Compare commits
43 Commits
lineage-20
...
lineage-21
| Author | SHA1 | Date | |
|---|---|---|---|
|
d2d073ce17 | ||
|
18632d849e | ||
|
c148d3271a | ||
|
|
850b3d36fd | ||
|
|
d6e1e340cc | ||
|
|
b2b0b1bb8f | ||
|
1263da2195 | ||
|
|
d22a2ab888 | ||
|
ab2549b89a | ||
|
40ea9e1bf7 | ||
|
|
4098d11dc5 | ||
|
|
02bdb90a6e | ||
|
66e32b32e1 | ||
|
|
508c45b356 | ||
|
|
6d2525868e | ||
|
|
ff24786f5a | ||
|
|
532b60ca02 | ||
|
|
6de1ec34cc | ||
|
|
c420b9b98e | ||
|
|
a55780d6aa | ||
|
461b31145f | ||
|
|
88ca19b34a | ||
|
|
c5509c7506 | ||
|
|
2864204ce0 | ||
|
a58d7459e5 | ||
|
|
d0ef16e8db | ||
|
|
f3e97c194d | ||
|
|
fd99152e17 | ||
|
|
011d637e43 | ||
|
|
1313d51047 | ||
|
|
a75fe8033b | ||
|
|
5deeb70766 | ||
|
|
572ec1ab71 | ||
|
246b7d6cbf | ||
|
|
9817fe434d | ||
|
|
0f211dd090 | ||
|
c322485915 | ||
|
|
526d1f2d0e | ||
|
|
63f03be658 | ||
|
|
d73d1700e3 | ||
|
|
e4dbda893d | ||
|
|
16d912d4b2 | ||
|
|
7d3ebfc10b |
@ -1,12 +1,17 @@
|
||||
# Board specific SELinux policy variable definitions
|
||||
MTK_SEPOLICY_PATH := device/mediatek/sepolicy_vndr
|
||||
|
||||
ifeq ($(BOARD_MTK_SEPOLICY_IS_LEGACY), true)
|
||||
# Build with broken namespaces
|
||||
# Userspace blobs are still dependent older props that
|
||||
# do not pass the VTS test cases.
|
||||
BUILD_BROKEN_VENDOR_PROPERTY_NAMESPACE := true
|
||||
|
||||
BOARD_SEPOLICY_DIRS += \
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += \
|
||||
$(MTK_SEPOLICY_PATH)/legacy/non_plat
|
||||
endif
|
||||
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += \
|
||||
$(MTK_SEPOLICY_PATH)/basic/non_plat \
|
||||
$(MTK_SEPOLICY_PATH)/basic/debug/non_plat \
|
||||
$(MTK_SEPOLICY_PATH)/bsp/non_plat \
|
||||
|
||||
@ -13,7 +13,7 @@ allow mobile_log_d kernel:system syslog_mod;
|
||||
|
||||
#GMO project
|
||||
dontaudit mobile_log_d untrusted_app:fd use;
|
||||
dontaudit mobile_log_d isolated_app:fd use;
|
||||
dontaudit mobile_log_d isolated_app_all:fd use;
|
||||
|
||||
#debug property set
|
||||
set_prop(mobile_log_d, debug_prop)
|
||||
|
||||
@ -34,7 +34,7 @@ allowxperm appdomain proc_perfmgr:file ioctl {
|
||||
# Date : W19.23
|
||||
# Operation : Migration
|
||||
# Purpose : For platform app com.android.gallery3d
|
||||
allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;
|
||||
allow { appdomain -isolated_app_all } radio_data_file:file rw_file_perms;
|
||||
|
||||
# Date : W19.23
|
||||
# Operation : Migration
|
||||
@ -43,12 +43,12 @@ allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;
|
||||
|
||||
# Date : W20.26
|
||||
# Operation : Migration
|
||||
# Purpose : For apps other than isolated_app call hidl
|
||||
hwbinder_use({ appdomain -isolated_app })
|
||||
get_prop({ appdomain -isolated_app }, hwservicemanager_prop)
|
||||
allow { appdomain -isolated_app } hidl_manager_hwservice:hwservice_manager find;
|
||||
binder_call({ appdomain -isolated_app }, mtk_safe_halserverdomain_type)
|
||||
allow { appdomain -isolated_app } mtk_safe_hwservice_manager_type:hwservice_manager find;
|
||||
# Purpose : For apps other than isolated_app_all call hidl
|
||||
hwbinder_use({ appdomain -isolated_app_all })
|
||||
get_prop({ appdomain -isolated_app_all }, hwservicemanager_prop)
|
||||
allow { appdomain -isolated_app_all } hidl_manager_hwservice:hwservice_manager find;
|
||||
binder_call({ appdomain -isolated_app_all }, mtk_safe_halserverdomain_type)
