blob: 7a770c717acd9effc298a5dfe49d0e4ac58551f5 [file] [log] [blame]
# ==============================================
# Common SEPolicy Rule
# ==============================================
# Date : WK14.31
# Operation : Migration
# Purpose : camera devices access.
allow mediaserver camera_isp_device:chr_file rw_file_perms;
allow mediaserver ccu_device:chr_file rw_file_perms;
allow mediaserver vpu_device:chr_file rw_file_perms;
allow mediaserver mdla_device:chr_file rw_file_perms;
allow mediaserver apusys_device:chr_file rw_file_perms;
allow mediaserver sysfs_apusys_queue:dir r_dir_perms;
allow mediaserver sysfs_apusys_queue:file r_file_perms;
allow mediaserver kd_camera_hw_device:chr_file rw_file_perms;
allow mediaserver seninf_device:chr_file rw_file_perms;
allow mediaserver self:capability { setuid ipc_lock sys_nice net_admin };
allow mediaserver sysfs_wake_lock:file rw_file_perms;
allow mediaserver MTK_SMI_device:chr_file r_file_perms;
allow mediaserver camera_pipemgr_device:chr_file r_file_perms;
allow mediaserver kd_camera_flashlight_device:chr_file rw_file_perms;
allow mediaserver lens_device:chr_file rw_file_perms;
# Date : WK14.32
# Operation : Migration
# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
allow mediaserver sdcard_type:dir create_dir_perms;
allow mediaserver sdcard_type:file create_file_perms;
allow mediaserver nvram_data_file:lnk_file read;
allow mediaserver nvdata_file:lnk_file read;
# Date : WK14.34
# Operation : Migration
# Purpose : nvram access (dumchar case for nand and legacy chip)
allow mediaserver nvram_device:chr_file rw_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : media server and bt process communication for A2DP data.and other control flow
allow mediaserver bluetooth:unix_dgram_socket sendto;
allow mediaserver bt_a2dp_stream_socket:sock_file write;
allow mediaserver bt_int_adp_socket:sock_file write;
# Date : WK14.37
# Operation : Migration
# Purpose : camera ioctl
allow mediaserver camera_sysram_device:chr_file r_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : VDEC/VENC device node
allow mediaserver Vcodec_device:chr_file rw_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : access nvram, otp, ccci cdoec devices.
allow mediaserver ccci_device:chr_file rw_file_perms;
allow mediaserver eemcs_device:chr_file rw_file_perms;
allow mediaserver devmap_device:chr_file r_file_perms;
allow mediaserver ebc_device:chr_file rw_file_perms;
allow mediaserver nvram_device:blk_file rw_file_perms;
allow mediaserver bootdevice_block_device:blk_file rw_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : for SW codec VP/VR
allow mediaserver mtk_sched_device:chr_file rw_file_perms;
# Date : WK14.38
# Operation : Migration
# Purpose : FM driver access
allow mediaserver fm_device:chr_file rw_file_perms;
# Data : WK14.38
# Operation : Migration
# Purpose : for VP/VR
allow mediaserver FM50AF_device:chr_file rw_file_perms;
allow mediaserver AD5820AF_device:chr_file rw_file_perms;
allow mediaserver DW9714AF_device:chr_file rw_file_perms;
allow mediaserver DW9814AF_device:chr_file rw_file_perms;
allow mediaserver AK7345AF_device:chr_file rw_file_perms;
allow mediaserver DW9714A_device:chr_file rw_file_perms;
allow mediaserver LC898122AF_device:chr_file rw_file_perms;
allow mediaserver LC898212AF_device:chr_file rw_file_perms;
allow mediaserver BU6429AF_device:chr_file rw_file_perms;
allow mediaserver DW9718AF_device:chr_file rw_file_perms;
allow mediaserver BU64745GWZAF_device:chr_file rw_file_perms;
allow mediaserver MAINAF_device:chr_file rw_file_perms;
allow mediaserver MAIN2AF_device:chr_file rw_file_perms;
allow mediaserver MAIN3AF_device:chr_file rw_file_perms;
allow mediaserver MAIN4AF_device:chr_file rw_file_perms;
allow mediaserver SUBAF_device:chr_file rw_file_perms;
allow mediaserver SUB2AF_device:chr_file rw_file_perms;
