device/amlogic-o.git - Unnamed repository; edit this file 'description' to name the repository.

1 type imageserver, domain;
2 type imageserver_exec, exec_type, file_type;
3
4 typeattribute imageserver mlstrustedsubject;
5
6 init_daemon_domain(imageserver)
7
8 allow imageserver shell_exec:file rx_file_perms;
9 allow imageserver system_file:file execute_no_trans;
10
11 allow imageserver imageserver_service:service_manager add;
12
13 allow imageserver imageserver_exec:file { entrypoint read };
14
15 allow imageserver self:process execmem;
16
17 binder_use(imageserver);
18 binder_call(imageserver, binderservicedomain)
19 binder_call(imageserver, appdomain)
20 binder_service(imageserver)
21
22 allow imageserver self:capability dac_override;
23 allow imageserver self:capability dac_read_search;
24
25 #allow imageserver appdomain:file { r_file_perms };
26 allow imageserver fuse:dir r_dir_perms;
27 allow imageserver fuse:file r_file_perms;
28 allow imageserver app_data_file:file rw_file_perms;
29 #allow imageserver system_file:file execmod;
30
31 allow imageserver app_data_file:dir search;
32
33 allow imageserver system_control_service:service_manager find;
34
35 allow imageserver { mnt_user_file storage_file }:dir { getattr search };
36 allow imageserver { mnt_user_file storage_file }:lnk_file { getattr read };
37 allow imageserver permission_service:service_manager find;
38
39 allow imageserver picture_device:chr_file { read write open ioctl };
40 allow imageserver kernel:system module_request;
41
42 allow imageserver tmpfs:dir { getattr search };
43
1	type imageserver, domain;
2	type imageserver_exec, exec_type, file_type;
3
4	typeattribute imageserver mlstrustedsubject;
5
6	init_daemon_domain(imageserver)
7
8	allow imageserver shell_exec:file rx_file_perms;
9	allow imageserver system_file:file execute_no_trans;
10
11	allow imageserver imageserver_service:service_manager add;
12
13	allow imageserver imageserver_exec:file { entrypoint read };
14
15	allow imageserver self:process execmem;
16
17	binder_use(imageserver);
18	binder_call(imageserver, binderservicedomain)
19	binder_call(imageserver, appdomain)
20	binder_service(imageserver)
21
22	allow imageserver self:capability dac_override;
23	allow imageserver self:capability dac_read_search;
24
25	#allow imageserver appdomain:file { r_file_perms };
26	allow imageserver fuse:dir r_dir_perms;
27	allow imageserver fuse:file r_file_perms;
28	allow imageserver app_data_file:file rw_file_perms;
29	#allow imageserver system_file:file execmod;
30
31	allow imageserver app_data_file:dir search;
32
33	allow imageserver system_control_service:service_manager find;
34
35	allow imageserver { mnt_user_file storage_file }:dir { getattr search };
36	allow imageserver { mnt_user_file storage_file }:lnk_file { getattr read };
37	allow imageserver permission_service:service_manager find;
38
39	allow imageserver picture_device:chr_file { read write open ioctl };
40	allow imageserver kernel:system module_request;
41
42	allow imageserver tmpfs:dir { getattr search };
43