sepolicy/radio.te - android_device_samsung_j5lte - Gitiles

 #====================radio======================
 allow radio app_data_file:dir { read search ioctl open getattr };
 allow radio app_data_file:file { read lock getattr write ioctl open append };
 allow radio app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio app_library_file:dir { read search ioctl open getattr };
 allow radio at_distributor:binder transfer;
 allow radio at_distributor:unix_stream_socket connectto;
 allow radio bluetooth_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio bluetooth_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio bugreport_exec:file { execute execute_no_trans };
 allow radio carrier_file:dir { read search ioctl open getattr };
 allow radio carrier_file:file { read lock ioctl open getattr };
 allow radio cpk_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio cpk_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio device:sock_file write;
 allow radio devpts:chr_file { read write };
 allow radio drm_data_file:dir { read lock reparent getattr ioctl rmdir remove_name open add_name };
 allow radio drm_data_file:file { read lock ioctl open getattr };
 allow radio dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio dumpstate:binder transfer;
 allow radio dumpstate_exec:file { execute execute_no_trans };
 allow radio dumpstate_socket:sock_file write;
 allow radio dumpsys:binder transfer;
 allow radio dumpsys_exec:file { execute execute_no_trans };
 allow radio efs_file:dir { rename search setattr create reparent getattr ioctl link rmdir remove_name unlink open add_name };
 allow radio efs_file:file { rename setattr lock create getattr ioctl link unlink open };
 allow radio genlock_device:chr_file { read lock getattr write ioctl open append };
 allow radio gpu_device:chr_file { execute read lock getattr write ioctl open append };
 allow radio graphics_device:chr_file { read lock getattr write ioctl open append };
 allow radio healthd:binder { transfer call };
 allow radio healthd:fd use;
 allow radio imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 #allow radio ims_service:service_manager add;
 allow radio init:unix_stream_socket { read write setopt connectto };
 allow radio init_shell:unix_stream_socket connectto;
 allow radio init_tmpfs:file read;
 allow radio insthk_exec:file { getattr execute execute_no_trans };
 allow radio jackservice:binder { transfer call };
 allow radio jackservice:fd use;
 allow radio log_device:chr_file { read lock ioctl open getattr };
 allow radio mediaserver:binder transfer;
 allow radio platform_app_data_file:file { write open append };
 allow radio qmuxd_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio radio:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio radio:ipc { unix_read setattr associate read create write getattr unix_write destroy };
 allow radio radio:key { search setattr read create write link view };
 allow radio radio:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio radio:lnk_file { read lock ioctl open getattr };
 allow radio radio:msg { receive send };
 allow radio radio:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
 allow radio radio:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio radio:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio radio:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
 allow radio radio:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
 allow radio radio:sem { unix_read setattr associate read create write getattr unix_write destroy };
 allow radio radio:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
 allow radio radio:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio radio:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
 allow radio radio:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio radio:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
 allow radio radio:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio radio:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
 allow radio rild_socket:sock_file { write open append };
 allow radio sdcard_type:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio sdcard_type:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio sensorhubservice:binder { transfer call };
 allow radio sensorhubservice:fd use;
 allow radio servicemanager:binder { transfer call };
 allow radio servicemanager:fd use;
 allow radio shell_data_file:dir { read search ioctl open getattr };
 allow radio shell_data_file:file { read lock ioctl open getattr };
 allow radio shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
 allow radio surfaceflinger:binder transfer;
 allow radio sysfs:file { open append };
 allow radio sysfs_battery_supply:file { read lock getattr write ioctl open append };
 allow radio sysfs_sec:file { read lock getattr write ioctl open append };
 allow radio sysfs_sensor_writable:file { read lock getattr write ioctl open append };
 allow radio sysfs_ss_writable:file { read lock getattr write ioctl open append };
 allow radio system_app:fifo_file { write open append };
 allow radio system_app:unix_stream_socket connectto;
 allow radio system_app_data_file:file setattr;
 allow radio system_data_file:dir { read search ioctl open getattr };
 allow radio system_data_file:file { read lock ioctl open getattr };
 allow radio system_file:file execute_no_trans;
 allow radio system_file:lnk_file getattr;
 allow radio system_prop:property_service set;
 allow radio system_server:tcp_socket { read write };
 allow radio system_server:unix_stream_socket { connectto setopt };
 #allow radio telecom_service:service_manager add;
 allow radio tmpfs:file { read lock ioctl open getattr };
 allow radio tz_socket:sock_file write;
 allow radio usb_device:chr_file { read lock getattr write ioctl open append };
 allow radio wifi_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
 allow radio wifi_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
 allow radio zygote:binder { transfer call };