|
||||
allow { appdomain -isolated_app_all } mtk_safe_hwservice_manager_type:hwservice_manager find;
|
||||
|
||||
# Date : 2021/04/24
|
||||
# Operation: addwindow
|
||||
|
||||
@ -21,7 +21,7 @@ allow audiocmdservice_atci bootdevice_block_device:blk_file rw_file_perms;
|
||||
|
||||
# can route /dev/binder traffic to /dev/vndbinder
|
||||
vndbinder_use(audiocmdservice_atci)
|
||||
binder_call(audiocmdservice_atci, mtk_hal_audio)
|
||||
binder_call(audiocmdservice_atci, hal_audio_default)
|
||||
|
||||
hal_client_domain(audiocmdservice_atci, hal_audio)
|
||||
|
||||
|
||||
@ -236,7 +236,6 @@ type bootdevice_block_device, dev_type;
|
||||
type odm_block_device, dev_type;
|
||||
type oem_block_device, dev_type;
|
||||
type vendor_block_device, dev_type;
|
||||
type dtbo_block_device, dev_type;
|
||||
type loader_ext_block_device, dev_type;
|
||||
type spm_device, dev_type;
|
||||
type persist_block_device, dev_type;
|
||||
|
||||
@ -11,7 +11,7 @@ get_prop(domain, mtk_core_property_type)
|
||||
# as it is a public interface for all processes to read some OTP data.
|
||||
allow {
|
||||
domain
|
||||
-isolated_app
|
||||
-isolated_app_all
|
||||
} sysfs_devinfo:file r_file_perms;
|
||||
|
||||
# Date : W18.45
|
||||
@ -19,5 +19,5 @@ allow {
|
||||
# Purpose : drvb need dgb2 permission
|
||||
allow {
|
||||
domain
|
||||
-isolated_app
|
||||
-isolated_app_all
|
||||
} sysfs_gpu_mtk:file r_file_perms;
|
||||
|
||||
@ -43,6 +43,8 @@ type proc_gpu_memory, fs_type, proc_type;
|
||||
type proc_mtk_es_reg_dump, fs_type, proc_type;
|
||||
type proc_ccci_dump, fs_type, proc_type;
|
||||
type proc_log_much, fs_type, proc_type;
|
||||
type proc_vm_dirty, fs_type, proc_type;
|
||||
type proc_irq, fs_type, proc_type;
|
||||
|
||||
#For icusb
|
||||
type proc_icusb, fs_type, proc_type;
|
||||
@ -183,6 +185,7 @@ type sysfs_vcore_debug, fs_type, sysfs_type;
|
||||
type sysfs_systracker, fs_type, sysfs_type;
|
||||
type sysfs_keypad_file, fs_type, sysfs_type;
|
||||
type sysfs_vcp, fs_type, sysfs_type;
|
||||
type sysfs_irq, fs_type, sysfs_type;
|
||||
|
||||
# apusys_queue sysfs file
|
||||
type sysfs_apusys_queue, fs_type, sysfs_type;
|
||||
@ -384,9 +387,6 @@ type iso9660, fs_type;
|
||||
# rawfs for /protect_f on NAND projects
|
||||
type rawfs, fs_type, mlstrustedobject;
|
||||
|
||||
#fuse
|
||||
type fuseblk, sdcard_type, fs_type, mlstrustedobject;
|
||||
|
||||
##########################
|
||||
# File types
|
||||
#
|
||||
@ -481,6 +481,9 @@ type thermal_manager_data_file, file_type, data_file_type;
|
||||
# thermal core config file
|
||||
type thermal_core_data_file, file_type, data_file_type;
|
||||
|
||||
# Thermal link device
|
||||
type thermal_link_device, dev_type;
|
||||
|
||||
#autokd data file
|
||||
type autokd_data_file, file_type, data_file_type;
|
||||
|
||||
|
||||
@ -671,6 +671,8 @@
|
||||
/(vendor|system/vendor)/bin/frs64 u:object_r:thermal_core_exec:s0
|
||||
/(vendor|system/vendor)/bin/thermalloadalgod u:object_r:thermalloadalgod_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service\.mtk u:object_r:hal_thermal_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service\.mediatek u:object_r:hal_thermal_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal-service\.mediatek u:object_r:hal_thermal_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/lbs_hidl_service u:object_r:lbs_hidl_service_exec:s0
