non_plat/radio.te - device/mediatek/wembley-sepolicy - Git at Google

 # ==============================================
 # MTK Policy Rule
 # ============

 # Purpose : allow to access kpd driver file
 allow radio sysfs_keypad_file:dir { r_dir_perms };
 allow radio sysfs_keypad_file:file { w_file_perms };

 # Date : WK15.34 2015/08/21
 # Operation : IT
 # Purpose : for engineermode WFD IOT property
 allow radio surfaceflinger:fifo_file { rw_file_perms };

 # Date : 2016/06/11
 # Operation : IT
 # Purpose : for engineermode Usb PHY Tuning
 allow radio debugfs_usb20_phy:file { read open getattr };
 allow radio debugfs_usb20_phy:dir search;

 # Date : 2016/06/28
 # Operation : IT
 # Purpose : for engineermode sensor can work normal
 allow radio als_ps_device:chr_file { read open ioctl };
 allow radio gsensor_device:chr_file { read open ioctl };
 allow radio gyroscope_device:chr_file { read ioctl open };

 # Date : WK14.38 2016/06/28
 # Operation : Migration
 # Purpose : for engineermode
 allow radio mt_otg_test_device:chr_file { read write ioctl open };
 allow radio mtgpio_device:chr_file { read ioctl open };
 allow radio stpbt_device:chr_file { read write open };
 allow radio stpant_device:chr_file { read write open };
 allow radio bt_int_adp_socket:sock_file write;
 allow radio mt6605_device:chr_file { read write ioctl open getattr };
 allow radio nfc_socket:dir { write add_name remove_name search };
 allow radio system_prop:property_service set;

 # Date : WK14.38 2016/06/28
 # Operation : Migration
 # Purpose : for engineermode
 allow radio em_svr:unix_stream_socket connectto;

 # Date : WK15.25 2016/06/28
 # Operation :N Migration
 # Purpose : for engineermode WiFi test mode
 # todo: in the feature Google maybe forbid this option,we should use other way
 allowxperm radio self:udp_socket ioctl { SIOCIWFIRSTPRIV-SIOCIWFIRSTPRIV_09 SIOCIWFIRSTPRIV_0B SIOCSIWESSID SIOCSIWMODE };

 # Date : 2014/12/13
 # Operation : IT
 # Purpose : for bluetooth relayer mode
 allow radio block_device:dir search;
 allow radio ttyGS_device:chr_file { open read write ioctl };


 #Date : 2015/11/13
 #Operation: IT
 # Purpose: for set auto answer
 set_prop(radio, mtk_em_auto_answer_prop)

 # Date : 2016/07/05
 # Purpose :
 #   Write IMEI - presanity item write imei should read the file on storage
 #   Swift APK integration - access TTL scripts and logs on external storage
 #   eng mode camera - save iamges files and log files on external storage
 #   eng mode ygps - save location information on external storage
 allow radio media_rw_data_file:dir { create_dir_perms };
 allow radio media_rw_data_file:file { create_file_perms };

 # Date : 2016/08/02
 # Purpose :
 #   Swift APK integration - access ccci dir/file
 allow radio ccci_fsd:dir { r_dir_perms };

 # Date : 2016/07/25
 # Operation : Bluetooth access NVRAM fail in Engineer Mode
 # Purpose : for Bluetooth read NVRAM data
 allow radio nvdata_file:dir search;
 allow radio nvdata_file:file rw_file_perms;

 #Date : 2016/11/08
 #Operation: IT
 #Purpose: for EM set persist.net.auto.tethering
 set_prop(radio, mtk_em_net_auto_tethering_prop)

 # Date : WK17.03
 # Operation : O Migration
 # Purpose : HIDL for rilproxy
 binder_call(radio, hal_telephony)

 # Date : WK17.15
 # Operation : O Migration
 # Purpose : for YGPS execution
 allow radio hal_graphics_composer_default:fd use;

 #Dat: 2017/02/14
 #Purpose: allow get telephony Sensitive property
 get_prop(radio, mtk_telephony_sensitive_prop)

