1# ============================================================================== 2# Policy File of /system/bin/cameraserver Executable File 3 4# ============================================== 5# MTK Policy Rule 6# ============================================== 7 8# ----------------------------------- 9# Android O 10# Purpose: Allow cameraserver to perform binder IPC to servers and callbacks. 11# ----------------------------------- 12 13# call camerahalserver 14binder_call(cameraserver, mtk_hal_camera) 15 16# call the graphics allocator hal 17binder_call(cameraserver, hal_graphics_allocator) 18 19# ----------------------------------- 20# Android O 21# Purpose: Debugging 22# ----------------------------------- 23# Purpose: adb shell dumpsys media.camera --unreachable 24allow cameraserver self:process { ptrace }; 25 26# ----------------------------------- 27# Purpose: property access 28# ----------------------------------- 29allow cameraserver mtkcam_prop:file { open read getattr }; 30 31# Date : WK14.34 32# Operation : Migration 33# Purpose : nvram access (dumchar case for nand and legacy chip) 34# allow cameraserver nvram_device:chr_file rw_file_perms; 35### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te 36# #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind }; 37# allow cameraserver self:capability { net_admin }; 38 39# Date : WK14.34 40# Operation : Migration 41# Purpose : VP/VR 42# allow cameraserver devmap_device:chr_file { ioctl }; 43 44# Date : WK14.36 45# Operation : Migration 46# Purpose : media server and bt process communication for A2DP data.and other control flow 47# allow cameraserver bluetooth:unix_dgram_socket sendto; 48# allow cameraserver bt_a2dp_stream_socket:sock_file write; 49# allow cameraserver bt_int_adp_socket:sock_file write; 50 51# Date : WK14.37 52# Operation : Migration 53# Purpose : camera ioctl 54# allow cameraserver camera_sysram_device:chr_file r_file_perms; 55 56# Date : WK14.36 57# Operation : Migration 58# Purpose : VDEC/VENC device node 59# allow cameraserver Vcodec_device:chr_file rw_file_perms; 60 61# Date : WK14.36 62# Operation : Migration 63# Purpose : access nvram, otp, ccci cdoec devices. 64# allow cameraserver MtkCodecService:binder call; 65# allow cameraserver ccci_device:chr_file rw_file_perms; 66# allow cameraserver eemcs_device:chr_file rw_file_perms; 67# allow cameraserver devmap_device:chr_file r_file_perms; 68# allow cameraserver ebc_device:chr_file rw_file_perms; 69# allow cameraserver nvram_device:blk_file rw_file_perms; 70# allow cameraserver bootdevice_block_device:blk_file rw_file_perms; 71 72# Date : WK14.36 73# Operation : Migration 74# Purpose : for SW codec VP/VR 75# allow cameraserver mtk_sched_device:chr_file rw_file_perms; 76 77# Date : WK14.38 78# Operation : Migration 79# Purpose : NVRam access 80# allow cameraserver block_device:dir { write search }; 81 82# Date : WK14.38 83# Operation : Migration 84# Purpose : FM driver access 85# allow cameraserver fm_device:chr_file rw_file_perms; 86 87# Data : WK14.38 88# Operation : Migration 89# Purpose : for VP/VR 90# allow cameraserver block_device:dir search; 91# allow cameraserver FM50AF_device:chr_file rw_file_perms; 92# allow cameraserver AD5820AF_device:chr_file rw_file_perms; 93# allow cameraserver DW9714AF_device:chr_file rw_file_perms; 94# allow cameraserver DW9814AF_device:chr_file rw_file_perms; 95# allow cameraserver AK7345AF_device:chr_file rw_file_perms; 96# allow cameraserver DW9714A_device:chr_file rw_file_perms; 97# allow cameraserver LC898122AF_device:chr_file