API tools faq
paste
Advertisement
goroh_kun

p-06d policy一覧

goroh_kun
Aug 27th, 2012
474
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.67 KB | None | 0 0
raw download clone embed print report
  1. ####################################
  2. #### /proc/ccs/exception_policy ####
  3. ####################################
  4. keep_domain any from <kernel> //./app-user
  5. keep_domain any from <kernel> //./system-user
  6. keep_domain any from <kernel> //./other-user
  7. keep_domain any from <kernel> /init
  8. keep_domain any from <kernel> /init /sbin/adbd
  9. keep_domain any from <kernel> /init /system/bin/mid
  10. no_keep_domain /sbin/adbd from <kernel> /init
  11. no_keep_domain /system/bin/app_process from <kernel> /init
  12. no_keep_domain /system/bin/felicamdl from <kernel> /init
  13. no_keep_domain /system/bin/mid from <kernel> /init
  14. no_keep_domain /system/bin/rild from <kernel> /init
  15. no_keep_domain /system/bin/sh from <kernel> /init
  16. no_keep_domain /system/bin/sh from <kernel> /init /sbin/adbd
  17. no_keep_domain /system/bin/sh from <kernel> /init /system/bin/mid
  18. no_keep_domain /vendorpa/etc/load.smc.sh from <kernel> /init
  19. no_keep_domain /system/bin/vold from <kernel> /init
  20. no_keep_domain /system/bin/anpand from <kernel> /init
  21. no_keep_domain /system/bin/installd from <kernel> /init
  22. keep_domain any from <kernel> /init /sbin/adbd /system/bin/sh
  23. no_keep_domain /system/bin/app_process from <kernel> /init /sbin/adbd /system/bin/sh
  24. keep_domain any from <kernel> /init /system/bin/rild
  25. keep_domain any from <kernel> /init /system/bin/mid /system/bin/sh
  26. keep_domain any from <kernel> /init /system/bin/sh
  27. keep_domain any from <kernel> /init /system/bin/vold
  28. keep_domain any from <kernel> /init /system/bin/anpand
  29. keep_domain any from <kernel> /init /system/bin/installd
  30. initialize_domain /system/bin/app_process from any
  31. path_group PER_ANY_DIR /
  32. path_group PER_ANY_DIR /\{\*\}/
  33. path_group PER_ANY_DIR \*:/
  34. path_group PER_ANY_DIR \*:/\{\*\}/
  35. path_group PER_EXEC_FILE /\*
  36. path_group PER_EXEC_FILE /\{\*\}/\*
  37. path_group PER_LINK_DIR /acct/\{\*\}/
  38. path_group PER_LINK_DIR /cache/\{\*\}/
  39. path_group PER_LINK_DIR /ccpu/\{\*\}/
  40. path_group PER_LINK_DIR /ccpu1/\{\*\}/
  41. path_group PER_LINK_DIR /data/\{\*\}/
  42. path_group PER_LINK_DIR /fotadelta/\{\*\}/
  43. path_group PER_LINK_DIR /log/\{\*\}/
  44. path_group PER_LINK_DIR /log2/\{\*\}/
  45. path_group PER_LINK_DIR /log3/\{\*\}/
  46. path_group PER_LINK_DIR /misc4/\{\*\}/
  47. path_group PER_LINK_DIR /mnt/\{\*\}/
  48. path_group PER_LINK_DIR /tmp/\{\*\}/
  49. path_group PER_LINK_DIR \*:/
  50. path_group PER_LINK_DIR \*:/\{\*\}/
  51. path_group PER_LINK_FILE /acct/\*
  52. path_group PER_LINK_FILE /acct/\{\*\}/\*
  53. path_group PER_LINK_FILE /cache/\*
  54. path_group PER_LINK_FILE /cache/\{\*\}/\*
  55. path_group PER_LINK_FILE /ccpu/\*
  56. path_group PER_LINK_FILE /ccpu/\{\*\}/\*
  57. path_group PER_LINK_FILE /ccpu1/\*
  58. path_group PER_LINK_FILE /ccpu1/\{\*\}/\*
  59. path_group PER_LINK_FILE /data/\*
  60. path_group PER_LINK_FILE /data/\{\*\}/\*
