1# ============================================== 2# Policy File of /vendor/bin/atci_service Executable File 3# ============================================== 4 5# ============================================== 6# MTK Policy Rule 7# ============================================== 8type atci_service, domain; 9type atci_service_exec, exec_type, file_type, vendor_file_type; 10 11init_daemon_domain(atci_service) 12 13allow atci_service block_device:dir search; 14allow atci_service misc2_block_device:blk_file { open read write }; 15allow atci_service misc2_device:chr_file { open read write }; 16allow atci_service camera_isp_device:chr_file { read write ioctl open }; 17allow atci_service graphics_device:chr_file { read write ioctl open }; 18allow atci_service graphics_device:dir search; 19allow atci_service kd_camera_hw_device:chr_file { read write ioctl open }; 20allow atci_service self:capability { sys_nice ipc_lock }; 21allow atci_service nvram_device:chr_file { read write open ioctl }; 22allow atci_service camera_isp_device:chr_file { read write ioctl open }; 23allow atci_service camera_sysram_device:chr_file { read ioctl open }; 24allow atci_service camera_tsf_device:chr_file rw_file_perms; 25allow atci_service camera_rsc_device:chr_file rw_file_perms; 26allow atci_service camera_gepf_device:chr_file rw_file_perms; 27allow atci_service camera_fdvt_device:chr_file rw_file_perms; 28allow atci_service camera_wpe_device:chr_file rw_file_perms; 29allow atci_service camera_owe_device:chr_file rw_file_perms; 30allow atci_service kd_camera_flashlight_device:chr_file { read write ioctl open }; 31allow atci_service ccu_device:chr_file { read write ioctl open }; 32allow atci_service vpu_device:chr_file { read write ioctl open }; 33allow atci_service MTK_SMI_device:chr_file { open read write ioctl }; 34allow atci_service DW9714AF_device:chr_file { read write ioctl open }; 35allow atci_service devmap_device:chr_file { open read write ioctl }; 36allow atci_service sdcard_type:dir { search write read open add_name remove_name create getattr setattr }; 37allow atci_service sdcard_type:file { setattr read create write getattr unlink open append }; 38allow atci_service mediaserver:binder call; 39allow atci_service self:capability sys_boot; 40 41# Date : 2015/09/17 42# Operation : M-Migration 43# Purpose : to operation CCT tool 44allow atci_service nvram_device:blk_file { open read write }; 45allow atci_service input_device:dir { open read search }; 46allow atci_service input_device:file { open read write ioctl }; 47allow atci_service input_device:chr_file { open read write ioctl }; 48allow atci_service MAINAF_device:chr_file rw_file_perms; 49allow atci_service MAIN2AF_device:chr_file rw_file_perms; 50allow atci_service MAIN3AF_device:chr_file rw_file_perms; 51allow atci_service MAIN4AF_device:chr_file rw_file_perms; 52allow atci_service SUBAF_device:chr_file rw_file_perms; 53allow atci_service SUB2AF_device:chr_file rw_file_perms; 54allow atci_service tmpfs:lnk_file read; 55allow atci_service self:capability2 block_suspend; 56 57# Date : 2015/10/13 58# Operation : M-Migration 59# Purpose : to operation CCT tool 60#allow atci_service mediaserver_service:service_manager find; 61allow atci_service mnt_user_file:dir search; 62allow atci_service mnt_user_file:lnk_file read; 63#allow atci_service mtk_perf_service:service_manager find; 64#allow atci_service sensorservice_service:service_manager find; 65allow atci_service storage_file:lnk_file read; 66#allow atci_service media_rw_data_file:dir { write search create add_name }; 67#allow atci_service media_rw_data_file:file { read write create open }; 68 69#============= atci_service ============== 70allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open}; 71 72set_prop(atci_service, vendor_mtk_em_prop) 73 74# Date : 2016/03/02 75# Operation : M-Migration 76# Purpose : to support ATCI touch tool 77allow atci_service vendor_shell_exec:file { read execute open execute_no_trans }; 78 79# Date : WK16.33 80# Purpose: Allow to access ged for gralloc_extra functions 81allow atci_service proc_ged:file rw_file_perms; 82 83# Date : WK16.35 84# Operation : Migration 85# Purpose : Update camera flashlight driver device file 86allow atci_service flashlight_device:chr_file { read write ioctl open }; 87 88# Date : WK17.01 89# Operation : Migration 90# Purpose : Update AT_Command NFC function 91allow atci_service factory_data_file:sock_file write; 92 93# Date : WK17.23 94# Stage: O Migration, SQC 95# Purpose: Allow to use HAL PQ 96hal_client_domain(atci_service, hal_pq) 97 98# Date : WK17.28 99# Purpose : Allow to execute battery command 100allow atci_service MT_pmic_adc_cali_device:chr_file rw_file_perms; 101 102# Date : WK17.43 103# Purpose : CCT 104allow atci_service CAM_CAL_DRV_device:chr_file rw_file_perms; 105allow atci_service CAM_CAL_DRV1_device:chr_file rw_file_perms; 106allow atci_service CAM_CAL_DRV2_device:chr_file rw_file_perms; 107allow atci_service camera_eeprom_device:chr_file rw_file_perms; 108allow atci_service fwk_sensor_hwservice:hwservice_manager find; 109allow atci_service hidl_allocator_hwservice:hwservice_manager find; 110allow atci_service hidl_memory_hwservice:hwservice_manager find; 111allow atci_service ion_device:chr_file { read ioctl open }; 112allow atci_service mtk_cmdq_device:chr_file r_file_perms; 113allow atci_service mtk_mdp_device:chr_file r_file_perms; 114allow atci_service mtk_mdp_sync:chr_file r_file_perms; 115allow atci_service sw_sync_device:chr_file r_file_perms; 116hal_client_domain(atci_service, hal_power) 117allow atci_service sysfs_batteryinfo:dir search; 118allow atci_service sysfs_batteryinfo:file { read getattr open }; 119allow atci_service system_file:dir { read open }; 120allow atci_service camera_pipemgr_device:chr_file { read ioctl open }; 121allow atci_service mtk_hal_camera:binder call; 122allow atci_service debugfs_ion:dir search; 123allow atci_service sysfs_tpd_setting:file { read write open getattr }; 124allow atci_service sysfs_vibrator_setting:file { read write open getattr }; 125allow atci_service sysfs_leds_setting:file { read write open getattr }; 126allow atci_service vendor_toolbox_exec:file { read getattr open execute execute_no_trans }; 127 128# Date : WK18.21 129# Purpose: Allow to use HIDL 130hwbinder_use(atci_service) 131hal_client_domain(atci_service, hal_atci) 132 133# Date : WK18.26 134# Purpose: Allow gps socket sendto 135allow atci_service mnld:unix_dgram_socket sendto; 136 137# Date : WK18.35 138# Purpose : allow CCT to allocate memory 139hal_client_domain(atci_service, hal_allocator); 140