 # Date : WK17.26
 # Operation : O Migration
 # Purpose : HIDL for imsa
 binder_call(radio, mtk_hal_imsa)

 # Date : WK1727 2017/07/04
 # Operation : IT
 # Purpose : Allow to use HAL imsa
 hal_client_domain(radio, hal_imsa)

 #Dat: 2017/06/29
 #Purpose: For audio parameter tuning
 allow radio hal_audio_hwservice:hwservice_manager find;
 binder_call(radio,mtk_hal_audio)

 # TODO : Will move to plat_private when SEPolicy split done
 # Date : WK1727 2017/07/19
 # Operation : Migration
 # Purpose : Allow EM set usb property
 set_prop(radio, system_radio_prop)

 #Dat: 2017/07/20
 #Purpose: NFC EM
 allow radio hal_nfc_hwservice:hwservice_manager find;
 binder_call(radio, hal_nfc)
 binder_call(hal_nfc, radio)
 hwbinder_use(radio);
 #hal_client_domain(radio, hal_nfc)
 typeattribute radio halclientdomain;
 typeattribute radio hal_nfc_client;
 allow radio nfc_socket:sock_file { create write unlink setattr };
 set_prop(radio, system_prop)

 # Date : WK1734 2017/08/23
 # Purpose : Allow EM use power HAL
 allow radio mtk_hal_power_hwservice:hwservice_manager find;
 binder_call(radio, mtk_hal_power)

 # Date : 2017/10/31
 # Purpose: Policy for EM to set wcn coredump property
 get_prop(radio, wmt_prop)

 # Date : WK18.16
 # Operation: P migration
 # Purpose: Allow radio to get tel_switch_prop
 get_prop(radio, tel_switch_prop)

 # Date : 2018/05/03
 # Operation: P migration
 # Purpose: allow EM to set modem reset delay property
 get_prop(radio, mtk_debug_md_reset_prop)

 # Date : 2018/06/01
 # Operation : P migration
 # Purpose : For EM access battery info
 allow radio sysfs_batteryinfo:dir search;
 allow radio sysfs_batteryinfo:file { read write getattr open create};
 allow radio sysfs_vbus:file { read getattr open };

 # Date : 2018/06/15
 # Purpose : Allow EM access touchscreen settings
 allow radio sysfs_tpd_debug:dir { search read open };
 allow radio sysfs_tpd_setting:dir { search read open };

 # Date : 2018/06/15
 # Purpose : mtk EM PMU reading/setting
 allow radio sysfs_pmu:dir { search };
 allow radio sysfs_pmu:file { read };
 allow radio sysfs_pmu:lnk_file { read };

 # Date : 2018/06/15
 # Purpose : mtk EM Power debug_log setting
 allow radio sysfs_spm:dir { search };

 # Date : 2018/06/15
 # Purpose: Allow EM detect Audio headset status
 allow radio sysfs_headset:file { read open };

 # Date : 2018/06/26
 # Operation : IT
 # Purpose : Allow to use HAL em
 hal_client_domain(radio, mtk_hal_em)

 # Date : 2018/07/03
 # Purpose : Allow sim system to set prop
 set_prop(radio, vendor_sim_system_prop)

 # Date : 2018/07/03
 # Purpose : Allow Mwi to get vendor default properties (ro.vendor.*)
 get_prop(radio, vendor_default_prop)

 # Operation : DEBUG
 # Purpose : Allow to use mtk_bgdata_disabled
 set_prop(radio, mtk_bgdata_disabled)

 # Date : 2018/07/03
 # Operation : DEBUG
 # Purpose : Allow to use mtk_telecom_vibrate
 set_prop(radio, mtk_telecom_vibrate)

 # Date : 2018/07/03
 # Operation : DEBUG
 # Purpose : Allow to use mtk_gprs_attach_type
 set_prop(radio, mtk_gprs_attach_type)

 # Date : 2018/07/12
 # Purpose : Allow EM to use Lbs Hidl
 binder_call(radio, lbs_hidl_service)
 allow radio mtk_hal_lbs_hwservice:hwservice_manager find;

 # Date : 2018/08/12
 # Purpose : Allow EM to set poweroffmd property
 set_prop(radio, mtk_power_off_md_type)

 get_prop(radio, persist_mtk_aeev_prop);
	# ==============================================
	# MTK Policy Rule
	# ============

