1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# Date : WK16.33 6# Purpose: Allow to access ged for gralloc_extra functions 7allow appdomain proc_ged:file rw_file_perms; 8allowxperm appdomain proc_ged:file ioctl { proc_ged_ioctls }; 9 10# Data : WK16.42 11# Operator: Whitney bring up 12# Purpose: call surfaceflinger due to powervr 13allow appdomain surfaceflinger:fifo_file rw_file_perms; 14 15# Date : W16.42 16# Operation : Integration 17# Purpose : DRM / DRI GPU driver required 18allow appdomain gpu_device:dir search; 19 20# Date : W17.41 21# Operation: SQC 22# Purpose : Allow HWUI to access perfmgr 23allow appdomain proc_perfmgr:dir search; 24allow appdomain proc_perfmgr:file { getattr open read ioctl}; 25allowxperm appdomain proc_perfmgr:file ioctl { 26 PERFMGR_FPSGO_QUEUE 27 PERFMGR_FPSGO_DEQUEUE 28 PERFMGR_FPSGO_QUEUE_CONNECT 29 PERFMGR_FPSGO_BQID 30}; 31 32# Date : W19.23 33# Operation : Migration 34# Purpose : For platform app com.android.gallery3d 35allow { appdomain -isolated_app } radio_data_file:file rw_file_perms; 36 37# Date : W19.23 38# Operation : Migration 39# Purpose : For app com.tencent.qqpimsecure 40allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START; 41 42# Date : W20.26 43# Operation : Migration 44# Purpose : For apps other than isolated_app call hidl 45hwbinder_use({ appdomain -isolated_app }) 46get_prop({ appdomain -isolated_app }, hwservicemanager_prop) 47allow { appdomain -isolated_app } hidl_manager_hwservice:hwservice_manager find; 48binder_call({ appdomain -isolated_app }, mtk_safe_halserverdomain_type) 49binder_call(mtk_safe_halserverdomain_type, { appdomain -isolated_app }) 50allow { appdomain -isolated_app } mtk_safe_hwservice_manager_type:hwservice_manager find; 51