  61. path_group PER_LINK_FILE /dev/\*\-felica\-felica_cen\-felica_cfg\-felica_interrupt\-felica_pon\-felica_rfs\-felica_rws\-kmem\-mem\-smc_pa.ift\-udlfomf
  62. path_group PER_LINK_FILE /dev/\{\*\}/\*\-mmcblk0\*
  63. path_group PER_LINK_FILE /fotadelta/\*
  64. path_group PER_LINK_FILE /fotadelta/\{\*\}/\*
  65. path_group PER_LINK_FILE /log/\*
  66. path_group PER_LINK_FILE /log/\{\*\}/\*
  67. path_group PER_LINK_FILE /log2/\*
  68. path_group PER_LINK_FILE /log2/\{\*\}/\*
  69. path_group PER_LINK_FILE /log3/\*
  70. path_group PER_LINK_FILE /log3/\{\*\}/\*
  71. path_group PER_LINK_FILE /misc4/\*
  72. path_group PER_LINK_FILE /misc4/\{\*\}/\*
  73. path_group PER_LINK_FILE /mnt/\*
  74. path_group PER_LINK_FILE /mnt/\{\*\}/\*
  75. path_group PER_LINK_FILE /tmp/\*
  76. path_group PER_LINK_FILE /tmp/\{\*\}/\*
  77. path_group PER_LINK_FILE debugfs:/\*
  78. path_group PER_LINK_FILE debugfs:/\{\*\}/\*
  79. path_group PER_LINK_FILE devpts:/\*
  80. path_group PER_LINK_FILE devpts:/\{\*\}/\*
  81. path_group PER_LINK_FILE proc:/\*
  82. path_group PER_LINK_FILE proc:/\{\*\}/\*
  83. path_group PER_LINK_FILE sysfs:/\*
  84. path_group PER_LINK_FILE sysfs:/\{\*\}/\*
  85. path_group PER_SYMLINK_FILE /acct/\*
  86. path_group PER_SYMLINK_FILE /acct/\{\*\}/\*
  87. path_group PER_SYMLINK_FILE /cache/\*
  88. path_group PER_SYMLINK_FILE /cache/\{\*\}/\*
  89. path_group PER_SYMLINK_FILE /ccpu/\*
  90. path_group PER_SYMLINK_FILE /ccpu/\{\*\}/\*
  91. path_group PER_SYMLINK_FILE /ccpu1/\*
  92. path_group PER_SYMLINK_FILE /ccpu1/\{\*\}/\*
  93. path_group PER_SYMLINK_FILE /data/\*
  94. path_group PER_SYMLINK_FILE /data/\{\*\}/\*
  95. path_group PER_SYMLINK_FILE /dev/\*
  96. path_group PER_SYMLINK_FILE /dev/\{\*\}/\*
  97. path_group PER_SYMLINK_FILE /fotadelta/\*
  98. path_group PER_SYMLINK_FILE /fotadelta/\{\*\}/\*
  99. path_group PER_SYMLINK_FILE /log/\*
  100. path_group PER_SYMLINK_FILE /log/\{\*\}/\*
  101. path_group PER_SYMLINK_FILE /log2/\*
  102. path_group PER_SYMLINK_FILE /log2/\{\*\}/\*
  103. path_group PER_SYMLINK_FILE /log3/\*
  104. path_group PER_SYMLINK_FILE /log3/\{\*\}/\*
  105. path_group PER_SYMLINK_FILE /misc4/\*
  106. path_group PER_SYMLINK_FILE /misc4/\{\*\}/\*
  107. path_group PER_SYMLINK_FILE /mnt/\*
  108. path_group PER_SYMLINK_FILE /mnt/\{\*\}/\*
  109. path_group PER_SYMLINK_FILE /tmp/\*
  110. path_group PER_SYMLINK_FILE /tmp/\{\*\}/\*
  111. path_group PER_SYMLINK_FILE debugfs:/\*
  112. path_group PER_SYMLINK_FILE debugfs:/\{\*\}/\*
  113. path_group PER_SYMLINK_FILE devpts:/\*
  114. path_group PER_SYMLINK_FILE devpts:/\{\*\}/\*
  115. path_group PER_SYMLINK_FILE proc:/\*
  116. path_group PER_SYMLINK_FILE proc:/\{\*\}/\*
  117. path_group PER_SYMLINK_FILE sysfs:/\*
  118. path_group PER_SYMLINK_FILE sysfs:/\{\*\}/\*
  119. path_group PER_READ_FILE /\*
  120. path_group PER_READ_FILE /acct/\*
  121. path_group PER_READ_FILE /acct/\{\*\}/\*
  122. path_group PER_READ_FILE /cache/\*
  123. path_group PER_READ_FILE /cache/\{\*\}/\*
  124. path_group PER_READ_FILE /ccpu/\*
  125. path_group PER_READ_FILE /ccpu/\{\*\}/\*
  126. path_group PER_READ_FILE /ccpu1/\*
  127. path_group PER_READ_FILE /ccpu1/\{\*\}/\*