	# Purpose : allow to access kpd driver file
	allow radio sysfs_keypad_file:dir { r_dir_perms };
	allow radio sysfs_keypad_file:file { w_file_perms };

	# Date : WK15.34 2015/08/21
	# Operation : IT
	# Purpose : for engineermode WFD IOT property
	allow radio surfaceflinger:fifo_file { rw_file_perms };

	# Date : 2016/06/11
	# Operation : IT
	# Purpose : for engineermode Usb PHY Tuning
	allow radio debugfs_usb20_phy:file { read open getattr };
	allow radio debugfs_usb20_phy:dir search;

	# Date : 2016/06/28
	# Operation : IT
	# Purpose : for engineermode sensor can work normal
	allow radio als_ps_device:chr_file { read open ioctl };
	allow radio gsensor_device:chr_file { read open ioctl };
	allow radio gyroscope_device:chr_file { read ioctl open };

	# Date : WK14.38 2016/06/28
	# Operation : Migration
	# Purpose : for engineermode
	allow radio mt_otg_test_device:chr_file { read write ioctl open };
	allow radio mtgpio_device:chr_file { read ioctl open };
	allow radio stpbt_device:chr_file { read write open };
	allow radio stpant_device:chr_file { read write open };
	allow radio bt_int_adp_socket:sock_file write;
	allow radio mt6605_device:chr_file { read write ioctl open getattr };
	allow radio nfc_socket:dir { write add_name remove_name search };
	allow radio system_prop:property_service set;

	# Date : WK14.38 2016/06/28
	# Operation : Migration
	# Purpose : for engineermode
	allow radio em_svr:unix_stream_socket connectto;

	# Date : WK15.25 2016/06/28
	# Operation :N Migration
	# Purpose : for engineermode WiFi test mode
	# todo: in the feature Google maybe forbid this option,we should use other way
	allowxperm radio self:udp_socket ioctl { SIOCIWFIRSTPRIV-SIOCIWFIRSTPRIV_09 SIOCIWFIRSTPRIV_0B SIOCSIWESSID SIOCSIWMODE };

	# Date : 2014/12/13
	# Operation : IT
	# Purpose : for bluetooth relayer mode
	allow radio block_device:dir search;
	allow radio ttyGS_device:chr_file { open read write ioctl };


	#Date : 2015/11/13
	#Operation: IT
	# Purpose: for set auto answer
	set_prop(radio, mtk_em_auto_answer_prop)

	# Date : 2016/07/05
	# Purpose :
	# Write IMEI - presanity item write imei should read the file on storage
	# Swift APK integration - access TTL scripts and logs on external storage
	# eng mode camera - save iamges files and log files on external storage
	# eng mode ygps - save location information on external storage
	allow radio media_rw_data_file:dir { create_dir_perms };
	allow radio media_rw_data_file:file { create_file_perms };

	# Date : 2016/08/02
	# Purpose :
	# Swift APK integration - access ccci dir/file
	allow radio ccci_fsd:dir { r_dir_perms };

	# Date : 2016/07/25
	# Operation : Bluetooth access NVRAM fail in Engineer Mode
	# Purpose : for Bluetooth read NVRAM data
	allow radio nvdata_file:dir search;
	allow radio nvdata_file:file rw_file_perms;

	#Date : 2016/11/08
	#Operation: IT
	#Purpose: for EM set persist.net.auto.tethering
	set_prop(radio, mtk_em_net_auto_tethering_prop)

	# Date : WK17.03
	# Operation : O Migration
	# Purpose : HIDL for rilproxy
	binder_call(radio, hal_telephony)

	# Date : WK17.15
	# Operation : O Migration
	# Purpose : for YGPS execution
	allow radio hal_graphics_composer_default:fd use;

	#Dat: 2017/02/14
	#Purpose: allow get telephony Sensitive property
	get_prop(radio, mtk_telephony_sensitive_prop)

