1# ============================================================================== 2# Type Declaration 3# ============================================================================== 4type merged_hal_service, domain; 5#type merged_hal_service, domain; 6type merged_hal_service_exec, exec_type, file_type, vendor_file_type; 7 8init_daemon_domain(merged_hal_service) 9 10hwbinder_use(merged_hal_service) 11hal_server_domain(merged_hal_service, hal_vibrator) 12hal_server_domain(merged_hal_service, hal_light) 13hal_server_domain(merged_hal_service, hal_power) 14hal_server_domain(merged_hal_service, hal_thermal) 15hal_server_domain(merged_hal_service, hal_memtrack) 16 17#mtk libs_hidl_service permissions 18hal_server_domain(merged_hal_service, mtk_hal_lbs) 19vndbinder_use(merged_hal_service) 20#r_dir_file(merged_hal_service, system_file) 21unix_socket_connect(merged_hal_service, agpsd, mtk_agpsd); 22allow merged_hal_service mtk_agpsd:unix_dgram_socket sendto; 23 24#mtk_gnss permissions 25hal_server_domain(merged_hal_service, hal_gnss); 26allow merged_hal_service mnld_data_file:sock_file create_file_perms; 27allow merged_hal_service mnld_data_file:sock_file rw_file_perms; 28allow merged_hal_service mnld_data_file:dir create_file_perms; 29allow merged_hal_service mnld_data_file:dir rw_dir_perms; 30allow merged_hal_service mnld:unix_dgram_socket sendto; 31 32#graphics allocator permissions 33hal_server_domain(merged_hal_service, hal_graphics_allocator) 34allow merged_hal_service gpu_device:dir search; 35allow merged_hal_service sw_sync_device:chr_file rw_file_perms; 36allow merged_hal_service debugfs_ion:dir search; 37allow merged_hal_service debugfs_tracing:file write; 38allow merged_hal_service debugfs_tracing:file open; 39 40#for ape hidl permissions 41hal_server_domain(merged_hal_service,hal_mtkcodecservice) 42allow merged_hal_service hidl_allocator_hwservice:hwservice_manager find; 43allow merged_hal_service hidl_memory_hwservice:hwservice_manager find; 44hal_client_domain(merged_hal_service, hal_allocator) 45 46#for default drm permissions 47hal_server_domain(merged_hal_service, hal_drm) 48allow merged_hal_service mediacodec:fd use; 49allow merged_hal_service { appdomain -isolated_app }:fd use; 50allow merged_hal_service debugfs_tracing:file write; 51 52#power permissions 53allow merged_hal_service proc:dir {search getattr}; 54allow merged_hal_service debugfs_ged:dir search; 55allow merged_hal_service debugfs_ged:file { getattr open read write }; 56allow merged_hal_service proc_thermal:file { write open }; 57allow merged_hal_service proc_thermal:dir search; 58allow merged_hal_service proc_perfmgr:dir search; 59allow merged_hal_service proc_perfmgr:file rw_file_perms; 60allow merged_hal_service sdcard_type:dir create_dir_perms; 61allow merged_hal_service sdcard_type:file create_file_perms; 62allow merged_hal_service eemcs_device:chr_file rw_file_perms; 63allow merged_hal_service mnt_user_file:dir create_dir_perms; 64allow merged_hal_service debugfs_fb:dir search; 65allow merged_hal_service debugfs_fb:file { getattr open read write }; 66allow merged_hal_service debugfs_fpsgo:dir search; 67allow merged_hal_service debugfs_fpsgo:file { getattr open read write }; 68allow merged_hal_service mtk_hal_camera:dir search; 69allow merged_hal_service mtk_hal_camera:file { open read }; 70allow merged_hal_service sysfs_devices_system_cpu:file write; 71 72allow merged_hal_service mtk_powerhal_data_file:dir {create_dir_perms rw_dir_perms}; 73allow merged_hal_service mtk_powerhal_data_file:file {create_file_perms rw_file_perms}; 74allow merged_hal_service mtk_powerhal_data_file:sock_file {create_file_perms rw_file_perms}; 75 76 77# Date : WK18.23 78# Operation : P Migration 79# Purpose : add grant permission for Thermal HAL mtktz and proc 80allow merged_hal_service proc_mtktz:dir search; 81allow merged_hal_service proc_mtktz:file {open read getattr}; 82allow merged_hal_service proc_stat:file {open read getattr }; 83 84# Date : WK19.11 85# Operation : Q Migration 86allowxperm merged_hal_service proc_ged:file ioctl { proc_ged_ioctls }; 87 88# Date: 2019/06/14 89# Operation : Migration 90allow merged_hal_service nvram_agent_binder_hwservice:hwservice_manager find; 91