|
||||
/(vendor|system/vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/(vendor|system/vendor)/bin/kisd u:object_r:kisd_exec:s0
|
||||
@ -690,11 +692,13 @@
|
||||
|
||||
/(vendor|system/vendor)/bin/xcap u:object_r:xcap_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/rebalance_interrupts-vendor.mediatek u:object_r:rebalance_interrupts_vendor_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/biosensord_nvram u:object_r:biosensord_nvram_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio\.service\.mediatek u:object_r:hal_audio_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]-service-mediatek u:object_r:mtk_hal_bluetooth_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@2\.1-service-mediatek u:object_r:mtk_hal_gnss_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss-service\.mediatek u:object_r:mtk_hal_gnss_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio\.service\.mediatek u:object_r:mtk_hal_audio_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkpower@1\.0-service u:object_r:mtk_hal_power_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@2\.0-service-mediatek u:object_r:mtk_hal_sensors_exec:s0
|
||||
@ -717,6 +721,7 @@
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek-64b u:object_r:mtk_hal_c2_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.mediatek u:object_r:mtk_hal_memtrack_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkcodecservice@1\.1-service u:object_r:hal_mtkcodecservice_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.health-service\.mediatek u:object_r:hal_health_default_exec:s0
|
||||
|
||||
# Google Trusty system files
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0
|
||||
@ -731,6 +736,11 @@
|
||||
# Trustonic TEE
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service\.trustonic u:object_r:hal_keymint_default_exec:s0
|
||||
|
||||
# Thermal
|
||||
/vendor/bin/thermal_logd_mediatek u:object_r:init-thermal-logging-sh_exec:s0
|
||||
/vendor/bin/thermal_symlinks_mediatek u:object_r:init-thermal-symlinks-sh_exec:s0
|
||||
/dev/thermal(/.*)? u:object_r:thermal_link_device:s0
|
||||
|
||||
# Microtrust SE
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.microtrust\.hardware\.se@1\.0-service u:object_r:hal_secure_element_default_exec:s0
|
||||
|
||||
@ -746,6 +756,7 @@
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.keymaster_attestation@1\.1-service u:object_r:hal_keymaster_attestation_exec:s0
|
||||
|
||||
# ST NFC 1.2 hidl service
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc-service.st u:object_r:hal_nfc_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service-st u:object_r:hal_nfc_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-st54spi u:object_r:st54spi_hal_secure_element_exec:s0
|
||||
|
||||
@ -755,7 +766,10 @@
|
||||
|
||||
# MTK USB hal
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.[0-9]+-service-mediatek u:object_r:mtk_hal_usb_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service.mediatek u:object_r:mtk_hal_usb_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service.mediatek-legacy u:object_r:mtk_hal_usb_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.[0-9]+-service-mediatekv2 u:object_r:mtk_hal_usb_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget-service\.mediatek u:object_r:mtk_hal_usb_exec:s0
