device/amlogic-o.git - Unnamed repository; edit this file 'description' to name the repository.

1 type system_control, domain;
2 type system_control_exec, exec_type, vendor_file_type, file_type;
3
4 init_daemon_domain(system_control)
5
6 allow system_control vndbinder_device:chr_file { read write open ioctl };
7 allow system_control vndservicemanager:binder { call transfer };
8 #allow system_control default_android_vndservice:service_manager { add };
9
10 allow system_control hwservicemanager:binder { call transfer };
11 allow system_control { systemcontrol_hwservice  hidl_base_hwservice }:hwservice_manager { add };
12
13 allow system_control self:capability dac_override;
14
15 allow system_control sysfs:file rw_file_perms;
16 allow system_control sysfs_devices_system_cpu:file rw_file_perms;
17
18 allow system_control system_control:netlink_kobject_uevent_socket { create setopt bind read shutdown };
19 allow system_control self:capability { net_admin };
20
21
22 #unix_socket_connect(system_control, vold, vold);
23 #unix_socket_connect(system_control, property, init);
24
25 # Property Service write
26 set_prop(system_control, system_prop)
27 set_prop(system_control, dhcp_prop)
28 set_prop(system_control, net_radio_prop)
29 set_prop(system_control, system_radio_prop)
30 set_prop(system_control, debug_prop)
31 set_prop(system_control, powerctl_prop)
32
33 get_prop(system_control, tv_config_prop)
34 get_prop(system_control, bcmdl_prop)
35 get_prop(system_control, safemode_prop)
36 get_prop(system_control, mmc_prop)
37 get_prop(system_control, device_logging_prop)
38
39 set_prop(system_control, media_prop)
40 get_prop(system_control, media_prop)
41 get_prop(system_control, aml_display_prop)
42 set_prop(system_control, uboot_prop)
43 get_prop(system_control, uboot_prop)
44 set_prop(system_control, tv_prop)
45 get_prop(system_control, tv_prop)
46
47 get_prop(system_control, wifi_prop)
48 set_prop(system_control, boottime_prop)
49 get_prop(system_control, boottime_prop)
50
51 #get_prop(system_control, firstboot_prop)
52 #get_prop(system_control, serialno_prop)
53 set_prop(system_control, overlay_prop)
54 get_prop(system_control, overlay_prop)
55 set_prop(system_control, net_dns_prop)
56 get_prop(system_control, net_dns_prop)
57 set_prop(system_control, logpersistd_logging_prop)
58 get_prop(system_control, logpersistd_logging_prop)
59 set_prop(system_control, hwservicemanager_prop)
60 get_prop(system_control, hwservicemanager_prop)
61 set_prop(system_control, dumpstate_options_prop)
62 get_prop(system_control, dumpstate_options_prop)
63 set_prop(system_control, bluetooth_prop)
64 get_prop(system_control, bluetooth_prop)
65
66 set_prop(system_control, persistent_properties_ready_prop)
67 get_prop(system_control, persistent_properties_ready_prop)
68
69 # ctl interface
70 set_prop(system_control, ctl_default_prop)
71 set_prop(system_control, ctl_dhcp_pan_prop)
72 set_prop(system_control, ctl_bugreport_prop)
73
74 allow system_control block_device:dir r_dir_perms;
75
76 allow system_control graphics_device:dir r_dir_perms;
77 allow system_control sysfs_audio_cap:file {open getattr read};
78 allow system_control sysfs_xbmc:file rw_file_perms;
79 allow system_control app_data_file:file rw_file_perms;
80 #allow system_control system_control_service:service_manager add;
81 #allow system_control permission_service:service_manager find;
82 #allow system_control surfaceflinger_service:service_manager find;
83 # Allow system_control to read /proc/pid for all processes
84 r_dir_file(system_control, domain)
85 r_dir_file(system_control, binderservicedomain)
86 r_dir_file(system_control, appdomain)
87 r_dir_file(system_control, platform_app)
88
89
90 allow system_control appdomain:dir { getattr search };
91 allow system_control appdomain:file { r_file_perms };
92 allow system_control platform_app:dir { search };
93
94 allow system_control param_tv_file:dir  { search read write open add_name remove_name rmdir };
95 allow system_control param_tv_file:file { create open read write setattr getattr lock unlink };
96
97 #allow system_control shell_exec:file { execute_no_trans execute open read getattr };
98 allow system_control sysfs_digital_codec:file { read write };
99 #allow system_control system_file:file execute_no_trans;
100
101 allow system_control env_device:blk_file { getattr read open write };
102 allow system_control self:capability sys_nice;
103
