Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################
- #### /proc/ccs/exception_policy ####
- ####################################
- keep_domain any from <kernel> //./app-user
- keep_domain any from <kernel> //./system-user
- keep_domain any from <kernel> //./other-user
- keep_domain any from <kernel> /init
- keep_domain any from <kernel> /init /sbin/adbd
- keep_domain any from <kernel> /init /system/bin/mid
- no_keep_domain /sbin/adbd from <kernel> /init
- no_keep_domain /system/bin/app_process from <kernel> /init
- no_keep_domain /system/bin/felicamdl from <kernel> /init
- no_keep_domain /system/bin/mid from <kernel> /init
- no_keep_domain /system/bin/rild from <kernel> /init
- no_keep_domain /system/bin/sh from <kernel> /init
- no_keep_domain /system/bin/sh from <kernel> /init /sbin/adbd
- no_keep_domain /system/bin/sh from <kernel> /init /system/bin/mid
- no_keep_domain /vendorpa/etc/load.smc.sh from <kernel> /init
- no_keep_domain /system/bin/vold from <kernel> /init
- no_keep_domain /system/bin/anpand from <kernel> /init
- no_keep_domain /system/bin/installd from <kernel> /init
- keep_domain any from <kernel> /init /sbin/adbd /system/bin/sh
- no_keep_domain /system/bin/app_process from <kernel> /init /sbin/adbd /system/bin/sh
- keep_domain any from <kernel> /init /system/bin/rild
- keep_domain any from <kernel> /init /system/bin/mid /system/bin/sh
- keep_domain any from <kernel> /init /system/bin/sh
- keep_domain any from <kernel> /init /system/bin/vold
- keep_domain any from <kernel> /init /system/bin/anpand
- keep_domain any from <kernel> /init /system/bin/installd
- initialize_domain /system/bin/app_process from any
- path_group PER_ANY_DIR /
- path_group PER_ANY_DIR /\{\*\}/
- path_group PER_ANY_DIR \*:/
- path_group PER_ANY_DIR \*:/\{\*\}/
- path_group PER_EXEC_FILE /\*
- path_group PER_EXEC_FILE /\{\*\}/\*
- path_group PER_LINK_DIR /acct/\{\*\}/
- path_group PER_LINK_DIR /cache/\{\*\}/
- path_group PER_LINK_DIR /ccpu/\{\*\}/
- path_group PER_LINK_DIR /ccpu1/\{\*\}/
- path_group PER_LINK_DIR /data/\{\*\}/
- path_group PER_LINK_DIR /fotadelta/\{\*\}/
- path_group PER_LINK_DIR /log/\{\*\}/
- path_group PER_LINK_DIR /log2/\{\*\}/
- path_group PER_LINK_DIR /log3/\{\*\}/
- path_group PER_LINK_DIR /misc4/\{\*\}/
- path_group PER_LINK_DIR /mnt/\{\*\}/
- path_group PER_LINK_DIR /tmp/\{\*\}/
- path_group PER_LINK_DIR \*:/
- path_group PER_LINK_DIR \*:/\{\*\}/
- path_group PER_LINK_FILE /acct/\*
- path_group PER_LINK_FILE /acct/\{\*\}/\*
- path_group PER_LINK_FILE /cache/\*
- path_group PER_LINK_FILE /cache/\{\*\}/\*
- path_group PER_LINK_FILE /ccpu/\*
- path_group PER_LINK_FILE /ccpu/\{\*\}/\*
- path_group PER_LINK_FILE /ccpu1/\*
- path_group PER_LINK_FILE /ccpu1/\{\*\}/\*
- path_group PER_LINK_FILE /data/\*
- path_group PER_LINK_FILE /data/\{\*\}/\*
- path_group PER_LINK_FILE /dev/\*\-felica\-felica_cen\-felica_cfg\-felica_interrupt\-felica_pon\-felica_rfs\-felica_rws\-kmem\-mem\-smc_pa.ift\-udlfomf
- path_group PER_LINK_FILE /dev/\{\*\}/\*\-mmcblk0\*
- path_group PER_LINK_FILE /fotadelta/\*
- path_group PER_LINK_FILE /fotadelta/\{\*\}/\*
- path_group PER_LINK_FILE /log/\*
- path_group PER_LINK_FILE /log/\{\*\}/\*
- path_group PER_LINK_FILE /log2/\*
- path_group PER_LINK_FILE /log2/\{\*\}/\*
- path_group PER_LINK_FILE /log3/\*
- path_group PER_LINK_FILE /log3/\{\*\}/\*
