8599e34b95
Introduce wakelock_use(). This macro declares that a domain uses wakelocks. Wakelocks require both read-write access to files in /sys/power, and CAP_BLOCK_SUSPEND. This macro helps ensure that both capabilities and file access are granted at the same time. Still TODO: fix device specific wakelock use. Change-Id: Ib98ff374a73f89e403acd9f5e024988f59f08115
44 lines
1.5 KiB
Text
44 lines
1.5 KiB
Text
# rild - radio interface layer daemon
|
|
type rild, domain;
|
|
type rild_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(rild)
|
|
net_domain(rild)
|
|
allow rild self:netlink_route_socket nlmsg_write;
|
|
allow rild kernel:system module_request;
|
|
unix_socket_connect(rild, property, init)
|
|
allow rild self:capability { setuid net_admin net_raw };
|
|
allow rild alarm_device:chr_file rw_file_perms;
|
|
allow rild cgroup:dir create_dir_perms;
|
|
allow rild radio_device:chr_file rw_file_perms;
|
|
allow rild radio_device:blk_file r_file_perms;
|
|
allow rild mtd_device:dir search;
|
|
allow rild efs_file:dir create_dir_perms;
|
|
allow rild efs_file:file create_file_perms;
|
|
allow rild shell_exec:file rx_file_perms;
|
|
allow rild bluetooth_efs_file:file r_file_perms;
|
|
allow rild bluetooth_efs_file:dir r_dir_perms;
|
|
allow rild radio_data_file:dir rw_dir_perms;
|
|
allow rild radio_data_file:file create_file_perms;
|
|
allow rild sdcard_type:dir r_dir_perms;
|
|
allow rild system_data_file:dir r_dir_perms;
|
|
allow rild system_data_file:file r_file_perms;
|
|
allow rild system_file:file x_file_perms;
|
|
|
|
# property service
|
|
allow rild rild_prop:property_service set;
|
|
allow rild radio_prop:property_service set;
|
|
|
|
# Read/Write to uart driver (for GPS)
|
|
allow rild gps_device:chr_file rw_file_perms;
|
|
|
|
allow rild tty_device:chr_file rw_file_perms;
|
|
|
|
# Allow rild to create and use netlink sockets.
|
|
allow rild self:netlink_socket create_socket_perms;
|
|
allow rild self:netlink_kobject_uevent_socket create_socket_perms;
|
|
|
|
# Access to wake locks
|
|
wakelock_use(rild)
|
|
|
|
allow rild self:socket create_socket_perms;
|