_charger block_device:dir search;
+allow kpoc_charger graphics_device:dir search;
+allow kpoc_charger input_device:dir { open read search };
+allow kpoc_charger input_device:chr_file { open read write ioctl };
+allow kpoc_charger property_socket:sock_file write;
+allow kpoc_charger self:capability sys_nice;
+allow kpoc_charger self:capability net_admin;
+allow kpoc_charger self:capability dac_override;
+allow kpoc_charger self:netlink_kobject_uevent_socket { create bind read setopt };
+allow kpoc_charger sysfs:file write;
+allow kpoc_charger graphics_device:chr_file { read write ioctl open };
+allow kpoc_charger kmsg_device:chr_file { write open };
+allow kpoc_charger logo_block_device:blk_file { read open };
+allow kpoc_charger rtc_device:chr_file { open read write };
+allow kpoc_charger init:unix_stream_socket connectto;
+allow healthd self:capability dac_override;
+allow healthd app_data_file:file write;
+allow healthd device:dir {open read write};
+allow kpoc_charger self:capability sys_boot;
+allow kpoc_charger alarm_device:chr_file write;
\ No newline at end of file
--- /dev/null
+type md_ctrl_exec, exec_type, file_type;
+type md_ctrl, domain, domain_deprecated;
+
+init_daemon_domain(md_ctrl)
+
+allow md_ctrl ccci_device:chr_file rw_file_perms;
+allow md_ctrl devpts:chr_file rw_file_perms;
+allow md_ctrl muxreport_exec:file rx_file_perms;
+allow md_ctrl self:capability dac_override;
+
+set_prop(md_ctrl,vold_encryption_type_prop);
--- /dev/null
+# nvram
+allow mediaserver nvdata_file:dir rw_dir_perms;
+allow mediaserver nvdata_file:file create_file_perms;
+allow mediaserver ccci_device:chr_file rw_file_perms;
+
+# PQ
+allow mediaserver pq_service:service_manager find;
+
+allow mediaserver sysfs_devinfo:file r_file_perms;
--- /dev/null
+type memsicd3416x_exec, exec_type, file_type;
+type memsicd3416x, domain, domain_deprecated;
+
+init_daemon_domain(memsicd3416x)
+
+allow memsicd3416x msensor_device:chr_file rw_file_perms;
+allow memsicd3416x gsensor_device:chr_file rw_file_perms;
\ No newline at end of file
--- /dev/null
+type meta_tst_exec, exec_type, file_type;
+type meta_tst, domain, domain_deprecated;
+
+init_daemon_domain(meta_tst)
+
+allow meta_tst ccci_device:chr_file rw_file_perms;
+allow meta_tst serial_device:chr_file rw_file_perms;
+allow meta_tst mdlog_device:chr_file rw_file_perms;
+
+allow meta_tst nvdata_file:dir create_dir_perms;
+allow meta_tst nvdata_file:file create_file_perms;
+
+allow meta_tst nvdata_device:blk_file rw_file_perms;
+allow meta_tst nvram_device:blk_file rw_file_perms;
+allow meta_tst proinfo_device:blk_file rw_file_perms;
+
+allow meta_tst fm_device:chr_file { read write open ioctl };
+
+allow meta_tst sysfs_gps_file:dir search;
+allow meta_tst sysfs_gps_file:file rw_file_perms;
+
+allow meta_tst gps_device:chr_file { read write open };
+allow meta_tst agpsd_data_file:dir search;
+allow meta_tst agpsd_data_file:sock_file write;
+allow meta_tst gps_data_file:file create_file_perms;
+allow meta_tst gps_data_file:dir rw_dir_perms;
+
+allow meta_tst mnld_exec:file { execute read open };
+allow meta_tst mnld_exec:file execute_no_trans;
+allow meta_tst stpgps_device:chr_file { open read write ioctl };
+allow meta_tst mnld_prop:property_service set;
+allow meta_tst mnld_data_file:file create_file_perms;
+allow meta_tst mnld_data_file:dir rw_dir_perms;