  128. path_group PER_READ_FILE /config/\*
  129. path_group PER_READ_FILE /config/\{\*\}/\*
  130. path_group PER_READ_FILE /data/\*
  131. path_group PER_READ_FILE /data/\{\*\}/\*
  132. path_group PER_READ_FILE /dev/\*\-felica\-felica_cfg\-felica_interrupt\-felica_pon\-kmem\-mem\-smc_pa.ift\-udlfomf
  133. path_group PER_READ_FILE /dev/\{\*\}/\*\-mmcblk0\*
  134. path_group PER_READ_FILE /factory/\*
  135. path_group PER_READ_FILE /factory/\{\*\}/\*
  136. path_group PER_READ_FILE /fotadelta/\*
  137. path_group PER_READ_FILE /fotadelta/\{\*\}/\*
  138. path_group PER_READ_FILE /log/\*
  139. path_group PER_READ_FILE /log/\{\*\}/\*
  140. path_group PER_READ_FILE /log2/\*
  141. path_group PER_READ_FILE /log2/\{\*\}/\*
  142. path_group PER_READ_FILE /log3/\*
  143. path_group PER_READ_FILE /log3/\{\*\}/\*
  144. path_group PER_READ_FILE /misc4/\*
  145. path_group PER_READ_FILE /misc4/\{\*\}/\*
  146. path_group PER_READ_FILE /mnt/\*
  147. path_group PER_READ_FILE /mnt/\{\*\}/\*
  148. path_group PER_READ_FILE /root/\*
  149. path_group PER_READ_FILE /root/\{\*\}/\*
  150. path_group PER_READ_FILE /sbin/\*\-ccs-init\-ccs-file
  151. path_group PER_READ_FILE /sbin/\{\*\}/\*
  152. path_group PER_READ_FILE /system/\*
  153. path_group PER_READ_FILE /system/\{\*\}/\*\-MobileFeliCaClient.odex\-data_app_fn.zip\-felicaDT.apk\-felicaDT.odex
  154. path_group PER_READ_FILE /tmp/\*
  155. path_group PER_READ_FILE /tmp/\{\*\}/\*
  156. path_group PER_READ_FILE /vendorpa/\*
  157. path_group PER_READ_FILE /vendorpa/\{\*\}/\*
  158. path_group PER_READ_FILE debugfs:/\*
  159. path_group PER_READ_FILE debugfs:/\{\*\}/\*
  160. path_group PER_READ_FILE devpts:/\*
  161. path_group PER_READ_FILE devpts:/\{\*\}/\*
  162. path_group PER_READ_FILE proc:/\*
  163. path_group PER_READ_FILE proc:/\{\*\}/\*
  164. path_group PER_READ_FILE sysfs:/\*
  165. path_group PER_READ_FILE sysfs:/\{\*\}/\*
  166. path_group PER_RENAME_DIR /acct/\{\*\}/
  167. path_group PER_RENAME_DIR /cache/\{\*\}/
  168. path_group PER_RENAME_DIR /ccpu/\{\*\}/
  169. path_group PER_RENAME_DIR /ccpu1/\{\*\}/
  170. path_group PER_RENAME_DIR /data/\{\*\}/
  171. path_group PER_RENAME_DIR /fotadelta/\{\*\}/
  172. path_group PER_RENAME_DIR /log/\{\*\}/
  173. path_group PER_RENAME_DIR /log2/\{\*\}/
  174. path_group PER_RENAME_DIR /log3/\{\*\}/
  175. path_group PER_RENAME_DIR /misc4/\{\*\}/
  176. path_group PER_RENAME_DIR /mnt/\{\*\}/
  177. path_group PER_RENAME_DIR /tmp/\{\*\}/
  178. path_group PER_RENAME_FILE /acct/\*
  179. path_group PER_RENAME_FILE /acct/\{\*\}/\*
  180. path_group PER_RENAME_FILE /cache/\*
  181. path_group PER_RENAME_FILE /cache/\{\*\}/\*
  182. path_group PER_RENAME_FILE /ccpu/\*
  183. path_group PER_RENAME_FILE /ccpu/\{\*\}/\*
  184. path_group PER_RENAME_FILE /ccpu1/\*
  185. path_group PER_RENAME_FILE /ccpu1/\{\*\}/\*
  186. path_group PER_RENAME_FILE /data/\*
  187. path_group PER_RENAME_FILE /data/\{\*\}/\*
  188. path_group PER_RENAME_FILE /fotadelta/\*
  189. path_group PER_RENAME_FILE /fotadelta/\{\*\}/\*
  190. path_group PER_RENAME_FILE /log/\*
  191. path_group PER_RENAME_FILE /log/\{\*\}/\*
  192. path_group PER_RENAME_FILE /log2/\*