# Data : WK14.38
# Operation : Migration
# Purpose : for boot animation.
binder_call(mediaserver, bootanim)
binder_call(mediaserver, mtkbootanimation)
# Date : WK14.39
# Operation : Migration
# Purpose : FDVT Driver
allow mediaserver camera_fdvt_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : HDMI driver access
allow mediaserver graphics_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : Smartpa
allow mediaserver smartpa_device:chr_file rw_file_perms;
# Data : WK14.40
# Operation : Migration
# Purpose : permit 'call' by audio tunning tool audiocmdservice_atci
binder_call(mediaserver, audiocmdservice_atci)
# Date : WK14.40
# Operation : Migration
# Purpose : mtk_jpeg
allow mediaserver mtk_jpeg_device:chr_file r_file_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : WFD HID Driver
allow mediaserver uhid_device:chr_file rw_file_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : Camera EEPROM Calibration
allow mediaserver CAM_CAL_DRV_device:chr_file rw_file_perms;
allow mediaserver CAM_CAL_DRV1_device:chr_file rw_file_perms;
allow mediaserver CAM_CAL_DRV2_device:chr_file rw_file_perms;
allow mediaserver camera_eeprom_device:chr_file rw_file_perms;
allow mediaserver seninf_n3d_device:chr_file rw_file_perms;
# Date : WK14.43
# Operation : Migration
# Purpose : VOW
allow mediaserver vow_device:chr_file rw_file_perms;
# Date: WK14.44
# Operation : Migration
# Purpose : EVDO
allow mediaserver rpc_socket:sock_file write;
allow mediaserver ttySDIO_device:chr_file rw_file_perms;
# Data: WK14.44
# Operation : Migration
# Purpose : VP
allow mediaserver surfaceflinger:file getattr;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
allow mediaserver sysfs_lowmemorykiller:file r_file_perms;
# Data: WK14.45
# Operation : Migration
# Purpose : for change thermal policy when needed
allow mediaserver proc_mtkcooler:dir search;
allow mediaserver proc_mtktz:dir search;
allow mediaserver proc_thermal:dir search;
# Date : WK14.46
# Operation : Migration
# Purpose : for MTK Emulator HW GPU
allow mediaserver qemu_pipe_device:chr_file rw_file_perms;
# Date : WK14.46
# Operation : Migration
# Purpose : for camera init
allow mediaserver system_server:unix_stream_socket rw_socket_perms_no_ioctl;
# Data : WK14.46
# Operation : Migration
# Purpose : for SMS app
allow mediaserver radio_data_file:dir search;
allow mediaserver radio_data_file:file open;
# Data : WK14.47
# Operation : Audio playback
# Purpose : Music as ringtone
allow mediaserver radio:dir r_dir_perms;
allow mediaserver radio:file r_file_perms;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow mediaserver untrusted_app:dir search;
# Date : WK15.03
# Operation : Migration
# Purpose : offloadservice
allow mediaserver offloadservice_device:chr_file rw_file_perms;
# Date : WK15.32
# Operation : Pre-sanity
# Purpose : 3A algorithm need to access sensor service
allow mediaserver sensorservice_service:service_manager find;
# Date : WK15.34
# Operation : Migration
# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
allow mediaserver storage_file:lnk_file rw_file_perms;
allow mediaserver mnt_user_file:dir rw_dir_perms;
allow mediaserver mnt_user_file:lnk_file rw_file_perms;
# Date : WK15.35
# Operation : Migration
# Purpose: Allow mediaserver to read binder from surfaceflinger
allow mediaserver surfaceflinger:fifo_file rw_file_perms;
# Date : WK15.46
# Operation : Migration
# Purpose : DPE Driver
allow mediaserver camera_dpe_device:chr_file rw_file_perms;
# Date : WK15.46
# Operation : Migration
# Purpose : TSF Driver
allow mediaserver camera_tsf_device:chr_file rw_file_perms;
# Date : WK16.32
# Operation : N Migration
# Purpose : RSC Driver
allow mediaserver camera_rsc_device:chr_file rw_file_perms;
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow mediaserver proc_ged:file rw_file_perms;
allowxperm mediaserver proc_ged:file ioctl { proc_ged_ioctls };
# Date : WK16.33
# Operation : N Migration
# Purpose : GEPF Driver
allow mediaserver camera_gepf_device:chr_file rw_file_perms;
# Date : WK16.35
# Operation : Migration
# Purpose : Update camera flashlight driver device file
allow mediaserver flashlight_device:chr_file rw_file_perms;
# Date : WK16.43
# Operation : N Migration
# Purpose : WPE Driver
allow mediaserver camera_wpe_device:chr_file rw_file_perms;
allow mediaserver gpu_device:dir search;
allow mediaserver sw_sync_device:chr_file rw_file_perms;
# Date : WK17.19
# Operation : N Migration
# Purpose : OWE Driver
allow mediaserver camera_owe_device:chr_file rw_file_perms;
# Date : WK17.30
# Operation : O Migration
# Purpose: Allow to access cmdq driver
allow mediaserver mtk_cmdq_device:chr_file r_file_perms;
allow mediaserver mtk_mdp_device:chr_file r_file_perms;
allow mediaserver mtk_mdp_sync_device:chr_file r_file_perms;
hal_client_domain(mediaserver, hal_mtk_mms)
# Date : WK17.43
# Operation : Migration
# Purpose : DISP access
allow mediaserver graphics_device:dir search;
# Date : WK17.44
# Operation : Migration
# Purpose : DIP Driver
allow mediaserver camera_dip_device:chr_file rw_file_perms;
# Date : WK17.44
# Operation : Migration
# Purpose : MFB Driver
allow mediaserver camera_mfb_device:chr_file rw_file_perms;
# Date : WK17.49
# Operation : MT6771 SQC
# Purpose : Allow permgr access
allow mediaserver proc_perfmgr:dir r_dir_perms;
allow mediaserver proc_perfmgr:file r_file_perms;
allowxperm mediaserver proc_perfmgr:file ioctl {
PERFMGR_FPSGO_DEQUEUE
PERFMGR_FPSGO_QUEUE_CONNECT
PERFMGR_FPSGO_QUEUE
PERFMGR_FPSGO_BQID
};
# Date : WK18.18
# Operation : Migration
# Purpose : wifidisplay hdcp
# DRM Key Manage HIDL
binder_call(mediaserver, mtk_hal_keymanage)
# Date : WK21.25
# Operation : Migration
# Purpose : PDA Driver
allow mediaserver camera_pda_device:chr_file rw_file_perms;
# Purpose : Allow mediadrmserver to call vendor.mediatek.hardware.keymanage@1.0-service.
hal_client_domain(mediaserver, hal_keymaster)
hal_client_domain(mediaserver, hal_power)
allow mediaserver vpud_device:chr_file rw_file_perms;
hal_client_domain(mediaserver, hal_mtkcodecservice)