1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# Date : WK14.31 6# Operation : Migration 7# Purpose : camera devices access. 8allow mediaserver camera_isp_device:chr_file rw_file_perms; 9allow mediaserver ccu_device:chr_file rw_file_perms; 10allow mediaserver vpu_device:chr_file rw_file_perms; 11allow mediaserver kd_camera_hw_device:chr_file rw_file_perms; 12allow mediaserver seninf_device:chr_file rw_file_perms; 13allow mediaserver self:capability { setuid ipc_lock sys_nice }; 14allow mediaserver sysfs_wake_lock:file rw_file_perms; 15allow mediaserver MTK_SMI_device:chr_file r_file_perms; 16allow mediaserver camera_pipemgr_device:chr_file r_file_perms; 17allow mediaserver kd_camera_flashlight_device:chr_file rw_file_perms; 18allow mediaserver lens_device:chr_file rw_file_perms; 19 20# Date : WK14.32 21# Operation : Migration 22# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. 23allow mediaserver sdcard_type:dir { w_dir_perms create }; 24allow mediaserver sdcard_type:file create; 25allow mediaserver nvram_data_file:lnk_file read; 26allow mediaserver nvdata_file:lnk_file read; 27allow mediaserver sdcard_type:dir remove_name; 28allow mediaserver sdcard_type:file unlink; 29 30# Date : WK14.34 31# Operation : Migration 32# Purpose : nvram access (dumchar case for nand and legacy chip) 33allow mediaserver nvram_device:chr_file rw_file_perms; 34allow mediaserver self:capability { net_admin }; 35 36# Date : WK14.34 37# Operation : Migration 38# Purpose : VP/VR 39allow mediaserver devmap_device:chr_file { ioctl }; 40 41# Date : WK14.36 42# Operation : Migration 43# Purpose : media server and bt process communication for A2DP data.and other control flow 44allow mediaserver bluetooth:unix_dgram_socket sendto; 45allow mediaserver bt_a2dp_stream_socket:sock_file write; 46allow mediaserver bt_int_adp_socket:sock_file write; 47 48# Date : WK14.37 49# Operation : Migration 50# Purpose : camera ioctl 51allow mediaserver camera_sysram_device:chr_file r_file_perms; 52 53# Date : WK14.36 54# Operation : Migration 55# Purpose : VDEC/VENC device node 56allow mediaserver Vcodec_device:chr_file rw_file_perms; 57 58# Date : WK14.36 59# Operation : Migration 60# Purpose : access nvram, otp, ccci cdoec devices. 61allow mediaserver MtkCodecService:binder call; 62allow mediaserver ccci_device:chr_file rw_file_perms; 63allow mediaserver eemcs_device:chr_file rw_file_perms; 64allow mediaserver devmap_device:chr_file r_file_perms; 65allow mediaserver ebc_device:chr_file rw_file_perms; 66allow mediaserver nvram_device:blk_file rw_file_perms; 67allow mediaserver bootdevice_block_device:blk_file rw_file_perms; 68 69# Date : WK14.36 70# Operation : Migration 71# Purpose : for SW codec VP/VR 72allow mediaserver mtk_sched_device:chr_file rw_file_perms; 73 74# Date : WK14.38 75# Operation : Migration 76# Purpose : NVRam access 77allow mediaserver block_device:dir { write search }; 78 79# Date : WK14.38 80# Operation : Migration 81# Purpose : FM driver access 82allow mediaserver fm_device:chr_file rw_file_perms; 83 84# Data : WK14.38 85# Operation : Migration 86# Purpose : for VP/VR 87allow mediaserver block_device:dir search; 88allow mediaserver FM50AF_device:chr_file rw_file_perms; 89allow mediaserver AD5820AF_device:chr_file rw_file_perms; 90allow mediaserver DW9714AF_device:chr_file rw_file_perms; 91allow mediaserver DW9814AF_device:chr_file rw_file_perms; 92allow mediaserver AK7345AF_device:chr_file rw_file_perms; 93allow mediaserver DW9714A_device:chr_file rw_file_perms; 94allow mediaserver LC898122AF_device:chr_file rw_file_perms; 95allow mediaserver LC898212AF_device:chr_file rw_file_perms; 96allow mediaserver BU6429AF_device:chr_file rw_file_perms; 97allow mediaserver DW9718AF_device:chr_file rw_file_perms; 98allow mediaserver BU64745GWZAF_device:chr_file rw_file_perms; 99allow mediaserver MAINAF_device:chr_file rw_file_perms; 100allow mediaserver MAIN2AF_device:chr_file rw_file_perms; 101allow mediaserver MAIN3AF_device:chr_file rw_file_perms; 102allow mediaserver MAIN4AF_device:chr_file rw_file_perms; 103allow mediaserver SUBAF_device:chr_file rw_file_perms; 104allow mediaserver SUB2AF_device:chr_file rw_file_perms; 105 106 107# Data : WK14.38 108# Operation : Migration 109# Purpose : for boot animation. 