  193. path_group PER_RENAME_FILE /log2/\{\*\}/\*
  194. path_group PER_RENAME_FILE /log3/\*
  195. path_group PER_RENAME_FILE /log3/\{\*\}/\*
  196. path_group PER_RENAME_FILE /misc4/\*
  197. path_group PER_RENAME_FILE /misc4/\{\*\}/\*
  198. path_group PER_RENAME_FILE /mnt/\*
  199. path_group PER_RENAME_FILE /mnt/\{\*\}/\*
  200. path_group PER_RENAME_FILE /tmp/\*
  201. path_group PER_RENAME_FILE /tmp/\{\*\}/\*
  202. path_group PER_WRITE_FILE /acct/\*
  203. path_group PER_WRITE_FILE /acct/\{\*\}/\*
  204. path_group PER_WRITE_FILE /cache/\*
  205. path_group PER_WRITE_FILE /cache/\{\*\}/\*
  206. path_group PER_WRITE_FILE /ccpu/\*
  207. path_group PER_WRITE_FILE /ccpu/\{\*\}/\*
  208. path_group PER_WRITE_FILE /ccpu1/\*
  209. path_group PER_WRITE_FILE /ccpu1/\{\*\}/\*
  210. path_group PER_WRITE_FILE /data/\*
  211. path_group PER_WRITE_FILE /data/\{\*\}/\*
  212. path_group PER_WRITE_FILE /dev/\*\-felica\-felica_cen\-felica_cfg\-felica_interrupt\-felica_pon\-felica_rfs\-felica_rws\-kmem\-mem\-smc_pa.ift\-udlfomf
  213. path_group PER_WRITE_FILE /dev/\{\*\}/\*\-mmcblk0\*
  214. path_group PER_WRITE_FILE /fotadelta/\*
  215. path_group PER_WRITE_FILE /fotadelta/\{\*\}/\*
  216. path_group PER_WRITE_FILE /log/\*
  217. path_group PER_WRITE_FILE /log/\{\*\}/\*
  218. path_group PER_WRITE_FILE /log2/\*
  219. path_group PER_WRITE_FILE /log2/\{\*\}/\*
  220. path_group PER_WRITE_FILE /log3/\*
  221. path_group PER_WRITE_FILE /log3/\{\*\}/\*
  222. path_group PER_WRITE_FILE /misc4/\*
  223. path_group PER_WRITE_FILE /misc4/\{\*\}/\*
  224. path_group PER_WRITE_FILE /mnt/\*
  225. path_group PER_WRITE_FILE /mnt/\{\*\}/\*
  226. path_group PER_WRITE_FILE /tmp/\*
  227. path_group PER_WRITE_FILE /tmp/\{\*\}/\*
  228. path_group PER_WRITE_FILE debugfs:/\*
  229. path_group PER_WRITE_FILE debugfs:/\{\*\}/\*
  230. path_group PER_WRITE_FILE devpts:/\*
  231. path_group PER_WRITE_FILE devpts:/\{\*\}/\*
  232. path_group PER_WRITE_FILE proc:/\*
  233. path_group PER_WRITE_FILE proc:/\{\*\}/\*
  234. path_group PER_WRITE_FILE sysfs:/\*
  235. path_group PER_WRITE_FILE sysfs:/\{\*\}/\*
  236. acl_group 0 file read @PER_READ_FILE
  237. acl_group 0 file read @PER_ANY_DIR
  238. acl_group 0 file rename @PER_RENAME_DIR @PER_RENAME_DIR
  239. acl_group 0 file rename @PER_RENAME_FILE @PER_RENAME_FILE
  240. acl_group 0 file write/append @PER_WRITE_FILE
  241. acl_group 0 file link @PER_LINK_DIR @PER_LINK_DIR
  242. acl_group 0 file link @PER_LINK_FILE @PER_LINK_FILE
  243. acl_group 0 file symlink @PER_SYMLINK_FILE
  244. acl_group 1 file read @PER_READ_FILE
  245. acl_group 1 file read @PER_ANY_DIR
  246. acl_group 1 file rename @PER_RENAME_DIR @PER_RENAME_DIR
  247. acl_group 1 file rename @PER_RENAME_FILE @PER_RENAME_FILE
  248. acl_group 1 file write/append @PER_WRITE_FILE
  249. acl_group 1 file link @PER_LINK_DIR @PER_LINK_DIR
  250. acl_group 1 file link @PER_LINK_FILE @PER_LINK_FILE
  251. acl_group 1 file symlink @PER_SYMLINK_FILE
  252. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=1-999
  253. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=1-999
  254. acl_group 1 task auto_domain_transition <kernel> //./system-user task.gid=1000
