1type mtk_hal_audio, domain; 2hal_server_domain(mtk_hal_audio, hal_audio) 3 4type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type; 5init_daemon_domain(mtk_hal_audio) 6 7hal_client_domain(mtk_hal_audio, hal_allocator) 8 9hwbinder_use(mtk_hal_audio) 10wakelock_use(mtk_hal_audio); 11 12allow mtk_hal_audio ion_device:chr_file r_file_perms; 13 14allow mtk_hal_audio system_file:dir { open read }; 15 16r_dir_file(mtk_hal_audio, proc) 17allow mtk_hal_audio audio_device:dir r_dir_perms; 18allow mtk_hal_audio audio_device:chr_file rw_file_perms; 19 20### 21### neverallow rules 22### 23 24# mtk_hal_audio should never execute any executable without 25# a domain transition 26neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans; 27 28# mtk_hal_audio should never need network access. 29# Disallow network sockets. 30neverallow mtk_hal_audio domain:{ tcp_socket udp_socket rawip_socket } *; 31 32# Date : WK14.32 33# Operation : Migration 34# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. 35allow mtk_hal_audio sdcard_type:dir { w_dir_perms create }; 36allow mtk_hal_audio sdcard_type:file create; 37allow mtk_hal_audio nvram_data_file:dir w_dir_perms; 38allow mtk_hal_audio nvram_data_file:file create_file_perms; 39allow mtk_hal_audio nvram_data_file:lnk_file read; 40allow mtk_hal_audio nvdata_file:lnk_file read; 41allow mtk_hal_audio nvdata_file:dir w_dir_perms; 42allow mtk_hal_audio nvdata_file:file create_file_perms; 43allow mtk_hal_audio sdcard_type:dir remove_name; 44allow mtk_hal_audio sdcard_type:file unlink; 45 46# Date : WK14.34 47# Operation : Migration 48# Purpose : nvram access (dumchar case for nand and legacy chip) 49allow mtk_hal_audio nvram_device:chr_file rw_file_perms; 50allow mtk_hal_audio self:netlink_kobject_uevent_socket { create setopt bind }; 51 52# Date : WK14.34 53# Operation : Migration 54# Purpose : Smartcard Service 55allow mtk_hal_audio self:netlink_kobject_uevent_socket read; 56 57# Date : WK14.36 58# Operation : Migration 59# Purpose : media server and bt process communication for A2DP data.and other control flow 60allow mtk_hal_audio bt_a2dp_stream_socket:sock_file write; 61allow mtk_hal_audio bt_int_adp_socket:sock_file write; 62 63# Date : WK14.36 64# Operation : Migration 65# Purpose : access nvram, otp, ccci cdoec devices. 66allow mtk_hal_audio MtkCodecService:binder call; 67allow mtk_hal_audio ccci_device:chr_file rw_file_perms; 68allow mtk_hal_audio eemcs_device:chr_file rw_file_perms; 69allow mtk_hal_audio devmap_device:chr_file r_file_perms; 70allow mtk_hal_audio ebc_device:chr_file rw_file_perms; 71allow mtk_hal_audio nvram_device:blk_file rw_file_perms; 72 73# Date : WK14.38 74# Operation : Migration 75# Purpose : NVRam access 76allow mtk_hal_audio block_device:dir { write search }; 77 78# Date : WK14.38 79# Operation : Migration 80# Purpose : FM driver access 81allow mtk_hal_audio fm_device:chr_file rw_file_perms; 82 83# Data : WK14.38 84# Operation : Migration 85# Purpose : dump for debug 86allow mtk_hal_audio sdcard_type:file append; 87 88# Data : WK14.39 89# Operation : Migration 90# Purpose : dump for debug 91allow mtk_hal_audio audiohal_prop:property_service set; 92 93# Date : WK14.40 94# Operation : Migration 95# Purpose : HDMI driver access 96allow mtk_hal_audio graphics_device:chr_file rw_file_perms; 97 98# Date : WK14.40 99# Operation : Migration 100# Purpose : Smartpa 101allow mtk_hal_audio smartpa_device:chr_file rw_file_perms; 102 103# Date : WK14.41 104# Operation : Migration 105# Purpose : WFD HID Driver 106allow mtk_hal_audio uhid_device:chr_file rw_file_perms; 107 108# Date : WK14.43 109# Operation : Migration 110# Purpose : VOW 111allow mtk_hal_audio vow_device:chr_file rw_file_perms; 112 113# Date: WK14.44 114# Operation : Migration 115# Purpose : EVDO 116allow mtk_hal_audio rpc_socket:sock_file write; 117allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms; 118 119# Data: WK14.44 120# Operation : Migration 121# Purpose : for low SD