Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_device_mediatek_sepolicy / 867c2d975c01901ba468ef267192a8695ad07164 / . / basic / non_plat / mtk_hal_audio.te
blob: 9faf14be0363a7718f6464368fda17b8c56fec11 [file] [log] [blame]
# ==============================================
# Common SEPolicy Rule
# ==============================================
type mtk_hal_audio, domain;
type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(mtk_hal_audio)
hal_server_domain(mtk_hal_audio, hal_audio)
hal_client_domain(mtk_hal_audio, hal_allocator)
wakelock_use(mtk_hal_audio)
add_hwservice(mtk_hal_audio, mtk_hal_bluetooth_audio_hwservice)
allow mtk_hal_audio ion_device:chr_file r_file_perms;
allow mtk_hal_audio system_file:dir r_dir_perms;
r_dir_file(mtk_hal_audio, proc)
allow mtk_hal_audio audio_device:dir r_dir_perms;
allow mtk_hal_audio audio_device:chr_file rw_file_perms;
# mtk_hal_audio should never execute any executable without
# a domain transition
neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans;
# mtk_hal_audio should never need network access.
# Disallow network sockets apart from TCP sockets.
neverallow mtk_hal_audio domain:{ udp_socket rawip_socket } *;
# Date : WK14.32
# Operation : Migration
# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
allow mtk_hal_audio sdcard_type:dir create_dir_perms;
allow mtk_hal_audio sdcard_type:file create_file_perms;
allow mtk_hal_audio nvram_data_file:dir w_dir_perms;
allow mtk_hal_audio nvram_data_file:file create_file_perms;
allow mtk_hal_audio nvram_data_file:lnk_file r_file_perms;
allow mtk_hal_audio nvdata_file:lnk_file r_file_perms;
allow mtk_hal_audio nvdata_file:dir create_dir_perms;
allow mtk_hal_audio nvdata_file:file create_file_perms;
# Date : WK14.34
# Operation : Migration
# Purpose : nvram access (dumchar case for nand and legacy chip)
allow mtk_hal_audio nvram_device:chr_file rw_file_perms;
allow mtk_hal_audio self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
# Date : WK14.36
# Operation : Migration
# Purpose : media server and bt process communication for A2DP data.and other control flow
allow mtk_hal_audio bt_a2dp_stream_socket:sock_file w_file_perms;
allow mtk_hal_audio bt_int_adp_socket:sock_file w_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : access nvram, otp, ccci cdoec devices.
allow mtk_hal_audio ccci_device:chr_file rw_file_perms;
allow mtk_hal_audio eemcs_device:chr_file rw_file_perms;
allow mtk_hal_audio devmap_device:chr_file r_file_perms;
allow mtk_hal_audio ebc_device:chr_file rw_file_perms;
allow mtk_hal_audio nvram_device:blk_file rw_file_perms;
# Date : WK14.38
# Operation : Migration
# Purpose : FM driver access
allow mtk_hal_audio fm_device:chr_file rw_file_perms;
# Data : WK14.39
# Operation : Migration
# Purpose : dump for debug
set_prop(mtk_hal_audio, vendor_mtk_audiohal_prop)
# Date : WK14.40
# Operation : Migration
# Purpose : HDMI driver access
allow mtk_hal_audio graphics_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : Smartpa
allow mtk_hal_audio smartpa_device:chr_file rw_file_perms;
allow mtk_hal_audio sysfs_rt_param:file rw_file_perms;
allow mtk_hal_audio sysfs_rt_param:dir r_dir_perms;
allow mtk_hal_audio sysfs_rt_calib:file rw_file_perms;
allow mtk_hal_audio sysfs_rt_calib:dir r_dir_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : WFD HID Driver
allow mtk_hal_audio uhid_device:chr_file rw_file_perms;
# Date : WK14.43
# Operation : Migration
# Purpose : VOW
allow mtk_hal_audio vow_device:chr_file rw_file_perms;
# Date: WK14.44
# Operation : Migration
# Purpose : EVDO
allow mtk_hal_audio rpc_socket:sock_file w_file_perms;
allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
allow mtk_hal_audio sysfs_lowmemorykiller:file r_file_perms;