  255. acl_group 1 task auto_domain_transition <kernel> //./system-user task.uid=1000
  256. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=1001-3999
  257. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=1001-3999
  258. acl_group 1 task auto_domain_transition <kernel> //./felica-user task.gid=4000
  259. acl_group 1 task auto_domain_transition <kernel> //./felica-user task.uid=4000
  260. acl_group 1 task auto_domain_transition <kernel> //./fclock-user task.gid=4001
  261. acl_group 1 task auto_domain_transition <kernel> //./fclock-user task.uid=4001
  262. acl_group 1 task auto_domain_transition <kernel> //./felicaDT-user task.gid=4002
  263. acl_group 1 task auto_domain_transition <kernel> //./felicaDT-user task.uid=4002
  264. acl_group 1 task auto_domain_transition <kernel> //./other-user task.gid=4003-9999
  265. acl_group 1 task auto_domain_transition <kernel> //./other-user task.uid=4003-9999
  266. acl_group 1 task auto_domain_transition <kernel> //./app-user task.gid=10000-4294967295
  267. acl_group 1 task auto_domain_transition <kernel> //./app-user task.uid=10000-4294967295
  268.  
  269.  
  270.  
  271. #################################
  272. #### /proc/ccs/domain_policy ####
  273. #################################
  274. <kernel>
  275. use_profile 3
  276.  
  277. file execute /init exec.realpath="/init" exec.argv[0]="/init"
  278. file execute @PER_EXEC_FILE
  279. use_group 0
  280.  
  281. <kernel> //./app-user
  282. use_profile 3
  283.  
  284. file execute @PER_EXEC_FILE task.euid=10000-4294967295 task.egid=10000-4294967295
  285. use_group 0
  286.  
  287. <kernel> //./fclock-user
  288. use_profile 3
  289.  
  290. file execute @PER_EXEC_FILE task.euid=4001 task.egid=4001
  291. file read /dev/felica_cfg
  292. file write /dev/felica_cen
  293. file write /dev/felica_cfg
  294. use_group 0
  295.  
  296. <kernel> //./felica-user
  297. use_profile 3
  298.  
  299. file execute @PER_EXEC_FILE task.euid=4000 task.egid=4000
  300. file read /dev/felica
  301. file read /system/app/MobileFeliCaClient.odex
  302. file write /dev/felica
  303. file write /dev/felica_pon
  304. use_group 0
  305.  
  306. <kernel> //./felicaDT-user
  307. use_profile 3
  308.  
  309. file execute @PER_EXEC_FILE task.euid=4002 task.egid=4002
  310. file read /dev/udlfomf
  311. file read /system/app/felicaDT.apk
  312. file read /system/app/felicaDT.odex
  313. file write /dev/udlfomf
  314. use_group 0
  315.  
  316. <kernel> //./other-user
  317. use_profile 3
  318.  
  319. file execute @PER_EXEC_FILE task.euid=1-999 task.egid=1-999
  320. file execute @PER_EXEC_FILE task.euid=1001-3999 task.egid=1001-3999
  321. file execute @PER_EXEC_FILE task.euid=4003-9999 task.egid=4003-9999
  322. use_group 0
  323.  
  324. <kernel> //./system-user
  325. use_profile 3
  326.  
  327. capability use_kernel_module
  328. file execute @PER_EXEC_FILE task.euid=1000 task.egid=1000
  329. file read /system/app/MobileFeliCaClient.odex
  330. file read /system/app/felicaDT.apk
  331. file read /system/app/felicaDT.odex
  332. file write /dev/felica_rws
  333. use_group 0
  334.  
  335. <kernel> /init
  336. use_profile 3
  337.  