	# Date : WK17.26
	# Operation : O Migration
	# Purpose : HIDL for imsa
	binder_call(radio, mtk_hal_imsa)

	# Date : WK1727 2017/07/04
	# Operation : IT
	# Purpose : Allow to use HAL imsa
	hal_client_domain(radio, hal_imsa)

	#Dat: 2017/06/29
	#Purpose: For audio parameter tuning
	allow radio hal_audio_hwservice:hwservice_manager find;
	binder_call(radio,mtk_hal_audio)

	# TODO : Will move to plat_private when SEPolicy split done
	# Date : WK1727 2017/07/19
	# Operation : Migration
	# Purpose : Allow EM set usb property
	set_prop(radio, system_radio_prop)

	#Dat: 2017/07/20
	#Purpose: NFC EM
	allow radio hal_nfc_hwservice:hwservice_manager find;
	binder_call(radio, hal_nfc)
	binder_call(hal_nfc, radio)
	hwbinder_use(radio);
	#hal_client_domain(radio, hal_nfc)
	typeattribute radio halclientdomain;
	typeattribute radio hal_nfc_client;
	allow radio nfc_socket:sock_file { create write unlink setattr };
	set_prop(radio, system_prop)

	# Date : WK1734 2017/08/23
	# Purpose : Allow EM use power HAL
	allow radio mtk_hal_power_hwservice:hwservice_manager find;
	binder_call(radio, mtk_hal_power)

	# Date : 2017/10/31
	# Purpose: Policy for EM to set wcn coredump property
	get_prop(radio, wmt_prop)

	# Date : WK18.16
	# Operation: P migration
	# Purpose: Allow radio to get tel_switch_prop
	get_prop(radio, tel_switch_prop)

	# Date : 2018/05/03
	# Operation: P migration
	# Purpose: allow EM to set modem reset delay property
	get_prop(radio, mtk_debug_md_reset_prop)

	# Date : 2018/06/01
	# Operation : P migration
	# Purpose : For EM access battery info
	allow radio sysfs_batteryinfo:dir search;
	allow radio sysfs_batteryinfo:file { read write getattr open create};
	allow radio sysfs_vbus:file { read getattr open };

	# Date : 2018/06/15
	# Purpose : Allow EM access touchscreen settings
	allow radio sysfs_tpd_debug:dir { search read open };
	allow radio sysfs_tpd_setting:dir { search read open };

	# Date : 2018/06/15
	# Purpose : mtk EM PMU reading/setting
	allow radio sysfs_pmu:dir { search };
	allow radio sysfs_pmu:file { read };
	allow radio sysfs_pmu:lnk_file { read };

	# Date : 2018/06/15
	# Purpose : mtk EM Power debug_log setting
	allow radio sysfs_spm:dir { search };

	# Date : 2018/06/15
	# Purpose: Allow EM detect Audio headset status
	allow radio sysfs_headset:file { read open };

	# Date : 2018/06/26
	# Operation : IT
	# Purpose : Allow to use HAL em
	hal_client_domain(radio, mtk_hal_em)

	# Date : 2018/07/03
	# Purpose : Allow sim system to set prop
	set_prop(radio, vendor_sim_system_prop)

	# Date : 2018/07/03
	# Purpose : Allow Mwi to get vendor default properties (ro.vendor.*)
	get_prop(radio, vendor_default_prop)

	# Operation : DEBUG
	# Purpose : Allow to use mtk_bgdata_disabled
	set_prop(radio, mtk_bgdata_disabled)

	# Date : 2018/07/03
	# Operation : DEBUG
	# Purpose : Allow to use mtk_telecom_vibrate
	set_prop(radio, mtk_telecom_vibrate)

	# Date : 2018/07/03
	# Operation : DEBUG
	# Purpose : Allow to use mtk_gprs_attach_type
	set_prop(radio, mtk_gprs_attach_type)

	# Date : 2018/07/12
	# Purpose : Allow EM to use Lbs Hidl
	binder_call(radio, lbs_hidl_service)
	allow radio mtk_hal_lbs_hwservice:hwservice_manager find;

	# Date : 2018/08/12
	# Purpose : Allow EM to set poweroffmd property
	set_prop(radio, mtk_power_off_md_type)

	get_prop(radio, persist_mtk_aeev_prop);