rw_file_perms; 98# allow cameraserver LC898212AF_device:chr_file rw_file_perms; 99# allow cameraserver BU6429AF_device:chr_file rw_file_perms; 100# allow cameraserver DW9718AF_device:chr_file rw_file_perms; 101# allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms; 102# allow cameraserver MAINAF_device:chr_file rw_file_perms; 103# allow cameraserver MAIN2AF_device:chr_file rw_file_perms; 104# allow cameraserver SUBAF_device:chr_file rw_file_perms; 105 106# Data : WK14.38 107# Operation : Migration 108# Purpose : for boot animation. 109# allow cameraserver bootanim:binder { transfer call }; 110 111# allow cameraserver mtkbootanimation:binder { transfer call }; 112# Data : WK14.38 113# Operation : Migration 114# Purpose : dump for debug 115# allow cameraserver sdcard_type:file append; 116 117# Date : WK14.39 118# Operation : Migration 119# Purpose : FDVT Driver 120# allow cameraserver camera_fdvt_device:chr_file rw_file_perms; 121 122# Date : WK14.39 123# Operation : Migration 124# Purpose : APE PLAYBACK 125# binder_call(cameraserver, MtkCodecService) 126 127# Data : WK14.39 128# Operation : Migration 129# Purpose : HW encrypt SW codec 130# allow cameraserver sec_device:chr_file r_file_perms; 131 132# Date : WK14.40 133# Operation : Migration 134# Purpose : HDMI driver access 135allow cameraserver graphics_device:chr_file rw_file_perms; 136 137# Date : WK14.40 138# Operation : Migration 139# Purpose : Smartpa 140# allow cameraserver smartpa_device:chr_file rw_file_perms; 141 142# Date : WK14.40 143# Operation : Migration 144# Purpose : mtk_jpeg 145# allow cameraserver mtk_jpeg_device:chr_file r_file_perms; 146 147# Date : WK14.41 148# Operation : Migration 149# Purpose : WFD HID Driver 150# allow cameraserver uhid_device:chr_file rw_file_perms; 151 152# Date : WK14.41 153# Operation : Migration 154# Purpose : Camera EEPROM Calibration 155# allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms; 156# allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms; 157# allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms; 158 159# Date : WK14.43 160# Operation : Migration 161# Purpose : VOW 162# allow cameraserver vow_device:chr_file rw_file_perms; 163 164# Date: WK14.44 165# Operation : Migration 166# Purpose : EVDO 167# allow cameraserver rpc_socket:sock_file write; 168# allow cameraserver ttySDIO_device:chr_file rw_file_perms; 169 170# Data: WK14.44 171# Operation : Migration 172# Purpose : VP 173# allow cameraserver surfaceflinger:file getattr; 174 175# Data: WK14.44 176# Operation : Migration 177# Purpose : for low SD card latency issue 178# allow cameraserver sysfs_lowmemorykiller:file { read open }; 179 180# Date : WK14.46 181# Operation : Migration 182# Purpose : for MTK Emulator HW GPU 183# allow cameraserver qemu_pipe_device:chr_file rw_file_perms; 184 185# Date : WK14.46 186# Operation : Migration 187# Purpose : for camera init 188# allow cameraserver system_server:unix_stream_socket { read write }; 189 190# Data : WK14.46 191# Operation : Migration 192# Purpose : for SMS app 193# allow cameraserver radio_data_file:dir search; 194# allow cameraserver radio_data_file:file open; 195 196# Data : WK14.47 197# Operation : Launch camcorder from MMS 198# Purpose : Camcorder 199# allow cameraserver radio_data_file:file open; 200 201# Data : WK14.47 202# Operation : CTS 203# Purpose : cts search strange app 204# allow cameraserver untrusted_app:dir search; 205 206# Date : WK15.03 207# Operation : Migration 208# Purpose : offloadservice 209# allow cameraserver offloadservice_device:chr_file rw_file_perms; 