1*e4a36f41SAndroid Build Coastguard Worker;; complement CIL file for compatibility between ToT policy and 30.0 vendors. 2*e4a36f41SAndroid Build Coastguard Worker;; will be compiled along with other normal policy files, on 30.0 vendors. 3*e4a36f41SAndroid Build Coastguard Worker;; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker(typeattribute vendordomain) 6*e4a36f41SAndroid Build Coastguard Worker(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker;; TODO: Once 30.0 is no longer supported for vendor images, 9*e4a36f41SAndroid Build Coastguard Worker;; mlsvendorcompat can be completely from the system policy. 10*e4a36f41SAndroid Build Coastguard Worker(typeattributeset mlsvendorcompat (and appdomain vendordomain)) 11*e4a36f41SAndroid Build Coastguard Worker(allow mlsvendorcompat app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir))) 12*e4a36f41SAndroid Build Coastguard Worker(allow mlsvendorcompat app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads))) 13*e4a36f41SAndroid Build Coastguard Worker(allow mlsvendorcompat privapp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir))) 14*e4a36f41SAndroid Build Coastguard Worker(allow mlsvendorcompat privapp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads))) 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker;; permission for devices (older than S) where debugfs restriction doesn't apply. 17*e4a36f41SAndroid Build Coastguard Worker(typeattribute debugfs_file_type) 18*e4a36f41SAndroid Build Coastguard Worker(typeattributeset debugfs_file_type (and debugfs_type file_type)) 19*e4a36f41SAndroid Build Coastguard Worker(typeattribute debugfs_fs_type) 20*e4a36f41SAndroid Build Coastguard Worker(typeattributeset debugfs_fs_type (and debugfs_type fs_type)) 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker(allow dumpstate debugfs (file (ioctl read getattr lock map open watch watch_reads))) 23*e4a36f41SAndroid Build Coastguard Worker(allow dumpstate debugfs_mmc (file (ioctl read getattr lock map open watch watch_reads))) 24*e4a36f41SAndroid Build Coastguard Worker(allow dumpstate debugfs_wakeup_sources (file (ioctl read getattr lock map open watch watch_reads))) 25*e4a36f41SAndroid Build Coastguard Worker(auditallow dumpstate debugfs (file (ioctl read getattr lock map open watch watch_reads))) 26*e4a36f41SAndroid Build Coastguard Worker 27*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs (dir (getattr relabelfrom))) 28*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs (file (getattr relabelfrom))) 29*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs (lnk_file (getattr relabelfrom))) 30*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs_file_type (file (create getattr open read write setattr relabelfrom unlink map))) 31*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs_fs_type (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch))) 32*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs_type (dir (getattr relabelto))) 33*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs_type (file (getattr relabelto))) 34*e4a36f41SAndroid Build Coastguard Worker(allow init debugfs_type (lnk_file (getattr relabelto))) 35*e4a36f41SAndroid Build Coastguard Worker 36*e4a36f41SAndroid Build Coastguard Worker(allow system_server debugfs_wakeup_sources (file (ioctl read getattr lock map open watch watch_reads))) 37*e4a36f41SAndroid Build Coastguard Worker 38*e4a36f41SAndroid Build Coastguard Worker(allow vendor_init debugfs_file_type (file (create getattr open read write setattr relabelfrom unlink map))) 39*e4a36f41SAndroid Build Coastguard Worker(allow vendor_init debugfs_fs_type (file (open read setattr map))) 40