 allow radio zygote:fd use;
	#====================radio======================
	allow radio app_data_file:dir { read search ioctl open getattr };
	allow radio app_data_file:file { read lock getattr write ioctl open append };
	allow radio app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio app_library_file:dir { read search ioctl open getattr };
	allow radio at_distributor:binder transfer;
	allow radio at_distributor:unix_stream_socket connectto;
	allow radio bluetooth_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio bluetooth_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio bugreport_exec:file { execute execute_no_trans };
	allow radio carrier_file:dir { read search ioctl open getattr };
	allow radio carrier_file:file { read lock ioctl open getattr };
	allow radio cpk_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio cpk_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio device:sock_file write;
	allow radio devpts:chr_file { read write };
	allow radio drm_data_file:dir { read lock reparent getattr ioctl rmdir remove_name open add_name };
	allow radio drm_data_file:file { read lock ioctl open getattr };
	allow radio dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio dumpstate:binder transfer;
	allow radio dumpstate_exec:file { execute execute_no_trans };
	allow radio dumpstate_socket:sock_file write;
	allow radio dumpsys:binder transfer;
	allow radio dumpsys_exec:file { execute execute_no_trans };
	allow radio efs_file:dir { rename search setattr create reparent getattr ioctl link rmdir remove_name unlink open add_name };
	allow radio efs_file:file { rename setattr lock create getattr ioctl link unlink open };
	allow radio genlock_device:chr_file { read lock getattr write ioctl open append };
	allow radio gpu_device:chr_file { execute read lock getattr write ioctl open append };
	allow radio graphics_device:chr_file { read lock getattr write ioctl open append };
	allow radio healthd:binder { transfer call };
	allow radio healthd:fd use;
	allow radio imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	#allow radio ims_service:service_manager add;
	allow radio init:unix_stream_socket { read write setopt connectto };
	allow radio init_shell:unix_stream_socket connectto;
	allow radio init_tmpfs:file read;
	allow radio insthk_exec:file { getattr execute execute_no_trans };
	allow radio jackservice:binder { transfer call };
	allow radio jackservice:fd use;
	allow radio log_device:chr_file { read lock ioctl open getattr };
	allow radio mediaserver:binder transfer;
	allow radio platform_app_data_file:file { write open append };
	allow radio qmuxd_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio radio:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio radio:ipc { unix_read setattr associate read create write getattr unix_write destroy };
	allow radio radio:key { search setattr read create write link view };
	allow radio radio:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio radio:lnk_file { read lock ioctl open getattr };
	allow radio radio:msg { receive send };
	allow radio radio:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
	allow radio radio:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio radio:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio radio:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
	allow radio radio:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
	allow radio radio:sem { unix_read setattr associate read create write getattr unix_write destroy };
	allow radio radio:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
	allow radio radio:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio radio:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
	allow radio radio:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio radio:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
	allow radio radio:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio radio:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
	allow radio rild_socket:sock_file { write open append };
	allow radio sdcard_type:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio sdcard_type:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio sensorhubservice:binder { transfer call };
	allow radio sensorhubservice:fd use;
	allow radio servicemanager:binder { transfer call };
	allow radio servicemanager:fd use;
	allow radio shell_data_file:dir { read search ioctl open getattr };
	allow radio shell_data_file:file { read lock ioctl open getattr };
	allow radio shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
	allow radio surfaceflinger:binder transfer;
	allow radio sysfs:file { open append };
	allow radio sysfs_battery_supply:file { read lock getattr write ioctl open append };
	allow radio sysfs_sec:file { read lock getattr write ioctl open append };
	allow radio sysfs_sensor_writable:file { read lock getattr write ioctl open append };
	allow radio sysfs_ss_writable:file { read lock getattr write ioctl open append };
	allow radio system_app:fifo_file { write open append };
	allow radio system_app:unix_stream_socket connectto;
	allow radio system_app_data_file:file setattr;
	allow radio system_data_file:dir { read search ioctl open getattr };
	allow radio system_data_file:file { read lock ioctl open getattr };
	allow radio system_file:file execute_no_trans;
	allow radio system_file:lnk_file getattr;
	allow radio system_prop:property_service set;
	allow radio system_server:tcp_socket { read write };
	allow radio system_server:unix_stream_socket { connectto setopt };
	#allow radio telecom_service:service_manager add;
	allow radio tmpfs:file { read lock ioctl open getattr };
	allow radio tz_socket:sock_file write;
	allow radio usb_device:chr_file { read lock getattr write ioctl open append };
	allow radio wifi_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
	allow radio wifi_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
	allow radio zygote:binder { transfer call };
	allow radio zygote:fd use;