forked from reiryuki/Mi-Sound-Redmi-K40-Magisk-Module
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsepolicy.rule
158 lines (126 loc) · 12 KB
/
sepolicy.rule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
## Dolby
# debug
dontaudit system_server system_file file write
allow system_server system_file file write
# context
create { system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file hal_dms_default_exec same_process_hal_file }
dontaudit { system_file system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file hal_dms_default_exec same_process_hal_file } labeledfs filesystem associate
allow { system_file system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file hal_dms_default_exec same_process_hal_file } labeledfs filesystem associate
dontaudit init { system_file system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file } { dir file } relabelfrom
allow init { system_file system_lib_file vendor_file vendor_configs_file vendor_data_file vendor_media_data_file } { dir file } relabelfrom
dontaudit init { hal_dms_default_exec same_process_hal_file } file relabelfrom
allow init { hal_dms_default_exec same_process_hal_file } file relabelfrom
# hwservice_manager
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app hal_audio_default mtk_hal_audio audioserver } { default_android_hwservice hal_dms_hwservice dms_hwservice } hwservice_manager find
# service_manager
allow daxservice_app { permission_checker_service game_service netstats_service content_capture_service } service_manager find
# binder
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } hal_dms_default binder call
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } hal_dms_default binder call
# file
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { hal_dms_default_exec vendor_displayfeature_prop } file getattr
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { hal_dms_default_exec vendor_displayfeature_prop } file getattr
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } bluetooth_prop file map
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } bluetooth_prop file map
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_default_prop file { read open getattr }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_default_prop file { read open getattr }
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } debug_mtk_gpud_prop file { read open getattr map }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } debug_mtk_gpud_prop file { read open getattr map }
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { qemu_hw_prop vendor_displayfeature_prop } file read
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { qemu_hw_prop vendor_displayfeature_prop } file read
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } audio_config_prop file { read open getattr map }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } audio_config_prop file { read open getattr map }
dontaudit { hal_audio_default mtk_hal_audio audioserver } system_file file { read open getattr execute }
allow { hal_audio_default mtk_hal_audio audioserver } system_file file { read open getattr execute }
dontaudit zygote { device unlabeled } file write
allow zygote { device unlabeled } file write
dontaudit zygote zygote_tmpfs file { create open }
allow zygote zygote_tmpfs file { create open }
dontaudit init system_file file mounton
allow init system_file file mounton
dontaudit daxservice_app default_prop file read
allow daxservice_app default_prop file read
# chr_file
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } device chr_file { read write open getattr ioctl }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } device chr_file { read write open getattr ioctl }
# dir
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } migt_file dir search
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } migt_file dir search
# unix_stream_socket
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } zygote unix_stream_socket getopt
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } zygote unix_stream_socket getopt
# additional
allow { hal_audio_default mtk_hal_audio audioserver } system_suspend_hwservice hwservice_manager find
allow { hal_audio_default mtk_hal_audio audioserver } hal_system_suspend_service service_manager find
dontaudit { hal_audio_default mtk_hal_audio audioserver } { default_prop boottime_prop audio_prop } file { read open getattr map }
allow { hal_audio_default mtk_hal_audio audioserver } { default_prop boottime_prop audio_prop } file { read open getattr map }
dontaudit { hal_audio_default mtk_hal_audio audioserver } { mnt_vendor_file system_prop } file { read open getattr }
allow { hal_audio_default mtk_hal_audio audioserver } { mnt_vendor_file system_prop } file { read open getattr }
dontaudit { hal_audio_default mtk_hal_audio audioserver } radio_prop file { read open getattr map }
allow { hal_audio_default mtk_hal_audio audioserver } radio_prop file { read open getattr map }
dontaudit { hal_audio_default mtk_hal_audio audioserver } sysfs_wake_lock file { write open }
allow { hal_audio_default mtk_hal_audio audioserver } sysfs_wake_lock file { write open }
dontaudit { hal_audio_default mtk_hal_audio audioserver } vendor_default_prop file { read open getattr }
