28 lines
927 B
Plaintext
28 lines
927 B
Plaintext
type mmi_touch_sh, domain;
|
|
type mmi_touch_sh_exec, exec_type, file_type;
|
|
init_daemon_domain(mmi_touch_sh)
|
|
|
|
# shell scripts need to execute /system/bin/sh
|
|
allow mmi_touch_sh shell_exec:file rx_file_perms;
|
|
allow mmi_touch_sh toolbox_exec:file rx_file_perms;
|
|
|
|
# Logs to /dev/kmsg
|
|
allow mmi_touch_sh kmsg_device:chr_file w_file_perms;
|
|
|
|
# Write to /sys/path/to/firmware/forcereflash
|
|
# Read from /sys/path/to/firmware/poweron (and others)
|
|
allow mmi_touch_sh sysfs_mmi_touch:file rw_file_perms;
|
|
allow mmi_touch_sh sysfs_mmi_touch:file setattr;
|
|
allow mmi_touch_sh sysfs_mmi_touch:dir search;
|
|
allow mmi_touch_sh system_file:dir r_file_perms;
|
|
allow mmi_touch_sh self:capability chown;
|
|
|
|
# WRONG
|
|
allow mmi_touch_sh sysfs:dir r_dir_perms;
|
|
allow mmi_touch_sh sysfs:file rw_file_perms;
|
|
allow mmi_touch_sh sysfs:file setattr;
|
|
allow mmi_touch_sh sysfs:lnk_file getattr;
|
|
|
|
set_prop(mmi_touch_sh, touch_prop);
|
|
set_prop(mmi_touch_sh, hw_rev_prop);
|