110allow mediaserver bootanim:binder { transfer call }; 111 112allow mediaserver mtkbootanimation:binder { transfer call }; 113 114# Data : WK14.38 115# Operation : Migration 116# Purpose : dump for debug 117allow mediaserver sdcard_type:file append; 118 119# Date : WK14.39 120# Operation : Migration 121# Purpose : FDVT Driver 122allow mediaserver camera_fdvt_device:chr_file rw_file_perms; 123 124# Date : WK14.39 125# Operation : Migration 126# Purpose : APE PLAYBACK 127binder_call(mediaserver,MtkCodecService) 128 129# Date : WK14.40 130# Operation : Migration 131# Purpose : HDMI driver access 132allow mediaserver graphics_device:chr_file rw_file_perms; 133 134# Date : WK14.40 135# Operation : Migration 136# Purpose : Smartpa 137allow mediaserver smartpa_device:chr_file rw_file_perms; 138 139# Data : WK14.40 140# Operation : Migration 141# Purpose : permit 'call' by audio tunning tool audiocmdservice_atci 142allow mediaserver audiocmdservice_atci:binder call; 143binder_call(mediaserver,audiocmdservice_atci) 144 145# Date : WK14.40 146# Operation : Migration 147# Purpose : mtk_jpeg 148allow mediaserver mtk_jpeg_device:chr_file r_file_perms; 149 150# Date : WK14.41 151# Operation : Migration 152# Purpose : WFD HID Driver 153allow mediaserver uhid_device:chr_file rw_file_perms; 154 155# Date : WK14.41 156# Operation : Migration 157# Purpose : Camera EEPROM Calibration 158allow mediaserver CAM_CAL_DRV_device:chr_file rw_file_perms; 159allow mediaserver CAM_CAL_DRV1_device:chr_file rw_file_perms; 160allow mediaserver CAM_CAL_DRV2_device:chr_file rw_file_perms; 161allow mediaserver camera_eeprom_device:chr_file rw_file_perms; 162 163# Date : WK14.43 164# Operation : Migration 165# Purpose : VOW 166allow mediaserver vow_device:chr_file rw_file_perms; 167 168# Date: WK14.44 169# Operation : Migration 170# Purpose : EVDO 171allow mediaserver rpc_socket:sock_file write; 172allow mediaserver ttySDIO_device:chr_file rw_file_perms; 173 174# Data: WK14.44 175# Operation : Migration 176# Purpose : VP 177allow mediaserver surfaceflinger:file getattr; 178 179# Data: WK14.44 180# Operation : Migration 181# Purpose : for low SD card latency issue 182allow mediaserver sysfs_lowmemorykiller:file { read open }; 183 184# Data: WK14.45 185# Operation : Migration 186# Purpose : for change thermal policy when needed 187allow mediaserver proc_mtkcooler:dir search; 188allow mediaserver proc_mtktz:dir search; 189allow mediaserver proc_thermal:dir search; 190 191# Date : WK14.46 192# Operation : Migration 193# Purpose : for MTK Emulator HW GPU 194allow mediaserver qemu_pipe_device:chr_file rw_file_perms; 195 196# Date : WK14.46 197# Operation : Migration 198# Purpose : for camera init 199allow mediaserver system_server:unix_stream_socket { read write }; 200 201# Data : WK14.46 202# Operation : Migration 203# Purpose : for SMS app 204allow mediaserver radio_data_file:dir search; 205allow mediaserver radio_data_file:file open; 206 207# Data : WK14.47 208# Operation : Audio playback 209# Purpose : Music as ringtone 210allow mediaserver radio:dir { search read }; 211allow mediaserver radio:file r_file_perms; 212 213# Data : WK14.47 214# Operation : Launch camcorder from MMS 215# Purpose : Camcorder 216allow mediaserver radio_data_file:file open; 217 218# Data : WK14.47 219# Operation : CTS 220# Purpose : cts search