| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================== |
| type mtk_hal_audio, domain; |
| |
| type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type; |
| init_daemon_domain(mtk_hal_audio) |
| |
| hal_server_domain(mtk_hal_audio, hal_audio) |
| hal_client_domain(mtk_hal_audio, hal_allocator) |
| |
| wakelock_use(mtk_hal_audio) |
| |
| add_hwservice(mtk_hal_audio, mtk_hal_bluetooth_audio_hwservice) |
| allow mtk_hal_audio ion_device:chr_file r_file_perms; |
| |
| allow mtk_hal_audio system_file:dir r_dir_perms; |
| |
| r_dir_file(mtk_hal_audio, proc) |
| allow mtk_hal_audio audio_device:dir r_dir_perms; |
| allow mtk_hal_audio audio_device:chr_file rw_file_perms; |
| |
| # mtk_hal_audio should never execute any executable without |
| # a domain transition |
| neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans; |
| |
| # mtk_hal_audio should never need network access. |
| # Disallow network sockets apart from TCP sockets. |
| neverallow mtk_hal_audio domain:{ udp_socket rawip_socket } *; |
| |
| # Date : WK14.32 |
| # Operation : Migration |
| # Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. |
| allow mtk_hal_audio sdcard_type:dir create_dir_perms; |
| allow mtk_hal_audio sdcard_type:file create_file_perms; |
| allow mtk_hal_audio nvram_data_file:dir w_dir_perms; |
| allow mtk_hal_audio nvram_data_file:file create_file_perms; |
| allow mtk_hal_audio nvram_data_file:lnk_file r_file_perms; |
| allow mtk_hal_audio nvdata_file:lnk_file r_file_perms; |
| allow mtk_hal_audio nvdata_file:dir create_dir_perms; |
| allow mtk_hal_audio nvdata_file:file create_file_perms; |
| |
| # Date : WK14.34 |
| # Operation : Migration |
| # Purpose : nvram access (dumchar case for nand and legacy chip) |
| allow mtk_hal_audio nvram_device:chr_file rw_file_perms; |
| allow mtk_hal_audio self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; |
| |
| # Date : WK14.36 |
| # Operation : Migration |
| # Purpose : media server and bt process communication for A2DP data.and other control flow |
| allow mtk_hal_audio bt_a2dp_stream_socket:sock_file w_file_perms; |
| allow mtk_hal_audio bt_int_adp_socket:sock_file w_file_perms; |
| |
| # Date : WK14.36 |
| # Operation : Migration |
| # Purpose : access nvram, otp, ccci cdoec devices. |
| allow mtk_hal_audio ccci_device:chr_file rw_file_perms; |
| allow mtk_hal_audio eemcs_device:chr_file rw_file_perms; |
| allow mtk_hal_audio devmap_device:chr_file r_file_perms; |
| allow mtk_hal_audio ebc_device:chr_file rw_file_perms; |
| allow mtk_hal_audio nvram_device:blk_file rw_file_perms; |
| |
| # Date : WK14.38 |
| # Operation : Migration |
| # Purpose : FM driver access |
| allow mtk_hal_audio fm_device:chr_file rw_file_perms; |
| |
| # Data : WK14.39 |
| # Operation : Migration |
| # Purpose : dump for debug |
| set_prop(mtk_hal_audio, vendor_mtk_audiohal_prop) |
| |
| # Date : WK14.40 |
| # Operation : Migration |
| # Purpose : HDMI driver access |
| allow mtk_hal_audio graphics_device:chr_file rw_file_perms; |
| |
| # Date : WK14.40 |
| # Operation : Migration |
| # Purpose : Smartpa |
| allow mtk_hal_audio smartpa_device:chr_file rw_file_perms; |
| allow mtk_hal_audio sysfs_rt_param:file rw_file_perms; |
| allow mtk_hal_audio sysfs_rt_param:dir r_dir_perms; |
| allow mtk_hal_audio sysfs_rt_calib:file rw_file_perms; |
| allow mtk_hal_audio sysfs_rt_calib:dir r_dir_perms; |
| |
| # Date : WK14.41 |
| # Operation : Migration |
| # Purpose : WFD HID Driver |
| allow mtk_hal_audio uhid_device:chr_file rw_file_perms; |
| |
| # Date : WK14.43 |
| # Operation : Migration |
| # Purpose : VOW |
| allow mtk_hal_audio vow_device:chr_file rw_file_perms; |
| |
| # Date: WK14.44 |
| # Operation : Migration |
| # Purpose : EVDO |
| allow mtk_hal_audio rpc_socket:sock_file w_file_perms; |
| allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms; |
| |
| # Data: WK14.44 |
| # Operation : Migration |
| # Purpose : for low SD card latency issue |
| allow mtk_hal_audio sysfs_lowmemorykiller:file r_file_perms; |
| |
| # Data: WK14.45 |
| # Operation : Migration |
| # Purpose : for change thermal policy when needed |
| allow mtk_hal_audio proc_mtkcooler:dir search; |
| allow mtk_hal_audio proc_mtktz:dir search; |
| allow mtk_hal_audio proc_thermal:dir search; |
