| # ============================================== |
| # Policy File of /system/bin/vtservice Executable File |
| |
| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================== |
| |
| # Date : WK15.33 |
| # Purpose : Add vtservice to support video telephony functionality |
| # 3G VT/ViLTE both use this service which will also communication with IMCB/Rild |
| allow vtservice sdcard_type:dir search; |
| allow vtservice sdcard_type:file { read write open }; |
| allow vtservice radio_service:service_manager find; |
| allow vtservice mediaserver_service:service_manager find; |
| allow vtservice power_service:service_manager find; |
| allow vtservice batterystats_service:service_manager find; |
| |
| # Date : 2015/08/13 |
| # Purpose : for access ccci device |
| allow vtservice ccci_device:chr_file { read write open ioctl }; |
| |
| # Purpose : VDEC/VENC device node |
| allow vtservice Vcodec_device:chr_file { read write ioctl open }; |
| |
| # Date: 2016/06/27 |
| # This part is for both 3G VT/ViLTE |
| # Purpose: add in N migration for access audioflinger etc. |
| allow vtservice audioserver_service:service_manager find; |
| allow vtservice mnt_user_file:dir search; |
| allow vtservice surfaceflinger:binder call; |
| |
| # Date: 2016/06/30 |
| # This part is for both 3G VT/ViLTE |
| # Purpose: add in N migration for access SDcard etc. |
| allow vtservice audioserver:binder call; |
| allow vtservice mnt_user_file:lnk_file read; |
| |
| # Date: 2016/07/01 |
| # This part is for both 3G VT/ViLTE |
| # Purpose: add in N migration for write SDcard etc. |
| allow vtservice media_rw_data_file:dir create_dir_perms; |
| allow vtservice media_rw_data_file:file { write create open }; |
| |
| # Date: 2016/07/26 |
| # Purpose: add for cleanup thread's AF_UNIX socket |
| allow vtservice proc_ged:file r_file_perms; |
| allowxperm vtservice proc_ged:file ioctl { proc_ged_ioctls }; |
| |
| # for debug dump data |
| allow vtservice storage_file:lnk_file read; |
| allow vtservice devmap_device:chr_file read; |
| |
| allow vtservice devmap_device:chr_file open; |
| allow vtservice devmap_device:chr_file ioctl; |
| |
| # for using surfaceflinger |
| allow vtservice surfaceflinger_service:service_manager find; |
| |
| # for using camera |
| allow vtservice cameraserver_service:service_manager find; |
| allow vtservice cameraserver:binder call; |
| allow vtservice cameraserver:fd use; |
| |
| # Change VTS uid to media |
| allow vtservice mediacodec:binder call; |
| allow vtservice qtaguid_device:chr_file r_file_perms; |
| allow vtservice priv_app:binder call; |
| |
| # For loopback mode |
| allow vtservice self:capability net_admin; |
| |
| # For vendro GPU |
| allow vtservice gpu_device:dir search; |
| allow vtservice dri_device:chr_file { open read write ioctl getattr}; |
| allow vtservice gpu_device:chr_file rw_file_perms; |
| |
| # Date : WK17.23 |
| # Stage: O Migration, SQC |
| # Purpose: Allow to use HAL PQ |
| hal_client_domain(vtservice, hal_mtk_pq) |
| |
| # Date : WK17.23 |
| # Stage: O Migration, SQC |
| # Purpose: Allow to use shared memory for HAL PQ |
| hal_client_domain(vtservice, hal_allocator) |
| |
| # 2017/07/ |
| # HiDL porting |
| allow vtservice hwservicemanager:binder call; |
| allow vtservice system_file:dir read; |
| allow vtservice system_file:dir open; |
| |
| # give permission for hal client |
