1# ==============================================
2# MTK Policy Rule
3# ==============================================
4
5# New added for move to /system
6type emdlogger_exec, system_file_type, exec_type, file_type;
7typeattribute emdlogger coredomain;
8
9init_daemon_domain(emdlogger)
10binder_use(emdlogger)
11binder_service(emdlogger)
12
13
14# for modem logging sdcard access
15allow emdlogger sdcard_type:dir { create_dir_perms };
16allow emdlogger sdcard_type:file { create_file_perms };
17
18
19# modem logger socket access
20#allow emdlogger property_socket:sock_file write;
21#allow emdlogger init:unix_stream_socket connectto;
22allow emdlogger platform_app:unix_stream_socket connectto;
23allow emdlogger shell_exec:file { rx_file_perms };
24allow emdlogger system_file:file execute_no_trans;
25allow emdlogger zygote_exec:file { rx_file_perms };
26
27#modem logger SD logging in factory mode
28allow emdlogger vfat:dir create_dir_perms;
29allow emdlogger vfat:file create_file_perms;
30
31#modem logger permission in storage in android M version
32allow emdlogger mnt_user_file:dir search;
33allow emdlogger mnt_user_file:lnk_file read;
34allow emdlogger storage_file:lnk_file read;
35
36#permission for storage link access in vzw Project
37allow emdlogger mnt_media_rw_file:dir search;
38
39
40#permission for use SELinux API
41#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs"
42allow emdlogger rootfs:file r_file_perms;
43
44#permission for storage access storage
45allow emdlogger storage_file:dir { create_dir_perms };
46allow emdlogger tmpfs:lnk_file read;
47allow emdlogger storage_file:file { create_file_perms };
48
49# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
50# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
51allow emdlogger system_file:dir read;
52
53# permission for android N policy
54allow emdlogger toolbox_exec:file rx_file_perms;
55
56# purpose: allow emdlogger to access storage in N version
57allow emdlogger media_rw_data_file:file  { create_file_perms };
58allow emdlogger media_rw_data_file:dir { create_dir_perms };
59
60## purpose: avc: denied { read } for name="plat_file_contexts"
61#allow emdlogger file_contexts_file:file { read getattr open };
62
63## Android P migration
64## purpose:  denied { read } for name="cmdline" dev="proc"
65#denied { search } for name="android" dev="sysfs"
66#for name="compatible" dev="sysfs" ino=2985 scontext=u
67#:r:emdlogger:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0
68#avc: denied { open } for path="/system/etc/mddb"
69#avc: denied { read } for name="u:object_r:vendor_default_prop:s0"
70allow emdlogger proc_cmdline:file { read getattr open };
71allow emdlogger sysfs_dt_firmware_android:dir { read open search };
72allow emdlogger tmpfs:dir write;
73allow emdlogger sysfs_dt_firmware_android:file { read open getattr };
74allow emdlogger system_file:dir open;
75allow emdlogger vendor_default_prop:file { read getattr open };
76
77## Android Q migration
78## purpose:  read modem db and filter folder and file
79allow emdlogger mddb_filter_data_file:dir { r_dir_perms };
80allow emdlogger mddb_filter_data_file:file { r_file_perms };
81
82# save log into /data/debuglogger
83allow emdlogger debuglog_data_file:dir {relabelto create_dir_perms};
84allow emdlogger debuglog_data_file:file create_file_perms;
85# get persist.sys. proeprty
86get_prop(emdlogger, system_prop)
87