1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# Date : WK14.31 6# Operation : Migration 7# Purpose : camera devices access. 8allow mediaserver camera_isp_device:chr_file rw_file_perms; 9allow mediaserver ccu_device:chr_file rw_file_perms; 10allow mediaserver vpu_device:chr_file rw_file_perms; 11allow mediaserver kd_camera_hw_device:chr_file rw_file_perms; 12allow mediaserver seninf_device:chr_file rw_file_perms; 13allow mediaserver self:capability { setuid ipc_lock sys_nice }; 14allow mediaserver sysfs_wake_lock:file rw_file_perms; 15allow mediaserver MTK_SMI_device:chr_file r_file_perms; 16allow mediaserver camera_pipemgr_device:chr_file r_file_perms; 17allow mediaserver kd_camera_flashlight_device:chr_file rw_file_perms; 18allow mediaserver lens_device:chr_file rw_file_perms; 19 20# Date : WK14.32 21# Operation : Migration 22# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. 23allow mediaserver sdcard_type:dir { w_dir_perms create }; 24allow mediaserver sdcard_type:file create; 25allow mediaserver nvram_data_file:lnk_file read; 26allow mediaserver nvdata_file:lnk_file read; 27allow mediaserver sdcard_type:dir remove_name; 28allow mediaserver sdcard_type:file unlink; 29 30# Date : WK14.34 31# Operation : Migration 32# Purpose : nvram access (dumchar case for nand and legacy chip) 33allow mediaserver nvram_device:chr_file rw_file_perms; 34allow mediaserver self:capability { net_admin }; 35 36# Date : WK14.34 37# Operation : Migration 38# Purpose : VP/VR 39allow mediaserver devmap_device:chr_file { ioctl }; 40 41# Date : WK14.36 42# Operation : Migration 43# Purpose : media server and bt process communication for A2DP data.and other control flow 44allow mediaserver bluetooth:unix_dgram_socket sendto; 45allow mediaserver bt_a2dp_stream_socket:sock_file write; 46allow mediaserver bt_int_adp_socket:sock_file write; 47 48# Date : WK14.37 49# Operation : Migration 50# Purpose : camera ioctl 51allow mediaserver camera_sysram_device:chr_file r_file_perms; 52 53# Date : WK14.36 54# Operation : Migration 55# Purpose : VDEC/VENC device node 56allow mediaserver Vcodec_device:chr_file rw_file_perms; 57 58# Date : WK14.36 59# Operation : Migration 60# Purpose : access nvram, otp, ccci cdoec devices. 61allow mediaserver MtkCodecService:binder call; 62allow mediaserver ccci_device:chr_file rw_file_perms; 63allow mediaserver eemcs_device:chr_file rw_file_perms; 64allow mediaserver devmap_device:chr_file r_file_perms; 65allow mediaserver ebc_device:chr_file rw_file_perms; 66allow mediaserver nvram_device:blk_file rw_file_perms; 67allow mediaserver bootdevice_block_device:blk_file rw_file_perms; 68 69# Date : WK14.36 70# Operation : Migration 71# Purpose : for SW codec VP/VR 72allow mediaserver mtk_sched_device:chr_file rw_file_perms; 73 74# Date : WK14.38 75# Operation : Migration 76# Purpose : NVRam access 77allow mediaserver block_device:dir { write search }; 78 79# Date : WK14.38 80# Operation : Migration 81# Purpose : FM driver access 82allow mediaserver fm_device:chr_file rw_file_perms; 83 84# Data : WK14.38 85# Operation : Migration 86# Purpose : for VP/VR 87allow mediaserver block_device:dir search; 88allow mediaserver FM50AF_device:chr_file rw_file_perms; 89allow mediaserver AD5820AF_device:chr_file rw_file_perms; 90allow mediaserver DW9714AF_device:chr_file rw_file_perms; 91allow mediaserver DW9814AF_device:chr_file rw_file_perms; 92allow mediaserver AK7345AF_device:chr_file rw_file_perms; 93allow mediaserver DW9714A_device:chr_file rw_file_perms; 94allow mediaserver LC898122AF_device:chr_file rw_file_perms; 95allow mediaserver LC898212AF_device:chr_file rw_file_perms; 96allow mediaserver BU6429AF_device:chr_file rw_file_perms; 97allow mediaserver DW9718AF_device:chr_file rw_file_perms; 98allow mediaserver BU64745GWZAF_device:chr_file rw_file_perms; 99allow mediaserver MAINAF_device:chr_file rw_file_perms; 100allow mediaserver MAIN2AF_device:chr_file rw_file_perms; 101allow mediaserver SUBAF_device:chr_file rw_file_perms; 102 103 104# Data : WK14.38 105# Operation : Migration 106# Purpose : for boot animation. 