1type mtk_hal_audio, domain; 2hal_server_domain(mtk_hal_audio, hal_audio) 3 4type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type; 5init_daemon_domain(mtk_hal_audio) 6 7hal_client_domain(mtk_hal_audio, hal_allocator) 8 9hwbinder_use(mtk_hal_audio) 10wakelock_use(mtk_hal_audio); 11 12allow mtk_hal_audio ion_device:chr_file r_file_perms; 13 14allow mtk_hal_audio system_file:dir { open read }; 15 16r_dir_file(mtk_hal_audio, proc) 17allow mtk_hal_audio audio_device:dir r_dir_perms; 18allow mtk_hal_audio audio_device:chr_file rw_file_perms; 19 20### 21### neverallow rules 22### 23 24# mtk_hal_audio should never execute any executable without 25# a domain transition 26neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans; 27 28# mtk_hal_audio should never need network access. 29# Disallow network sockets. 30neverallow mtk_hal_audio domain:{ tcp_socket udp_socket rawip_socket } *; 31 32# Date : WK14.32 33# Operation : Migration 34# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. 35allow mtk_hal_audio sdcard_type:dir { w_dir_perms create }; 36allow mtk_hal_audio sdcard_type:file create; 37allow mtk_hal_audio nvram_data_file:dir w_dir_perms; 38allow mtk_hal_audio nvram_data_file:file create_file_perms; 39allow mtk_hal_audio nvram_data_file:lnk_file read; 40allow mtk_hal_audio nvdata_file:lnk_file read; 41allow mtk_hal_audio nvdata_file:dir w_dir_perms; 42allow mtk_hal_audio nvdata_file:file create_file_perms; 43allow mtk_hal_audio sdcard_type:dir remove_name; 44allow mtk_hal_audio sdcard_type:file unlink; 45 46# Date : WK14.34 47# Operation : Migration 48# Purpose : nvram access (dumchar case for nand and legacy chip) 49allow mtk_hal_audio nvram_device:chr_file rw_file_perms; 50allow mtk_hal_audio self:netlink_kobject_uevent_socket { create setopt bind }; 51 52# Date : WK14.34 53# Operation : Migration 54# Purpose : Smartcard Service 55allow mtk_hal_audio self:netlink_kobject_uevent_socket read; 56 57# Date : WK14.36 58# Operation : Migration 59# Purpose : media server and bt process communication for A2DP data.and other control flow 60allow mtk_hal_audio bt_a2dp_stream_socket:sock_file write; 61allow mtk_hal_audio bt_int_adp_socket:sock_file write; 62 63# Date : WK14.36 64# Operation : Migration 65# Purpose : access nvram, otp, ccci cdoec devices. 66allow mtk_hal_audio MtkCodecService:binder call; 67allow mtk_hal_audio ccci_device:chr_file rw_file_perms; 68allow mtk_hal_audio eemcs_device:chr_file rw_file_perms; 69allow mtk_hal_audio devmap_device:chr_file r_file_perms; 70allow mtk_hal_audio ebc_device:chr_file rw_file_perms; 71allow mtk_hal_audio nvram_device:blk_file rw_file_perms; 72 73# Date : WK14.38 74# Operation : Migration 75# Purpose : NVRam access 76allow mtk_hal_audio block_device:dir { write search }; 77 78# Date : WK14.38 79# Operation : Migration 80# Purpose : FM driver access 81allow mtk_hal_audio fm_device:chr_file rw_file_perms; 82 83# Data : WK14.38 84# Operation : Migration 85# Purpose : dump for debug 86allow mtk_hal_audio sdcard_type:file append; 87 88# Data : WK14.39 89# Operation : Migration 90# Purpose : dump for debug 91allow mtk_hal_audio audiohal_prop:property_service set; 92 93# Date : WK14.40 94# Operation : Migration 95# Purpose : HDMI driver access 96allow mtk_hal_audio graphics_device:chr_file rw_file_perms; 97 98# Date : WK14.40 99# Operation : Migration 100# Purpose : Smartpa 101allow mtk_hal_audio smartpa_device:chr_file rw_file_perms; 102allow mtk_hal_audio sysfs_rt_param:file rw_file_perms; 103allow mtk_hal_audio sysfs_rt_calib:file rw_file_perms; 104allow mtk_hal_audio sysfs_rt_param:dir r_dir_perms; 105allow mtk_hal_audio sysfs_rt_calib:dir r_dir_perms; 106 107# Date : WK14.41 108# Operation : Migration 109# Purpose : WFD HID Driver 110allow mtk_hal_audio uhid_device:chr_file rw_file_perms; 111 112# Date : WK14.43 113# Operation : Migration 114# Purpose : VOW 115allow mtk_hal_audio vow_device:chr_file rw_file_perms; 116 117# Date: WK14.44 118# Operation : Migration 119# Purpose : EVDO 120allow mtk_hal_audio rpc_socket:sock_file write; 121allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms; 122 123# Data: WK14.44 124# Operation : Migration 125# Purpose : for low SD card latency issue 126allow mtk_hal_audio sysfs_lowmemorykiller:file { read open }; 127 128# Data: WK14.45 129# Operation : Migration 130# Purpose : for change thermal policy when needed 131allow mtk_hal_audio proc_mtkcooler:dir search; 132allow mtk_hal_audio proc_mtktz:dir search; 133allow mtk_hal_audio proc_thermal:dir search; 134allow mtk_hal_audio thermal_manager_data_file:file create_file_perms; 135allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr }; 136 137# Data : WK14.47 138# Operation : Audio playback 139# Purpose : Music as ringtone 140allow mtk_hal_audio radio:dir { search read }; 141allow mtk_hal_audio radio:file r_file_perms; 142 143# Data : WK14.47 144# Operation : CTS 145# Purpose : cts search strange app 146allow mtk_hal_audio untrusted_app:dir search; 147 148# Date : WK15.03 149# Operation : Migration 150# Purpose : offloadservice 151allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms; 152 153# Date : WK15.34 154# Operation : Migration 155# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump 156allow mtk_hal_audio storage_file:dir search; 157allow mtk_hal_audio storage_file:lnk_file {read write}; 158allow mtk_hal_audio mnt_user_file:dir {write read search}; 159allow mtk_hal_audio mnt_user_file:lnk_file {read write}; 160 161# Date : WK16.17 162# Operation : Migration 163# Purpose: read/open sysfs node 164allow mtk_hal_audio sysfs_ccci:file r_file_perms; 165allow mtk_hal_audio sysfs_ccci:dir search; 166 167# Date : WK16.18 168# Operation : Migration 169# Purpose: research root dir "/" 170allow mtk_hal_audio tmpfs:dir search; 171 172# Purpose: Dump debug info 173allow mtk_hal_audio debugfs_binder:dir search; 174allow mtk_hal_audio kmsg_device:chr_file { open write }; 175allow mtk_hal_audio property_socket:sock_file write; 176allow mtk_hal_audio fuse:file rw_file_perms; 177allow mtk_hal_audio init:unix_stream_socket connectto; 178 179# Date : WK16.27 180# Operation : Migration 181# Purpose: tunning tool update parameters 182binder_call(mtk_hal_audio,radio) 183allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms; 184allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms; 185 186# Date : WK16.28 187# Operation : Migration 188# Purpose: Write audio dump files to external SDCard. 189allow mtk_hal_audio sdcard_type:file { create_file_perms }; 190 191# Date : WK16.33 192# Purpose: Allow to access ged for gralloc_extra functions 193allow mtk_hal_audio proc_ged:file rw_file_perms; 194 195set_prop(mtk_hal_audio,hwservicemanager_prop); 196allow mtk_hal_audio storage_file:dir search; 197 198# Fix bootup violation 199allow mtk_hal_audio fuse:dir read; 200 201# for usb phone call, allow sys_nice 202allow mtk_hal_audio self:capability sys_nice; 203 204# Date : W17.29 205# Boot for opening trace file: Permission denied (13) 206allow mtk_hal_audio debugfs_tracing:file { write open }; 207 208# for usb phone call, allow sys_nice 209allow mtk_hal_audio self:capability sys_nice; 210 211# Audio Tuning Tool Android O porting 212binder_call(mtk_hal_audio,audiocmdservice_atci); 213 214 215# Add for control PowerHAL 216allow mtk_hal_audio mtk_hal_power_hwservice:hwservice_manager find; 217binder_call(mtk_hal_audio, mtk_hal_power) 218binder_call(mtk_hal_audio, merged_hal_service) 219# cm4 smartpa 220allow mtk_hal_audio audio_ipi_device:chr_file { read write ioctl open }; 221allow mtk_hal_audio audio_scp_device:chr_file r_file_perms; 222 223# Date : WK18.21 224# Operation: P migration 225# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() 226allow mtk_hal_audio mnt_vendor_file:dir search; 227 228# Date: 2019/06/14 229# Operation : Migration 230allow mtk_hal_audio audioserver:fifo_file w_file_perms; 231allow mtk_hal_audio sysfs_boot_mode:file r_file_perms; 232allow mtk_hal_audio sysfs_dt_firmware_android:dir search; 233 234# Date : WK18.44 235# Operation: adsp 236allow mtk_hal_audio adsp_device:file rw_file_perms; 237allow mtk_hal_audio adsp_device:chr_file rw_file_perms; 238