This repository has been archived by the owner on Nov 10, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathsepolicy.rule
83 lines (79 loc) · 4.36 KB
/
sepolicy.rule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
type flipendo_userfaultfd
type flipendo
typeattribute flipendo appdomain
typeattribute flipendo halclientdomain
typeattribute flipendo hal_power_client
allow flipendo app_api_service service_manager find
allow flipendo fwk_stats_hwservice hwservice_manager find
allow flipendo color_display_service service_manager find
allow flipendo hal_power_service service_manager find
allow flipendo hal_power_default binder { call transfer }
allow flipendo hal_power_client binder { receive call }
allow flipendo statsd binder { receive call }
allow flipendo gpuservice binder { receive call }
allow flipendo stats_service_server binder { receive call }
allow flipendo flipendo_userfaultfd anon_inode { ioctl read create }
allow flipendo appdomain_tmpfs file { read write getattr map execute }
allow flipendo servicemanager binder { call transfer }
allow servicemanager flipendo binder { call transfer }
allow servicemanager flipendo dir { search }
allow servicemanager flipendo file { read open }
allow servicemanager flipendo process { getattr }
allow flipendo flipendo dir search
allow flipendo flipendo process { fork getsched }
allow flipendo flipendo unix_dgram_socket create
allow untrusted_app app_api_service service_manager find
allow untrusted_app fwk_stats_hwservice hwservice_manager find
allow untrusted_app color_display_service service_manager find
allow untrusted_app hal_power_service service_manager find
allow untrusted_app hal_power_default binder { call transfer }
allow untrusted_app hal_power_client binder { receive call }
allow untrusted_app statsd binder { receive call }
allow untrusted_app gpuservice binder { receive call }
allow untrusted_app stats_service_server binder { receive call }
allow untrusted_app untrusted_app_userfaultfd anon_inode { ioctl read create }
allow untrusted_app appdomain_tmpfs file { read write getattr map execute }
allow untrusted_app servicemanager binder { call transfer }
allow servicemanager untrusted_app binder { call transfer }
allow servicemanager untrusted_app dir { search }
allow servicemanager untrusted_app file { read open }
allow servicemanager untrusted_app process { getattr }
allow platform_app app_api_service service_manager find
allow platform_app fwk_stats_hwservice hwservice_manager find
allow platform_app color_display_service service_manager find
allow platform_app hal_power_service service_manager find
allow platform_app hal_power_default binder { call transfer }
allow platform_app hal_power_client binder { receive call }
allow platform_app statsd binder { receive call }
allow platform_app gpuservice binder { receive call }
allow platform_app stats_service_server binder { receive call }
allow platform_app platform_userfaultfd anon_inode { ioctl read create }
allow platform_app appdomain_tmpfs file { read write getattr map execute }
allow platform_app servicemanager binder { call transfer }
allow platform_app hal_power_service service_manager { find }
allow priv_app app_api_service service_manager find
allow priv_app fwk_stats_hwservice hwservice_manager find
allow priv_app color_display_service service_manager find
allow priv_app hal_power_service service_manager find
allow priv_app hal_power_default binder { call transfer }
allow priv_app hal_power_client binder { receive call }
allow priv_app statsd binder { receive call }
allow priv_app gpuservice binder { receive call }
allow priv_app stats_service_server binder { receive call }
allow priv_app priv_userfaultfd anon_inode { ioctl read create }
allow priv_app appdomain_tmpfs file { read write getattr map execute }
allow priv_app servicemanager binder { call transfer }
allow priv_app hal_power_service service_manager { find }
allow gmscore_app app_api_service service_manager find
allow gmscore_app fwk_stats_hwservice hwservice_manager find
allow gmscore_app color_display_service service_manager find
allow gmscore_app hal_power_service service_manager find
allow gmscore_app hal_power_default binder { call transfer }
allow gmscore_app hal_power_client binder { receive call }
allow gmscore_app statsd binder { receive call }
allow gmscore_app gpuservice binder { receive call }
allow gmscore_app stats_service_server binder { receive call }
allow gmscore_app gmscore_userfaultfd anon_inode { ioctl read create }
allow gmscore_app appdomain_tmpfs file { read write getattr map execute }
allow gmscore_app servicemanager binder { call transfer }
allow gmscore_app hal_power_service service_manager { find }