blob: 82c49294279a35b8c6980d9a69929d92c1d09dc4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#credmgrd define
type credmgrd, domain;
type credmgrd_exec, exec_type, file_type;
type credmgrd_data_file, file_type;
type credmgrd_socket, file_type;
init_daemon_domain(credmgrd);
#credmgrd self
allow credmgrd self:socket create_socket_perms;
allow credmgrd self:file rw_file_perms;
allow credmgrd self:dir rw_file_perms;
allow credmgrd self:fifo_file rw_file_perms;
allow credmgrd credmgrd_data_file:file { getattr lock open read setattr write };
allow credmgrd cache_file:dir { remove_name write };
allow credmgrd credmgrd_data_file:dir { add_name open read remove_name write };
allow credmgrd credmgrd_data_file:file { create unlink };
#credmgdr tad
allow credmgrd tad_block_device:blk_file { read write ioctl open };
allow credmgrd tad_socket:unix_dgram_socket sendto;
allow credmgrd tad_socket:unix_stream_socket connectto;
allow credmgrd tad:unix_stream_socket connectto;
allow credmgrd tad_socket:sock_file write;
#credmgrd camera server
allow credmgrd camera_socket:file { read write getattr open };
allow credmgrd camera_socket:unix_stream_socket sendto;
allow credmgrd camera_socket:unix_stream_socket connectto;
#credmgrd mediaserver
allow mediaserver credmgrd:unix_stream_socket connectto;
#credmgrd mm-qcamera
allow credmgrd mm-qcamerad:file { read write getattr open };
allow credmgrd mm-qcamerad:unix_stream_socket sendto;
allow credmgrd mm-qcamerad:unix_stream_socket connectto;
#credmgrd qseecomd tee
allow credmgrd tee_device:chr_file rw_file_perms;
#credmgrd suntrold
allow credmgrd suntrold_sock_socket:unix_dgram_socket sendto;
allow credmgrd suntrold_sock_socket:unix_stream_socket connectto;
allow credmgrd suntrold_sock_socket:sock_file write;
allow credmgrd suntrold:unix_stream_socket connectto;
#credmgrd iddd
allow credmgrd iddd:unix_dgram_socket sendto;
allow credmgrd iddd_file:dir search;
allow credmgrd iddd_file:sock_file write;
allow credmgrd iddd_file:unix_stream_socket connectto;
allow credmgrd iddd_file:unix_dgram_socket sendto;
#/mnt/idd is tmpfs
allow credmgrd tmpfs:lnk_file read;
#credmgrd ion
allow credmgrd ion_device:chr_file { ioctl open read };
|