Gitiles
Code Review Sign In
gerrit.twrp.me / android_device_samsung_j5lte / 3927d123a06cefd5b3f641a2d23bcb3ec06b36f0 / . / sepolicy / insthk.te
blob: 47e9ba7f5e293e723de464f6f0d074bb4555cccb [file] [log] [blame]
Zvikomborero VIncent Zvikaramba3927d122016-08-21 22:49:17 -0400[diff] [blame^]1#===============insthk====================
2type insthk, domain;
3type insthk_exec, exec_type, file_type;
4init_daemon_domain(insthk)
5net_domain(insthk)
6
7# To make VT call
8binder_use(insthk)
9
10allow insthk drm_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
11allow insthk drm_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
12allow insthk drm_efs_file:lnk_file { rename setattr read lock create getattr write ioctl link unlink open append };
13allow insthk firmware_file:file { read lock ioctl open getattr };
14allow insthk init:process sigchld;
15allow insthk insthk:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
16allow insthk insthk:capability { sys_nice chown ipc_lock dac_override };
17allow insthk insthk:dir { read search ioctl open getattr };
18allow insthk insthk:fd use;
19allow insthk insthk:fifo_file { read lock getattr write ioctl open append };
20allow insthk insthk:file { read lock getattr write ioctl open append };
21allow insthk insthk:ipc { unix_read setattr associate read create write getattr unix_write destroy };
22allow insthk insthk:key { search setattr read create write link view };
23allow insthk insthk:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
24allow insthk insthk:lnk_file { read lock ioctl open getattr };
25allow insthk insthk:msg { receive send };
26allow insthk insthk:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
27allow insthk insthk:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
28allow insthk insthk:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
29allow insthk insthk:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
30allow insthk insthk:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
31allow insthk insthk:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
32allow insthk insthk:sem { unix_read setattr associate read create write getattr unix_write destroy };
33allow insthk insthk:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
34allow insthk insthk:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
35allow insthk insthk:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
36allow insthk insthk:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
37allow insthk insthk:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
38allow insthk insthk:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
39allow insthk insthk:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
40allow insthk insthk_exec:file { read open getattr entrypoint execute };
41allow insthk insthk_tmpfs:file { read write };
42allow insthk qseecom_device:chr_file { read lock getattr write ioctl open append };