- path_group PER_LINK_FILE /misc4/\*
- path_group PER_LINK_FILE /misc4/\{\*\}/\*
- path_group PER_LINK_FILE /mnt/\*
- path_group PER_LINK_FILE /mnt/\{\*\}/\*
- path_group PER_LINK_FILE /tmp/\*
- path_group PER_LINK_FILE /tmp/\{\*\}/\*
- path_group PER_LINK_FILE debugfs:/\*
- path_group PER_LINK_FILE debugfs:/\{\*\}/\*
- path_group PER_LINK_FILE devpts:/\*
- path_group PER_LINK_FILE devpts:/\{\*\}/\*
- path_group PER_LINK_FILE proc:/\*
- path_group PER_LINK_FILE proc:/\{\*\}/\*
- path_group PER_LINK_FILE sysfs:/\*
- path_group PER_LINK_FILE sysfs:/\{\*\}/\*
- path_group PER_SYMLINK_FILE /acct/\*
- path_group PER_SYMLINK_FILE /acct/\{\*\}/\*
- path_group PER_SYMLINK_FILE /cache/\*
- path_group PER_SYMLINK_FILE /cache/\{\*\}/\*
- path_group PER_SYMLINK_FILE /ccpu/\*
- path_group PER_SYMLINK_FILE /ccpu/\{\*\}/\*
- path_group PER_SYMLINK_FILE /ccpu1/\*
- path_group PER_SYMLINK_FILE /ccpu1/\{\*\}/\*
- path_group PER_SYMLINK_FILE /data/\*
- path_group PER_SYMLINK_FILE /data/\{\*\}/\*
- path_group PER_SYMLINK_FILE /dev/\*
- path_group PER_SYMLINK_FILE /dev/\{\*\}/\*
- path_group PER_SYMLINK_FILE /fotadelta/\*
- path_group PER_SYMLINK_FILE /fotadelta/\{\*\}/\*
- path_group PER_SYMLINK_FILE /log/\*
- path_group PER_SYMLINK_FILE /log/\{\*\}/\*
- path_group PER_SYMLINK_FILE /log2/\*
- path_group PER_SYMLINK_FILE /log2/\{\*\}/\*
- path_group PER_SYMLINK_FILE /log3/\*
- path_group PER_SYMLINK_FILE /log3/\{\*\}/\*
- path_group PER_SYMLINK_FILE /misc4/\*
- path_group PER_SYMLINK_FILE /misc4/\{\*\}/\*
- path_group PER_SYMLINK_FILE /mnt/\*
- path_group PER_SYMLINK_FILE /mnt/\{\*\}/\*
- path_group PER_SYMLINK_FILE /tmp/\*
- path_group PER_SYMLINK_FILE /tmp/\{\*\}/\*
- path_group PER_SYMLINK_FILE debugfs:/\*
- path_group PER_SYMLINK_FILE debugfs:/\{\*\}/\*
- path_group PER_SYMLINK_FILE devpts:/\*
- path_group PER_SYMLINK_FILE devpts:/\{\*\}/\*
- path_group PER_SYMLINK_FILE proc:/\*
- path_group PER_SYMLINK_FILE proc:/\{\*\}/\*
- path_group PER_SYMLINK_FILE sysfs:/\*
- path_group PER_SYMLINK_FILE sysfs:/\{\*\}/\*
- path_group PER_READ_FILE /\*
- path_group PER_READ_FILE /acct/\*
- path_group PER_READ_FILE /acct/\{\*\}/\*
- path_group PER_READ_FILE /cache/\*
- path_group PER_READ_FILE /cache/\{\*\}/\*
- path_group PER_READ_FILE /ccpu/\*
- path_group PER_READ_FILE /ccpu/\{\*\}/\*
- path_group PER_READ_FILE /ccpu1/\*
- path_group PER_READ_FILE /ccpu1/\{\*\}/\*
- path_group PER_READ_FILE /config/\*
- path_group PER_READ_FILE /config/\{\*\}/\*
- path_group PER_READ_FILE /data/\*
- path_group PER_READ_FILE /data/\{\*\}/\*
- path_group PER_READ_FILE /dev/\*\-felica\-felica_cfg\-felica_interrupt\-felica_pon\-kmem\-mem\-smc_pa.ift\-udlfomf
- path_group PER_READ_FILE /dev/\{\*\}/\*\-mmcblk0\*
- path_group PER_READ_FILE /factory/\*
- path_group PER_READ_FILE /factory/\{\*\}/\*
- path_group PER_READ_FILE /fotadelta/\*
- path_group PER_READ_FILE /fotadelta/\{\*\}/\*
- path_group PER_READ_FILE /log/\*
- path_group PER_READ_FILE /log/\{\*\}/\*
- path_group PER_READ_FILE /log2/\*
- path_group PER_READ_FILE /log2/\{\*\}/\*
- path_group PER_READ_FILE /log3/\*
- path_group PER_READ_FILE /log3/\{\*\}/\*
- path_group PER_READ_FILE /misc4/\*
- path_group PER_READ_FILE /misc4/\{\*\}/\*
- path_group PER_READ_FILE /mnt/\*
- path_group PER_READ_FILE /mnt/\{\*\}/\*
- path_group PER_READ_FILE /root/\*