# Data: WK14.45
# Operation : Migration
# Purpose : for change thermal policy when needed
allow mtk_hal_audio proc_mtkcooler:dir search;
allow mtk_hal_audio proc_mtktz:dir search;
allow mtk_hal_audio proc_thermal:dir search;
allow mtk_hal_audio thermal_manager_data_file:file create_file_perms;
allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr };
# for as33970
allow mtk_hal_audio sysfs_reset_dsp:file rw_file_perms;
allow mtk_hal_audio tahiti_device:chr_file rw_file_perms_no_map;
# for smartpa
allow mtk_hal_audio sysfs_chip_vendor:file r_file_perms;
allow mtk_hal_audio sysfs_pa_num:file rw_file_perms;
# Data : WK14.47
# Operation : Audio playback
# Purpose : Music as ringtone
allow mtk_hal_audio radio:dir r_dir_perms;
allow mtk_hal_audio radio:file r_file_perms;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow mtk_hal_audio untrusted_app:dir search;
# Date : WK15.03
# Operation : Migration
# Purpose : offloadservice
allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms;
# Date : WK15.34
# Operation : Migration
# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
allow mtk_hal_audio storage_file:dir search;
allow mtk_hal_audio storage_file:lnk_file rw_file_perms;
allow mtk_hal_audio mnt_user_file:dir rw_dir_perms;
allow mtk_hal_audio mnt_user_file:lnk_file rw_file_perms;
# Date : WK16.17
# Operation : Migration
# Purpose: read/open sysfs node
allow mtk_hal_audio sysfs_ccci:file r_file_perms;
allow mtk_hal_audio sysfs_ccci:dir search;
# Date : WK16.18
# Operation : Migration
# Purpose: research root dir "/"
allow mtk_hal_audio tmpfs:dir search;
# Purpose: Dump debug info
allow mtk_hal_audio kmsg_device:chr_file w_file_perms;
allow mtk_hal_audio fuse:file rw_file_perms;
# Date : WK16.27
# Operation : Migration
# Purpose: tunning tool update parameters
binder_call(mtk_hal_audio, radio)
allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms;
allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms;
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow mtk_hal_audio proc_ged:file rw_file_perms;
# Fix bootup violation
allow mtk_hal_audio fuse:dir r_dir_perms;
# for usb phone call, allow sys_nice
allow mtk_hal_audio self:capability sys_nice;
# Audio Tuning Tool Android O porting
binder_call(mtk_hal_audio, audiocmdservice_atci)
# Add for control PowerHAL
hal_client_domain(mtk_hal_audio, hal_power)
# cm4 smartpa
allow mtk_hal_audio audio_ipi_device:chr_file rw_file_perms;
allow mtk_hal_audio audio_scp_device:chr_file r_file_perms;
# Date : WK18.21
# Operation: P migration
# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
allow mtk_hal_audio mnt_vendor_file:dir search;
# Date: 2019/06/14
# Operation : Migration
allow mtk_hal_audio audioserver:fifo_file w_file_perms;
allow mtk_hal_audio sysfs_boot_mode:file r_file_perms;
allow mtk_hal_audio sysfs_dt_firmware_android:dir search;
# Date : WK18.44
# Operation: adsp
allow mtk_hal_audio adsp_device:file rw_file_perms;
allow mtk_hal_audio adsp_device:chr_file rw_file_perms;
# Date : 2020/3/21
# Operation: audio dptx
allow mtk_hal_audio dri_device:chr_file rw_file_perms;
allow mtk_hal_audio gpu_device:dir search;
# Date : WK20.26
allow mtk_hal_audio sysfs_dt_firmware_android:file r_file_perms;
# Date : 2021/06/15
# Purpose: Allow to change mtk MMQoS scenario
allow mtk_hal_audio sysfs_mtk_mmqos_scen:file w_file_perms;
allow mtk_hal_audio sysfs_mtk_mmqos_scen_v2:file w_file_perms;
# Allow ReadDefaultFstab().
read_fstab(mtk_hal_audio)
# Date : WK21.23
# Operation : Migration
# Purpose : factory mode
allow mtk_hal_audio sysfs_boot_info:file r_file_perms;
# Date : WK21.32
# Operation : Migration
# Purpose: permission for audioserver to use ccci node
allow mtk_hal_audio ccci_aud_device:chr_file rw_file_perms;