107allow mediaserver bootanim:binder { transfer call }; 108 109allow mediaserver mtkbootanimation:binder { transfer call }; 110 111# Data : WK14.38 112# Operation : Migration 113# Purpose : dump for debug 114allow mediaserver sdcard_type:file append; 115 116# Date : WK14.39 117# Operation : Migration 118# Purpose : FDVT Driver 119allow mediaserver camera_fdvt_device:chr_file rw_file_perms; 120 121# Date : WK14.39 122# Operation : Migration 123# Purpose : APE PLAYBACK 124binder_call(mediaserver,MtkCodecService) 125 126# Date : WK14.40 127# Operation : Migration 128# Purpose : HDMI driver access 129allow mediaserver graphics_device:chr_file rw_file_perms; 130 131# Date : WK14.40 132# Operation : Migration 133# Purpose : Smartpa 134allow mediaserver smartpa_device:chr_file rw_file_perms; 135 136# Data : WK14.40 137# Operation : Migration 138# Purpose : permit 'call' by audio tunning tool audiocmdservice_atci 139allow mediaserver audiocmdservice_atci:binder call; 140binder_call(mediaserver,audiocmdservice_atci) 141 142# Date : WK14.40 143# Operation : Migration 144# Purpose : mtk_jpeg 145allow mediaserver mtk_jpeg_device:chr_file r_file_perms; 146 147# Date : WK14.41 148# Operation : Migration 149# Purpose : WFD HID Driver 150allow mediaserver uhid_device:chr_file rw_file_perms; 151 152# Date : WK14.41 153# Operation : Migration 154# Purpose : Camera EEPROM Calibration 155allow mediaserver CAM_CAL_DRV_device:chr_file rw_file_perms; 156allow mediaserver CAM_CAL_DRV1_device:chr_file rw_file_perms; 157allow mediaserver CAM_CAL_DRV2_device:chr_file rw_file_perms; 158 159# Date : WK14.43 160# Operation : Migration 161# Purpose : VOW 162allow mediaserver vow_device:chr_file rw_file_perms; 163 164# Date: WK14.44 165# Operation : Migration 166# Purpose : EVDO 167allow mediaserver rpc_socket:sock_file write; 168allow mediaserver ttySDIO_device:chr_file rw_file_perms; 169 170# Data: WK14.44 171# Operation : Migration 172# Purpose : VP 173allow mediaserver surfaceflinger:file getattr; 174 175# Data: WK14.44 176# Operation : Migration 177# Purpose : for low SD card latency issue 178allow mediaserver sysfs_lowmemorykiller:file { read open }; 179 180# Data: WK14.45 181# Operation : Migration 182# Purpose : for change thermal policy when needed 183allow mediaserver proc_mtkcooler:dir search; 184allow mediaserver proc_mtktz:dir search; 185allow mediaserver proc_thermal:dir search; 186 187# Date : WK14.46 188# Operation : Migration 189# Purpose : for MTK Emulator HW GPU 190allow mediaserver qemu_pipe_device:chr_file rw_file_perms; 191 192# Date : WK14.46 193# Operation : Migration 194# Purpose : for camera init 195allow mediaserver system_server:unix_stream_socket { read write }; 196 197# Data : WK14.46 198# Operation : Migration 199# Purpose : for SMS app 200allow mediaserver radio_data_file:dir search; 201allow mediaserver radio_data_file:file open; 202 203# Data : WK14.47 204# Operation : Audio playback 205# Purpose : Music as ringtone 206allow mediaserver radio:dir { search read }; 207allow mediaserver radio:file r_file_perms; 208 209# Data : WK14.47 210# Operation : Launch camcorder from MMS 211# Purpose : Camcorder 212allow mediaserver radio_data_file:file open; 213 214# Data : WK14.47 215# Operation : CTS 216# Purpose : cts search strange app 217allow mediaserver untrusted_app:dir