- path_group PER_READ_FILE /root/\{\*\}/\*
- path_group PER_READ_FILE /sbin/\*\-ccs-init\-ccs-file
- path_group PER_READ_FILE /sbin/\{\*\}/\*
- path_group PER_READ_FILE /system/\*
- path_group PER_READ_FILE /system/\{\*\}/\*\-MobileFeliCaClient.odex\-data_app_fn.zip\-felicaDT.apk\-felicaDT.odex
- path_group PER_READ_FILE /tmp/\*
- path_group PER_READ_FILE /tmp/\{\*\}/\*
- path_group PER_READ_FILE /vendorpa/\*
- path_group PER_READ_FILE /vendorpa/\{\*\}/\*
- path_group PER_READ_FILE debugfs:/\*
- path_group PER_READ_FILE debugfs:/\{\*\}/\*
- path_group PER_READ_FILE devpts:/\*
- path_group PER_READ_FILE devpts:/\{\*\}/\*
- path_group PER_READ_FILE proc:/\*
- path_group PER_READ_FILE proc:/\{\*\}/\*
- path_group PER_READ_FILE sysfs:/\*
- path_group PER_READ_FILE sysfs:/\{\*\}/\*
- path_group PER_RENAME_DIR /acct/\{\*\}/
- path_group PER_RENAME_DIR /cache/\{\*\}/
- path_group PER_RENAME_DIR /ccpu/\{\*\}/
- path_group PER_RENAME_DIR /ccpu1/\{\*\}/
- path_group PER_RENAME_DIR /data/\{\*\}/
- path_group PER_RENAME_DIR /fotadelta/\{\*\}/
- path_group PER_RENAME_DIR /log/\{\*\}/
- path_group PER_RENAME_DIR /log2/\{\*\}/
- path_group PER_RENAME_DIR /log3/\{\*\}/
- path_group PER_RENAME_DIR /misc4/\{\*\}/
- path_group PER_RENAME_DIR /mnt/\{\*\}/
- path_group PER_RENAME_DIR /tmp/\{\*\}/
- path_group PER_RENAME_FILE /acct/\*
- path_group PER_RENAME_FILE /acct/\{\*\}/\*
- path_group PER_RENAME_FILE /cache/\*
- path_group PER_RENAME_FILE /cache/\{\*\}/\*
- path_group PER_RENAME_FILE /ccpu/\*
- path_group PER_RENAME_FILE /ccpu/\{\*\}/\*
- path_group PER_RENAME_FILE /ccpu1/\*
- path_group PER_RENAME_FILE /ccpu1/\{\*\}/\*
- path_group PER_RENAME_FILE /data/\*
- path_group PER_RENAME_FILE /data/\{\*\}/\*
- path_group PER_RENAME_FILE /fotadelta/\*
- path_group PER_RENAME_FILE /fotadelta/\{\*\}/\*
- path_group PER_RENAME_FILE /log/\*
- path_group PER_RENAME_FILE /log/\{\*\}/\*
- path_group PER_RENAME_FILE /log2/\*
- path_group PER_RENAME_FILE /log2/\{\*\}/\*
- path_group PER_RENAME_FILE /log3/\*
- path_group PER_RENAME_FILE /log3/\{\*\}/\*
- path_group PER_RENAME_FILE /misc4/\*
- path_group PER_RENAME_FILE /misc4/\{\*\}/\*
- path_group PER_RENAME_FILE /mnt/\*
- path_group PER_RENAME_FILE /mnt/\{\*\}/\*
- path_group PER_RENAME_FILE /tmp/\*
- path_group PER_RENAME_FILE /tmp/\{\*\}/\*
- path_group PER_WRITE_FILE /acct/\*
- path_group PER_WRITE_FILE /acct/\{\*\}/\*
- path_group PER_WRITE_FILE /cache/\*
- path_group PER_WRITE_FILE /cache/\{\*\}/\*
- path_group PER_WRITE_FILE /ccpu/\*
- path_group PER_WRITE_FILE /ccpu/\{\*\}/\*
- path_group PER_WRITE_FILE /ccpu1/\*
- path_group PER_WRITE_FILE /ccpu1/\{\*\}/\*
- path_group PER_WRITE_FILE /data/\*
- path_group PER_WRITE_FILE /data/\{\*\}/\*
- path_group PER_WRITE_FILE /dev/\*\-felica\-felica_cen\-felica_cfg\-felica_interrupt\-felica_pon\-felica_rfs\-felica_rws\-kmem\-mem\-smc_pa.ift\-udlfomf
- path_group PER_WRITE_FILE /dev/\{\*\}/\*\-mmcblk0\*
- path_group PER_WRITE_FILE /fotadelta/\*
- path_group PER_WRITE_FILE /fotadelta/\{\*\}/\*
- path_group PER_WRITE_FILE /log/\*
- path_group PER_WRITE_FILE /log/\{\*\}/\*
- path_group PER_WRITE_FILE /log2/\*
- path_group PER_WRITE_FILE /log2/\{\*\}/\*
- path_group PER_WRITE_FILE /log3/\*
- path_group PER_WRITE_FILE /log3/\{\*\}/\*
- path_group PER_WRITE_FILE /misc4/\*
- path_group PER_WRITE_FILE /misc4/\{\*\}/\*
