Gitiles
Code Review Sign In
gerrit.twrp.me / android_device_samsung_j5lte / ce77c388ee0b2d84a34a0140566dc89119e3482d / . / sepolicy / at_distributor.te
blob: c2984d0a1e47502a8d4b84b77113e6ebae551f25 [file] [log] [blame]
Zvikomborero VIncent Zvikarambace77c382016-08-21 04:37:28 -0400[diff] [blame^]1#===================at_distributor============================
2type at_distributor, domain;
3type at_distributor_exec, exec_type, file_type;
4init_daemon_domain(at_distributor)
5net_domain(at_distributor)
6
7# To make VT call
8binder_use(at_distributor)
9
10allow at_distributor adbd:dir { read search ioctl open getattr };
11allow at_distributor alarm_device:chr_file { read lock getattr write ioctl open append };
12allow at_distributor app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
13allow at_distributor app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
14allow at_distributor ashmem_device:chr_file { getattr execute execute_no_trans };
15allow at_distributor at_distributor:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
16allow at_distributor at_distributor:capability { setuid dac_override sys_nice chown fsetid fowner };
17allow at_distributor at_distributor:dir { read search ioctl open getattr };
18allow at_distributor at_distributor:fd use;
19allow at_distributor at_distributor:fifo_file { read lock getattr write ioctl open append };
20allow at_distributor at_distributor:file { read lock getattr write ioctl open append };
21allow at_distributor at_distributor:ipc { unix_read setattr associate read create write getattr unix_write destroy };
22allow at_distributor at_distributor:key { search setattr read create write link view };
23allow at_distributor at_distributor:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
24allow at_distributor at_distributor:lnk_file { read lock ioctl open getattr };
25allow at_distributor at_distributor:msg { receive send };
26allow at_distributor at_distributor:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
27allow at_distributor at_distributor:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
28allow at_distributor at_distributor:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
29allow at_distributor at_distributor:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
30allow at_distributor at_distributor:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
31allow at_distributor at_distributor:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
32allow at_distributor at_distributor:sem { unix_read setattr associate read create write getattr unix_write destroy };
33allow at_distributor at_distributor:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
34allow at_distributor at_distributor:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
35allow at_distributor at_distributor:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
36allow at_distributor at_distributor:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
37allow at_distributor at_distributor:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
38allow at_distributor at_distributor:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
39allow at_distributor at_distributor:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
40allow at_distributor at_distributor_exec:file { read open getattr entrypoint execute };
41allow at_distributor at_distributor_tmpfs:file { read write };
42allow at_distributor binderservicedomain:binder { transfer call };
43allow at_distributor binderservicedomain:fd use;
44allow at_distributor block_device:dir { read search ioctl open getattr };
45allow at_distributor carrier_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
46allow at_distributor carrier_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
47allow at_distributor cgroup:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
48allow at_distributor cgroup:file { rename setattr read lock create getattr write ioctl link unlink open append };
49allow at_distributor dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
50allow at_distributor dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
51allow at_distributor dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
52allow at_distributor dumpstate_exec:file { execute execute_no_trans };
53allow at_distributor dumpsys_exec:file { execute execute_no_trans };
54allow at_distributor efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
55allow at_distributor efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
56allow at_distributor firmware_file:dir { read search ioctl open getattr };
57allow at_distributor firmware_file:file { read lock ioctl open getattr };
58allow at_distributor imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
59allow at_distributor imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
60allow at_distributor init:process sigchld;
61allow at_distributor init:unix_stream_socket connectto;
62allow at_distributor kernel:system syslog_read;
63allow at_distributor nfc:binder { transfer call };
64allow at_distributor nfc:fd use;
65allow at_distributor property_socket:sock_file write;
66allow at_distributor qseecom_device:chr_file { read lock getattr write ioctl open append };
67allow at_distributor radio:binder { transfer call };
68allow at_distributor radio:fd use;
69allow at_distributor radio_data_file:dir { search read getattr write ioctl remove_name open add_name };
70allow at_distributor radio_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
71allow at_distributor radio_device:chr_file { read lock getattr write ioctl open append };
72allow at_distributor radio_prop:property_service set;
73allow at_distributor rild:unix_stream_socket connectto;
74allow at_distributor sec-ril:unix_stream_socket connectto;
75allow at_distributor sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
76allow at_distributor sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
77allow at_distributor sensorhubservice:binder { transfer call };
78allow at_distributor sensorhubservice:fd use;
79allow at_distributor servicemanager:binder { transfer call };
80allow at_distributor servicemanager:fd use;
81allow at_distributor shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
82allow at_distributor su_exec:file { execute read lock getattr execute_no_trans ioctl open };
83allow at_distributor sysfs:file { write open append };
84allow at_distributor sysfs_sec:file { setattr read lock getattr write ioctl open append };
85allow at_distributor sysfs_ss_writable:file { read lock getattr write ioctl open append };
86allow at_distributor sysfs_wake_lock:file { read lock getattr write ioctl open append };
87allow at_distributor system_app:binder { transfer call };
88allow at_distributor system_app:fd use;
89allow at_distributor system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
90allow at_distributor system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
91allow at_distributor system_file:file { getattr execute execute_no_trans };
92allow at_distributor system_server:binder transfer;
93allow at_distributor uart_device:chr_file { read lock getattr write ioctl open append };
94allow at_distributor zygote_exec:file { execute read lock getattr execute_no_trans ioctl open };