Android_Device_Mediatek_Sep.../bsp/non_plat/mediacodec.te

# ==============================================
# Common SEPolicy Rule
# ==============================================

# Data : WK16.25
# Operation : Camera display client
# Purpose : for SVP secure memory allocation
allow mediacodec proc_secmem:file rw_file_perms;

# Date : WK16.25
# Operation : WVL1 IT
# Purpose : SVP module operates secmem driver
allow mediacodec mobicore_data_file:file { read open getattr};
allow mediacodec mobicore_user_device:chr_file rw_file_perms;
allow mediacodec mobicore:unix_stream_socket connectto;
allow mediacodec mobicore_data_file:dir search;
allow mediacodec persist_data_file:file { read getattr open };
allow mediacodec persist_data_file:dir search;

# Date : WK16.28
# Operation : video codec driver
# Purpose : for performance profiling and timing issue tracking during video playback
allow mediacodec debugfs_fb:dir search;

# Date : WK16.29
# Operation : Migration
# Purpose : Add permission for gpu access
allow mediacodec dri_device:chr_file rw_file_perms;

# Date : WK16.50
# Operation : video codec driver
# Purpose : Add permission for thermal function access
allow mediacodec proc_mtktz:dir search;
allow mediacodec proc_mtktz:file r_file_perms;

# Date : WK17.23
# Stage: O Migration, SQC
# Purpose: Allow to use HAL PQ
hal_client_domain(mediacodec, hal_mtk_pq)

# Date : WK17.23
# Stage: O Migration, SQC
# Purpose: Allow to use shared memory for HAL PQ
hal_client_domain(mediacodec, hal_allocator)

# Date : WK17.31
# Stage: O Migration, SQC
# Purpose: Allow to use ape decoder
hal_client_domain(mediacodec, hal_mtk_codecservice)

# Date : WK18.46
# Operation : WVL1 IT for TEEI
# Purpose : SVP module operates TEEI
hal_client_domain(mediacodec, hal_teei_capi)
allow mediacodec teei_client_device:chr_file rw_file_perms;

# Date : WK19.44
# Purpose: Android Migration for D2+ Encoder
allow mediacodec proc_chip:dir r_dir_perms;
allow mediacodec proc_chip:file r_file_perms;

# Date : WK19.45
# Operation : WFD
# Purpose : Allow set property to notify HWC secure venc enabled
set_prop(mediacodec, vendor_mtk_secure_venc_prop)

# Date : WK20.22
# Operation : VDEC debug
# Purpose : allow vdec can dump file to storage
allow mediacodec vcodec_file:dir create_dir_perms;
allow mediacodec vcodec_file:file create_file_perms;

# Date : WK20.40
# Operation : WFD
# Purpose : Allow set property to notify HWC wfd enabled
set_prop(mediacodec, vendor_mtk_wfd_enable_prop)

#allow get mtk_sec_video_path_support
get_prop(mediacodec, vendor_mtk_sec_video_path_support_prop)
mtk-sepolicy: Initial SEPolicy rules 2022-08-14 15:07:12 +02:00			`# ==============================================`
			`# Common SEPolicy Rule`
			`# ==============================================`

			`# Data : WK16.25`
			`# Operation : Camera display client`
			`# Purpose : for SVP secure memory allocation`
			`allow mediacodec proc_secmem:file rw_file_perms;`

			`# Date : WK16.25`
			`# Operation : WVL1 IT`
			`# Purpose : SVP module operates secmem driver`
			`allow mediacodec mobicore_data_file:file { read open getattr};`
			`allow mediacodec mobicore_user_device:chr_file rw_file_perms;`
			`allow mediacodec mobicore:unix_stream_socket connectto;`
			`allow mediacodec mobicore_data_file:dir search;`
			`allow mediacodec persist_data_file:file { read getattr open };`
			`allow mediacodec persist_data_file:dir search;`

			`# Date : WK16.28`
			`# Operation : video codec driver`
			`# Purpose : for performance profiling and timing issue tracking during video playback`
			`allow mediacodec debugfs_fb:dir search;`

			`# Date : WK16.29`
			`# Operation : Migration`
			`# Purpose : Add permission for gpu access`
			`allow mediacodec dri_device:chr_file rw_file_perms;`

			`# Date : WK16.50`
			`# Operation : video codec driver`
			`# Purpose : Add permission for thermal function access`
			`allow mediacodec proc_mtktz:dir search;`
			`allow mediacodec proc_mtktz:file r_file_perms;`

			`# Date : WK17.23`
			`# Stage: O Migration, SQC`
			`# Purpose: Allow to use HAL PQ`
			`hal_client_domain(mediacodec, hal_mtk_pq)`

			`# Date : WK17.23`
			`# Stage: O Migration, SQC`
			`# Purpose: Allow to use shared memory for HAL PQ`
			`hal_client_domain(mediacodec, hal_allocator)`

			`# Date : WK17.31`
			`# Stage: O Migration, SQC`
			`# Purpose: Allow to use ape decoder`
			`hal_client_domain(mediacodec, hal_mtk_codecservice)`

			`# Date : WK18.46`
			`# Operation : WVL1 IT for TEEI`
			`# Purpose : SVP module operates TEEI`
			`hal_client_domain(mediacodec, hal_teei_capi)`
			`allow mediacodec teei_client_device:chr_file rw_file_perms;`

			`# Date : WK19.44`
			`# Purpose: Android Migration for D2+ Encoder`
			`allow mediacodec proc_chip:dir r_dir_perms;`
			`allow mediacodec proc_chip:file r_file_perms;`

			`# Date : WK19.45`
			`# Operation : WFD`
			`# Purpose : Allow set property to notify HWC secure venc enabled`
			`set_prop(mediacodec, vendor_mtk_secure_venc_prop)`

			`# Date : WK20.22`
			`# Operation : VDEC debug`
			`# Purpose : allow vdec can dump file to storage`
			`allow mediacodec vcodec_file:dir create_dir_perms;`
			`allow mediacodec vcodec_file:file create_file_perms;`

			`# Date : WK20.40`
			`# Operation : WFD`
			`# Purpose : Allow set property to notify HWC wfd enabled`
			`set_prop(mediacodec, vendor_mtk_wfd_enable_prop)`

			`#allow get mtk_sec_video_path_support`
			`get_prop(mediacodec, vendor_mtk_sec_video_path_support_prop)`