+
+# For GPS
+allow meta_tst port:tcp_socket { name_connect name_bind };
+allow meta_tst self:tcp_socket { create connect setopt bind };
+allow meta_tst self:tcp_socket { bind setopt listen accept read write };
+allow meta_tst node:tcp_socket node_bind;
+
+
+allow meta_tst sysfs:file write;
+
+allow meta_tst powerctl_prop:property_service set;
+unix_socket_connect(meta_tst, property, init)
+
+allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner dac_override sys_admin };
--- /dev/null
+# Allow formatting userdata or cache partitions
+allow mkfs block_device:dir search;
+allow mkfs userdata_block_device:blk_file rw_file_perms;
+allow mkfs cache_block_device:blk_file rw_file_perms;
--- /dev/null
+type mnld_exec, exec_type, file_type;
+type mnld, domain, domain_deprecated;
+
+init_daemon_domain(mnld)
+net_domain(mnld)
+
+allow mnld gps_device:chr_file rw_file_perms;
+allow mnld stpgps_device:chr_file rw_file_perms;
+
+allow mnld gps_data_file:dir create_dir_perms;
+allow mnld gps_data_file:file create_file_perms;
+
+allow mnld agpsd_data_file:dir create_dir_perms;
+allow mnld agpsd_data_file:sock_file create_file_perms;
+allow mnld mtk_agpsd:unix_dgram_socket sendto;
+
+allow mnld mnld_data_file:dir rw_dir_perms;
+allow mnld mnld_data_file:sock_file create_file_perms;
+allow mnld mnld_data_file:file create_file_perms;
+
+allow mnld nvdata_file:dir rw_dir_perms;
+allow mnld nvdata_file:file create_file_perms;
+allow mnld nvdata_file:lnk_file r_file_perms;
+allow mnld nvram_device:blk_file rw_file_perms;
+
+allow mnld sysfs_gps_file:dir search;
+allow mnld sysfs_gps_file:file rw_file_perms;
+
+allow mnld mnld_prop:property_service set;
+allow mnld property_socket:sock_file write;
+
+allow mnld init:unix_stream_socket connectto;
+allow mnld system_server:unix_dgram_socket { sendto write };
+
+allow mnld fuse:dir create_dir_perms;
+allow mnld fuse:file create_file_perms;
+
+allow mnld storage_file:dir search;
+allow mnld storage_file:lnk_file read;
+
+allow mnld mdlog_device:chr_file { read write };
+
+allow mnld block_device:dir search;
+
+file_type_auto_trans(mnld,system_data_file,mnld_data_file);
+file_type_auto_trans(mnld,apk_data_file,mnld_data_file);
--- /dev/null
+type msensord_exec, exec_type, file_type;
+type msensord, domain, domain_deprecated;
+
+init_daemon_domain(msensord)
+
+allow msensord msensord_daemon_sysfs:file r_file_perms;
+
+allow msensord ctl_qmc6983d_prop:property_service set;
+allow msensord ctl_mxg2320d_prop:property_service set;
+allow msensord ctl_memsicd3416x_prop:property_service set;
+
+unix_socket_connect(msensord, property, init)
--- /dev/null
+type mtk_agpsd_exec, exec_type, file_type;
+type mtk_agpsd, domain, domain_deprecated;
+
+init_daemon_domain(mtk_agpsd)
+net_domain(mtk_agpsd)
+
+allow mtk_agpsd agpsd_data_file:dir create_dir_perms;
+allow mtk_agpsd agpsd_data_file:sock_file create_file_perms;
+allow mtk_agpsd gps_device:chr_file rw_file_perms;
+allow mtk_agpsd self:udp_socket create;
+
+allow mtk_agpsd storage_file:dir search;
+allow mtk_agpsd storage_file:lnk_file read;
+
+allow mtk_agpsd mnt_user_file:dir create_dir_perms;
+allow mtk_agpsd mnt_user_file:lnk_file create_file_perms;
+
+allow mtk_agpsd fuse:dir create_dir_perms;
+allow mtk_agpsd fuse:file create_file_perms;
+
+unix_socket_send(mtk_agpsd, mnld, mnld);
--- /dev/null
