| # ============================================== |
| # Policy File of /system/bin/aee_core_forwarder Executable File |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| type aee_core_forwarder_exec, system_file_type, exec_type, file_type; |
| typeattribute aee_core_forwarder coredomain; |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| init_daemon_domain(aee_core_forwarder) |
| |
| #mkdir /sdcard/mtklog/aee_exp and write /sdcard/mtklog/aee_exp/zcorexxx.zip |
| allow aee_core_forwarder sdcard_type:dir create_dir_perms; |
| allow aee_core_forwarder sdcard_type:file create_file_perms; |
| allow aee_core_forwarder self:capability { fsetid setgid }; |
| |
| #read STDIN_FILENO |
| allow aee_core_forwarder kernel:fifo_file read; |
| |
| #read /proc/<pid>/cmdline |
| allow aee_core_forwarder domain:dir r_dir_perms; |
| allow aee_core_forwarder domain:file r_file_perms; |
| |
| #get wake_lock to avoid system suspend when coredump is generating |
| allow aee_core_forwarder sysfs_wake_lock:file rw_file_perms; |
| |
| # Date : 2015/07/11 |
| # Operation : Migration |
| # Purpose : for mtk debug mechanism |
| allow aee_core_forwarder self:capability2 block_suspend; |
| |
| # Date : 2015/07/21 |
| # Operation : Migration |
| # Purpose : for generating core dump on sdcard |
| allow aee_core_forwarder mnt_user_file:dir search; |
| allow aee_core_forwarder mnt_user_file:lnk_file read; |
| allow aee_core_forwarder storage_file:dir search; |
| allow aee_core_forwarder storage_file:lnk_file read; |
| |
| # Date : 2016/03/05 |
| # Operation : selinux waring fix |
| # Purpose : avc: denied { search } for pid=15909 comm="aee_core_forwar" |
| # name="15493" dev="proc" ino=112310 scontext=u:r:aee_core_forwarder:s0 |
| # tcontext=u:r:untrusted_app:s0:c512,c768 tclass=dir permissive=0 |
| dontaudit aee_core_forwarder untrusted_app:dir search; |
| |
| # Date : 2016/04/18 |
| # Operation : N0 Migration |
| # Purpose : access for pipefs |
| allow aee_core_forwarder kernel:fd use; |
| |
| # Purpose: search root dir "/" |
| allow aee_core_forwarder tmpfs:dir search; |
| # Purpose : read /selinux_version |
| allow aee_core_forwarder rootfs:file r_file_perms; |
| |
| # Data : 2016/06/13 |
| # Operation : fix sys_ptrace selinux warning |
| # Purpose : type=1400 audit(1420070409.080:177): avc: denied { sys_ptrace } for pid=3136 |
| # comm="aee_core_forwar" capability=19 scontext=u:r:aee_core_forwarder:s0 |
| # tcontext=u:r:aee_core_forwarder:s0 tclass=capability permissive=0 |
| dontaudit aee_core_forwarder self:capability sys_ptrace; |
| |
| # Data : 2016/06/24 |
| # Operation : fix media_rw_data_file access selinux warning |
| # Purpose : |
| # type=1400 audit(0.0:6511): avc: denied { search } for name="db.p08JgF" |
| # dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0 |
| # tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 |
| # type=1400 audit(0.0:6512): avc: denied { write } for name="db.p08JgF" |
| # dev="dm-0" ino=540948 scontext=u:r:aee_core_forwarder:s0 |
| # tcontext=u:object_r:media_rw_data_file:s0 tclass=dir permissive=1 |
| # type=1400 audit(0.0:6513): avc: denied { add_name } for name="CURRENT.dbg" |
| # scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 |
| # tclass=dir permissive=1 |
| # type=1400 audit(0.0:6514): avc: denied { create } for name="CURRENT.dbg" |
| # scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 |
| # tclass=file permissive=1 |
| # type=1400 audit(0.0:6515): avc: denied { write open } for |
| # path="/data/media/0/mtklog/aee_exp/temp/db.p08JgF/CURRENT.dbg" dev="dm-0" |
| # ino=540952 scontext=u:r:aee_core_forwarder:s0 tcontext=u:object_r:media_rw_data_file:s0 |
| # tclass=file permissive=1 |
| allow aee_core_forwarder media_rw_data_file:dir w_dir_perms; |
| allow aee_core_forwarder media_rw_data_file:file { create open write }; |
| |
| # Data : 2017/08/04 |
| # Operation : fix sys_nice selinux warning |
| # Purpose : type=1400 audit(0.0:50): avc: denied { sys_nice } for capability=23 |
| # scontext=u:r:aee_core_forwarder:s0 tcontext=u:r:aee_core_forwarder:s0 |
| # tclass=capability permissive=0 |
| allow aee_core_forwarder self:capability sys_nice; |
| |
| # Purpose : allow aee_core_forwarder to access hwservicemanager_prop |
| get_prop(aee_core_forwarder, hwservicemanager_prop) |
| |
| # Purpose : allow aee_core_forwarder to connect aee_aed socket |
| allow aee_core_forwarder aee_aed:unix_stream_socket connectto; |