1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# Grant read access to mtk core property type which represents all 6# mtk properties except those with ctl_xxx prefix. 7# Align Google change: f01453ad453b29dd723838984ea03978167491e5 8get_prop(domain, mtk_core_property_type) 9 10# Allow all processes to search /sys/kernel/debug/binder/ since it's has been 11# labeled with specific debugfs label and many violations to dir search debugfs_binder 12# are observed. Grant domain to suppress the violations as originally "debugfs:dir search" 13# is also allowed to domain as well in Google default domain.te 14allow domain debugfs_binder:dir search; 15 16# Allow all processes to read /sys/bus/platform/drivers/dev_info/dev_info 17# as it is a public interface for all processes to read some OTP data. 18allow { 19 domain 20 -isolated_app 21} sysfs_devinfo:file r_file_perms; 22 23# Date:20170630 24# Purpose: allow trusted process to connect aee daemon 25#allow { 26# coredomain 27# -untrusted_app_all 28#} aee_aed:unix_stream_socket connectto; 29allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto; 30 31