+type mtkmal_exec, exec_type, file_type;
+type mtkmal, domain, domain_deprecated;
+
+init_daemon_domain(mtkmal)
+
+allow mtkmal init:unix_stream_socket connectto;
+allow mtkmal property_socket:sock_file write;
+allow mtkmal mal_mfi_socket:sock_file write;
+
+allow mtkmal self:capability { setuid setgid };
--- /dev/null
+type muxreport_exec, exec_type, file_type;
+type muxreport, domain, domain_deprecated;
+
+init_daemon_domain(muxreport)
+
+allow muxreport ccci_device:chr_file { read write ioctl open };
+allow muxreport ril_mux_report_case_prop:property_service set;
+allow muxreport init:unix_stream_socket connectto;
+allow muxreport property_socket:sock_file write;
+allow muxreport devpts:chr_file { read write getattr ioctl };
+allow muxreport self:capability dac_override;
+allow muxreport sysfs_ccci:dir search;
+allow muxreport sysfs_ccci:file r_file_perms;
\ No newline at end of file
--- /dev/null
+type mxg2320d_exec, exec_type, file_type;
+type mxg2320d, domain, domain_deprecated;
+
+init_daemon_domain(mxg2320d)
+
+allow mxg2320d msensor_device:chr_file rw_file_perms;
+allow mxg2320d gsensor_device:chr_file rw_file_perms;
\ No newline at end of file
--- /dev/null
+# Wifi
+allow netd wmtWifi_device:chr_file w_file_perms;
+
+allow netd self:capability sys_module;
--- /dev/null
+type nvram_daemon_exec, exec_type, file_type;
+type nvram_daemon, domain, domain_deprecated;
+
+init_daemon_domain(nvram_daemon)
+
+allow nvram_daemon self:capability { fowner dac_override dac_read_search chown fsetid };
+allow nvram_daemon nvram_device:blk_file rw_file_perms;
+allow nvram_daemon nvdata_device:blk_file rw_file_perms;
+allow nvram_daemon nvdata_file:dir create_dir_perms;
+allow nvram_daemon nvdata_file:file create_file_perms;
+allow nvram_daemon nvdata_file:lnk_file r_file_perms;
+allow nvram_daemon shell_exec:file { read execute open execute_no_trans getattr };
+allow nvram_daemon als_ps_device:chr_file r_file_perms;
+allow nvram_daemon mtk-adc-cali_device:chr_file rw_file_perms;
+allow nvram_daemon gsensor_device:chr_file r_file_perms;
+allow nvram_daemon msensor_device:chr_file r_file_perms;
+allow nvram_daemon gyroscope_device:chr_file r_file_perms;
+allow nvram_daemon toolbox_exec:file rx_file_perms;
+
+allow nvram_daemon proinfo_device:blk_file rw_file_perms;
+allow nvram_daemon nvram_prop:property_service set;
+allow nvram_daemon wmt_prop:property_service set;
+
+allow nvram_daemon block_device:dir search;
+
+unix_socket_connect(nvram_daemon, property, init)
--- /dev/null
+# Fingerprint
+allow platform_app esfp0_device:chr_file rw_file_perms;
+allow platform_app esfp0_device:chr_file rw_file_perms;
+allow platform_app etsd_service:service_manager find;
+allow platform_app etsd:binder { call transfer };
+
+# Guiext
+allow platform_app guiext-server_service:service_manager find;
+
+# PQ
+allow platform_app pq_service:service_manager find;
--- /dev/null
+type pq_exec, exec_type, file_type;
+type pq, domain, domain_deprecated;
+
+init_daemon_domain(pq)
+
+binder_use(pq)
+binder_call(pq, binderservicedomain)
+binder_service(pq)
+
+allow pq pq_service:service_manager add;
+unix_socket_connect(pq, property, init)
+
+allow pq pq_conf_prop:property_service set;
+
+allow pq graphics_device:chr_file { open read ioctl };
--- /dev/null
+# Guiext
+allow priv_app guiext-server_service:service_manager find;
