summaryrefslogtreecommitdiff
path: root/sepolicy/whitechapel/vendor/google/cbd.te
blob: cbd222ffc17a2401b4d7b3140c49fe6af376326c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

type cbd, domain;
type cbd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(cbd)

set_prop(cbd, vendor_modem_prop)
set_prop(cbd, vendor_cbd_prop)
set_prop(cbd, vendor_rild_prop)

# Allow cbd to setuid from root to radio
# TODO: confirming with vendor via b/182334947
allow cbd self:capability { setgid setuid };

allow cbd mnt_vendor_file:dir r_dir_perms;

allow cbd kmsg_device:chr_file rw_file_perms;

allow cbd vendor_shell_exec:file execute_no_trans;
allow cbd vendor_toolbox_exec:file execute_no_trans;

# Allow cbd to access modem block device
allow cbd block_device:dir search;
allow cbd modem_block_device:blk_file r_file_perms;

# Allow cbd to access sysfs chosen files
allow cbd sysfs_chosen:file r_file_perms;
allow cbd sysfs_chosen:dir r_dir_perms;

allow cbd radio_device:chr_file rw_file_perms;

allow cbd proc_cmdline:file r_file_perms;

allow cbd persist_modem_file:dir create_dir_perms;
allow cbd persist_modem_file:file create_file_perms;
allow cbd persist_file:dir search;

allow cbd radio_vendor_data_file:dir create_dir_perms;
allow cbd radio_vendor_data_file:file create_file_perms;

# Allow cbd to operate with modem EFS file/dir
allow cbd modem_efs_file:dir create_dir_perms;
allow cbd modem_efs_file:file create_file_perms;

# Allow cbd to operate with modem userdata file/dir
allow cbd modem_userdata_file:dir create_dir_perms;
allow cbd modem_userdata_file:file create_file_perms;

# Allow cbd to access modem image file/dir
allow cbd modem_img_file:dir r_dir_perms;
allow cbd modem_img_file:file r_file_perms;
allow cbd modem_img_file:lnk_file r_file_perms;

# Allow cbd to collect crash info
allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;

userdebug_or_eng(`
  r_dir_file(cbd, vendor_slog_file)

  allow cbd kernel:system syslog_read;

  allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
  allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
')
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 03:29:22 +0000