| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| |
| # Purpose: access for SYS_MEMORY_INFO |
| allow dumpstate fuse:dir { w_dir_perms }; |
| allow dumpstate fuse:file { write create open setattr append }; |
| |
| # Purpose: mnt/user/* |
| allow dumpstate mnt_user_file:dir search; |
| allow dumpstate mnt_user_file:lnk_file read; |
| |
| # Purpose: /storage/* |
| allow dumpstate storage_file:lnk_file read; |
| |
| # Purpose: timer_intval. this is neverallow |
| #allow dumpstate app_data_file:dir search; |
| allow dumpstate kmsg_device:chr_file r_file_perms; |
| |
| # Purpose: |
| # 01-01 18:00:35.600 7723 7723 I ps : type=1400 audit(0.0:63712): avc: |
| # denied { ioctl } for path="/storage/emulated/0/mtklog/aee_exp/temp/db.PQtNt4/ |
| # SYS_ALL_THREADS" dev="fuse" ino=209 ioctlcmd=5401 scontext=u:r:dumpstate:s0 |
| # tcontext=u:object_r:fuse:s0 tclass=file permissive=1 |
| allow dumpstate fuse:file ioctl; |
| |
| # Purpose: |
| # 01-01 17:59:14.440 7664 7664 I aee_dumpstate: type=1400 audit(0.0:63497): |
| # avc: denied { open } for path="/sys/kernel/debug/tracing/tracing_on" dev= |
| # "debugfs" ino=2087 scontext=u:r:dumpstate:s0 tcontext=u:object_r: |
| # tracing_shell_writable:s0 tclass=file permissive=1 |
| allow dumpstate debugfs_tracing:file { write read open }; |
| |
| # Data : WK17.03 |
| # Purpose: Allow to access gpu |
| allow dumpstate gpu_device:dir search; |
| |
| # Date: 2017/07/11 |
| # Purpose: 01-01 08:30:57.474 286 286 E SELinux : avc: denied { find } for interface= |
| # android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext= |
| # u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager |
| hal_client_domain(dumpstate, hal_camera) |
| allow dumpstate hal_camera_hwservice:hwservice_manager find; |
| |
| #Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb |
| userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };') |
| |
| # Purpose: Allow dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable |
| allow dumpstate sysfs_vibrator:file write; |
| |
| # Purpose : Allow dumpstate self to sys_nice |
| allow dumpstate self:capability sys_nice; |
| |
| # Date: W1826 |
| # Purpose : mobile_log_d exec 'logcat -L' via dumpstate |
| allow dumpstate mobile_log_d:fd use; |
| allow dumpstate mobile_log_d:fifo_file write; |
| allow dumpstate mobile_log_d:unix_stream_socket { read write }; |