Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_device_mediatek_sepolicy_vndr / aea32999249081ee90056a652b16a266945c8e2e / . / bsp / non_plat / system_app.te
blob: fdf05f8349e5999bff3fb5dc4e52b9974e446994 [file] [log] [blame]
# ==============================================
# Common SEPolicy Rule
# ==============================================
# Date : 2014/11/19
# Operation: SQC
# Purpose: [Settings][RenderThread][operate device file failed]
# Package: com.android.settings
allow system_app proc_secmem:file rw_file_perms;
# Date: 2014/08/01
# Operation: BaseUT
# Purpose: [Settings][Settings used list views need velocity tracker access touch dev]
# Package: com.android.settings
allow system_app touch_device:chr_file r_file_perms;
# Date: 2014/08/04
# Stage: BaseUT
# Purpose: [MTKThermalManager][View thermal zones and coolers, and change thermal policies]
# Package Name: com.mediatek.mtkthermalmanager
allow system_app apk_private_data_file:dir getattr;
allow system_app asec_image_file:dir getattr;
allow system_app dontpanic_data_file:dir getattr;
allow system_app drm_data_file:dir getattr;
allow system_app install_data_file:file getattr;
allow system_app lost_found_data_file:dir getattr;
allow system_app media_data_file:dir getattr;
allow system_app property_data_file:dir getattr;
allow system_app proc_thermal:dir search;
allow system_app proc_thermal:file rw_file_perms;
allow system_app proc_mtkcooler:dir search;
allow system_app proc_mtkcooler:file rw_file_perms;
allow system_app proc_mtktz:dir search;
allow system_app proc_mtktz:file rw_file_perms;
allow system_app proc_slogger:file rw_file_perms;
# Date : WK17.23
# Stage: Migration, SQC
# Purpose: Allow to use HAL PQ
hal_client_domain(system_app, hal_mtk_pq)
# Date : WK17.29
# Operation : Migration
# Purpose : for device bring up, not to block early SQC
allow system_app debugfs_ion:dir search;
# Date:W17.29
# Operation : presence hal developing
# Purpose : Allow to use HAL presence
hal_client_domain(system_app, hal_presence)
# Date : WK17.31
# Operation : Migration
# Purpose : Carrier express service on BSP
get_prop(system_app, vendor_mtk_volte_prop)
get_prop(system_app, vendor_mtk_wfc_prop)
get_prop(system_app, vendor_mtk_vt_prop)
get_prop(system_app, vendor_mtk_cxp_vendor_prop)
# Date:W17.31
# Operation : rcs hal developing
# Purpose : Allow to use HAL rcs
hal_client_domain(system_app, hal_rcs)
# Date : WK17.29
# Operation : SQC
# Purpose : allow SystemUpdate to access ota_package file
allow system_app ota_package_file:dir { create_dir_perms };
allow system_app ota_package_file:file { create_file_perms };
# Date : WK17.30
# Operation : SQC
# Purpose : allow SystemUpdate to access Update engine
allow system_app update_engine:binder { call transfer };
# Date : WK17.41
# Stage: Migration, IT
# Purpose: allow PermissionControl use mtk_hal_netdagent_hwservice
hal_client_domain(system_app, mtk_hal_netdagent)
# Date: WK17.41
# Operation: SQC
# Purpose: [sysoper][sysoper will create folder /cache/recovery]
# Package: com.mediatek.systemupdate.sysoper
allow system_app cache_file:dir { write search create add_name remove_name };
allow system_app cache_file:file { read write create open getattr unlink };
# Date: 2016/07/05
# Operation: SQC
# Purpose: Add permission to access recovery folder and write command files to recovery for System Update
allow system_app cache_recovery_file:dir { write search add_name remove_name };
allow system_app cache_recovery_file:file { read write create open getattr unlink };
# Date: 2018/05/08
# Operation: Migration
# Purpose : Allow Privacy protection lock to find ppl agent
# Package: com.mediatek.PrivacyProtectionLock
allow system_app mtk_hal_pplagent_hwservice:hwservice_manager find;
allow system_app ppl_agent:binder call;
# Date : WK18.25
# Stage: Migration
# Purpose: allow AtciService to access atcid
hal_client_domain(system_app, hal_mtk_atci)
# Date: 2018/07/30
# Purpose: Allow BackupRestore can read /dev/block/mmcblk1.
# Package Name: com.mediatek.backuprestore
allow system_app block_device:dir search;
# Date: W18.31
# Purpose: Allow system-app to get vendor_mtk_ss_vendor_prop
# Package Name: com.mediatek.engineermode
get_prop(system_app, vendor_mtk_ss_vendor_prop)
# Date: 2018/04/18
# Purpose: Allow to use HIDL and access mtk_hal_neuralnetworks
allow system_app mtk_hal_neuralnetworks:binder { call transfer };
allow system_app debugfs_ion:dir search;
# Date: 2018/10/31
# Operation: Support SubsidyLock
hal_client_domain(system_app, hal_telephony)
binder_call(system_app, rild)
# Date:W18.43
# Operation : clientapi hal developing
# Purpose : Allow to use HAL presence
hal_client_domain(system_app, hal_clientapi)
# Date : 2019/05/09
# Operation: TrustKernel integration
# Purpose: access for client device of TKCore
allow system_app tkcore_admin_device:chr_file rw_file_perms;
# Date: 2019/05/24
# Purpose: System APP can submit KPI to DMC through APM HIDL interface
# Package Name: com.mediatek.apmonitor
hal_client_domain(system_app, hal_mtk_apm)
# Date: 2019/05/24
# Purpose: System APP can check DMC proerpty to submit KPI or not.
# Package Name: com.mediatek.apmonitor
get_prop(system_app, vendor_mtk_dmc_prop)
# Date : 2019/06/27
# Operation : system app need to read vendor_mtk_cta_support_prop property
# Purpose : allow to get mtk_cta_support property
get_prop(system_app, vendor_mtk_cta_support_prop)
# Date : 2019/07/15
# Operation : it
# Purpose : for setting ims nr enable property
get_prop(system_app, vendor_mtk_vonr_prop)
get_prop(system_app, vendor_mtk_vinr_prop)
# Date : 2019/07/08
# Operation : New feature
# Purpose : VoW 2E2K request model update: system APP write and audio HAL read
# Package Name: com.mediatek.voicecommand
allow system_app mtk_audiohal_data_file:dir create_dir_perms;
allow system_app mtk_audiohal_data_file:file create_file_perms;
hal_client_domain(system_app, hal_fingerprint)