Blame - common/init.te - platform_device_qcom_sepolicy-legacy

blob: 9863e9a8cf6d1fda49e85dc256ae54588da8e815 [file] [log] [blame]

Ravi Kumar Siddojigari	5c426bf	2014-09-08 20:57:41 +0530	[diff] [blame]	1	# Adding allow rule for search on /fuse
Avijit Kanti Das	441bad4	2015-05-12 14:07:41 -0700	[diff] [blame]	2	allow init fuse:dir { search mounton };
Avijit Kanti Das	d01b3b3	2014-10-21 10:30:09 -0700	[diff] [blame]	3	allow init self:capability sys_module;
Avijit Kanti Das	19272f3	2015-08-10 14:30:34 -0700	[diff] [blame]	4	allow init {
				5	adsprpcd_file
				6	cache_file
				7	persist_file
				8	storage_file
				9	}:dir mounton;
				10	allow init kmsg_device:chr_file write;
Avijit Kanti Das	fec952f	2015-08-14 15:39:51 -0700	[diff] [blame]	11
Sivan Reinstein	c236527	2016-03-01 12:48:52 -0800	[diff] [blame]	12	#Allow triggering IPA FWs loading
				13	allow init ipa_dev:chr_file write;
				14
William Clark	2c0774d	2015-09-25 14:14:52 -0700	[diff] [blame]	15	#For insmod to search module key for signature verification
				16	allow init kernel:key search;
				17
Avijit Kanti Das	fec952f	2015-08-14 15:39:51 -0700	[diff] [blame]	18	#For sdcard
				19	allow init tmpfs:lnk_file create_file_perms;
Sanket Khidkikar	2e10de3	2015-10-05 20:26:00 -0700	[diff] [blame]	20
				21	#Certain domains needs LD_PRELOAD passed from init
				22	#allow it for most domain. Do not honor LD_PRELOAD
				23	#for lmkd
Divya Sharma	d8172c1	2017-01-20 14:29:16 -0800	[diff] [blame]	24	#allow init { domain -lmkd }:process noatsecure;
Mayank Rana	b7e7fad	2016-04-28 12:09:33 -0700	[diff] [blame]	25
				26	#For configfs file permission
				27	allow init configfs:dir r_dir_perms;
Bhasker Reddy Komatireddy	181d639	2017-11-10 12:19:17 +0530	[diff] [blame]	28	allow init configfs:file { create_file_perms link };
Harshal Trivedi	d057af1	2016-06-02 15:24:59 -0700	[diff] [blame]	29	allow init configfs:lnk_file create_file_perms;
Ameya Thakur	992e1f7	2016-09-22 16:26:35 -0700	[diff] [blame]	30
				31	#Allow init to mount non-hlos partitions in A/B builds
				32	allow init firmware_file:dir { mounton };
				33	allow init bt_firmware_file:dir { mounton };
Biswajit Paul	22cbbd8	2016-09-21 15:05:19 -0700	[diff] [blame]	34
Paresh Purabhiya	9c8461b	2017-12-20 20:25:15 +0530	[diff] [blame]	35	allow init sysfs_boot_adsp:file w_file_perms;
Bharath Gopal	8788d5a	2018-03-21 18:29:10 +0530	[diff] [blame]	36	allow init sysfs_graphics:file setattr;
Paresh Purabhiya	9c8461b	2017-12-20 20:25:15 +0530	[diff] [blame]	37
Biswajit Paul	22cbbd8	2016-09-21 15:05:19 -0700	[diff] [blame]	38	#dontaudit non configfs usb denials
				39	dontaudit init sysfs:dir write;
Biswajit Paul	f63bd14	2017-03-16 16:41:02 -0700	[diff] [blame]	40
Rajiv Ranjan	522565c	2017-06-22 12:42:45 +0530	[diff] [blame]	41	#load /vendor/lib/modules/qca_cld3/qca_cld3_wlan.ko
Lior David	4420cfc	2017-05-23 10:40:44 +0300	[diff] [blame]	42	#load /vendor/lib/modules/wil6210.ko
Rajiv Ranjan	522565c	2017-06-22 12:42:45 +0530	[diff] [blame]	43	allow init vendor_file:system module_load;
Ameya Thakur	b9523d2	2017-05-24 16:19:11 -0700	[diff] [blame]	44
				45	#Needed for restorecon. Init already has these permissions
				46	#for generic block devices, but is unable to access those
				47	#which have a custom lable added by us.
				48	allow init {
				49	custom_ab_block_device
				50	boot_block_device
				51	xbl_block_device
				52	ssd_device
				53	modem_block_device
				54	mdtp_device
				55	}:{ blk_file lnk_file } relabelto;
Clarence Wong	689108c	2017-04-07 15:28:30 -0700	[diff] [blame]	56
				57	#rawdump
				58	allow init rawdump_block_device:blk_file setattr;
Bhasker Reddy Komatireddy	181d639	2017-11-10 12:19:17 +0530	[diff] [blame]	59
				60	#cpu.rt_period_us and _runtime_us need this
				61	allow init cgroup:file create;
Nicholas Lim	a2eb249	2019-10-18 01:53:15 +0800	[diff] [blame]	62
				63	# Allow init to bind mount loader config for media swcodec
				64	allow init system_file:file mounton;