  338. capability use_kernel_module
  339. file execute /sbin/adbd exec.realpath="/sbin/adbd" exec.argv[0]="/sbin/adbd"
  340. file execute /system/bin/app_process exec.realpath="/system/bin/app_process" exec.argv[0]="/system/bin/app_process"
  341. file execute /system/bin/felicamdl exec.realpath="/system/bin/felicamdl" exec.argv[0]="/system/bin/felicamdl"
  342. file execute /system/bin/mid exec.realpath="/system/bin/mid" exec.argv[0]="/system/bin/mid"
  343. file execute /system/bin/rild exec.realpath="/system/bin/rild" exec.argv[0]="/system/bin/rild"
  344. file execute /system/bin/vold exec.realpath="/system/bin/vold" exec.argv[0]="/system/bin/vold"
  345. file execute /system/bin/sh exec.realpath="/system/bin/mksh" exec.argv[0]="/system/bin/sh"
  346. file execute /vendorpa/etc/load.smc.sh exec.realpath="/vendorpa/etc/load.smc.sh" exec.argv[0]="/vendorpa/etc/load.smc.sh"
  347. file execute /system/bin/anpand exec.realpath="/system/bin/anpand" exec.argv[0]="/system/bin/anpand"
  348. file execute /system/bin/installd exec.realpath="/system/bin/installd" exec.argv[0]="/system/bin/installd"
  349. file execute @PER_EXEC_FILE
  350. file mount /dev/block/mmcblk0p13 /system/ ext4 0x1
  351. file mount /dev/block/mmcblk0p14 /log/ ext4 0x6
  352. file mount /dev/block/mmcblk0p15 /log2/ ext4 0x6
  353. file mount /dev/block/mmcblk0p16 /misc4/ ext4 0x6
  354. file mount /dev/block/mmcblk0p17 /ccpu1/ ext4 0x6
  355. file mount /dev/block/mmcblk0p19 /cache/ ext4 0x406
  356. file mount /dev/block/mmcblk0p20 /log3/ ext4 0x6
  357. file mount /dev/block/mmcblk0p22 /fotadelta/ ext4 0x6
  358. file mount /dev/block/mmcblk0p23 /data/ ext4 0x406
  359. file mount /dev/block/mmcblk0p5 /ccpu/ ext4 0x6
  360. file mount /sys/kernel/debug sysfs:/kernel/debug/ debugfs 0x0
  361. file mount devpts /dev/pts/ devpts 0x0
  362. file mount none /acct/ cgroup 0x0
  363. file mount none /dev/cpuctl/ cgroup 0x0
  364. file mount proc /proc/ proc 0x0
  365. file mount rootfs / --remount 0x1
  366. file mount sysfs /sys/ sysfs 0x0
  367. file mount tmpfs /data/ tmpfs 0x406
  368. file mount tmpfs /dev/ tmpfs 0x2
  369. file mount tmpfs /mnt/asec/ tmpfs 0x0
  370. file mount tmpfs /mnt/obb/ tmpfs 0x0
  371. file mount tmpfs /tmp/ tmpfs 0x0
  372. file unmount /data/
  373. file read /dev/block/mmcblk0p10
  374. file read /dev/block/mmcblk0p18
  375. file read /dev/block/mmcblk0p23
  376. file symlink /d symlink.target="/sys/kernel/debug"
  377. file symlink /etc symlink.target="/system/etc"
  378. file symlink /sdcard symlink.target="/mnt/sdcard"
  379. file symlink /vendor symlink.target="/system/vendor"
  380. file write /dev/block/mmcblk0p18
  381. file write /dev/block/mmcblk0p23
  382. use_group 0
  383.  
  384. <kernel> /init /sbin/adbd
  385. use_profile 3
  386.  
  387. file execute /system/bin/sh exec.realpath="/system/bin/mksh" exec.argv[0]="/system/bin/sh" task.euid=2000
  388. file execute @PER_EXEC_FILE task.euid=2000
  389. use_group 0
  390.  
  391. <kernel> /init /sbin/adbd /system/bin/sh
  392. use_profile 3
  393.  
  394. file execute /system/bin/app_process exec.realpath="/system/bin/app_process" exec.argv[0]="/system/bin/app_process" task.euid=2000
  395. file execute @PER_EXEC_FILE task.euid=2000
  396. use_group 0
  397.  
  398. <kernel> /init /system/bin/felicamdl
  399. use_profile 3
  400.  
  401. file execute @PER_EXEC_FILE
  402. file read /dev/felica_interrupt
  403. use_group 0
  404.  
