blob: 4c58d4f1a745f2281a78cf99fcada23ce41966a2
1 | #allow system_server fuse:dir search; |
2 | # |
3 | #allow system_server mediaserver:process {signal sigkill}; |
4 | #allow system_server { system_app_data_file media_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { getattr read search }; |
5 | # |
6 | #allow system_server self:capability sys_module; |
7 | # |
8 | #allow system_server { system_control_service tvserver_service hdmi_cec_service }:service_manager find; |
9 | # |
10 | #allow system_server storage_stub_file:dir { getattr read open }; |
11 | # |
12 | #allow system_server debugfs:dir { getattr read open }; |
13 | #allow system_server debugfs:file r_file_perms; |
14 | # |
15 | #allow system_server system_app:fifo_file { read write getattr }; |
16 | # |
17 | #allow system_server param_tv_file:dir { search }; |
18 | # |
19 | #set_prop(system_server, uboot_prop) |
20 | #get_prop(system_server, uboot_prop) |
21 | # |
22 | #allow system_server { system_app platform_app untrusted_app priv_app }:file { write }; |
23 | #allow system_server uhid_device:chr_file {write open ioctl}; |
24 | #allow system_server dvb_device:chr_file rw_file_perms; |
25 | # |
26 | |
27 | typeattribute system_server mlstrustedsubject; |
28 | |
29 | allow system_server vendor_file:file { getattr read open execute }; |
30 | allow system_server vendor_framework_file:dir { search getattr }; |
31 | allow system_server vendor_framework_file:file { read getattr open }; |
32 | |
33 | get_prop(system_server, media_prop) |
34 | |
35 | # For writing to /proc/<tid>/timerslack_ns (XXX - this is probably wrong) |
36 | allow system_server priv_app:file write; |
37 | allow system_server untrusted_app:file write; |
38 | allow system_server untrusted_app_25:file write; |
39 | allow system_server platform_app:file write; |
40 | allow system_server system_app:file write; |
41 | allow system_server isolated_app:file write; |
42 | allow system_server bluetooth:file write; |
43 | |
44 | allow system_server audioserver:file write; |
45 | |
46 | allow system_server socket_device:sock_file { write }; |
47 | allow system_server hidraw_device:chr_file {open read write ioctl}; |
48 | allow system_server audio_prop:property_service { set }; |
49 | allow system_server uhid_device:chr_file { write open ioctl }; |
50 |