90 lines
3.1 KiB
Plaintext
90 lines
3.1 KiB
Plaintext
|
# ==============================================
|
||
|
|
# Policy File of /vendor/bin/meta_tst Executable File
|
||
|
|
|
||
|
|
# ==============================================
|
||
|
|
# Common SEPolicy Rule
|
||
|
|
# ==============================================
|
||
|
|
|
||
|
|
# Date : 2016/06/01
|
||
|
|
# Operation: TEEI integration
|
||
|
|
# Purpose: Microtrust service
|
||
|
|
allow meta_tst init_thh_service_exec:file rx_file_perms;
|
||
|
|
allow meta_tst teei_data_file:dir create_dir_perms;
|
||
|
|
allow meta_tst teei_data_file:file create_file_perms;
|
||
|
|
allow meta_tst teei_client_device:chr_file { create setattr unlink rw_file_perms };
|
||
|
|
set_prop(meta_tst, vendor_mtk_soter_teei_prop)
|
||
|
|
hal_client_domain(meta_tst, hal_teei_thh)
|
||
|
|
allow meta_tst tee_device:chr_file rw_file_perms;
|
||
|
|
|
||
|
|
allow meta_tst camera_fdvt_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst camera_owe_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst camera_wpe_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst camera_gepf_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst camera_rsc_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst camera_tsf_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst camera_isp_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst ccu_device:chr_file rw_file_perms;
|
||
|
|
allow meta_tst vpu_device:chr_file rw_file_perms;
|
||
|
|
|
||
|
|
# Data: W17.27
|
||
|
|
# DRM Key Installation HIDL
|
||
|
|
allow meta_tst mtk_hal_keyinstall:binder call;
|
||
|
|
|
||
|
|
# Date: W17.27
|
||
|
|
# Purpose : Allow meta_tst to call vendor.mediatek.hardware.keyinstall@1.0-service.
|
||
|
|
hal_client_domain(meta_tst, hal_keymaster)
|
||
|
|
|
||
|
|
# Date: W17.46
|
||
|
|
allow meta_tst dm_device:blk_file rw_file_perms;
|
||
|
|
allow meta_tst devpts:chr_file rw_file_perms;
|
||
|
|
allow meta_tst kmsg_device:chr_file w_file_perms;
|
||
|
|
allow meta_tst sysfs_fs_ext4_features:dir search;
|
||
|
|
allow meta_tst sysfs_fs_ext4_features:file read;
|
||
|
|
allow meta_tst vendor_block_device:blk_file getattr;
|
||
|
|
allow meta_tst protect1_block_device:blk_file getattr;
|
||
|
|
allow meta_tst protect2_block_device:blk_file getattr;
|
||
|
|
|
||
|
|
# Date: W17.48
|
||
|
|
# Purpose : meta connect with ATCI by socket.
|
||
|
|
set_prop(meta_tst, vendor_mtk_persist_service_atci_prop)
|
||
|
|
allow meta_tst atcid:unix_stream_socket connectto;
|
||
|
|
|
||
|
|
# Purpose: TrustKernel Service
|
||
|
|
allow meta_tst tkcore_admin_device:chr_file { read write open ioctl };
|
||
|
|
allow meta_tst sdcardfs:dir create_dir_perms;
|
||
|
|
allow meta_tst sdcardfs:file create_file_perms;
|
||
|
|
|
||
|
|
# Data: W18.01
|
||
|
|
#tablet DRM Key Manager HIDL
|
||
|
|
allow meta_tst mtk_hal_keymanage:binder call;
|
||
|
|
|
||
|
|
# lite version start
|
||
|
|
allow meta_tst init_thh_service_exec:file { execute_no_trans };
|
||
|
|
# lite version end
|
||
|
|
|
||
|
|
# Date: W18.32
|
||
|
|
# Purpose: DRM key install
|
||
|
|
allow meta_tst mobicore_user_device:chr_file rw_file_perms;
|
||
|
|
|
||
|
|
# Data: W19.18
|
||
|
|
# Operation: Android Q migration
|
||
|
|
# Purpose : meta set atci property
|
||
|
|
set_prop(meta_tst, vendor_mtk_atci_sys_prop)
|
||
|
|
allow meta_tst adb_atci_socket:sock_file write;
|
||
|
|
|
||
|
|
# Date: WK20.13
|
||
|
|
# Operation : Migration
|
||
|
|
# Purpose : HDCP
|
||
|
|
allow meta_tst persist_data_file:dir create_dir_perms;
|
||
|
|
allow meta_tst persist_data_file:file create_file_perms;
|
||
|
|
allow meta_tst mobicore_vendor_file:file lock;
|
||
|
|
allow meta_tst self:capability chown;
|
||
|
|
|
||
|
|
hal_client_domain(meta_tst, hal_teei_capi)
|
||
|
|
hal_client_domain(meta_tst, hal_allocator)
|
||
|
|
|
||
|
|
# Date : WK20.51
|
||
|
|
# Purpose: Allow meta connect to sysfs_pmu
|
||
|
|
allow meta_tst sysfs_pmu:dir search;
|
||
|
|
allow meta_tst sysfs_pmu:file rw_file_perms;
|