| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================== |
| |
| # Data : WK16.25 |
| # Operation : Camera display client |
| # Purpose : for SVP secure memory allocation |
| allow mediacodec proc_secmem:file rw_file_perms; |
| |
| # Date : WK16.25 |
| # Operation : WVL1 IT |
| # Purpose : SVP module operates secmem driver |
| allow mediacodec mobicore_data_file:file { read open getattr}; |
| allow mediacodec mobicore_user_device:chr_file rw_file_perms; |
| allow mediacodec mobicore:unix_stream_socket connectto; |
| allow mediacodec mobicore_data_file:dir search; |
| allow mediacodec persist_data_file:file { read getattr open }; |
| allow mediacodec persist_data_file:dir search; |
| |
| # Date : WK16.28 |
| # Operation : video codec driver |
| # Purpose : for performance profiling and timing issue tracking during video playback |
| |
| # Date : WK16.29 |
| # Operation : Migration |
| # Purpose : Add permission for gpu access |
| allow mediacodec dri_device:chr_file rw_file_perms; |
| |
| # Date : WK16.50 |
| # Operation : video codec driver |
| # Purpose : Add permission for thermal function access |
| allow mediacodec proc_mtktz:dir search; |
| allow mediacodec proc_mtktz:file r_file_perms; |
| |
| # Date : WK17.23 |
| # Stage: O Migration, SQC |
| # Purpose: Allow to use HAL PQ |
| hal_client_domain(mediacodec, hal_mtk_pq) |
| |
| # Date : WK17.23 |
| # Stage: O Migration, SQC |
| # Purpose: Allow to use shared memory for HAL PQ |
| hal_client_domain(mediacodec, hal_allocator) |
| |
| # Date : WK17.31 |
| # Stage: O Migration, SQC |
| # Purpose: Allow to use ape decoder |
| hal_client_domain(mediacodec, hal_mtk_codecservice) |
| |
| # Date : WK18.46 |
| # Operation : WVL1 IT for TEEI |
| # Purpose : SVP module operates TEEI |
| hal_client_domain(mediacodec, hal_teei_capi) |
| allow mediacodec teei_client_device:chr_file rw_file_perms; |
| |
| # Date : WK19.44 |
| # Purpose: Android Migration for D2+ Encoder |
| allow mediacodec proc_chip:dir r_dir_perms; |
| allow mediacodec proc_chip:file r_file_perms; |
| |
| # Date : WK19.45 |
| # Operation : WFD |
| # Purpose : Allow set property to notify HWC secure venc enabled |
| set_prop(mediacodec, vendor_mtk_secure_venc_prop) |
| |
| # Date : WK20.22 |
| # Operation : VDEC debug |
| # Purpose : allow vdec can dump file to storage |
| allow mediacodec vcodec_file:dir create_dir_perms; |
| allow mediacodec vcodec_file:file create_file_perms; |
| |
| # Date : WK20.40 |
| # Operation : WFD |
| # Purpose : Allow set property to notify HWC wfd enabled |
| set_prop(mediacodec, vendor_mtk_wfd_enable_prop) |
| |
| #allow get mtk_sec_video_path_support |
| get_prop(mediacodec, vendor_mtk_sec_video_path_support_prop) |