- path_group PER_WRITE_FILE /mnt/\*
- path_group PER_WRITE_FILE /mnt/\{\*\}/\*
- path_group PER_WRITE_FILE /tmp/\*
- path_group PER_WRITE_FILE /tmp/\{\*\}/\*
- path_group PER_WRITE_FILE debugfs:/\*
- path_group PER_WRITE_FILE debugfs:/\{\*\}/\*
- path_group PER_WRITE_FILE devpts:/\*
- path_group PER_WRITE_FILE devpts:/\{\*\}/\*
- path_group PER_WRITE_FILE proc:/\*
- path_group PER_WRITE_FILE proc:/\{\*\}/\*
- path_group PER_WRITE_FILE sysfs:/\*
- path_group PER_WRITE_FILE sysfs:/\{\*\}/\*
- acl_group 0 file read @PER_READ_FILE
- acl_group 0 file read @PER_ANY_DIR
- acl_group 0 file rename @PER_RENAME_DIR @PER_RENAME_DIR
- acl_group 0 file rename @PER_RENAME_FILE @PER_RENAME_FILE
- acl_group 0 file write/append @PER_WRITE_FILE
- acl_group 0 file link @PER_LINK_DIR @PER_LINK_DIR
- acl_group 0 file link @PER_LINK_FILE @PER_LINK_FILE
- acl_group 0 file symlink @PER_SYMLINK_FILE
- acl_group 1 file read @PER_READ_FILE
- acl_group 1 file read @PER_ANY_DIR
- acl_group 1 file rename @PER_RENAME_DIR @PER_RENAME_DIR
- acl_group 1 file rename @PER_RENAME_FILE @PER_RENAME_FILE
- acl_group 1 file write/append @PER_WRITE_FILE
- acl_group 1 file link @PER_LINK_DIR @PER_LINK_DIR
- acl_group 1 file link @PER_LINK_FILE @PER_LINK_FILE
- acl_group 1 file symlink @PER_SYMLINK_FILE
- acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=1-999
- acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=1-999
- acl_group 1 task auto_domain_transition <kernel> //./system-user task.gid=1000
- acl_group 1 task auto_domain_transition <kernel> //./system-user task.uid=1000
- acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=1001-3999
- acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=1001-3999
- acl_group 1 task auto_domain_transition <kernel> //./felica-user task.gid=4000
- acl_group 1 task auto_domain_transition <kernel> //./felica-user task.uid=4000
- acl_group 1 task auto_domain_transition <kernel> //./fclock-user task.gid=4001
- acl_group 1 task auto_domain_transition <kernel> //./fclock-user task.uid=4001
- acl_group 1 task auto_domain_transition <kernel> //./felicaDT-user task.gid=4002
- acl_group 1 task auto_domain_transition <kernel> //./felicaDT-user task.uid=4002
- acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=4003-9999
- acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=4003-9999
- acl_group 1 task auto_domain_transition <kernel> //./app-user task.gid=10000-4294967295
- acl_group 1 task auto_domain_transition <kernel> //./app-user task.uid=10000-4294967295
- #################################
- #### /proc/ccs/domain_policy ####
- #################################
- <kernel>
- use_profile 3
- file execute /init exec.realpath="/init" exec.argv[0]="/init"
- file execute @PER_EXEC_FILE
- use_group 0
- <kernel> //./app-user
- use_profile 3
- file execute @PER_EXEC_FILE task.euid=10000-4294967295 task.egid=10000-4294967295
- use_group 0
- <kernel> //./fclock-user
- use_profile 3
- file execute @PER_EXEC_FILE task.euid=4001 task.egid=4001
- file read /dev/felica_cfg
- file write /dev/felica_cen
- file write /dev/felica_cfg
- use_group 0
- <kernel> //./felica-user
- use_profile 3
- file execute @PER_EXEC_FILE task.euid=4000 task.egid=4000
- file read /dev/felica
- file read /system/app/MobileFeliCaClient.odex
- file write /dev/felica
- file write /dev/felica_pon
