sepolicy/rild.te - android_device_samsung_j5lte - Gitiles

 #============= rild ==============
 allow rild proc_net:file { open read write };
 allow rild anr_data_file:dir { search read getattr write ioctl remove_name open add_name };
 allow rild anr_data_file:file { read lock getattr write ioctl open append };
 allow rild app_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild app_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild ashmem_device:chr_file execute;
 allow rild at_distributor:dir { read search ioctl open getattr };
 allow rild at_distributor:file { read lock ioctl open getattr };
 allow rild bin_nv_data_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild block_device:dir { read search ioctl open getattr };
 allow rild bluetooth:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild bluetooth:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild ctl_dumpstate_prop:property_service set;
 allow rild ctl_rildaemon_prop:property_service set;
 allow rild device:dir { search read getattr write ioctl remove_name open add_name };
 allow rild device:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild diag_device:chr_file { read lock getattr write ioctl open append };
 allow rild dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild dumpstate_exec:file { getattr execute execute_no_trans };
 allow rild dumpstate_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild dumpsys_exec:file { execute execute_no_trans };
 allow rild efs_gsm_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild efs_gsm_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild emmcblk_device:blk_file { read lock getattr write ioctl open append };
 allow rild esoc_device:chr_file { read lock getattr write ioctl open append };
 allow rild fuse:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild fuse:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild gpsd:dir { read search ioctl open getattr };
 allow rild gpsd:file { read lock ioctl open getattr };
 allow rild imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild init:dir { read search ioctl open getattr };
 allow rild init:file { read lock ioctl open getattr };
 allow rild init:tun_socket relabelfrom;
 allow rild mbin_device:lnk_file { read lock ioctl open getattr };
 allow rild media_rw_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild media_rw_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild mediaserver:binder { transfer call };
 allow rild mediaserver:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild mediaserver:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild nv_core_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild per_mgr:binder { transfer call };
 allow rild per_mgr:fd use;
 allow rild platform_app:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild platform_app:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild proc:file { write open append };
 allow rild proc_net:file { write open append };
 allow rild qmuxd_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild radio:dir { read search ioctl open getattr };
 allow rild radio:file { read lock ioctl open getattr };
 allow rild radio_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild rild:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:capability { setuid net_raw dac_override dac_read_search chown net_admin };
 allow rild rild:ipc { unix_read setattr associate read create write getattr unix_write destroy };
 allow rild rild:key { search setattr read create write link view };
 allow rild rild:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:msg { receive send };
 allow rild rild:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
 allow rild rild:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
 allow rild rild:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
 allow rild rild:sem { unix_read setattr associate read create write getattr unix_write destroy };
 allow rild rild:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
 allow rild rild:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
 allow rild rild:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
 allow rild rild:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow rild rild_tmpfs:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild rild_tmpfs:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild smd_cxm_qmi_device:chr_file { write open append };
 allow rild smdexe:dir { read search ioctl open getattr };
 allow rild smdexe:file { read lock ioctl open getattr };
 allow rild socket_device:dir write;
 allow rild ssr_device:chr_file { read open };
 allow rild sysfs:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow rild sysfs_sec:dir { search read getattr write ioctl remove_name open add_name };
 allow rild sysfs_sec:file { read lock getattr write ioctl open append };
 allow rild sysfs_sec:lnk_file { read lock getattr write ioctl open append };
 allow rild sysfs_ss_writable:file { read lock getattr write ioctl open append };
 allow rild system_app:dir search;
 allow rild system_app:file { read lock ioctl open getattr };
 allow rild system_app_data_file:dir { search read getattr write ioctl remove_name open add_name };
 allow rild system_app_data_file:file { setattr read lock getattr write ioctl open append };
 allow rild system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow rild system_file:dir { read search ioctl open getattr };
 allow rild system_prop:property_service set;
 allow rild system_server:binder { transfer call };
 allow rild system_server:fd use;
 allow rild tombstone_data_file:dir { read search ioctl open getattr };
 allow rild tombstone_data_file:file { read lock ioctl open getattr };
 allow rild tun_device:chr_file { read lock getattr write ioctl open append };
 allow rild uart_device:chr_file { read lock getattr write ioctl open append };
 allow rild usb_device:chr_file { write open append };
 allow rild wpa:dir { read search ioctl open getattr };
 allow rild wpa:file { read lock ioctl open getattr };
 allow rild zygote_exec:file { execute read lock getattr execute_no_trans ioctl open };
