device/amlogic/common.git - Unnamed repository; edit this file 'description' to name the repository.

1 type imageserver, domain;
2 type imageserver_exec, exec_type, vendor_file_type, file_type;
3
4 typeattribute imageserver mlstrustedsubject;
5
6 init_daemon_domain(imageserver)
7
8 allow imageserver vendor_file:file { execute };
9
10 #allow imageserver shell_exec:file rx_file_perms;
11 #allow imageserver system_file:file execute_no_trans;
12
13 #allow imageserver imageserver_service:service_manager add;
14
15 #allow imageserver imageserver_exec:file { entrypoint read };
16
17 #allow imageserver self:process execmem;
18
19 #binder_use(imageserver);
20 #binder_call(imageserver, binderservicedomain)
21 #binder_call(imageserver, appdomain)
22 #binder_service(imageserver)
23
24 #allow imageserver self:capability dac_override;
25 #allow imageserver self:capability dac_read_search;
26
27 #allow imageserver appdomain:file { r_file_perms };
28 #allow imageserver fuse:dir r_dir_perms;
29 #allow imageserver fuse:file r_file_perms;
30 #allow imageserver app_data_file:file rw_file_perms;
31 #allow imageserver system_file:file execmod;
32
33 #allow imageserver app_data_file:dir search;
34
35 #allow imageserver system_control_service:service_manager find;
36
37 #allow imageserver { mnt_user_file storage_file }:dir { getattr search };
38 #allow imageserver { mnt_user_file storage_file }:lnk_file { getattr read };
39 #allow imageserver permission_service:service_manager find;
40
41 #allow imageserver picture_device:chr_file { read write open ioctl };
42 #allow imageserver kernel:system module_request;
43
44 #allow imageserver tmpfs:dir { getattr search };
45
1	type imageserver, domain;
2	type imageserver_exec, exec_type, vendor_file_type, file_type;
3
4	typeattribute imageserver mlstrustedsubject;
5
6	init_daemon_domain(imageserver)
7
8	allow imageserver vendor_file:file { execute };
9
10	#allow imageserver shell_exec:file rx_file_perms;
11	#allow imageserver system_file:file execute_no_trans;
12
13	#allow imageserver imageserver_service:service_manager add;
14
15	#allow imageserver imageserver_exec:file { entrypoint read };
16
17	#allow imageserver self:process execmem;
18
19	#binder_use(imageserver);
20	#binder_call(imageserver, binderservicedomain)
21	#binder_call(imageserver, appdomain)
22	#binder_service(imageserver)
23
24	#allow imageserver self:capability dac_override;
25	#allow imageserver self:capability dac_read_search;
26
27	#allow imageserver appdomain:file { r_file_perms };
28	#allow imageserver fuse:dir r_dir_perms;
29	#allow imageserver fuse:file r_file_perms;
30	#allow imageserver app_data_file:file rw_file_perms;
31	#allow imageserver system_file:file execmod;
32
33	#allow imageserver app_data_file:dir search;
34
35	#allow imageserver system_control_service:service_manager find;
36
37	#allow imageserver { mnt_user_file storage_file }:dir { getattr search };
38	#allow imageserver { mnt_user_file storage_file }:lnk_file { getattr read };
39	#allow imageserver permission_service:service_manager find;
40
41	#allow imageserver picture_device:chr_file { read write open ioctl };
42	#allow imageserver kernel:system module_request;
43
44	#allow imageserver tmpfs:dir { getattr search };
45