1# ============================================================================== 2# Policy File of /system/bin/cameraserver Executable File 3 4# ============================================== 5# MTK Policy Rule 6# ============================================== 7 8# ----------------------------------- 9# Android O 10# Purpose: Allow cameraserver to perform binder IPC to servers and callbacks. 11# ----------------------------------- 12 13# call camerahalserver 14binder_call(cameraserver, mtk_hal_camera) 15 16# call the graphics allocator hal 17binder_call(cameraserver, hal_graphics_allocator) 18 19# ----------------------------------- 20# Android O 21# Purpose: Debugging 22# ----------------------------------- 23# Purpose: adb shell dumpsys media.camera --unreachable 24allow cameraserver self:process { ptrace }; 25 26# Date : WK14.34 27# Operation : Migration 28# Purpose : nvram access (dumchar case for nand and legacy chip) 29# allow cameraserver nvram_device:chr_file rw_file_perms; 30### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te 31# #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind }; 32# allow cameraserver self:capability { net_admin }; 33 34# Date : WK14.34 35# Operation : Migration 36# Purpose : VP/VR 37# allow cameraserver devmap_device:chr_file { ioctl }; 38 39# Date : WK14.36 40# Operation : Migration 41# Purpose : media server and bt process communication for A2DP data.and other control flow 42# allow cameraserver bluetooth:unix_dgram_socket sendto; 43# allow cameraserver bt_a2dp_stream_socket:sock_file write; 44# allow cameraserver bt_int_adp_socket:sock_file write; 45 46# Date : WK14.37 47# Operation : Migration 48# Purpose : camera ioctl 49# allow cameraserver camera_sysram_device:chr_file r_file_perms; 50 51# Date : WK14.36 52# Operation : Migration 53# Purpose : VDEC/VENC device node 54# allow cameraserver Vcodec_device:chr_file rw_file_perms; 55 56# Date : WK14.36 57# Operation : Migration 58# Purpose : access nvram, otp, ccci cdoec devices. 59# allow cameraserver MtkCodecService:binder call; 60# allow cameraserver ccci_device:chr_file rw_file_perms; 61# allow cameraserver eemcs_device:chr_file rw_file_perms; 62# allow cameraserver devmap_device:chr_file r_file_perms; 63# allow cameraserver ebc_device:chr_file rw_file_perms; 64# allow cameraserver nvram_device:blk_file rw_file_perms; 65# allow cameraserver bootdevice_block_device:blk_file rw_file_perms; 66 67# Date : WK14.36 68# Operation : Migration 69# Purpose : for SW codec VP/VR 70# allow cameraserver mtk_sched_device:chr_file rw_file_perms; 71 72# Date : WK14.38 73# Operation : Migration 74# Purpose : NVRam access 75# allow cameraserver block_device:dir { write search }; 76 77# Date : WK14.38 78# Operation : Migration 79# Purpose : FM driver access 80# allow cameraserver fm_device:chr_file rw_file_perms; 81 82# Data : WK14.38 83# Operation : Migration 84# Purpose : for VP/VR 85# allow cameraserver block_device:dir search; 86# allow cameraserver FM50AF_device:chr_file rw_file_perms; 87# allow cameraserver AD5820AF_device:chr_file rw_file_perms; 88# allow cameraserver DW9714AF_device:chr_file rw_file_perms; 89# allow cameraserver DW9814AF_device:chr_file rw_file_perms; 90# allow cameraserver AK7345AF_device:chr_file rw_file_perms; 91# allow cameraserver DW9714A_device:chr_file rw_file_perms; 92# allow cameraserver LC898122AF_device:chr_file rw_file_perms; 93# allow cameraserver LC898212AF_device:chr_file rw_file_perms; 94# allow cameraserver BU6429AF_device:chr_file rw_file_perms; 95# allow cameraserver DW9718AF_device:chr_file rw_file_perms; 96# allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms; 97# allow cameraserver MAINAF_device:chr_file rw_file_perms; 98# allow cameraserver MAIN2AF_device:chr_file rw_file_perms; 99# allow cameraserver SUBAF_device:chr_file rw_file_perms; 100 101# Data : WK14.38 102# Operation : Migration 103# Purpose : for boot animation. 104# allow cameraserver bootanim:binder { transfer call }; 105 106# allow cameraserver mtkbootanimation:binder { transfer call }; 107# Data : WK14.38 108# Operation : Migration 109# Purpose : dump for debug 110# allow cameraserver sdcard_type:file append; 111 112# Date : WK14.39 113# Operation : Migration 114# Purpose : FDVT Driver 115# allow cameraserver camera_fdvt_device:chr_file rw_file_perms; 116 117# Date : WK14.39 118# Operation : Migration 119# Purpose : APE PLAYBACK 120# binder_call(cameraserver, MtkCodecService) 121 122# Data : WK14.39 123# Operation : Migration 124# Purpose : HW encrypt SW codec 125# allow cameraserver sec_device:chr_file r_file_perms; 126 127# Date : WK14.40 128# Operation : Migration 129# Purpose : HDMI driver access 130allow cameraserver graphics_device:chr_file rw_file_perms; 131 132# Date : WK14.40 133# Operation : Migration 134# Purpose : Smartpa 135# allow cameraserver smartpa_device:chr_file rw_file_perms; 136 137# Date : WK14.40 138# Operation : Migration 139# Purpose : mtk_jpeg 140# allow cameraserver mtk_jpeg_device:chr_file r_file_perms; 141 142# Date : WK14.41 143# Operation : Migration 144# Purpose : WFD HID Driver 145# allow