  405. <kernel> /init /system/bin/mid
  406. use_profile 3
  407.  
  408. capability use_kernel_module
  409. file execute /system/bin/sh exec.realpath="/system/bin/mksh" exec.argv[0]="sh"
  410. file execute @PER_EXEC_FILE
  411. use_group 0
  412.  
  413. <kernel> /init /system/bin/mid /system/bin/sh
  414. use_profile 3
  415.  
  416. file execute @PER_EXEC_FILE
  417. use_group 0
  418.  
  419. <kernel> /init /system/bin/rild
  420. use_profile 3
  421.  
  422. file execute @PER_EXEC_FILE
  423. use_group 0
  424.  
  425. <kernel> /init /system/bin/sh
  426. use_profile 3
  427.  
  428. capability use_kernel_module
  429. file execute @PER_EXEC_FILE
  430. use_group 0
  431.  
  432. <kernel> /init /system/bin/vold
  433. use_profile 3
  434.  
  435. file execute @PER_EXEC_FILE
  436. file mount /dev/block/dm-\$ /data/ ext4 0x6
  437. file mount /dev/block/dm-\$ /data/ ext4 0x406
  438. file mount /dev/block/dm-\$ /data/tmp_mnt/ ext4 0x1
  439. file mount /dev/block/dm-\$ /mnt/asec/\*/ vfat 0x87
  440. file mount /dev/block/dm-\$ /mnt/asec/\*/ texfat 0x87
  441. file mount /dev/block/dm-\$ /mnt/asec/\*/ vfat 0x8E
  442. file mount /dev/block/dm-\$ /mnt/asec/\*/ texfat 0x8E
  443. file mount /dev/block/loop\$ /mnt/asec/\*/ --remount 0x87
  444. file mount /dev/block/loop\$ /mnt/obb/\*/ vfat 0x87
  445. file mount /dev/block/loop\$ /mnt/obb/\*/ texfat 0x87
  446. file mount /dev/block/vold/\*:\* /mnt/secure/staging/ vfat 0x8E
  447. file mount /dev/block/vold/\*:\* /mnt/secure/staging/ texfat 0x8E
  448. file mount /mnt/sdcard/ /mnt/secure/staging/ --move 0x0
  449. file mount /mnt/secure/staging/ /mnt/sdcard/ --move 0x0
  450. file mount /mnt/secure/staging/.android_secure/ /mnt/secure/asec/ --bind 0x0
  451. file mount tmpfs /data/ tmpfs 0x406
  452. file mount tmpfs /mnt/secure/staging/.android_secure/ tmpfs 0x1
  453. file unmount /data/
  454. file unmount /data/tmp_mnt/
  455. file unmount /mnt/asec/\*/
  456. file unmount /mnt/obb/\*/
  457. file unmount /mnt/sdcard/
  458. file unmount /mnt/secure/asec/
  459. file unmount /mnt/secure/staging/
  460. file unmount /mnt/secure/staging/.android_secure/
  461. file read /dev/block/mmcblk0p23
  462. file write /dev/block/mmcblk0p23
  463. use_group 0
  464.  
  465. <kernel> /init /vendorpa/etc/load.smc.sh
  466. use_profile 3
  467.  
  468. file execute /smc_pa_ctrl exec.realpath="/smc_pa_ctrl" exec.argv[0]="/smc_pa_ctrl"
  469. file execute /vendorpa/bin/encdec_pa exec.realpath="/vendorpa/bin/encdec_pa" exec.argv[0]="/vendorpa/bin/encdec_pa"
  470. file execute @PER_EXEC_FILE
  471. use_group 0
  472.  
  473. <kernel> /init /vendorpa/etc/load.smc.sh /smc_pa_ctrl
  474. use_profile 3
  475.  
  476. file execute @PER_EXEC_FILE
  477. file read /dev/smc_pa.ift
  478. use_group 0
  479.  
  480. <kernel> /init /vendorpa/etc/load.smc.sh /vendorpa/bin/encdec_pa
  481. use_profile 3
  482.  
  483. file execute @PER_EXEC_FILE
  484. file read /dev/smc_pa.ift
  485. file write /dev/smc_pa.ift
  486. use_group 0
  487.  
  488. <kernel> /init /system/bin/anpand
  489. use_profile 3
  490.  
  491. file execute @PER_EXEC_FILE
  492. file read /dev/mem
  493. file read /dev/block/mmcblk0p10
  494. file read /dev/block/mmcblk0p18
  495. file write /dev/block/mmcblk0p18
  496. file write /dev/mem
  497. use_group 0
  498.  