allow { hal_audio_default mtk_hal_audio audioserver } vendor_default_prop file { read open getattr }
dontaudit { hal_audio_default mtk_hal_audio audioserver } sysfs file { read open }
allow { hal_audio_default mtk_hal_audio audioserver } sysfs file { read open }
dontaudit { hal_audio_default mtk_hal_audio audioserver } system_prop file map
allow { hal_audio_default mtk_hal_audio audioserver } system_prop file map
dontaudit { hal_audio_default mtk_hal_audio audioserver } { sysfs_net sysfs } dir { read open }
allow { hal_audio_default mtk_hal_audio audioserver } { sysfs_net sysfs } dir { read open }
dontaudit { hal_audio_default mtk_hal_audio audioserver } logd_socket sock_file write
allow { hal_audio_default mtk_hal_audio audioserver } logd_socket sock_file write
dontaudit { hal_audio_default mtk_hal_audio audioserver } logd unix_stream_socket connectto
allow { hal_audio_default mtk_hal_audio audioserver } logd unix_stream_socket connectto
dontaudit { hal_audio_default mtk_hal_audio audioserver } { diag_device vendor_diag_device } chr_file { read write open ioctl getattr }
allow { hal_audio_default mtk_hal_audio audioserver } { diag_device vendor_diag_device } chr_file { read write open ioctl getattr }
dontaudit { hal_audio_default mtk_hal_audio audioserver } device chr_file { read write }
allow { hal_audio_default mtk_hal_audio audioserver } device chr_file { read write }
dontaudit { hal_audio_default mtk_hal_audio audioserver } system_suspend binder call
allow { hal_audio_default mtk_hal_audio audioserver } system_suspend binder call
dontaudit { hal_audio_default mtk_hal_audio audioserver } { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } fifo_file write
allow { hal_audio_default mtk_hal_audio audioserver } { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } fifo_file write
dontaudit hal_audio_default hal_audio_default capability2 block_suspend
allow hal_audio_default hal_audio_default capability2 block_suspend
dontaudit mtk_hal_audio mtk_hal_audio capability2 block_suspend
allow mtk_hal_audio mtk_hal_audio capability2 block_suspend
dontaudit audioserver audioserver capability2 block_suspend
allow audioserver audioserver capability2 block_suspend
## MiSound
# context
create audio_socket
dontaudit audio_socket labeledfs filesystem associate
allow audio_socket labeledfs filesystem associate
dontaudit init audio_socket sock_file relabelfrom
allow init audio_socket sock_file relabelfrom
# dir
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } mcd_data_file dir search
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } mcd_data_file dir search
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } mqsas_data_file dir { search getattr }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } mqsas_data_file dir { search getattr }
# file
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { vendor_audio_prop vendor_display_prop } file { read open getattr map }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { vendor_audio_prop vendor_display_prop } file { read open getattr map }
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { migt_file mcd_data_file } file { read open getattr }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { migt_file mcd_data_file } file { read open getattr }
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_default_prop file map
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_default_prop file map
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_displayfeature_prop file { open map }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_displayfeature_prop file { open map }
# sock_file
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } property_socket sock_file write
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } property_socket sock_file write
dontaudit { hal_audio_default audioserver mtk_hal_audio } { audio_socket property_socket socket_device } sock_file write
allow { hal_audio_default audioserver mtk_hal_audio } { audio_socket property_socket socket_device } sock_file write
dontaudit init { audio_socket property_socket socket_device } sock_file { unlink create setattr }
allow init { audio_socket property_socket socket_device } sock_file { unlink create setattr }
# unix_stream_socket
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } zygote unix_stream_socket getopt
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } zygote unix_stream_socket getopt
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app hal_audio_default audioserver mtk_hal_audio } init unix_stream_socket connectto
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app hal_audio_default audioserver mtk_hal_audio } init unix_stream_socket connectto
dontaudit crash_dump { hal_audio_default audioserver mtk_hal_audio } unix_stream_socket { read write }
allow crash_dump { hal_audio_default audioserver mtk_hal_audio } unix_stream_socket { read write }
# property_service
dontaudit { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app hal_audio_default audioserver mtk_hal_audio } vendor_audio_prop property_service set
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app hal_audio_default audioserver mtk_hal_audio } vendor_audio_prop property_service set