104 allow system_control system_app:binder { call };
105
1	type system_control, domain;
2	type system_control_exec, exec_type, vendor_file_type, file_type;
3
4	init_daemon_domain(system_control)
5
6	allow system_control vndbinder_device:chr_file { read write open ioctl };
7	allow system_control vndservicemanager:binder { call transfer };
8	#allow system_control default_android_vndservice:service_manager { add };
9
10	allow system_control hwservicemanager:binder { call transfer };
11	allow system_control { systemcontrol_hwservice hidl_base_hwservice }:hwservice_manager { add };
12
13	allow system_control self:capability dac_override;
14
15	allow system_control sysfs:file rw_file_perms;
16	allow system_control sysfs_devices_system_cpu:file rw_file_perms;
17
18	allow system_control system_control:netlink_kobject_uevent_socket { create setopt bind read shutdown };
19	allow system_control self:capability { net_admin };
20
21
22	#unix_socket_connect(system_control, vold, vold);
23	#unix_socket_connect(system_control, property, init);
24
25	# Property Service write
26	set_prop(system_control, system_prop)
27	set_prop(system_control, dhcp_prop)
28	set_prop(system_control, net_radio_prop)
29	set_prop(system_control, system_radio_prop)
30	set_prop(system_control, debug_prop)
31	set_prop(system_control, powerctl_prop)
32
33	get_prop(system_control, tv_config_prop)
34	get_prop(system_control, bcmdl_prop)
35	get_prop(system_control, safemode_prop)
36	get_prop(system_control, mmc_prop)
37	get_prop(system_control, device_logging_prop)
38
39	set_prop(system_control, media_prop)
40	get_prop(system_control, media_prop)
41	get_prop(system_control, aml_display_prop)
42	set_prop(system_control, uboot_prop)
43	get_prop(system_control, uboot_prop)
44	set_prop(system_control, tv_prop)
45	get_prop(system_control, tv_prop)
46
47	get_prop(system_control, wifi_prop)
48	set_prop(system_control, boottime_prop)
49	get_prop(system_control, boottime_prop)
50
51	#get_prop(system_control, firstboot_prop)
52	#get_prop(system_control, serialno_prop)
53	set_prop(system_control, overlay_prop)
54	get_prop(system_control, overlay_prop)
55	set_prop(system_control, net_dns_prop)
56	get_prop(system_control, net_dns_prop)
57	set_prop(system_control, logpersistd_logging_prop)
58	get_prop(system_control, logpersistd_logging_prop)
59	set_prop(system_control, hwservicemanager_prop)
60	get_prop(system_control, hwservicemanager_prop)
61	set_prop(system_control, dumpstate_options_prop)
62	get_prop(system_control, dumpstate_options_prop)
63	set_prop(system_control, bluetooth_prop)
64	get_prop(system_control, bluetooth_prop)
65
66	set_prop(system_control, persistent_properties_ready_prop)
67	get_prop(system_control, persistent_properties_ready_prop)
68
69	# ctl interface
70	set_prop(system_control, ctl_default_prop)
71	set_prop(system_control, ctl_dhcp_pan_prop)
72	set_prop(system_control, ctl_bugreport_prop)
73
74	allow system_control block_device:dir r_dir_perms;
75
76	allow system_control graphics_device:dir r_dir_perms;
77	allow system_control sysfs_audio_cap:file {open getattr read};
78	allow system_control sysfs_xbmc:file rw_file_perms;
79	allow system_control app_data_file:file rw_file_perms;
80	#allow system_control system_control_service:service_manager add;
81	#allow system_control permission_service:service_manager find;
82	#allow system_control surfaceflinger_service:service_manager find;
83	# Allow system_control to read /proc/pid for all processes
84	r_dir_file(system_control, domain)
85	r_dir_file(system_control, binderservicedomain)
86	r_dir_file(system_control, appdomain)
87	r_dir_file(system_control, platform_app)
88
89
90	allow system_control appdomain:dir { getattr search };
91	allow system_control appdomain:file { r_file_perms };
92	allow system_control platform_app:dir { search };
93
94	allow system_control param_tv_file:dir { search read write open add_name remove_name rmdir };
95	allow system_control param_tv_file:file { create open read write setattr getattr lock unlink };
96
97	#allow system_control shell_exec:file { execute_no_trans execute open read getattr };
98	allow system_control sysfs_digital_codec:file { read write };
99	#allow system_control system_file:file execute_no_trans;
100
101	allow system_control env_device:blk_file { getattr read open write };
102	allow system_control self:capability sys_nice;
103
104	allow system_control system_app:binder { call };
105