| allow mtk_hal_audio thermal_manager_data_file:file create_file_perms; |
| allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr }; |
| |
| # for as33970 |
| allow mtk_hal_audio sysfs_reset_dsp:file rw_file_perms; |
| allow mtk_hal_audio tahiti_device:chr_file rw_file_perms_no_map; |
| # for smartpa |
| allow mtk_hal_audio sysfs_chip_vendor:file r_file_perms; |
| allow mtk_hal_audio sysfs_pa_num:file rw_file_perms; |
| |
| # Data : WK14.47 |
| # Operation : Audio playback |
| # Purpose : Music as ringtone |
| allow mtk_hal_audio radio:dir r_dir_perms; |
| allow mtk_hal_audio radio:file r_file_perms; |
| |
| # Data : WK14.47 |
| # Operation : CTS |
| # Purpose : cts search strange app |
| allow mtk_hal_audio untrusted_app:dir search; |
| |
| # Date : WK15.03 |
| # Operation : Migration |
| # Purpose : offloadservice |
| allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms; |
| |
| # Date : WK15.34 |
| # Operation : Migration |
| # Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump |
| allow mtk_hal_audio storage_file:dir search; |
| allow mtk_hal_audio storage_file:lnk_file rw_file_perms; |
| allow mtk_hal_audio mnt_user_file:dir rw_dir_perms; |
| allow mtk_hal_audio mnt_user_file:lnk_file rw_file_perms; |
| |
| # Date : WK16.17 |
| # Operation : Migration |
| # Purpose: read/open sysfs node |
| allow mtk_hal_audio sysfs_ccci:file r_file_perms; |
| allow mtk_hal_audio sysfs_ccci:dir search; |
| |
| # Date : WK16.18 |
| # Operation : Migration |
| # Purpose: research root dir "/" |
| allow mtk_hal_audio tmpfs:dir search; |
| |
| # Purpose: Dump debug info |
| allow mtk_hal_audio kmsg_device:chr_file w_file_perms; |
| allow mtk_hal_audio fuse:file rw_file_perms; |
| |
| # Date : WK16.27 |
| # Operation : Migration |
| # Purpose: tunning tool update parameters |
| binder_call(mtk_hal_audio, radio) |
| allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms; |
| allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms; |
| # Date : WK16.33 |
| # Purpose: Allow to access ged for gralloc_extra functions |
| allow mtk_hal_audio proc_ged:file rw_file_perms; |
| |
| # Fix bootup violation |
| allow mtk_hal_audio fuse:dir r_dir_perms; |
| |
| # for usb phone call, allow sys_nice |
| allow mtk_hal_audio self:capability sys_nice; |
| |
| # Date : W17.29 |
| # Boot for opening trace file: Permission denied (13) |
| allow mtk_hal_audio debugfs_tracing:file w_file_perms; |
| |
| # Audio Tuning Tool Android O porting |
| binder_call(mtk_hal_audio, audiocmdservice_atci) |
| |
| # Add for control PowerHAL |
| hal_client_domain(mtk_hal_audio, hal_power) |
| |
| # cm4 smartpa |
| allow mtk_hal_audio audio_ipi_device:chr_file rw_file_perms; |
| allow mtk_hal_audio audio_scp_device:chr_file r_file_perms; |
| |
| # Date : WK18.21 |
| # Operation: P migration |
| # Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() |
| allow mtk_hal_audio mnt_vendor_file:dir search; |
| |
| # Date: 2019/06/14 |
| # Operation : Migration |
| allow mtk_hal_audio audioserver:fifo_file w_file_perms; |
| allow mtk_hal_audio sysfs_boot_mode:file r_file_perms; |
| allow mtk_hal_audio sysfs_dt_firmware_android:dir search; |
| |
| # Date : WK18.44 |
| # Operation: adsp |
| allow mtk_hal_audio adsp_device:file rw_file_perms; |
| allow mtk_hal_audio adsp_device:chr_file rw_file_perms; |
| |
| # Date : 2020/3/21 |
| # Operation: audio dptx |
| allow mtk_hal_audio dri_device:chr_file rw_file_perms; |
| allow mtk_hal_audio gpu_device:dir search; |
| |
| # Date : WK20.26 |
| allow mtk_hal_audio sysfs_dt_firmware_android:file r_file_perms; |
| |
| # Date : WK20.36 |
| # Operation : Migration |
| # Purpose : AAudio HAL |
| allow mtk_hal_audio debugfs_ion:dir search; |
| |
| # Date : 2021/06/15 |
| # Purpose: Allow to change mtk MMQoS scenario |
| allow mtk_hal_audio sysfs_mtk_mmqos_scen:file w_file_perms; |
| allow mtk_hal_audio sysfs_mtk_mmqos_scen_v2:file w_file_perms; |
| |
| # Allow ReadDefaultFstab(). |
| read_fstab(mtk_hal_audio) |
| |
| # Date : WK21.23 |
| # Operation : Migration |
| # Purpose : factory mode |
| allow mtk_hal_audio sysfs_boot_info:file r_file_perms; |
| |
| # Date : WK21.32 |
| # Operation : Migration |
| # Purpose: permission for audioserver to use ccci node |
| allow mtk_hal_audio ccci_aud_device:chr_file rw_file_perms; |