149 lines
4.1 KiB
Plaintext
149 lines
4.1 KiB
Plaintext
|
# ==============================================
|
||
|
|
# Common SEPolicy Rule
|
||
|
|
# ==============================================
|
||
|
|
|
||
|
|
# Date: WK14.43
|
||
|
|
# Operation : Migration
|
||
|
|
# Purpose : for bring up
|
||
|
|
allow system_server sf_rtt_file:dir { relabelto r_dir_perms };
|
||
|
|
|
||
|
|
# Date: WK14.47
|
||
|
|
# Operation : MTBF
|
||
|
|
# Purpose : for debug
|
||
|
|
allow system_server sf_rtt_file:file r_file_perms;
|
||
|
|
|
||
|
|
# Date: WK14.47
|
||
|
|
# Operation : Sanity
|
||
|
|
# Purpose : for /proc/secmem (TEE enable)
|
||
|
|
allow system_server proc_secmem:file rw_file_perms;
|
||
|
|
|
||
|
|
# Date: WK16.30
|
||
|
|
# Operation : Migration
|
||
|
|
# Purpose : for system_server operate /dev/RT_Monitor when enable hang detect
|
||
|
|
allow system_server RT_Monitor_device:chr_file r_file_perms;
|
||
|
|
|
||
|
|
# Date : WK15.24
|
||
|
|
# Operation: TEEI integration
|
||
|
|
# Purpose: access for fp device
|
||
|
|
allow system_server teei_fp_device:chr_file rw_file_perms;
|
||
|
|
allow system_server teei_client_device:chr_file r_file_perms;
|
||
|
|
|
||
|
|
# Date : 2016/07/11
|
||
|
|
# Operation : Migration
|
||
|
|
# Purpose : Add permission for gpu access
|
||
|
|
allow system_server dri_device:chr_file rw_file_perms;
|
||
|
|
|
||
|
|
# Date : W17.24
|
||
|
|
# Purpose: Allow to use HAL PQ
|
||
|
|
hal_client_domain(system_server, hal_mtk_pq)
|
||
|
|
|
||
|
|
# Date : W17.31
|
||
|
|
# Purpose: Allow to use Ape swip decoder
|
||
|
|
hal_client_domain(system_server, hal_mtk_codecservice)
|
||
|
|
|
||
|
|
# Date:W17.33
|
||
|
|
# Operation : camera hal developing
|
||
|
|
# Purpose : camera hal binder_call permission
|
||
|
|
binder_call(system_server, mtk_hal_camera)
|
||
|
|
|
||
|
|
# Date:W17.36
|
||
|
|
# Operation : Migration
|
||
|
|
# Purpose : Allow to send signal
|
||
|
|
allow system_server netd:process signal;
|
||
|
|
|
||
|
|
# Date:W17.07
|
||
|
|
# Operation : dfps hal
|
||
|
|
# Purpose : dfps hal interface permission
|
||
|
|
hal_client_domain(system_server, hal_dfps)
|
||
|
|
|
||
|
|
allow system_server audioserver:file w_file_perms;
|
||
|
|
|
||
|
|
# Date : 2018/03/06
|
||
|
|
# Purpose : Add mtk_hal_netdagent_hwservice for EM firewall usage
|
||
|
|
allow system_server mtk_hal_netdagent_hwservice:hwservice_manager find;
|
||
|
|
allow system_server netdagent:binder call;
|
||
|
|
|
||
|
|
# Date : W18.20
|
||
|
|
# Operation : Migration
|
||
|
|
# Purpose : for mobicore (Trustonic TEE)
|
||
|
|
allow system_server mobicore_vendor_file:dir r_file_perms;
|
||
|
|
|
||
|
|
# Date : 6/20/2018
|
||
|
|
# Operation : MTK fm hal migration
|
||
|
|
# Purpose : MTK fm hal interface permission
|
||
