blob: 2f7102fcfed71e262ffcc9c5f20dfc57d2154049 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
type rfsd, domain;
type rfsd_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(rfsd)
# Allow to setuid from root to radio
allow rfsd self:capability { chown setuid };
# Allow to search block device and mnt dir for modem EFS partitions
allow rfsd mnt_vendor_file:dir search;
allow rfsd block_device:dir search;
# Allow to operate with modem EFS file/dir
allow rfsd modem_efs_file:dir create_dir_perms;
allow rfsd modem_efs_file:file create_file_perms;
allow rfsd radio_vendor_data_file:dir r_dir_perms;
allow rfsd radio_vendor_data_file:file r_file_perms;
r_dir_file(rfsd, vendor_fw_file)
# Allow to access rfsd log file/dir
allow rfsd vendor_log_file:dir search;
allow rfsd vendor_rfsd_log_file:dir create_dir_perms;
allow rfsd vendor_rfsd_log_file:file create_file_perms;
# Allow to read/write modem block device
allow rfsd modem_block_device:blk_file rw_file_perms;
# Allow to operate with radio device
allow rfsd radio_device:chr_file rw_file_perms;
# Allow to set rild and modem property
set_prop(rfsd, vendor_modem_prop)
set_prop(rfsd, vendor_rild_prop)
# Allow rfsd to access modem image file/dir
allow rfsd modem_img_file:dir r_dir_perms;
allow rfsd modem_img_file:file r_file_perms;
allow rfsd modem_img_file:lnk_file r_file_perms;
|