- use_group 0
- <kernel> //./felicaDT-user
- use_profile 3
- file execute @PER_EXEC_FILE task.euid=4002 task.egid=4002
- file read /dev/udlfomf
- file read /system/app/felicaDT.apk
- file read /system/app/felicaDT.odex
- file write /dev/udlfomf
- use_group 0
- <kernel> //./other-user
- use_profile 3
- file execute @PER_EXEC_FILE task.euid=1-999 task.egid=1-999
- file execute @PER_EXEC_FILE task.euid=1001-3999 task.egid=1001-3999
- file execute @PER_EXEC_FILE task.euid=4003-9999 task.egid=4003-9999
- use_group 0
- <kernel> //./system-user
- use_profile 3
- capability use_kernel_module
- file execute @PER_EXEC_FILE task.euid=1000 task.egid=1000
- file read /system/app/MobileFeliCaClient.odex
- file read /system/app/felicaDT.apk
- file read /system/app/felicaDT.odex
- file write /dev/felica_rws
- use_group 0
- <kernel> /init
- use_profile 3
- capability use_kernel_module
- file execute /sbin/adbd exec.realpath="/sbin/adbd" exec.argv[0]="/sbin/adbd"
- file execute /system/bin/app_process exec.realpath="/system/bin/app_process" exec.argv[0]="/system/bin/app_process"
- file execute /system/bin/felicamdl exec.realpath="/system/bin/felicamdl" exec.argv[0]="/system/bin/felicamdl"
- file execute /system/bin/mid exec.realpath="/system/bin/mid" exec.argv[0]="/system/bin/mid"
- file execute /system/bin/rild exec.realpath="/system/bin/rild" exec.argv[0]="/system/bin/rild"
- file execute /system/bin/vold exec.realpath="/system/bin/vold" exec.argv[0]="/system/bin/vold"
- file execute /system/bin/sh exec.realpath="/system/bin/mksh" exec.argv[0]="/system/bin/sh"
- file execute /vendorpa/etc/load.smc.sh exec.realpath="/vendorpa/etc/load.smc.sh" exec.argv[0]="/vendorpa/etc/load.smc.sh"
- file execute /system/bin/anpand exec.realpath="/system/bin/anpand" exec.argv[0]="/system/bin/anpand"
- file execute /system/bin/installd exec.realpath="/system/bin/installd" exec.argv[0]="/system/bin/installd"
- file execute @PER_EXEC_FILE
- file mount /dev/block/mmcblk0p13 /system/ ext4 0x1
- file mount /dev/block/mmcblk0p14 /log/ ext4 0x6
- file mount /dev/block/mmcblk0p15 /log2/ ext4 0x6
- file mount /dev/block/mmcblk0p16 /misc4/ ext4 0x6
- file mount /dev/block/mmcblk0p17 /ccpu1/ ext4 0x6
- file mount /dev/block/mmcblk0p19 /cache/ ext4 0x406
- file mount /dev/block/mmcblk0p20 /log3/ ext4 0x6
- file mount /dev/block/mmcblk0p22 /fotadelta/ ext4 0x6
- file mount /dev/block/mmcblk0p23 /data/ ext4 0x406
- file mount /dev/block/mmcblk0p5 /ccpu/ ext4 0x6
- file mount /sys/kernel/debug sysfs:/kernel/debug/ debugfs 0x0
- file mount devpts /dev/pts/ devpts 0x0
- file mount none /acct/ cgroup 0x0
- file mount none /dev/cpuctl/ cgroup 0x0
- file mount proc /proc/ proc 0x0
- file mount rootfs / --remount 0x1
- file mount sysfs /sys/ sysfs 0x0
- file mount tmpfs /data/ tmpfs 0x406
- file mount tmpfs /dev/ tmpfs 0x2
- file mount tmpfs /mnt/asec/ tmpfs 0x0
- file mount tmpfs /mnt/obb/ tmpfs 0x0
- file mount tmpfs /tmp/ tmpfs 0x0
- file unmount /data/
- file read /dev/block/mmcblk0p10
- file read /dev/block/mmcblk0p18
- file read /dev/block/mmcblk0p23
- file symlink /d symlink.target="/sys/kernel/debug"
- file symlink /etc symlink.target="/system/etc"
- file symlink /sdcard symlink.target="/mnt/sdcard"
- file symlink /vendor symlink.target="/system/vendor"
- file write /dev/block/mmcblk0p18
- file write /dev/block/mmcblk0p23