	#============= rild ==============
	allow rild proc_net:file { open read write };
	allow rild anr_data_file:dir { search read getattr write ioctl remove_name open add_name };
	allow rild anr_data_file:file { read lock getattr write ioctl open append };
	allow rild app_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild app_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild ashmem_device:chr_file execute;
	allow rild at_distributor:dir { read search ioctl open getattr };
	allow rild at_distributor:file { read lock ioctl open getattr };
	allow rild bin_nv_data_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild block_device:dir { read search ioctl open getattr };
	allow rild bluetooth:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild bluetooth:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild ctl_dumpstate_prop:property_service set;
	allow rild ctl_rildaemon_prop:property_service set;
	allow rild device:dir { search read getattr write ioctl remove_name open add_name };
	allow rild device:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild diag_device:chr_file { read lock getattr write ioctl open append };
	allow rild dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild dumpstate_exec:file { getattr execute execute_no_trans };
	allow rild dumpstate_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild dumpsys_exec:file { execute execute_no_trans };
	allow rild efs_gsm_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild efs_gsm_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild emmcblk_device:blk_file { read lock getattr write ioctl open append };
	allow rild esoc_device:chr_file { read lock getattr write ioctl open append };
	allow rild fuse:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild fuse:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild gpsd:dir { read search ioctl open getattr };
	allow rild gpsd:file { read lock ioctl open getattr };
	allow rild imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild init:dir { read search ioctl open getattr };
	allow rild init:file { read lock ioctl open getattr };
	allow rild init:tun_socket relabelfrom;
	allow rild mbin_device:lnk_file { read lock ioctl open getattr };
	allow rild media_rw_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild media_rw_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild mediaserver:binder { transfer call };
	allow rild mediaserver:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild mediaserver:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild nv_core_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild per_mgr:binder { transfer call };
	allow rild per_mgr:fd use;
	allow rild platform_app:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild platform_app:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild proc:file { write open append };
	allow rild proc_net:file { write open append };
	allow rild qmuxd_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild radio:dir { read search ioctl open getattr };
	allow rild radio:file { read lock ioctl open getattr };
	allow rild radio_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild rild:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:capability { setuid net_raw dac_override dac_read_search chown net_admin };
	allow rild rild:ipc { unix_read setattr associate read create write getattr unix_write destroy };
	allow rild rild:key { search setattr read create write link view };
	allow rild rild:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:msg { receive send };
	allow rild rild:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
	allow rild rild:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
	allow rild rild:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
	allow rild rild:sem { unix_read setattr associate read create write getattr unix_write destroy };
	allow rild rild:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
	allow rild rild:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
	allow rild rild:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
	allow rild rild:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow rild rild_tmpfs:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild rild_tmpfs:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild smd_cxm_qmi_device:chr_file { write open append };
	allow rild smdexe:dir { read search ioctl open getattr };
	allow rild smdexe:file { read lock ioctl open getattr };
	allow rild socket_device:dir write;
	allow rild ssr_device:chr_file { read open };
	allow rild sysfs:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow rild sysfs_sec:dir { search read getattr write ioctl remove_name open add_name };
	allow rild sysfs_sec:file { read lock getattr write ioctl open append };
	allow rild sysfs_sec:lnk_file { read lock getattr write ioctl open append };
	allow rild sysfs_ss_writable:file { read lock getattr write ioctl open append };
	allow rild system_app:dir search;
	allow rild system_app:file { read lock ioctl open getattr };
	allow rild system_app_data_file:dir { search read getattr write ioctl remove_name open add_name };
	allow rild system_app_data_file:file { setattr read lock getattr write ioctl open append };
	allow rild system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow rild system_file:dir { read search ioctl open getattr };
	allow rild system_prop:property_service set;
	allow rild system_server:binder { transfer call };
	allow rild system_server:fd use;
	allow rild tombstone_data_file:dir { read search ioctl open getattr };
	allow rild tombstone_data_file:file { read lock ioctl open getattr };
	allow rild tun_device:chr_file { read lock getattr write ioctl open append };
	allow rild uart_device:chr_file { read lock getattr write ioctl open append };
	allow rild usb_device:chr_file { write open append };
	allow rild wpa:dir { read search ioctl open getattr };
	allow rild wpa:file { read lock ioctl open getattr };
	allow rild zygote_exec:file { execute read lock getattr execute_no_trans ioctl open };