card latency issue 122allow mtk_hal_audio sysfs_lowmemorykiller:file { read open }; 123 124# Data: WK14.45 125# Operation : Migration 126# Purpose : for change thermal policy when needed 127allow mtk_hal_audio proc_mtkcooler:dir search; 128allow mtk_hal_audio proc_mtktz:dir search; 129allow mtk_hal_audio proc_thermal:dir search; 130allow mtk_hal_audio thermal_manager_data_file:file create_file_perms; 131allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr }; 132 133# Data : WK14.47 134# Operation : Audio playback 135# Purpose : Music as ringtone 136allow mtk_hal_audio radio:dir { search read }; 137allow mtk_hal_audio radio:file r_file_perms; 138 139# Data : WK14.47 140# Operation : CTS 141# Purpose : cts search strange app 142allow mtk_hal_audio untrusted_app:dir search; 143 144# Date : WK15.03 145# Operation : Migration 146# Purpose : offloadservice 147allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms; 148 149# Date : WK15.34 150# Operation : Migration 151# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump 152allow mtk_hal_audio storage_file:dir search; 153allow mtk_hal_audio storage_file:lnk_file {read write}; 154allow mtk_hal_audio mnt_user_file:dir {write read search}; 155allow mtk_hal_audio mnt_user_file:lnk_file {read write}; 156 157# Date : WK16.17 158# Operation : Migration 159# Purpose: read/open sysfs node 160allow mtk_hal_audio sysfs_ccci:file r_file_perms; 161allow mtk_hal_audio sysfs_ccci:dir search; 162 163# Date : WK16.18 164# Operation : Migration 165# Purpose: research root dir "/" 166allow mtk_hal_audio tmpfs:dir search; 167 168# Purpose: Dump debug info 169allow mtk_hal_audio debugfs_binder:dir search; 170allow mtk_hal_audio kmsg_device:chr_file { open write }; 171allow mtk_hal_audio property_socket:sock_file write; 172allow mtk_hal_audio fuse:file rw_file_perms; 173allow mtk_hal_audio init:unix_stream_socket connectto; 174 175# Date : WK16.27 176# Operation : Migration 177# Purpose: tunning tool update parameters 178binder_call(mtk_hal_audio,radio) 179allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms; 180allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms; 181 182# Date : WK16.28 183# Operation : Migration 184# Purpose: Write audio dump files to external SDCard. 185allow mtk_hal_audio sdcard_type:file { create_file_perms }; 186 187# Date : WK16.33 188# Purpose: Allow to access ged for gralloc_extra functions 189allow mtk_hal_audio proc_ged:file rw_file_perms; 190 191set_prop(mtk_hal_audio,hwservicemanager_prop); 192allow mtk_hal_audio storage_file:dir search; 193 194# Fix bootup violation 195allow mtk_hal_audio fuse:dir read; 196 197# for usb phone call, allow sys_nice 198allow mtk_hal_audio self:capability sys_nice; 199 200# Date : W17.29 201# Boot for opening trace file: Permission denied (13) 202allow mtk_hal_audio debugfs_tracing:file { write open }; 203 204# for usb phone call, allow sys_nice 205allow mtk_hal_audio self:capability sys_nice; 206 207# Audio Tuning Tool Android O porting 208binder_call(mtk_hal_audio,audiocmdservice_atci); 209 210 211# Add for control PowerHAL 212allow mtk_hal_audio mtk_hal_power_hwservice:hwservice_manager find; 213binder_call(mtk_hal_audio, mtk_hal_power) 214binder_call(mtk_hal_audio, merged_hal_service) 215# cm4 smartpa 216allow mtk_hal_audio audio_ipi_device:chr_file { read write ioctl open }; 217allow mtk_hal_audio audio_scp_device:chr_file r_file_perms; 218 219# Date : WK18.21 220# Operation: P migration 221# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init() 222allow mtk_hal_audio mnt_vendor_file:dir search; 223 224# Date: 2019/06/14 225# Operation : Migration 226allow mtk_hal_audio audioserver:fifo_file w_file_perms; 227allow mtk_hal_audio sysfs_boot_mode:file r_file_perms; 228allow mtk_hal_audio sysfs_dt_firmware_android:dir search; 229 230# Date : WK18.44 231# Operation: adsp 232allow mtk_hal_audio adsp_device:file rw_file_perms; 233allow mtk_hal_audio adsp_device:chr_file rw_file_perms; 234