| allow vtservice mtk_hal_videotelephony_hwservice:hwservice_manager find; |
| |
| # Date : 2017/08/14 |
| # Operation : VT development |
| # Purpose : Add vtservice to support video telephony functionality |
| # 3G VT/ViLTE both use this service which will also communication with IMCB/Rild |
| allow vtservice soc_vt_svc_socket:sock_file write; |
| allow vtservice soc_vt_tcv_socket:sock_file write; |
| allow vtservice rild_oem_socket:sock_file write; |
| allow vtservice platform_app:binder call; |
| allow vtservice system_server:binder call; |
| allow vtservice sdcard_type:dir write; |
| allow vtservice sdcard_type:dir add_name; |
| allow vtservice sdcard_type:dir create; |
| allow vtservice sdcard_type:file create; |
| allow vtservice sdcard_type:file getattr; |
| allow vtservice surfaceflinger:fd use; |
| allow vtservice tmpfs:lnk_file read; |
| allow vtservice radio:binder call; |
| |
| # for codec acces dev/ion |
| allow vtservice ion_device:chr_file { open read }; |
| |
| # for MA socket rebind |
| hal_client_domain(vtservice, hal_omx) |
| allow vtservice mediametrics_service:service_manager find; |
| allow vtservice mediametrics:binder call; |
| |
| allow vtservice self:udp_socket create_socket_perms_no_ioctl; |
| allow vtservice node:udp_socket node_bind; |
| |
| allow vtservice debugfs_ion:dir search; |
| allow vtservice fwmarkd_socket:sock_file write; |
| allow vtservice hal_graphics_allocator_default:binder call; |
| allow vtservice hal_graphics_allocator_default:fd use; |
| hal_client_domain(vtservice, hal_graphics_allocator); |
| allow vtservice hal_graphics_mapper_hwservice:hwservice_manager find; |
| allow vtservice netd:unix_stream_socket connectto; |
| allow vtservice ion_device:chr_file ioctl; |
| allow vtservice MTK_SMI_device:chr_file { read write ioctl open }; |
| allow vtservice mtk_cmdq_device:chr_file r_file_perms; |
| allow vtservice mtk_mdp_device:chr_file r_file_perms; |
| allow vtservice mtk_mdp_sync_device:chr_file r_file_perms; |
| allow vtservice merged_hal_service:fd use; |
| allow vtservice merged_hal_service:binder call; |
| |
| # Date : WK17.43 |
| # Operation : Migration |
| # Purpose : DISP access |
| allow vtservice graphics_device:chr_file { ioctl open read }; |
| allow vtservice graphics_device:dir search; |
| |
| # Date : WK18.10 |
| # Operation : SQC |
| # Purpose : Allow perfmgr FPSGO access |
| allow vtservice proc_perfmgr:dir {read search}; |
| allow vtservice proc_perfmgr:file r_file_perms; |
| allowxperm vtservice proc_perfmgr:file ioctl { |
| PERFMGR_FPSGO_QUEUE |
| PERFMGR_FPSGO_DEQUEUE |
| PERFMGR_FPSGO_QUEUE_CONNECT |
| PERFMGR_FPSGO_BQID |
| }; |
| |
| # Date: 2018/07/19 |
| # Operation: P Migration |
| get_prop(vtservice, vendor_mtk_vendor_vt_prop) |
| |
| # Date: 2018/08/24 |
| # Operation: add mdp |
| hal_client_domain(vtservice, hal_mtk_mms) |
| allow vtservice cameraserver:dir search; |
| allow vtservice cameraserver:file { getattr open read }; |
| allow vtservice proc_uptime:file read; |
| |
| # Date: 2018/11/07 |
| # Operation: gen97 |
| allow vtservice port:udp_socket name_bind; |
| allow vtservice self:capability net_raw; |
| |
| # Date: 2019/08/29 |
| # Operation: support c2 sw codec |
| hal_client_domain(vtservice, hal_codec2) |
| |
| # Date: 2021/05/29 |
| # Operation: VT c2 for dmabuf heap |
| allow vtservice dmabuf_system_heap_device:chr_file r_file_perms; |
| |