| # ============================================== |
| # Policy File of /vendor/bin/meta_tst Executable File |
| |
| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================== |
| |
| # Date : 2016/06/01 |
| # Operation: TEEI integration |
| # Purpose: Microtrust service |
| allow meta_tst init_thh_service_exec:file rx_file_perms; |
| allow meta_tst teei_data_file:dir create_dir_perms; |
| allow meta_tst teei_data_file:file create_file_perms; |
| allow meta_tst teei_client_device:chr_file { create setattr unlink rw_file_perms }; |
| set_prop(meta_tst, vendor_mtk_soter_teei_prop) |
| hal_client_domain(meta_tst, hal_teei_thh) |
| allow meta_tst tee_device:chr_file rw_file_perms; |
| |
| allow meta_tst camera_fdvt_device:chr_file rw_file_perms; |
| allow meta_tst camera_owe_device:chr_file rw_file_perms; |
| allow meta_tst camera_wpe_device:chr_file rw_file_perms; |
| allow meta_tst camera_gepf_device:chr_file rw_file_perms; |
| allow meta_tst camera_rsc_device:chr_file rw_file_perms; |
| allow meta_tst camera_tsf_device:chr_file rw_file_perms; |
| allow meta_tst camera_isp_device:chr_file rw_file_perms; |
| allow meta_tst ccu_device:chr_file rw_file_perms; |
| allow meta_tst vpu_device:chr_file rw_file_perms; |
| |
| # Data: W17.27 |
| # DRM Key Installation HIDL |
| allow meta_tst mtk_hal_keyinstall:binder call; |
| |
| # Date: W17.27 |
| # Purpose : Allow meta_tst to call vendor.mediatek.hardware.keyinstall@1.0-service. |
| hal_client_domain(meta_tst, hal_keymaster) |
| |
| # Date: W17.46 |
| allow meta_tst dm_device:blk_file rw_file_perms; |
| allow meta_tst devpts:chr_file rw_file_perms; |
| allow meta_tst kmsg_device:chr_file w_file_perms; |
| allow meta_tst sysfs_fs_ext4_features:dir search; |
| allow meta_tst sysfs_fs_ext4_features:file read; |
| allow meta_tst vendor_block_device:blk_file getattr; |
| allow meta_tst protect1_block_device:blk_file getattr; |
| allow meta_tst protect2_block_device:blk_file getattr; |
| |
| # Date: W17.48 |
| # Purpose : meta connect with ATCI by socket. |
| set_prop(meta_tst, vendor_mtk_persist_service_atci_prop) |
| allow meta_tst atcid:unix_stream_socket connectto; |
| |
| # Purpose: TrustKernel Service |
| allow meta_tst tkcore_admin_device:chr_file { read write open ioctl }; |
| allow meta_tst sdcardfs:dir create_dir_perms; |
| allow meta_tst sdcardfs:file create_file_perms; |
| |
| # Data: W18.01 |
| #tablet DRM Key Manager HIDL |
| allow meta_tst mtk_hal_keymanage:binder call; |
| |
| # lite version start |
| allow meta_tst init_thh_service_exec:file { execute_no_trans }; |
| # lite version end |
| |
| # Date: W18.32 |
| # Purpose: DRM key install |
| allow meta_tst mobicore_user_device:chr_file rw_file_perms; |
| |
| # Data: W19.18 |
| # Operation: Android Q migration |
| # Purpose : meta set atci property |
| set_prop(meta_tst, vendor_mtk_atci_sys_prop) |
| allow meta_tst adb_atci_socket:sock_file write; |
| |
| # Date: WK20.13 |
| # Operation : Migration |
| # Purpose : HDCP |
| allow meta_tst persist_data_file:dir create_dir_perms; |
| allow meta_tst persist_data_file:file create_file_perms; |
| allow meta_tst mobicore_vendor_file:file lock; |
| allow meta_tst self:capability chown; |
| |
| hal_client_domain(meta_tst, hal_teei_capi) |
| hal_client_domain(meta_tst, hal_allocator) |
| |
| # Date : WK20.51 |
| # Purpose: Allow meta connect to sysfs_pmu |
| allow meta_tst sysfs_pmu:dir search; |
| allow meta_tst sysfs_pmu:file rw_file_perms; |