- use_group 0
- <kernel> /init /sbin/adbd
- use_profile 3
- file execute /system/bin/sh exec.realpath="/system/bin/mksh" exec.argv[0]="/system/bin/sh" task.euid=2000
- file execute @PER_EXEC_FILE task.euid=2000
- use_group 0
- <kernel> /init /sbin/adbd /system/bin/sh
- use_profile 3
- file execute /system/bin/app_process exec.realpath="/system/bin/app_process" exec.argv[0]="/system/bin/app_process" task.euid=2000
- file execute @PER_EXEC_FILE task.euid=2000
- use_group 0
- <kernel> /init /system/bin/felicamdl
- use_profile 3
- file execute @PER_EXEC_FILE
- file read /dev/felica_interrupt
- use_group 0
- <kernel> /init /system/bin/mid
- use_profile 3
- capability use_kernel_module
- file execute /system/bin/sh exec.realpath="/system/bin/mksh" exec.argv[0]="sh"
- file execute @PER_EXEC_FILE
- use_group 0
- <kernel> /init /system/bin/mid /system/bin/sh
- use_profile 3
- file execute @PER_EXEC_FILE
- use_group 0
- <kernel> /init /system/bin/rild
- use_profile 3
- file execute @PER_EXEC_FILE
- use_group 0
- <kernel> /init /system/bin/sh
- use_profile 3
- capability use_kernel_module
- file execute @PER_EXEC_FILE
- use_group 0
- <kernel> /init /system/bin/vold
- use_profile 3
- file execute @PER_EXEC_FILE
- file mount /dev/block/dm-\$ /data/ ext4 0x6
- file mount /dev/block/dm-\$ /data/ ext4 0x406
- file mount /dev/block/dm-\$ /data/tmp_mnt/ ext4 0x1
- file mount /dev/block/dm-\$ /mnt/asec/\*/ vfat 0x87
- file mount /dev/block/dm-\$ /mnt/asec/\*/ texfat 0x87
- file mount /dev/block/dm-\$ /mnt/asec/\*/ vfat 0x8E
- file mount /dev/block/dm-\$ /mnt/asec/\*/ texfat 0x8E
- file mount /dev/block/loop\$ /mnt/asec/\*/ --remount 0x87
- file mount /dev/block/loop\$ /mnt/obb/\*/ vfat 0x87
- file mount /dev/block/loop\$ /mnt/obb/\*/ texfat 0x87
- file mount /dev/block/vold/\*:\* /mnt/secure/staging/ vfat 0x8E
- file mount /dev/block/vold/\*:\* /mnt/secure/staging/ texfat 0x8E
- file mount /mnt/sdcard/ /mnt/secure/staging/ --move 0x0
- file mount /mnt/secure/staging/ /mnt/sdcard/ --move 0x0
- file mount /mnt/secure/staging/.android_secure/ /mnt/secure/asec/ --bind 0x0
- file mount tmpfs /data/ tmpfs 0x406
- file mount tmpfs /mnt/secure/staging/.android_secure/ tmpfs 0x1
- file unmount /data/
- file unmount /data/tmp_mnt/
- file unmount /mnt/asec/\*/
- file unmount /mnt/obb/\*/
- file unmount /mnt/sdcard/
- file unmount /mnt/secure/asec/
- file unmount /mnt/secure/staging/
- file unmount /mnt/secure/staging/.android_secure/
- file read /dev/block/mmcblk0p23
- file write /dev/block/mmcblk0p23
- use_group 0
- <kernel> /init /vendorpa/etc/load.smc.sh
- use_profile 3
- file execute /smc_pa_ctrl exec.realpath="/smc_pa_ctrl" exec.argv[0]="/smc_pa_ctrl"
- file execute /vendorpa/bin/encdec_pa exec.realpath="/vendorpa/bin/encdec_pa" exec.argv[0]="/vendorpa/bin/encdec_pa"
- file execute @PER_EXEC_FILE
- use_group 0
- <kernel> /init /vendorpa/etc/load.smc.sh /smc_pa_ctrl
- use_profile 3
- file execute @PER_EXEC_FILE
- file read /dev/smc_pa.ift
- use_group 0
- <kernel> /init /vendorpa/etc/load.smc.sh /vendorpa/bin/encdec_pa
- use_profile 3
- file execute @PER_EXEC_FILE
- file read /dev/smc_pa.ift
- file write /dev/smc_pa.ift
- use_group 0
- <kernel> /init /system/bin/anpand
- use_profile 3
- file execute @PER_EXEC_FILE
- file read /dev/mem
- file read /dev/block/mmcblk0p10
- file read /dev/block/mmcblk0p18
