Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_device_mediatek_sepolicy_vndr / b924fa405828c07fd36163fbeed0d7d646f0c3d6 / . / bsp / plat_private / system_server.te
blob: 6b9a7a608b10db4ce492b74c00f01aec1eb961fe [file] [log] [blame]
# ==============================================
# Common SEPolicy Rule
# ==============================================
# Date : WK15.30
# Operation : Migration
# Purpose : for device bring up, not to block early migration/sanity
allow system_server aal_service:service_manager find;
# Date : 2017/01/24
# Purpose : Add permission for DRM / DRI GPU driver
allow system_server gas_srv_service:service_manager find;
# Date : 2017/4/14
# Purpose : Add permission for registering MtkTelecomService to ServiceManager
allow system_server mtk_telecom_service:service_manager add;
# Date : 2017/09/15
# Purpose : Add mtk_connmetrics_service for CTA's celluar data control
allow system_server mtk_connmetrics_service:service_manager add;
# Date:W17.20
# Operation : wifioffload hal developing
# Purpose : Allow to use HAL Wfo
hal_client_domain(system_server, hal_mtk_wfo)
# Date : W17.26
# Purpose: Allow to use phoneEx
allow system_server mtk_radio_service:service_manager find;
# Date : 2017/10/09
# Purpose : Record and get permission
allow system_server mtk_permrecords_service:service_manager add;
# Date : W17.36
# Operation : Migration
# Purpose : Allow system_server to add anrmanager
allow system_server mtk_anrmanager_service:service_manager add;
# Date: W17.42
# Operation : Migration
# Purpose : for WFD functionality
set_prop(system_server, system_mtk_media_wfd_prop)
set_prop(system_server, wifi_prop)
# Date:W17.47
# Purpose : Allow to enable/disable log too much
set_prop(system_server, system_mtk_logmuch_prop)
binder_call(system_server, hal_mtk_fm)
# Date: 2018/07/04
# Operation: P migration
# Purpose : allow radio get vzw device type property
get_prop(system_server, system_mtk_persist_vendor_vzw_device_type_prop)
# Date : 2018/07/03
# Stage: Migration
# Purpose: allow system server to get RTT property
get_prop(system_server, system_mtk_rtt_prop)
# Date : W18.27
# Operation : Migration
allow system_server mtk_data_shaping_service:service_manager add;
# Date : W18.28
# Operation : Support telephony log
get_prop(system_server, system_mtk_em_tel_log_prop)
# Date : W18.29
# Operation : For background data disable function
get_prop(system_server, system_mtk_bgdata_disabled_prop)
# Date : W18.24
# Operation : for AMS log
set_prop(system_server, system_mtk_amslog_prop)
# Date : W18.25
# Operation : for AMS-aal
set_prop(system_server, system_mtk_amsaal_prop)
# Date : W18.31
# Purpose : Support Trustonic TeeService
binder_call(system_server, teed_app)
binder_call(system_server, teeregistryd_app)
allow system_server tee_service:service_manager find;
allow system_server teeregistry_service:service_manager find;
# Date : W19.12
# Operation : For DuraSpeed Migration
set_prop(system_server, system_mtk_duraspeed_drop_caches_prop)
# Date : W19.12
# Operation : For DuraSpeed Migration
allow system_server mtk_duraspeed_service:service_manager add;
# Date : 2019/06/03
# Operation : Q Migration split build
# Purpose : allow to get system_mtk_rsc_sys_prop
get_prop(system_server, system_mtk_rsc_sys_prop)
# Date : W19.29
# Operation : Support heavy loading
get_prop(system_server, system_mtk_heavy_loading_prop)
# Date : WK19.29
# Operation : touchll hal
# Purpose : touchll hal permission
hal_client_domain(system_server, hal_mtk_touchll)
# Date: 2020/01/16
# Purpose : Allow system server to read tll dev
allow system_server tll_device:chr_file r_file_perms;
# Date : 2020/03/20
# Operation: R migration
get_prop(system_server, system_mtk_telecom_vibrate_prop)
# Date:2020/03/26
# Operation:Q Migration
allow system_server proc_battery_cmd:dir search;
# Date : 2020/04/14
# Purpose: Allow ConnectivityService to get USB tethering system property for auto test
get_prop(system_server, system_mtk_usb_tethering_prop)
# Date : 2020/05/18
# Operation : R Migration
get_prop(system_server, system_mtk_graphics_sf_gll_ro_prop)
# Date : 2020/05/19
# Purpose : Add mtk_autoboot_service for CTA's autoboot app control
allow system_server mtk_autoboot_service:service_manager add;
# Date : 2020/06/01
# Operation : R Migration
allow system_server sysfs_HDMI_audio_extcon_state:file r_file_perms;
# Date : 2020/07/13
# Purpose : Add permission for AMS access to report Java Layer Exception
allow system_server crash_dump:process { getpgid setsched };
# Date : 2020/07/20
# Purpose : Add permission for AMS access to report Java Layer Exception
allow system_server zygote:process getpgid;
# Date : 2020/07/23
# Purpose : Add permission for AMS access to report Java Layer Exception
allow system_server app_zygote:process getpgid;
# Date:2020/07/27
# Operation:R Migration
allow system_server installd:process signal;
# Date:2020/09/04
# Operation:R Migration, add permission for AMS dump binderinfo when ANR happened in user load
allow system_server binderfs_logs:dir r_dir_perms;
allow system_server binderfs_logs:file r_file_perms;
allow system_server binderfs_logs_proc:dir r_dir_perms;
allow system_server binderfs_logs_proc:file r_file_perms;
# Date:2020/09/24
# Operation:R Migration, add permission for PMS access /data/media
allow system_server media_rw_data_file:dir setattr;
# Date:2020/09/25
# Operation:R Migration, don't audit for PMS access /mnt/media_rw/XXXX-XXXX/Android/obb
dontaudit system_server vfat:dir r_dir_perms;
# Date:2021/11/13
# Operation: Add for DSDA in Telecom, add permission for accessing vendor.radio.dsda.state
get_prop(system_server, system_mtk_common_data_prop)