  499. <kernel> /init /system/bin/installd
  500. use_profile 3
  501.  
  502. file execute @PER_EXEC_FILE
  503. file read /system/app/felicaDT.apk
  504. use_group 0
  505.  
  506. <kernel> /system/bin/app_process
  507. use_profile 3
  508.  
  509. file execute /system/bin/dexopt exec.realpath="/system/bin/dexopt" exec.argv[0]="/system/bin/dexopt"
  510. file execute @PER_EXEC_FILE
  511. use_group 1
  512.  
  513. <kernel> /system/bin/app_process /system/bin/dexopt
  514. use_profile 3
  515.  
  516. file execute @PER_EXEC_FILE
  517. use_group 0
  518.  
  519.  
  520.  
  521. ###########################
  522. #### /proc/ccs/profile ####
  523. ###########################
  524. PROFILE_VERSION=20100903
  525. 0-COMMENT=-----Disabled Mode-----
  526. 0-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  527. 0-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  528. 1-COMMENT=-----Learning Mode-----
  529. 1-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  530. 1-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  531. 1-CONFIG::file::execute={ mode=learning grant_log=no reject_log=yes }
  532. 1-CONFIG::file::open={ mode=learning grant_log=no reject_log=yes }
  533. 1-CONFIG::file::symlink={ mode=learning grant_log=no reject_log=yes }
  534. 1-CONFIG::file::link={ mode=learning grant_log=no reject_log=yes }
  535. 1-CONFIG::file::rename={ mode=learning grant_log=no reject_log=yes }
  536. 1-CONFIG::file::chroot={ mode=learning grant_log=no reject_log=yes }
  537. 1-CONFIG::file::mount={ mode=learning grant_log=no reject_log=yes }
  538. 1-CONFIG::file::unmount={ mode=learning grant_log=no reject_log=yes }
  539. 1-CONFIG::file::pivot_root={ mode=learning grant_log=no reject_log=yes }
  540. 1-CONFIG::capability::use_kernel_module={ mode=learning grant_log=no reject_log=yes }
  541. 2-COMMENT=-----Permissive Mode-----
  542. 2-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  543. 2-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  544. 2-CONFIG::file::execute={ mode=permissive grant_log=no reject_log=yes }
  545. 2-CONFIG::file::open={ mode=permissive grant_log=no reject_log=yes }
  546. 2-CONFIG::file::symlink={ mode=permissive grant_log=no reject_log=yes }
  547. 2-CONFIG::file::link={ mode=permissive grant_log=no reject_log=yes }
  548. 2-CONFIG::file::rename={ mode=permissive grant_log=no reject_log=yes }
  549. 2-CONFIG::file::chroot={ mode=permissive grant_log=no reject_log=yes }
  550. 2-CONFIG::file::mount={ mode=permissive grant_log=no reject_log=yes }
  551. 2-CONFIG::file::unmount={ mode=permissive grant_log=no reject_log=yes }
  552. 2-CONFIG::file::pivot_root={ mode=permissive grant_log=no reject_log=yes }
  553. 2-CONFIG::capability::use_kernel_module={ mode=permissive grant_log=no reject_log=yes }
  554. 3-COMMENT=-----Enforcing Mode-----
  555. 3-PREFERENCE={ max_audit_log=1024 max_learning_entry=2048 enforcing_penalty=0 }
  556. 3-CONFIG={ mode=disabled grant_log=yes reject_log=yes }
  557. 3-CONFIG::file::execute={ mode=enforcing grant_log=no reject_log=yes }
  558. 3-CONFIG::file::open={ mode=enforcing grant_log=no reject_log=yes }
  559. 3-CONFIG::file::symlink={ mode=enforcing grant_log=no reject_log=yes }
  560. 3-CONFIG::file::link={ mode=enforcing grant_log=no reject_log=yes }
  561. 3-CONFIG::file::rename={ mode=enforcing grant_log=no reject_log=yes }
  562. 3-CONFIG::file::chroot={ mode=enforcing grant_log=no reject_log=yes }
  563. 3-CONFIG::file::mount={ mode=enforcing grant_log=no reject_log=yes }
  564. 3-CONFIG::file::unmount={ mode=enforcing grant_log=no reject_log=yes }
  565. 3-CONFIG::file::pivot_root={ mode=enforcing grant_log=no reject_log=yes }
  566. 3-CONFIG::capability::use_kernel_module={ mode=enforcing grant_log=no reject_log=yes }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!