+
+# PQ
+allow priv_app pq_service:service_manager find;
--- /dev/null
+type wmt_prop, property_type, mtk_property_type;
+type mtk_md_prop, property_type, mtk_property_type;
+type mnld_prop, property_type, mtk_property_type;
+type ctl_qmc6983d_prop, property_type;
+type ctl_mxg2320d_prop, property_type;
+type ctl_memsicd3416x_prop, property_type;
+type ctl_ccci_fsd_prop, property_type;
+type ctl_gsm0710muxd_prop, property_type;
+type ctl_gsm0710muxdmd2_prop, property_type;
+type ctl_muxreport-daemon_prop, property_type;
+type nvram_prop, property_type, mtk_property_type;
+type pq_conf_prop, property_type, mtk_property_type;
+type audiohal_prop, property_type, mtk_property_type;
+type ril_mux_report_case_prop, property_type, mtk_property_type;
+type ril_msim_power_prop, property_type, mtk_property_type;
+type ril_sim_inserted_status, property_type, mtk_property_type;
+type serial_number_prop, property_type, mtk_property_type;
+type vold_encryption_type_prop, property_type;
--- /dev/null
+service.wcn u:object_r:wmt_prop:s0
+persist.mtk.wcn u:object_r:wmt_prop:s0
+wlan.mtk.wifi.5g u:object_r:wmt_prop:s0
+mtk.md u:object_r:mtk_md_prop:s0
+gps.clock.type u:object_r:mnld_prop:s0
+gps.gps.version u:object_r:mnld_prop:s0
+ctl.qmc6983d u:object_r:ctl_qmc6983d_prop:s0
+ctl.mxg2320d u:object_r:ctl_mxg2320d_prop:s0
+ctl.memsicd3416x u:object_r:ctl_memsicd3416x_prop:s0
+ctl.ccci_fsd u:object_r:ctl_ccci_fsd_prop:s0
+ctl.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0
+ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd_prop:s0
+ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd_prop:s0
+ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0
+ctl.muxreport-daemon u:object_r:ctl_muxreport-daemon_prop:s0
+service.nvram_init u:object_r:nvram_prop:s0
+persist.sys.pq u:object_r:pq_conf_prop:s0
+af. u:object_r:audiohal_prop:s0
+persist.af. u:object_r:audiohal_prop:s0
+ril.mux.report.case u:object_r:ril_mux_report_case_prop:s0
+sys.msim.power.slot0 u:object_r:ril_msim_power_prop:s0
+sys.msim.power.slot1 u:object_r:ril_msim_power_prop:s0
+sys.sim_inserted_status_0 u:object_r:ril_sim_inserted_status:s0
+sys.sim_inserted_status_1 u:object_r:ril_sim_inserted_status:s0
+ro.serialno u:object_r:serial_number_prop:s0
+vold.encryption.type u:object_r:vold_encryption_type_prop:s0
--- /dev/null
+type qmc6983d_exec, exec_type, file_type;
+type qmc6983d, domain, domain_deprecated;
+
+init_daemon_domain(qmc6983d)
+
+allow qmc6983d msensor_device:chr_file rw_file_perms;
+allow qmc6983d gsensor_device:chr_file rw_file_perms;
\ No newline at end of file
--- /dev/null
+unix_socket_connect(radio, rild, ril-daemon-mtk)
+
+allow radio ril_mux_report_case_prop:property_service set;
+allow radio ril_msim_power_prop:property_service set;
--- /dev/null
+type ril-daemon-mtk_exec, exec_type, file_type;
+type ril-daemon-mtk, domain, domain_deprecated;
+
+init_daemon_domain(ril-daemon-mtk)
+net_domain(ril-daemon-mtk)
+
+allow ril-daemon-mtk ccci_device:chr_file rw_file_perms;
+allow ril-daemon-mtk devpts:chr_file rw_file_perms;
+allow ril-daemon-mtk self:capability setuid;
+allow ril-daemon-mtk sysfs_wake_lock:file rw_file_perms;
+allow ril-daemon-mtk sysfs_ccci:dir search;
+allow ril-daemon-mtk sysfs_ccci:file r_file_perms;
+allow ril-daemon-mtk block_device:dir search;
+allow ril-daemon-mtk para_block_device:blk_file rw_file_perms;
