common/mmi.te - platform_device_qcom_sepolicy - Gitiles

 #integrated process
 type mmi, domain;
 type mmi_exec, exec_type, file_type;

 #started by init
 init_daemon_domain(mmi)

 #self capability
 allow mmi self:socket create_socket_perms;
 allow mmi self:netlink_socket create_socket_perms;
 allow mmi self:udp_socket create_socket_perms;
 allow mmi self:capability { sys_nice dac_override setuid setgid fowner chown fsetid kill net_admin sys_module net_raw};

 #For various devices
 allow mmi sysfs:file w_file_perms;
 allow mmi graphics_device:dir r_dir_perms;
 allow mmi graphics_device:chr_file rw_file_perms;
 allow mmi input_device:chr_file r_file_perms;
 allow mmi input_device:dir r_dir_perms;
 allow mmi nfc_device:chr_file rw_file_perms;
 allow mmi shell_exec:file rx_file_perms;
 wakelock_use(mmi)

 #FTM_AP folder permissions
 file_type_auto_trans(mmi, cache_file, mmi_data_file);
 allow mmi mmi_data_file:dir rw_dir_perms;
 allow mmi mmi_data_file:file create_file_perms;

 #socket
 unix_socket_connect(mmi, property, init)
 allow mmi socket_device:dir w_dir_perms;

 #allow mmi set system prop,sensor need write persist
 allow mmi powerctl_prop:property_service set;
 allow mmi persist_file:dir r_dir_perms;
 allow mmi sensors_persist_file:dir create_dir_perms;
 allow mmi sensors_persist_file:file create_file_perms;

 #allow mmi operation on MISC partition
 allow mmi misc_partition:blk_file w_file_perms;

 #wifi case
 allow mmi system_file:file x_file_perms;
 allow mmi wpa_exec:file rx_file_perms;
 allow mmi wcnss_service_exec:file rx_file_perms;
 allow mmi kernel:key search;
 allow mmi kernel:system module_request;

 #audio case
 allow mmi audio_device:dir r_dir_perms;
 allow mmi audio_device:chr_file rw_file_perms;

 #FM case
 allow mmi fm_radio_device:chr_file r_file_perms;
 allow mmi fm_data_file:file r_file_perms;
 allow mmi fm_prop:property_service set;

 #bluetooth case
 allow mmi bluetooth_data_file:dir rw_dir_perms;
 allow mmi bluetooth_data_file:file create_file_perms;
 allow mmi bluetooth_prop:property_service set;
 allow mmi smd_device:chr_file rw_file_perms;

 #GPS case
 allow mmi location_data_file:fifo_file create_file_perms;
 allow mmi location_data_file:dir create_dir_perms;
 allow mmi location_data_file:file create_file_perms;
 allow mmi mmi_socket:sock_file create_file_perms;
 type_transition mmi socket_device:sock_file mmi_socket;
 allow mmi location_exec:file rx_file_perms;
 allow mmi smem_log_device:chr_file rw_file_perms;
 allow mmi ssr_device:chr_file r_file_perms;

 #SD card case
 allow mmi sd_device:blk_file rw_file_perms;
 allow mmi block_device:blk_file getattr;
 allow mmi block_device:dir r_dir_perms;

 #camera
 allow mmi camera_device:chr_file rw_file_perms;
 allow mmi video_device:chr_file rw_file_perms;
 allow mmi camera_data_file:sock_file write;
 allow mmi camera_data_file:dir r_dir_perms;
 allow mmi mm-qcamerad:unix_dgram_socket sendto;

 #nfc case
 allow mmi nfc_data_file:dir rw_dir_perms;
 allow mmi nfc_data_file:file create_file_perms;

 #simcard
 qmux_socket(mmi);

 #allow mmi access chgdiabled prop
 allow mmi chgdiabled_prop:property_service set;

 #Allow mmi operate on surfaceflinger
 allow mmi surfaceflinger:fd use;
 allow mmi surfaceflinger_service:service_manager find;

 #Allow mmi to use IPC
 binder_use(mmi)
 binder_call(mmi,surfaceflinger)

 #sensor cases
 unix_socket_connect(mmi, sensors, sensors);
 allow mmi sensors_device:chr_file r_file_perms;

 #logcat
 domain_auto_trans(mmi, logcat_exec, logd);

 #mmi test
 unix_socket_connect(mmi, cnd, cnd);
 unix_socket_connect(mmi, dpmwrapper, dpmd);
 unix_socket_connect(mmi, netmgrd, netmgrd);
 net_domain(mmi);
	#integrated process
	type mmi, domain;
	type mmi_exec, exec_type, file_type;