210 211# Date : WK15.32 212# Operation : Pre-sanity 213# Purpose : 3A algorithm need to access sensor service 214# allow cameraserver sensorservice_service:service_manager find; 215 216# Date : WK15.34 217# Operation : Migration 218# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump 219# allow cameraserver storage_file:lnk_file {read write}; 220# allow cameraserver mnt_user_file:dir {write read search}; 221# allow cameraserver mnt_user_file:lnk_file {read write}; 222 223# Date : WK15.35 224# Operation : Migration 225# Purpose: Allow cameraserver to read binder from surfaceflinger 226# allow cameraserver surfaceflinger:fifo_file {read write}; 227 228# Date : WK15.46 229# Operation : Migration 230# Purpose : DPE Driver 231# allow cameraserver camera_dpe_device:chr_file rw_file_perms; 232 233# Date : WK15.46 234# Operation : Migration 235# Purpose : TSF Driver 236# allow cameraserver camera_tsf_device:chr_file rw_file_perms; 237 238# Date : WK16.20 239# Operation : Migration 240# Purpose: research root dir "/" 241allow cameraserver tmpfs:dir search; 242 243# Date : WK16.21 244# Operation : Migration 245# Purpose : EGL file access 246allow cameraserver system_file:dir { read open }; 247allow cameraserver gpu_device:chr_file rw_file_perms; 248allow cameraserver gpu_device:dir search; 249 250# Date : WK16.32 251# Operation : Migration 252# Purpose : RSC Driver 253# allow cameraserver camera_rsc_device:chr_file rw_file_perms; 254 255# Date : WK16.33 256# Purpose: Allow to access ged for gralloc_extra functions 257allow cameraserver proc_ged:file rw_file_perms; 258allowxperm cameraserver proc_ged:file ioctl { proc_ged_ioctls }; 259 260# Date : WK16.33 261# Operation : Migration 262# Purpose : GEPF Driver 263# allow cameraserver camera_gepf_device:chr_file rw_file_perms; 264 265# Date : WK16.35 266# Operation : Migration 267# Purpose : Update camera flashlight driver device file 268# allow cameraserver flashlight_device:chr_file rw_file_perms; 269 270# Data : WK16.42 271# Operator: Whitney bring up 272# Purpose: call surfaceflinger due to powervr 273# allow cameraserver surfaceflinger:fifo_file rw_file_perms; 274 275# Date : WK16.43 276# Operation : Migration 277# Purpose : WPE Driver 278# allow cameraserver camera_wpe_device:chr_file rw_file_perms; 279 280# Date : WK16.49 281# Operation : label aee_aed sockets 282# Purpose : Engineering mode need access for aee commmand 283# userdebug_or_eng(` 284# allow cameraserver aee_aed:unix_stream_socket connectto; 285# ') 286 287# Date : WK17.19 288# Operation : Migration 289# Purpose : OWE Driver 290# allow cameraserver camera_owe_device:chr_file rw_file_perms; 291 292# Date : WK17.25 293# Operation : Migration 294allow cameraserver debugfs_ion:dir search; 295 296# Date : WK17.30 297# Operation : O Migration 298# Purpose: Allow to access cmdq driver 299# allow cameraserver mtk_cmdq_device:chr_file { read ioctl open }; 300 301# Date : WK17.44 302# Operation : Migration 303# Purpose : DIP Driver 304# allow cameraserver camera_dip_device:chr_file rw_file_perms; 305 306# Date : WK17.44 307# Operation : Migration 308# Purpose : MFB Driver 309# allow cameraserver camera_mfb_device:chr_file rw_file_perms; 310 311# Date : WK17.49 312# Operation : MT6771 SQC 313# Purpose: Allow permgr access 314allow cameraserver proc_perfmgr:dir {read search}; 315allow cameraserver proc_perfmgr:file r_file_perms; 316allowxperm cameraserver proc_perfmgr:file ioctl { 317 PERFMGR_FPSGO_QUEUE 318 PERFMGR_FPSGO_DEQUEUE 319 PERFMGR_FPSGO_QUEUE_CONNECT 320 PERFMGR_FPSGO_BQID 321}; 322 323