search; 218 219# Date : WK15.03 220# Operation : Migration 221# Purpose : offloadservice 222allow mediaserver offloadservice_device:chr_file rw_file_perms; 223 224# Date : WK15.32 225# Operation : Pre-sanity 226# Purpose : 3A algorithm need to access sensor service 227allow mediaserver sensorservice_service:service_manager find; 228 229# Date : WK15.34 230# Operation : Migration 231# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump 232allow mediaserver storage_file:lnk_file {read write}; 233allow mediaserver mnt_user_file:dir {write read search}; 234allow mediaserver mnt_user_file:lnk_file {read write}; 235 236# Date : WK15.35 237# Operation : Migration 238# Purpose: Allow mediaserver to read binder from surfaceflinger 239allow mediaserver surfaceflinger:fifo_file {read write}; 240 241# Date : WK15.46 242# Operation : Migration 243# Purpose : DPE Driver 244allow mediaserver camera_dpe_device:chr_file rw_file_perms; 245 246# Date : WK15.46 247# Operation : Migration 248# Purpose : TSF Driver 249allow mediaserver camera_tsf_device:chr_file rw_file_perms; 250 251# Date : WK16.32 252# Operation : N Migration 253# Purpose : RSC Driver 254allow mediaserver camera_rsc_device:chr_file rw_file_perms; 255 256# Date : WK16.33 257# Purpose: Allow to access ged for gralloc_extra functions 258allow mediaserver proc_ged:file rw_file_perms; 259allowxperm mediaserver proc_ged:file ioctl { proc_ged_ioctls }; 260 261# Date : WK16.33 262# Operation : N Migration 263# Purpose : GEPF Driver 264allow mediaserver camera_gepf_device:chr_file rw_file_perms; 265 266# Date : WK16.35 267# Operation : Migration 268# Purpose : Update camera flashlight driver device file 269allow mediaserver flashlight_device:chr_file rw_file_perms; 270 271# Data : WK16.42 272# Operator: Whitney bring up 273# Purpose: call surfaceflinger due to powervr 274allow dumpstate surfaceflinger:fifo_file rw_file_perms; 275 276# Date : WK16.43 277# Operation : N Migration 278# Purpose : WPE Driver 279allow mediaserver camera_wpe_device:chr_file rw_file_perms; 280allow mediaserver gpu_device:dir search; 281allow mediaserver sw_sync_device:chr_file rw_file_perms; 282 283# Date : WK17.19 284# Operation : N Migration 285# Purpose : OWE Driver 286allow mediaserver camera_owe_device:chr_file rw_file_perms; 287 288# Date : WK17.30 289# Operation : O Migration 290# Purpose: Allow to access cmdq driver 291allow mediaserver mtk_cmdq_device:chr_file { read ioctl open }; 292allow mediaserver mtk_mdp_device:chr_file rw_file_perms; 293 294# Date : WK17.43 295# Operation : Migration 296# Purpose : DISP access 297allow mediaserver graphics_device:chr_file { ioctl open read }; 298allow mediaserver graphics_device:dir search; 299 300# Date : WK17.44 301# Operation : Migration 302# Purpose : DIP Driver 303allow mediaserver camera_dip_device:chr_file rw_file_perms; 304 305# Date : WK17.44 306# Operation : Migration 307# Purpose : MFB Driver 308allow mediaserver camera_mfb_device:chr_file rw_file_perms; 309 310# Date : WK17.49 311# Operation : MT6771 SQC 312# Purpose : Allow permgr access 313allow mediaserver proc_perfmgr:dir {read search}; 314allow mediaserver proc_perfmgr:file r_file_perms; 315allowxperm mediaserver proc_perfmgr:file ioctl { 316 PERFMGR_FPSGO_DEQUEUE 317 PERFMGR_FPSGO_QUEUE_CONNECT 318 PERFMGR_FPSGO_QUEUE 319 PERFMGR_FPSGO_BQID 320}; 321 322# Date : WK18.18 323# Operation : Migration 324# Purpose : wifidisplay hdcp 325# DRM Key Manage HIDL 326allow mediaserver mtk_hal_keymanage:binder call; 327# Purpose : Allow mediadrmserver to call vendor.mediatek.hardware.keymanage@1.0-service. 328hal_client_domain(mediaserver , hal_keymaster) 329allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find; 330