strange app 221allow mediaserver untrusted_app:dir search; 222 223# Date : WK15.03 224# Operation : Migration 225# Purpose : offloadservice 226allow mediaserver offloadservice_device:chr_file rw_file_perms; 227 228# Date : WK15.32 229# Operation : Pre-sanity 230# Purpose : 3A algorithm need to access sensor service 231allow mediaserver sensorservice_service:service_manager find; 232 233# Date : WK15.34 234# Operation : Migration 235# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump 236allow mediaserver storage_file:lnk_file {read write}; 237allow mediaserver mnt_user_file:dir {write read search}; 238allow mediaserver mnt_user_file:lnk_file {read write}; 239 240# Date : WK15.35 241# Operation : Migration 242# Purpose: Allow mediaserver to read binder from surfaceflinger 243allow mediaserver surfaceflinger:fifo_file {read write}; 244 245# Date : WK15.46 246# Operation : Migration 247# Purpose : DPE Driver 248allow mediaserver camera_dpe_device:chr_file rw_file_perms; 249 250# Date : WK15.46 251# Operation : Migration 252# Purpose : TSF Driver 253allow mediaserver camera_tsf_device:chr_file rw_file_perms; 254 255# Date : WK16.32 256# Operation : N Migration 257# Purpose : RSC Driver 258allow mediaserver camera_rsc_device:chr_file rw_file_perms; 259 260# Date : WK16.33 261# Purpose: Allow to access ged for gralloc_extra functions 262allow mediaserver proc_ged:file rw_file_perms; 263allowxperm mediaserver proc_ged:file ioctl { proc_ged_ioctls }; 264 265# Date : WK16.33 266# Operation : N Migration 267# Purpose : GEPF Driver 268allow mediaserver camera_gepf_device:chr_file rw_file_perms; 269 270# Date : WK16.35 271# Operation : Migration 272# Purpose : Update camera flashlight driver device file 273allow mediaserver flashlight_device:chr_file rw_file_perms; 274 275# Data : WK16.42 276# Operator: Whitney bring up 277# Purpose: call surfaceflinger due to powervr 278allow dumpstate surfaceflinger:fifo_file rw_file_perms; 279 280# Date : WK16.43 281# Operation : N Migration 282# Purpose : WPE Driver 283allow mediaserver camera_wpe_device:chr_file rw_file_perms; 284allow mediaserver gpu_device:dir search; 285allow mediaserver sw_sync_device:chr_file rw_file_perms; 286 287# Date : WK17.19 288# Operation : N Migration 289# Purpose : OWE Driver 290allow mediaserver camera_owe_device:chr_file rw_file_perms; 291 292# Date : WK17.30 293# Operation : O Migration 294# Purpose: Allow to access cmdq driver 295allow mediaserver mtk_cmdq_device:chr_file r_file_perms; 296allow mediaserver mtk_mdp_device:chr_file r_file_perms; 297allow mediaserver mtk_mdp_sync:chr_file r_file_perms; 298 299# Date : WK17.43 300# Operation : Migration 301# Purpose : DISP access 302allow mediaserver graphics_device:chr_file { ioctl open read }; 303allow mediaserver graphics_device:dir search; 304 305# Date : WK17.44 306# Operation : Migration 307# Purpose : DIP Driver 308allow mediaserver camera_dip_device:chr_file rw_file_perms; 309 310# Date : WK17.44 311# Operation : Migration 312# Purpose : MFB Driver 313allow mediaserver camera_mfb_device:chr_file rw_file_perms; 314 315# Date : WK17.49 316# Operation : MT6771 SQC 317# Purpose : Allow permgr access 318allow mediaserver proc_perfmgr:dir {read search}; 319allow mediaserver proc_perfmgr:file r_file_perms; 320allowxperm mediaserver proc_perfmgr:file ioctl { 321 PERFMGR_FPSGO_DEQUEUE 322 PERFMGR_FPSGO_QUEUE_CONNECT 323 PERFMGR_FPSGO_QUEUE 324 PERFMGR_FPSGO_BQID 325}; 326 327# Date : WK18.18 328# Operation : Migration 329# Purpose : wifidisplay hdcp 330# DRM Key Manage HIDL 331allow mediaserver mtk_hal_keymanage:binder call; 332# Purpose : Allow mediadrmserver to call vendor.mediatek.hardware.keymanage@1.0-service. 333hal_client_domain(mediaserver , hal_keymaster) 334allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find; 335