	#started by init
	init_daemon_domain(mmi)

	#self capability
	allow mmi self:socket create_socket_perms;
	allow mmi self:netlink_socket create_socket_perms;
	allow mmi self:udp_socket create_socket_perms;
	allow mmi self:capability { sys_nice dac_override setuid setgid fowner chown fsetid kill net_admin sys_module net_raw};

	#For various devices
	allow mmi sysfs:file w_file_perms;
	allow mmi graphics_device:dir r_dir_perms;
	allow mmi graphics_device:chr_file rw_file_perms;
	allow mmi input_device:chr_file r_file_perms;
	allow mmi input_device:dir r_dir_perms;
	allow mmi nfc_device:chr_file rw_file_perms;
	allow mmi shell_exec:file rx_file_perms;
	wakelock_use(mmi)

	#FTM_AP folder permissions
	file_type_auto_trans(mmi, cache_file, mmi_data_file);
	allow mmi mmi_data_file:dir rw_dir_perms;
	allow mmi mmi_data_file:file create_file_perms;

	#socket
	unix_socket_connect(mmi, property, init)
	allow mmi socket_device:dir w_dir_perms;

	#allow mmi set system prop,sensor need write persist
	allow mmi powerctl_prop:property_service set;
	allow mmi persist_file:dir r_dir_perms;
	allow mmi sensors_persist_file:dir create_dir_perms;
	allow mmi sensors_persist_file:file create_file_perms;

	#allow mmi operation on MISC partition
	allow mmi misc_partition:blk_file w_file_perms;

	#wifi case
	allow mmi system_file:file x_file_perms;
	allow mmi wpa_exec:file rx_file_perms;
	allow mmi wcnss_service_exec:file rx_file_perms;
	allow mmi kernel:key search;
	allow mmi kernel:system module_request;

	#audio case
	allow mmi audio_device:dir r_dir_perms;
	allow mmi audio_device:chr_file rw_file_perms;

	#FM case
	allow mmi fm_radio_device:chr_file r_file_perms;
	allow mmi fm_data_file:file r_file_perms;
	allow mmi fm_prop:property_service set;

	#bluetooth case
	allow mmi bluetooth_data_file:dir rw_dir_perms;
	allow mmi bluetooth_data_file:file create_file_perms;
	allow mmi bluetooth_prop:property_service set;
	allow mmi smd_device:chr_file rw_file_perms;

	#GPS case
	allow mmi location_data_file:fifo_file create_file_perms;
	allow mmi location_data_file:dir create_dir_perms;
	allow mmi location_data_file:file create_file_perms;
	allow mmi mmi_socket:sock_file create_file_perms;
	type_transition mmi socket_device:sock_file mmi_socket;
	allow mmi location_exec:file rx_file_perms;
	allow mmi smem_log_device:chr_file rw_file_perms;
	allow mmi ssr_device:chr_file r_file_perms;

	#SD card case
	allow mmi sd_device:blk_file rw_file_perms;
	allow mmi block_device:blk_file getattr;
	allow mmi block_device:dir r_dir_perms;

	#camera
	allow mmi camera_device:chr_file rw_file_perms;
	allow mmi video_device:chr_file rw_file_perms;
	allow mmi camera_data_file:sock_file write;
	allow mmi camera_data_file:dir r_dir_perms;
	allow mmi mm-qcamerad:unix_dgram_socket sendto;

	#nfc case
	allow mmi nfc_data_file:dir rw_dir_perms;
	allow mmi nfc_data_file:file create_file_perms;

	#simcard
	qmux_socket(mmi);

	#allow mmi access chgdiabled prop
	allow mmi chgdiabled_prop:property_service set;

	#Allow mmi operate on surfaceflinger
	allow mmi surfaceflinger:fd use;
	allow mmi surfaceflinger_service:service_manager find;

	#Allow mmi to use IPC
	binder_use(mmi)
	binder_call(mmi,surfaceflinger)

	#sensor cases
	unix_socket_connect(mmi, sensors, sensors);
	allow mmi sensors_device:chr_file r_file_perms;

	#logcat
	domain_auto_trans(mmi, logcat_exec, logd);

	#mmi test
	unix_socket_connect(mmi, cnd, cnd);
	unix_socket_connect(mmi, dpmwrapper, dpmd);
	unix_socket_connect(mmi, netmgrd, netmgrd);
	net_domain(mmi);