- file write /dev/block/mmcblk0p18
- file write /dev/mem
- use_group 0
- <kernel> /init /system/bin/installd
- use_profile 3
- file execute @PER_EXEC_FILE
- file read /system/app/felicaDT.apk
- use_group 0
- <kernel> /system/bin/app_process
- use_profile 3
- file execute /system/bin/dexopt exec.realpath="/system/bin/dexopt" exec.argv[0]="/system/bin/dexopt"
- file execute @PER_EXEC_FILE
- use_group 1
- <kernel> /system/bin/app_process /system/bin/dexopt
- use_profile 3
- file execute @PER_EXEC_FILE
- use_group 0
- ###########################
- #### /proc/ccs/profile ####
- ###########################
- PROFILE_VERSION=20100903
- 0-COMMENT=-----Disabled Mode-----
- 0-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
- 0-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
- 1-COMMENT=-----Learning Mode-----
- 1-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
- 1-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
- 1-CONFIG::file::execute={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::open={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::symlink={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::link={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::rename={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::chroot={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::mount={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::unmount={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::file::pivot_root={ mode=learning grant_log=no reject_log=yes }
- 1-CONFIG::capability::use_kernel_module={ mode=learning grant_log=no reject_log=yes }
- 2-COMMENT=-----Permissive Mode-----
- 2-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
- 2-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
- 2-CONFIG::file::execute={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::open={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::symlink={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::link={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::rename={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::chroot={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::mount={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::unmount={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::file::pivot_root={ mode=permissive grant_log=no reject_log=yes }
- 2-CONFIG::capability::use_kernel_module={ mode=permissive grant_log=no reject_log=yes }
- 3-COMMENT=-----Enforcing Mode-----
- 3-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
- 3-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
- 3-CONFIG::file::execute={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::open={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::symlink={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::link={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::rename={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::chroot={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::mount={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::unmount={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::file::pivot_root={ mode=enforcing grant_log=no reject_log=yes }
- 3-CONFIG::capability::use_kernel_module={ mode=enforcing grant_log=no reject_log=yes }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement