blob: a440bfe545596653d02a09ee2ac5a13663b55c13 [file] [log] [blame]
Jeff Vander Stoepd22987b2015-11-03 09:54:39 -08001# rules removed from the domain attribute
Jeff Vander Stoep6e3506e2015-11-05 15:24:22 -08002
Jeff Vander Stoep6e3506e2015-11-05 15:24:22 -08003# Read access to pseudo filesystems.
Jeff Vander Stoepa2c40552016-09-13 11:03:36 -07004r_dir_file(domain_deprecated, sysfs)
Nick Kralevich596dd092017-02-10 12:58:41 -08005
6userdebug_or_eng(`
Jeff Vander Stoepa1b45602017-02-10 09:39:37 -08007auditallow {
8 domain_deprecated
Nick Kralevichb59c2012017-02-10 12:06:46 -08009 -fingerprintd
10 -healthd
11 -netd
Jeff Vander Stoep9bbe4202017-06-14 10:11:12 -070012 -recovery
Nick Kralevichb59c2012017-02-10 12:06:46 -080013 -system_app
14 -surfaceflinger
15 -system_server
16 -tee
17 -ueventd
18 -vold
Nick Kralevichb59c2012017-02-10 12:06:46 -080019} sysfs:dir { open getattr read ioctl lock }; # search granted in domain
20auditallow {
21 domain_deprecated
Nick Kralevichb59c2012017-02-10 12:06:46 -080022 -fingerprintd
23 -healthd
24 -netd
Jeff Vander Stoep9bbe4202017-06-14 10:11:12 -070025 -recovery
Nick Kralevichb59c2012017-02-10 12:06:46 -080026 -system_app
27 -surfaceflinger
28 -system_server
29 -tee
30 -ueventd
31 -vold
Nick Kralevichb59c2012017-02-10 12:06:46 -080032} sysfs:file r_file_perms;
33auditallow {
34 domain_deprecated
Nick Kralevichb59c2012017-02-10 12:06:46 -080035 -fingerprintd
36 -healthd
37 -netd
Jeff Vander Stoep9bbe4202017-06-14 10:11:12 -070038 -recovery
Nick Kralevichb59c2012017-02-10 12:06:46 -080039 -system_app
40 -surfaceflinger
41 -system_server
42 -tee
43 -ueventd
44 -vold
Nick Kralevichb59c2012017-02-10 12:06:46 -080045} sysfs:lnk_file { getattr open ioctl lock }; # read granted in domain
Nick Kralevich596dd092017-02-10 12:58:41 -080046')