cameraserver uhid_device:chr_file rw_file_perms; 146 147# Date : WK14.41 148# Operation : Migration 149# Purpose : Camera EEPROM Calibration 150# allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms; 151# allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms; 152# allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms; 153 154# Date : WK14.43 155# Operation : Migration 156# Purpose : VOW 157# allow cameraserver vow_device:chr_file rw_file_perms; 158 159# Date: WK14.44 160# Operation : Migration 161# Purpose : EVDO 162# allow cameraserver rpc_socket:sock_file write; 163# allow cameraserver ttySDIO_device:chr_file rw_file_perms; 164 165# Data: WK14.44 166# Operation : Migration 167# Purpose : VP 168# allow cameraserver surfaceflinger:file getattr; 169 170# Data: WK14.44 171# Operation : Migration 172# Purpose : for low SD card latency issue 173# allow cameraserver sysfs_lowmemorykiller:file { read open }; 174 175# Date : WK14.46 176# Operation : Migration 177# Purpose : for MTK Emulator HW GPU 178# allow cameraserver qemu_pipe_device:chr_file rw_file_perms; 179 180# Date : WK14.46 181# Operation : Migration 182# Purpose : for camera init 183# allow cameraserver system_server:unix_stream_socket { read write }; 184 185# Data : WK14.46 186# Operation : Migration 187# Purpose : for SMS app 188# allow cameraserver radio_data_file:dir search; 189# allow cameraserver radio_data_file:file open; 190 191# Data : WK14.47 192# Operation : Launch camcorder from MMS 193# Purpose : Camcorder 194# allow cameraserver radio_data_file:file open; 195 196# Data : WK14.47 197# Operation : CTS 198# Purpose : cts search strange app 199# allow cameraserver untrusted_app:dir search; 200 201# Date : WK15.03 202# Operation : Migration 203# Purpose : offloadservice 204# allow cameraserver offloadservice_device:chr_file rw_file_perms; 205 206# Date : WK15.32 207# Operation : Pre-sanity 208# Purpose : 3A algorithm need to access sensor service 209# allow cameraserver sensorservice_service:service_manager find; 210 211# Date : WK15.35 212# Operation : Migration 213# Purpose: Allow cameraserver to read binder from surfaceflinger 214# allow cameraserver surfaceflinger:fifo_file {read write}; 215 216# Date : WK15.46 217# Operation : Migration 218# Purpose : DPE Driver 219# allow cameraserver camera_dpe_device:chr_file rw_file_perms; 220 221# Date : WK15.46 222# Operation : Migration 223# Purpose : TSF Driver 224# allow cameraserver camera_tsf_device:chr_file rw_file_perms; 225 226# Date : WK16.20 227# Operation : Migration 228# Purpose: research root dir "/" 229allow cameraserver tmpfs:dir search; 230 231# Date : WK16.21 232# Operation : Migration 233# Purpose : EGL file access 234allow cameraserver system_file:dir { read open }; 235allow cameraserver gpu_device:chr_file rw_file_perms; 236allow cameraserver gpu_device:dir search; 237 238# Date : WK16.32 239# Operation : Migration 240# Purpose : RSC Driver 241# allow cameraserver camera_rsc_device:chr_file rw_file_perms; 242 243# Date : WK16.33 244# Purpose: Allow to access ged for gralloc_extra functions 245allow cameraserver proc_ged:file rw_file_perms; 246allowxperm cameraserver proc_ged:file ioctl { proc_ged_ioctls }; 247 248# Date : WK16.33 249# Operation : Migration 250# Purpose : GEPF Driver 251# allow cameraserver camera_gepf_device:chr_file rw_file_perms; 252 253# Date : WK16.35 254# Operation : Migration 255# Purpose : Update camera flashlight driver device file 256# allow cameraserver flashlight_device:chr_file rw_file_perms; 257 258# Data : WK16.42 259# Operator: Whitney bring up 260# Purpose: call surfaceflinger due to powervr 261# allow cameraserver surfaceflinger:fifo_file rw_file_perms; 262 263# Date : WK16.43 264# Operation : Migration 265# Purpose : WPE Driver 266# allow cameraserver camera_wpe_device:chr_file rw_file_perms; 267 268# Date : WK16.49 269# Operation : label aee_aed sockets 270# Purpose : Engineering mode need access for aee commmand 271# userdebug_or_eng(` 272# allow cameraserver aee_aed:unix_stream_socket connectto; 273# ') 274 275# Date : WK17.19 276# Operation : Migration 277# Purpose : OWE Driver 278# allow cameraserver camera_owe_device:chr_file rw_file_perms; 279 280# Date : WK17.25 281# Operation : Migration 282allow cameraserver debugfs_ion:dir search; 283 284# Date : WK17.30 285# Operation : O Migration 286# Purpose: Allow to access cmdq driver 287# allow cameraserver mtk_cmdq_device:chr_file { read ioctl open }; 288 289# Date : WK17.44 290# Operation : Migration 291# Purpose : DIP Driver 292# allow cameraserver camera_dip_device:chr_file rw_file_perms; 293 294# Date : WK17.44 295# Operation : Migration 296# Purpose : MFB Driver 297# allow cameraserver camera_mfb_device:chr_file rw_file_perms; 298 299# Date : WK17.49 300# Operation : MT6771 SQC 301# Purpose: Allow permgr access 302allow cameraserver proc_perfmgr:dir {read search}; 303allow cameraserver proc_perfmgr:file r_file_perms; 304allowxperm cameraserver proc_perfmgr:file ioctl { 305 PERFMGR_FPSGO_QUEUE 306 PERFMGR_FPSGO_DEQUEUE 307 PERFMGR_FPSGO_QUEUE_CONNECT 308 PERFMGR_FPSGO_BQID 309}; 310 311