1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# New added for move to /system 6type emdlogger_exec, system_file_type, exec_type, file_type; 7typeattribute emdlogger coredomain; 8 9init_daemon_domain(emdlogger) 10binder_use(emdlogger) 11binder_service(emdlogger) 12 13 14# for modem logging sdcard access 15allow emdlogger sdcard_type:dir { create_dir_perms }; 16allow emdlogger sdcard_type:file { create_file_perms }; 17 18 19# modem logger socket access 20#allow emdlogger property_socket:sock_file write; 21#allow emdlogger init:unix_stream_socket connectto; 22allow emdlogger platform_app:unix_stream_socket connectto; 23allow emdlogger shell_exec:file { rx_file_perms }; 24allow emdlogger system_file:file execute_no_trans; 25allow emdlogger zygote_exec:file { rx_file_perms }; 26 27#modem logger SD logging in factory mode 28allow emdlogger vfat:dir create_dir_perms; 29allow emdlogger vfat:file create_file_perms; 30 31#modem logger permission in storage in android M version 32allow emdlogger mnt_user_file:dir search; 33allow emdlogger mnt_user_file:lnk_file read; 34allow emdlogger storage_file:lnk_file read; 35 36#permission for storage link access in vzw Project 37allow emdlogger mnt_media_rw_file:dir search; 38 39 40#permission for use SELinux API 41#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs" 42allow emdlogger rootfs:file r_file_perms; 43 44#permission for storage access storage 45allow emdlogger storage_file:dir { create_dir_perms }; 46allow emdlogger tmpfs:lnk_file read; 47allow emdlogger storage_file:file { create_file_perms }; 48 49# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 50# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 51allow emdlogger system_file:dir read; 52 53# permission for android N policy 54allow emdlogger toolbox_exec:file rx_file_perms; 55 56# purpose: allow emdlogger to access storage in N version 57allow emdlogger media_rw_data_file:file { create_file_perms }; 58allow emdlogger media_rw_data_file:dir { create_dir_perms }; 59 60## purpose: avc: denied { read } for name="plat_file_contexts" 61#allow emdlogger file_contexts_file:file { read getattr open }; 62 63## Android P migration 64## purpose: denied { read } for name="cmdline" dev="proc" 65#denied { search } for name="android" dev="sysfs" 66#for name="compatible" dev="sysfs" ino=2985 scontext=u 67#:r:emdlogger:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0 68#avc: denied { open } for path="/system/etc/mddb" 69#avc: denied { read } for name="u:object_r:vendor_default_prop:s0" 70allow emdlogger proc_cmdline:file { read getattr open }; 71allow emdlogger sysfs_dt_firmware_android:dir { read open search }; 72allow emdlogger tmpfs:dir write; 73allow emdlogger sysfs_dt_firmware_android:file { read open getattr }; 74allow emdlogger system_file:dir open; 75allow emdlogger vendor_default_prop:file { read getattr open }; 76 77## Android Q migration 78## purpose: read modem db and filter folder and file 79allow emdlogger mddb_filter_data_file:dir { r_dir_perms }; 80allow emdlogger mddb_filter_data_file:file { r_file_perms }; 81 82# save log into /data/debuglogger 83allow emdlogger debuglog_data_file:dir {relabelto create_dir_perms}; 84allow emdlogger debuglog_data_file:file create_file_perms; 85# get persist.sys. proeprty 86get_prop(emdlogger, system_prop) 87