Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy-legacy / refs/heads/rebase / . / common / dpmd.te
blob: b870fcaefe89b20e85b913cb3d9bf89aa3cbfa26 [file] [log] [blame]
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]1#dpmd as domain
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]2#type dpmd, domain, mlstrustedsubject;
3#type dpmd_exec, exec_type, vendor_file_type, file_type;
4#file_type_auto_trans(dpmd, socket_device, dpmwrapper_socket);
5#init_daemon_domain(dpmd)
6#net_domain(dpmd)
7#allow dpmd {
8 # dpmd_exec
9 # system_file
10#}:file x_file_perms;
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]11
Bhavya Sokke Mallikarjunappa1224bdc2014-11-03 13:33:33 -0800[diff] [blame]12#allow dpmd to access dpm_data_file
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]13
14#allow dpmd dpmd_data_file:file create_file_perms;
15#allow dpmd dpmd_data_file:dir create_dir_perms;
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]16
Devi Sandeep Endluri V Vaf3807c2017-05-31 12:46:19 +0530[diff] [blame]17allow dpmd persist_dpm_prop:file r_file_perms;
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]18
Bhavya Sokke Mallikarjunappa1224bdc2014-11-03 13:33:33 -0800[diff] [blame]19allow dpmd sysfs_wake_lock:file rw_file_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]20
Devi Sandeep Endluri V Vaf3807c2017-05-31 12:46:19 +0530[diff] [blame]21allow dpmd sysfs_data:dir r_dir_perms;
22
23allow dpmd sysfs_data:file r_file_perms;
24
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]25#r_dir_file(dpmd,proc_net)
Devi Sandeep Endluri V Vaf3807c2017-05-31 12:46:19 +0530[diff] [blame]26
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]27#allow dpmd self:capability {
28 # setuid
29 # setgid
30 # dac_override
31# net_raw chown
32 # fsetid
33 # net_admin
34 # sys_module
35#}; #Need to check on it . It was present earlier
Susheel Yadagirid0927c62014-10-14 16:01:45 -0700[diff] [blame]36
Bhavya Sokke Mallikarjunappa1224bdc2014-11-03 13:33:33 -0800[diff] [blame]37#socket, self
38allow dpmd smem_log_device:chr_file rw_file_perms;
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]39#wakelock_use(dpmd) # it was present earlier
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]40
sahil madekaa3608c92017-05-12 15:41:40 -0700[diff] [blame]41set_prop(dpmd, system_prop)
42set_prop(dpmd, ctl_default_prop)
Bhavya Sokke Mallikarjunappa1224bdc2014-11-03 13:33:33 -0800[diff] [blame]43#misc.
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]44#allow dpmd vendor_shell_exec:file rx_file_perms;
Susheel Yadagiri7724bf32015-01-06 10:21:38 -0800[diff] [blame]45
46#permission to unlink dpmwrapper socket
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]47#allow dpmd socket_device:dir remove_name;
Susheel Yadagiri702019a2015-03-11 10:56:18 -0700[diff] [blame]48
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]49#permission to communicate with cnd_socket for installing iptable rules
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]50#unix_socket_connect(dpmd, cnd, cnd);
Susheel Yadagiri4f368982015-03-23 19:41:19 -0700[diff] [blame]51
52#allow dpmd to create socket
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]53#allow dpmd self:socket create_socket_perms_no_ioctl;
54#allow dpmd self:{ netlink_socket netlink_generic_socket } create_socket_perms_no_ioctl;
Susheel Yadagiri4f368982015-03-23 19:41:19 -0700[diff] [blame]55
Biswajit Paul28439f92015-07-15 13:28:27 -0700[diff] [blame]56#allow dpmd to write to /proc/net/sys
Devi Sandeep Endluri V V98379eb2017-06-20 22:19:40 -0700[diff] [blame]57#allow dpmd proc_net:file write;
Biswajit Paul28439f92015-07-15 13:28:27 -0700[diff] [blame]58
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]59#allow dpmd get appname and use inet socket.
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]60#dpmd_socket_perm(appdomain)
61#dpmd_socket_perm(system_server)
62#dpmd_socket_perm(mediaserver)
63#dpmd_socket_perm(mtp)
64#dpmd_socket_perm(wfdservice)
65#dpmd_socket_perm(drmserver)
66#dpmd_socket_perm(netd)
Bryse Flowers8054fe62015-06-16 10:57:02 -0700[diff] [blame]67
68#explicitly allow udp socket permissions for appdomain
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]69#allow dpmd appdomain:udp_socket rw_socket_perms;
Biswajit Paul277acbb2016-07-20 12:02:14 -0700[diff] [blame]70
Devi Sandeep Endluri V Vaf3807c2017-05-31 12:46:19 +0530[diff] [blame]71#Allow dpmd to acquire lock for iptables
72allow dpmd system_file:file lock;
73
74#Allow dpmd to connect to hal_dpmQMiMgr
75allow dpmd hal_dpmqmi_hwservice:hwservice_manager find;
76get_prop(dpmd, hwservicemanager_prop)
77binder_call(dpmd,hal_dpmQmiMgr)
78hwbinder_use(dpmd)
Devi Sandeep Endluri V Vfbe5cdb2017-05-15 12:13:12 +0530[diff] [blame]79
Biswajit Paul277acbb2016-07-20 12:02:14 -0700[diff] [blame]80#diag
81userdebug_or_eng(`
82 diag_use(dpmd)
83')