friendlyelec
/
rk35xx-android12
1
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '35318416d1'
${ noResults }
rk35xx-android12/device/rockchip/common/sepolicy/vendor/system_app.te

70 lines
2.8 KiB
Raw Blame History

dontaudit system_app mnt_vendor_file:dir search;
#for gpu
allow system_app sysfs_usb:file rw_file_perms;
#for ota
allow system_app selinuxfs:file { read open };
allow system_app mnt_media_rw_file:dir { getattr };
#for hdmi
allow system_app sysfs_hdmi:file rw_file_perms;
allow system_app sysfs_zram:dir r_dir_perms;
allow system_app sysfs_zram:file rw_file_perms;
allow system_app proc_stat:file { read open getattr };
#for samba
allow system_app metadata_file:dir {getattr};
allow system_app block_device:dir {search};
#for devicetest
#allow system_app system_app_data_file:file { execute execute_no_trans };
allow system_app system_data_file:file { read };
allow system_app { sysfs_leds metadata_file }:dir { search };
#TODO removed for Q
#allow system_app vendor_file:file { read open };
allow system_app unlabeled:filesystem { getattr };
allow system_app unlabeled:file { getattr open read write unlink rename };
allow system_app unlabeled:dir { open search read getattr write remove_name add_name };
allow system_app cache_file:lnk_file { read };
allow system_app cache_recovery_file:dir {search create read write open add_name getattr remove_name};
allow system_app cache_recovery_file:file {rw_file_perms create unlink setattr};
#TODO removed for Q
#allow system_app vendor_file:file { getattr };
allow system_app cache_file:dir search;
#set_prop(system_app,exported_system_prop)
set_prop(system_app,powerctl_prop)
allow system_app abc_data_file:file { read getattr };
allow system_app abc_data_file:dir { open getattr read search };
set_prop(system_app, debug_prop)
rw_rockchip_graphic_device(system_app)
allow system_app block_device:dir { search read open getattr };
allow system_app mnt_media_rw_file:dir { search read open getattr };
allow system_app asec_apk_file:dir { search read open getattr };
hal_client_domain(system_app, hal_light)
hal_client_domain(system_app, hal_power)
binder_call(system_app, update_engine)
allow system_app proc_pagetypeinfo:file r_file_perms;
allow system_app mnt_sdcard_file:lnk_file r_file_perms;
allow system_app mnt_pass_through_file:dir r_file_perms;
#for FriendlyThings demo
allow system_app sysfs_gpio:dir search;
allow system_app sysfs_gpio:file rw_file_perms;
allow system_app sysfs_iio:file r_file_perms;
allow system_app sysfs_pwm:dir search;
allow system_app sysfs_pwm:file rw_file_perms;
allow system_app sysfs_rtc:dir search;
allow system_app sysfs_rtc:{ file lnk_file } rw_file_perms;
allow system_app sysfs_soc:file { open read write getattr };
allow system_app i2c_device:chr_file rw_file_perms;
allow system_app rtc_device:chr_file rw_file_perms;
allow system_app spi_device:chr_file rw_file_perms;
allow system_app serial_device:chr_file rw_file_perms;
allow system_app usb_serial_device:chr_file rw_file_perms;
allow system_app watchdog_device:chr_file rw_file_perms;
View Git Blame Copy Permalink