+
+allow ril-daemon-mtk self:udp_socket create_socket_perms;
+allow ril-daemon-mtk self:capability { setuid net_admin net_raw };
+
+allow ril-daemon-mtk mal_mfi_socket:sock_file { w_file_perms };
+allow ril-daemon-mtk mtkmal:unix_stream_socket connectto;
+
+allow ril-daemon-mtk radio_device:dir search;
+allow ril-daemon-mtk radio_prop:property_service set;
+
+allow ril-daemon-mtk ctl_muxreport-daemon_prop:property_service set;
+allow ril-daemon-mtk ril_mux_report_case_prop:property_service set;
+allow ril-daemon-mtk ril_sim_inserted_status:property_service set;
+allow ril-daemon-mtk serial_number_prop:property_service set;
+
+unix_socket_connect(ril-daemon-mtk, property, init)
+
+# Access to wake locks
+wakelock_use(ril-daemon-mtk)
--- /dev/null
+type pq_service, service_manager_type;
+type guiext-server_service, service_manager_type;
+type nvram_agent_service, service_manager_type;
+type etsd_service, service_manager_type;
+#type edge_gesture_service, system_api_service, system_server_service, service_manager_type;
--- /dev/null
+PQ u:object_r:pq_service:s0
+GuiExtService u:object_r:guiext-server_service:s0
+NvRAMAgent u:object_r:nvram_agent_service:s0
+egistec.ets.service.daemon u:object_r:etsd_service:s0
+
--- /dev/null
+type spm_loader_exec, exec_type, file_type;
+type spm_loader, domain, domain_deprecated;
+
+init_daemon_domain(spm_loader)
+
+allow spm_loader spm_device:chr_file r_file_perms;
--- /dev/null
+allow surfaceflinger pq_service:service_manager find;
+
+allow surfaceflinger guiext-server_service:service_manager { find add };
+
+allow surfaceflinger debug_prop:property_service set;
+
+allow surfaceflinger mtk_smi_device:chr_file { read write open ioctl };
+
+allow surfaceflinger gpu_device:chr_file rw_file_perms;
--- /dev/null
+allow system_app fm_device:chr_file rw_file_perms;
+
+allow system_app gyro_orientation_sysfs:file rw_file_perms;
+allow system_app fast_charge_sysfs:file rw_file_perms;
+allow system_app smartwake_sysfs:file rw_file_perms;
+allow system_app perf_control_sysfs:file rw_file_perms;
+
+allow system_app em_svr:unix_stream_socket connectto;
\ No newline at end of file
--- /dev/null
+# GPS
+allow system_server mnld:unix_dgram_socket sendto;
+allow system_server mnld_data_file:dir w_dir_perms;
+allow system_server mnld_data_file:sock_file create_file_perms;
+allow system_server mnld_data_file:file create_file_perms;
+
+# Persist
+allow system_server protect_s_data_file:dir r_dir_perms;
+
+# Sensors
+allow system_server hwmsensor_device:chr_file r_file_perms;
+
+# Wifi
+allow system_server wmtWifi_device:chr_file w_file_perms;
+
+# RGB Display Color
+allow system_server display_color_sysfs:file rw_file_perms;
+
+# Fast Charge
+allow system_server fast_charge_sysfs:file rw_file_perms;
+
+# Smart Wake
+allow system_server smartwake_sysfs:file rw_file_perms;
+
+# IR
+allow system_server irtx_device:chr_file rw_file_perms;
+
+# External storage
+allow system_server storage_stub_file:dir { getattr };
+
+# Guiext
+allow system_server guiext-server_service:service_manager find;
--- /dev/null
+type terservice_exec, exec_type, file_type;
+type terservice, domain, domain_deprecated;
+
+init_daemon_domain(terservice)
--- /dev/null
+type thermal_exec, exec_type, file_type;
+type thermal, domain, domain_deprecated;
+
+init_daemon_domain(thermal)
