blob: 8bc8453cdf8bd4ffd178cd40548fcea29cb7bfac [file] [log] [blame]
# ==============================================
# Common SEPolicy Rule
# ==============================================
# Date : WK14.36
# Operation : Migration
# Purpose : VDEC/VENC device node
allow mediacodec Vcodec_device:chr_file rw_file_perms;
# Date : WK16.21
# Operation : Migration
# Purpose : VP & VR dump and debug
allow mediacodec M4U_device_device:chr_file rw_file_perms;
allow mediacodec MTK_SMI_device:chr_file r_file_perms;
allow mediacodec storage_file:lnk_file rw_file_perms;
allow mediacodec tmpfs:dir search;
allow mediacodec mnt_user_file:dir rw_dir_perms;
allow mediacodec mnt_user_file:lnk_file rw_file_perms;
allow mediacodec sdcard_type:dir rw_dir_perms;
allow mediacodec sdcard_type:file create_file_perms;
allow mediacodec nvram_data_file:dir w_dir_perms;
allow mediacodec nvram_data_file:file create_file_perms;
allow mediacodec nvram_data_file:lnk_file r_file_perms;
allow mediacodec nvdata_file:lnk_file r_file_perms;
allow mediacodec nvdata_file:dir w_dir_perms;
allow mediacodec nvdata_file:file create_file_perms;
allow mediacodec devmap_device:chr_file r_file_perms;
allow mediacodec proc_meminfo:file r_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : for SW codec VP/VR
allow mediacodec mtk_sched_device:chr_file rw_file_perms;
# Data : WK14.39
# Operation : Migration
# Purpose : HW encrypt SW codec
allow mediacodec mediacodec_data_file:file create_file_perms;
allow mediacodec mediacodec_data_file:dir create_dir_perms;
allow mediacodec sec_device:chr_file r_file_perms;
# Data: WK14.44
# Operation : Migration
# Purpose : VP
allow mediacodec surfaceflinger:file getattr;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
allow mediacodec sysfs_lowmemorykiller:file r_file_perms;
# Data: WK14.45
# Operation : Migration
# Purpose : for change thermal policy when needed
allow mediacodec proc_mtkcooler:dir search;
allow mediacodec proc_mtkcooler:file rw_file_perms;
allow mediacodec proc_mtktz:dir search;
allow mediacodec proc_mtktz:file rw_file_perms;
allow mediacodec proc_thermal:dir search;
allow mediacodec proc_thermal:file rw_file_perms;
allow mediacodec thermal_manager_data_file:file create_file_perms;
allow mediacodec thermal_manager_data_file:dir { rw_dir_perms setattr };
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow mediacodec untrusted_app:dir search;
# Date : WK14.39
# Operation : Migration
# Purpose : MJC Driver
allow mediacodec MJC_device:chr_file rw_file_perms;
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow mediacodec proc_ged:file rw_file_perms;
allowxperm mediacodec proc_ged:file ioctl { proc_ged_ioctls };
# Data : WK16.42
# Operator: Whitney bring up
# Purpose: call surfaceflinger due to powervr
allow mediacodec surfaceflinger:fifo_file rw_file_perms;
# Date: WK16.43
# Operator: Whitney SQC
# Purpose: mediacodec use gpu
allow mediacodec gpu_device:dir search;
# Date : W18.01
# Add for turn on SElinux in enforcing mode
allow mediacodec vndbinder_device:chr_file rw_file_perms;
vndbinder_use(mediacodec)
# Date : WK1721
# Purpose: For FULL TREBLE
allow mediacodec system_file:dir r_dir_perms;
allow mediacodec debugfs_ion:dir search;
# Date : WK17.30
# Operation : O Migration
# Purpose: Allow mediacodec to access cmdq driver
allow mediacodec mtk_cmdq_device:chr_file r_file_perms;
allow mediacodec mtk_mdp_device:chr_file r_file_perms;
allow mediacodec mtk_mdp_sync_device:chr_file r_file_perms;
allow mediacodec sw_sync_device:chr_file r_file_perms;
# Date : WK17.30
# Purpose : For Power Hal
hal_client_domain(mediacodec, hal_power)
# Date : WK17.12
# Operation : MT6799 SQC
# Purpose : Change thermal config
set_prop(mediacodec, vendor_mtk_thermal_config_prop)
# Date : WK17.43
# Operation : Migration
# Purpose : DISP access
allow mediacodec graphics_device:chr_file r_file_perms;
allow mediacodec graphics_device:dir search;
# Date : WK19.27
# Purpose: Android Migration for SVP
allow mediacodec proc_m4u:file r_file_perms;
allowxperm mediacodec proc_m4u:file ioctl {
MTK_M4U_T_SEC_INIT
MTK_M4U_T_CONFIG_PORT
MTK_M4U_T_CACHE_SYNC
MTK_M4U_T_CONFIG_PORT_ARRAY
};
# Date : 2019/12/12
# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/*
allow mediacodec sysfs_concurrency_scenario:file rw_file_perms;
allow mediacodec sysfs_concurrency_scenario:dir search;
# Date : 2020/07/10
# Purpose : allow media sources to access /sys/bus/platform/drivers/emi_ctrl/*
allow mediacodec sysfs_emi_ctrl_concurrency_scenario:file rw_file_perms;
allow mediacodec sysfs_emi_ctrl_concurrency_scenario:dir search;
# Date : WK20.16
# # Operation: SQC
# # Purpose : Allow medicodec to control video mode property
set_prop(mediacodec, vendor_mtk_video_prop)
get_prop(mediacodec, vendor_mtk_crossmount_prop)
get_prop(mediacodec, vendor_mtk_deinterlace_prop)
get_prop(mediacodec, vendor_mtk_omx_core_prop)
hal_client_domain(mediacodec, hal_mtkcodecservice)
allow mediacodec sysfs_boot_mode:file r_file_perms;