| # ============================================== |
| # Policy File of /vendor/bin/rilproxy Executable File |
| |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| |
| # Access to wake locks |
| wakelock_use(rild) |
| |
| # rild Bringup Policy |
| allow rild mtkrild:unix_stream_socket connectto; |
| allow rild self:capability setuid; |
| set_prop(rild, radio_prop) |
| set_prop(rild, vendor_mtk_ril_mux_report_case_prop) |
| allow rild mtk_agpsd:unix_stream_socket connectto; |
| allow servicemanager rild:dir search; |
| allow servicemanager rild:file { read open }; |
| allow servicemanager rild:process getattr; |
| |
| # Allow the socket read/write of netd for rild |
| allow rild netd_socket:sock_file write; |
| allow rild netd_socket:sock_file read; |
| |
| #Date : W17.13 |
| #Purpose: Treble SEpolicy denied clean up |
| get_prop(rild, hwservicemanager_prop) |
| |
| #Date : W17.18 |
| #Purpose: Treble SEpolicy denied clean up |
| add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice) |
| allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find; |
| |
| #Date : W17.21 |
| #Purpose: Grant permission to access binder dev node |
| vndbinder_use(rild) |
| |
| #Date : W17.20 |
| #Purpose: allow access to audio hal |
| binder_call(rild, mtk_hal_audio) |
| hal_client_domain(rild, hal_audio) |
| |
| #Date : W18.15 |
| #Purpose: allow rild access to vendor.ril.ipo system property |
| set_prop(mtkrild, vendor_mtk_ril_ipo_prop) |
| |
| # Date : WK18.26 |
| # Operation: P migration |
| # Purpose: Allow carrier express HIDL to set vendor property |
| set_prop(mtkrild, vendor_mtk_cxp_vendor_prop) |
| allow mtkrild mnt_vendor_file:dir search; |
| allow mtkrild mnt_vendor_file:file create_file_perms; |
| allow mtkrild nvdata_file:dir create_dir_perms; |
| allow mtkrild nvdata_file:file create_file_perms; |
| |
| # Date : WK18.31 |
| # Operation: P migration |
| # Purpose: Allow supplementary service HIDL to set vendor property |
| set_prop(mtkrild, vendor_mtk_ss_vendor_prop) |
| |
| # Date : W19.16 |
| # Operation: Q migration |
| # Purpose: Allow rild access to send SUPL INIT to mnld |
| allow rild mnld:unix_dgram_socket sendto; |
| allow mtkrild mnld:unix_dgram_socket sendto; |
| |
| # Date : W19.35 |
| # Operation: Q migration |
| # Purpose: Fix rilproxy SeLinux warning of pre-defined socket |
| allow rild gsmrild_socket:sock_file write; |
| |