+
+allow thermal proc_thermal:dir search;
+allow thermal proc_thermal:file rw_file_perms;
+allow thermal rild_socket:sock_file w_file_perms;
+
+allow thermal ril-daemon-mtk:unix_stream_socket connectto;
--- /dev/null
+type thermal_manager_exec, exec_type, file_type;
+type thermal_manager, domain, domain_deprecated;
+
+init_daemon_domain(thermal_manager)
+
+allow thermal_manager self:capability { fowner fsetid chown fsetid dac_override };
+allow thermal_manager proc_thermal:dir search;
+allow thermal_manager proc_thermal:file rw_file_perms;
+allow thermal_manager proc_mtkcooler:dir search;
+allow thermal_manager proc_mtkcooler:file rw_file_perms;
+allow thermal_manager proc_mtktz:dir search;
+allow thermal_manager proc_mtktz:file rw_file_perms;
+allow thermal_manager thermal_manager_data_file:dir rw_dir_perms;
+allow thermal_manager thermal_manager_data_file:file create_file_perms;
--- /dev/null
+type thermald_exec, exec_type, file_type;
+type thermald, domain, domain_deprecated;
+
+init_daemon_domain(thermald)
+
+allow thermald proc_thermal:dir search;
+allow thermald proc_thermal:file rw_file_perms;
--- /dev/null
+type thermalloadalgo_exec, exec_type, file_type;
+type thermalloadalgo, domain, domain_deprecated;
+
+init_daemon_domain(thermalloadalgo)
+
+allow thermalloadalgo thermalloadalgo:netlink_socket { create bind write read };
--- /dev/null
+allow ueventd sysfs_gps_file:file w_file_perms;
--- /dev/null
+# PQ
+allow untrusted_app pq_service:service_manager find;
--- /dev/null
+allow vold nvdata_device:blk_file rw_file_perms;
+allow vold cache_block_device:blk_file rw_file_perms;
+allow vold protect1_device:blk_file rw_file_perms;
+allow vold protect2_device:blk_file rw_file_perms;
+
+allow vold nvdata_file:dir create_dir_perms;
+allow vold nvdata_file:file create_file_perms;
+allow vold protect_f_data_file:dir create_dir_perms;
+allow vold protect_f_data_file:file create_file_perms;
+allow vold protect_s_data_file:dir create_dir_perms;
+allow vold protect_s_data_file:file create_file_perms;
+
+allow vold proc_mtkcooler:dir r_dir_perms;
+allow vold proc_mtktz:dir r_dir_perms;
+
+# Allow vold to access fuse for fuse-based fs
+allow vold fuse:chr_file rw_file_perms;
+
+# External storage
+allow vold storage_stub_file:dir { rw_file_perms search add_name };
+allow vold mnt_media_rw_stub_file:dir r_dir_perms;
+allow vold mkfs_exec:file { execute read open getattr execute_no_trans };
\ No newline at end of file
--- /dev/null
+type wifi2agps_exec, exec_type, file_type;
+type wifi2agps, domain, domain_deprecated;
+
+init_daemon_domain(wifi2agps)
+
+allow wifi2agps agpsd_data_file:sock_file write;
+allow wifi2agps agpsd_data_file:dir search;
+allow wifi2agps mtk_agpsd:unix_dgram_socket sendto;
+allow wifi2agps self:netlink_socket create_socket_perms;
--- /dev/null
+type wmt_loader_exec, exec_type, file_type;
+type wmt_loader, domain, domain_deprecated;
+
+init_daemon_domain(wmt_loader)
+
+allow wmt_loader wmtdetect_device:chr_file create_file_perms;
+allow wmt_loader self:capability { chown dac_override };
+allow wmt_loader proc_wmt:file setattr;
+allow wmt_loader wmt_prop:property_service set;
+
+unix_socket_connect(wmt_loader, property, init)
--- /dev/null
+allow zygote sysfs_devinfo:file r_file_perms;
projects / GitHub / mt8127 / android_device_alcatel_ttab.git / commitdiff