-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
sepolicy.rule
42 lines (26 loc) · 2.06 KB
/
sepolicy.rule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# debug
allow system_server system_file file write
# context
create { system_lib_file vendor_file vendor_configs_file }
allow { system_file system_lib_file vendor_file vendor_configs_file } labeledfs filesystem associate
allow init { system_file system_lib_file vendor_file vendor_configs_file } { dir file } relabelfrom
# file
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } vendor_display_prop file { read open getattr map }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } sysfs file { open getattr }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } app_data_file file execute
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } proc_stat file { open read }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { qemu_hw_prop vendor_camera_prop } file { read open getattr }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } { vendor_default_prop qemu_hw_prop } file map
allow zygote device file { write open }
allow magisk system_lib_file file ioctl
allow crash_dump packagemanager_config_prop file { open getattr map }
allow crash_dump media_variant_prop file { open getattr }
# dir
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } blkio_dev dir search
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } app_data_file dir { getattr search }
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } system_data_file dir read
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } privapp_data_file dir map
# service_manager
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } default_android_service service_manager find
# binder
allow { system_app priv_app platform_app untrusted_app_29 untrusted_app_27 untrusted_app } hal_memtrack_default binder call