|
|
hal_client_domain(system_server, hal_mtk_fm)
|
||
|
|
|
||
|
|
# Date : W19.12
|
||
|
|
# Operation : For DuraSpeed Migration
|
||
|
|
allow system_server proc_cpu_loading:file rw_file_perms;
|
||
|
|
userdebug_or_eng(`
|
||
|
|
allow system_server debugfs_tracing_debug:file r_file_perms;
|
||
|
|
')
|
||
|
|
allow system_server proc_low_memory_hit:file rw_file_perms;
|
||
|
|
allow system_server duraspeed_data_file:dir create_dir_perms;
|
||
|
|
allow system_server duraspeed_data_file:file create_file_perms;
|
||
|
|
|
||
|
|
# Date : WK18.36
|
||
|
|
# Operation : omadm hidl
|
||
|
|
# Purpose : hidl interface permission
|
||
|
|
hal_client_domain(system_server, hal_mtk_omadm)
|
||
|
|
|
||
|
|
# Date : WK19.29
|
||
|
|
# Operation : nwk_opt hal
|
||
|
|
# Purpose : nwk_opt hal permission
|
||
|
|
hal_client_domain(system_server, hal_nwk_opt)
|
||
|
|
|
||
|
|
# Date:2020/08/07
|
||
|
|
# Operation:R Migration
|
||
|
|
userdebug_or_eng(` allow system_server md_monitor:process signal; ')
|
||
|
|
|
||
|
|
# Date:2020/08/26
|
||
|
|
# Operation:kill hal_drm_widevine permission when ANR happened
|
||
|
|
allow system_server hal_drm_widevine:process signal;
|
||
|
|
|
||
|
|
# Date:2020/09/03
|
||
|
|
# Operation:R Migration
|
||
|
|
allow system_server proc_ion:dir search;
|
||
|
|
|
||
|
|
# Date:2020/09/07
|
||
|
|
# Operation:R Migration
|
||
|
|
allow system_server proc_m4u_dbg:dir search;
|
||
|
|
|
||
|
|
# Date:2020/09/08
|
||
|
|
# Operation:R Migration
|
||
|
|
allow system_server proc_displowpower:dir search;
|
||
|
|
allow system_server proc_freqhopping:file getattr;
|
||
|
|
|
||
|
|
# Date:2020/09/11
|
||
|
|
# Operation:R Migration
|
||
|
|
allow system_server proc_freqhopping:dir search;
|
||
|
|
|
||
|
|
# Date:2020/09/18
|
||
|
|
# Operation:R Migration
|
||
|
|
allow system_server procfs_gpu_img:dir { search getattr };
|
||
|
|
|
||
|
|
# Date:2020/09/30
|
||
|
|
# Operation:R Migration
|
||
|
|
allow system_server procfs_gpu_img:file getattr;
|
||
|
|
|
||
|
|
# Read/Write /proc/pressure/cpu
|
||
|
|
allow system_server proc_pressure_cpu:file rw_file_perms;
|
||
|
|
|
||
|
|
# Search /proc/usb/plat
|
||
|
|
allow system_server proc_usb_plat:dir search;
|
||
|
|
|
||
|
|
# Search /proc/gpufreqv2
|
||
|
|
allow system_server proc_gpufreqv2:dir search;
|
||
|
|
|
||
|
|
# Search /proc/mtkfb
|
||
|
|
allow system_server proc_mtkfb:dir search;
|
||
|
|
|
||
|
|
# Search /proc/stat
|
||
|
|
allow system_server proc_stat:dir search;
|
||
|
|
|
||
|
|
# Date: 2021/08/10
|
||
|
|
# Operation: S Migration
|
||
|
|
# Purpose: InputReader read files under power_supply to detect battery device
|
||
|
|
allow system_server sysfs_power_supply:dir {r_dir_perms};
|
||
|
|
allow system_server sysfs_power_supply:file r_file_perms;
|