Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy-legacy / refs/heads/t / . / common / diag.te
blob: ecd792f28867d2556dc92713d0cf8c72543ffbe8 [file] [log] [blame]
Biswajit Paul6786a922017-03-16 11:53:53 -0700[diff] [blame]1type diag, domain;
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]2type diag_exec, exec_type, vendor_file_type, file_type;
Avijit Kanti Das71c08422014-07-25 17:11:21 -0700[diff] [blame]3userdebug_or_eng(`
Avijit Kanti Das0a2c91f2014-06-18 16:02:17 -0700[diff] [blame]4 domain_auto_trans(shell, diag_exec, diag)
David Nga658efb2016-10-07 11:38:22 -0700[diff] [blame]5 #domain_auto_trans(adbd, diag_exec, diag)
Avijit Kanti Das0a2c91f2014-06-18 16:02:17 -0700[diff] [blame]6 file_type_auto_trans(diag, system_data_file, diag_data_file);
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]7 allow diag {
8 diag_device
9 devpts
10 console_device
11 # allow access to qseecom for drmdiagapp
12 tee_device
13 }:chr_file rw_file_perms;
14 allow diag {
15 shell
16 su
17 }:fd use;
18
19 allow diag {
20 cgroup
David Ng14a42d62016-03-07 15:35:02 -0800[diff] [blame]21 fuse
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]22 persist_drm_file
23 }:dir create_dir_perms;
24
Avijit Kanti Das0a2c91f2014-06-18 16:02:17 -0700[diff] [blame]25 allow diag port:tcp_socket name_connect;
Avijit Kanti Das0a2c91f2014-06-18 16:02:17 -0700[diff] [blame]26 allow diag self:capability { setuid net_raw sys_admin setgid dac_override };
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]27 allow diag self:capability2 syslog;
Avijit Kanti Das0a2c91f2014-06-18 16:02:17 -0700[diff] [blame]28 allow diag self:tcp_socket { create connect setopt};
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]29 wakelock_use(diag)
Avijit Kanti Das0a2c91f2014-06-18 16:02:17 -0700[diff] [blame]30 allow diag kernel:system syslog_mod;
Dinesh K Garge5bafbf2014-10-22 00:13:49 -0700[diff] [blame]31 # allow drmdiagapp access to drm related paths
32 allow diag persist_file:dir r_dir_perms;
33 r_dir_file(diag, persist_data_file)
34 # Write to drm related pieces of persist partition
Dinesh K Garge5bafbf2014-10-22 00:13:49 -0700[diff] [blame]35 allow diag persist_drm_file:file create_file_perms;
Mathew Winna250b142017-04-24 14:00:10 -0700[diff] [blame]36
37 # For DiagExample daemon
38 init_daemon_domain(diag)
39 net_domain(diag)
40
41 allow diag fuse:dir r_dir_perms;
42 allow diag fuse:file r_file_perms;
43 r_dir_file(diag, storage_file)
44 r_dir_file(diag, mnt_user_file)
Mathew Winncc5f9132017-11-28 09:28:53 -0800[diff] [blame]45 allow diag media_rw_data_file:file r_file_perms;
46 r_dir_file(diag, sdcardfs)
Avijit Kanti Das71c08422014-07-25 17:11:21 -0700[diff] [blame]47')