|
||||
|
||||
# MTK OMAPI for UICC
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.[0-9]+-service-mediatek u:object_r:mtk_hal_secure_element_exec:s0
|
||||
@ -948,10 +962,6 @@
|
||||
/factory_init\..* u:object_r:rootfs:s0
|
||||
/meta_init\..* u:object_r:rootfs:s0
|
||||
/multi_init\..* u:object_r:rootfs:s0
|
||||
/dev/block/by-name/preloader_raw_a u:object_r:postinstall_block_device:s0
|
||||
/dev/block/by-name/preloader_raw_b u:object_r:postinstall_block_device:s0
|
||||
/dev/block/platform/bootdevice/by-name/preloader_raw_a u:object_r:postinstall_block_device:s0
|
||||
/dev/block/platform/bootdevice/by-name/preloader_raw_b u:object_r:postinstall_block_device:s0
|
||||
|
||||
/postinstall/bin/mtk_plpath_utils_ota u:object_r:postinstall_file:s0
|
||||
# Custom files
|
||||
@ -985,6 +995,9 @@
|
||||
# Purpose: Add permission for vilte
|
||||
/dev/ccci_vts u:object_r:ccci_vts_device:s0
|
||||
|
||||
# ConsumerIr
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir-service\.mediatek u:object_r:hal_ir_default_exec:s0
|
||||
|
||||
# Power
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service\.mediatek-libperfmgr u:object_r:hal_power_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkpower@1\.2-service\.stub u:object_r:mtk_hal_power_exec:s0
|
||||
|
||||
@ -26,7 +26,7 @@ allow fpsgo_native logd:process setsched;
|
||||
allow fpsgo_native mediaserver:process setsched;
|
||||
allow fpsgo_native mediaswcodec:process setsched;
|
||||
allow fpsgo_native mediaextractor:process setsched;
|
||||
allow fpsgo_native mtk_hal_audio:process setsched;
|
||||
allow fpsgo_native hal_audio_default:process setsched;
|
||||
allow fpsgo_native mtk_hal_sensors:process setsched;
|
||||
allow fpsgo_native mtk_hal_c2:process setsched;
|
||||
allow fpsgo_native mtk_hal_gnss:process setsched;
|
||||
|
||||
@ -44,6 +44,8 @@ genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmdq_debug:s0
|
||||
genfscon proc /mtk_cmdq_debug/record u:object_r:proc_cmdq_debug:s0
|
||||
genfscon proc /cpuhvfs/dbg_repo u:object_r:proc_dbg_repo:s0
|
||||
genfscon proc /sys/kernel/panic_on_rcu_stall u:object_r:proc_panic_on_rcu_stall:s0
|
||||
genfscon proc /sys/vm/dirty_writeback_centisecs u:object_r:proc_vm_dirty:s0
|
||||
genfscon proc /sys/kernel/sched_pelt_multiplier u:object_r:proc_sched:s0
|
||||
|
||||
# Purpose dump not exit file
|
||||
genfscon proc /isp_p2/isp_p2_dump u:object_r:proc_isp_p2_dump:s0
|
||||
@ -243,6 +245,7 @@ genfscon sysfs /devices/virtual/misc/adsp_1 u:object_r:sysfs_adsp:s0
|
||||
genfscon sysfs /devices/virtual/misc/vcp u:object_r:sysfs_vcp:s0
|
||||
|
||||
# Date : 2019/09/12
|
||||
genfscon sysfs /class/thermal u:object_r:sysfs_therm:s0
|
||||
genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_therm:s0
|
||||
genfscon sysfs /devices/class/thermal u:object_r:sysfs_therm:s0
|
||||
genfscon sysfs /kernel/thermal u:object_r:sysfs_thermal_sram:s0
|
||||
@ -666,6 +669,13 @@ genfscon proc /mgq u:object_r:proc_mgq:s0
|
||||
genfscon sysfs /kernel/thunderquake_engine u:object_r:sysfs_vibrator:s0
|
||||
|
||||
# GPU
|
||||
genfscon sysfs /devices/platform/13000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0
|
||||
genfscon sysfs /devices/platform/13000000.mali/kprcs u:object_r:sysfs_gpu:s0
|
||||
genfscon sysfs /devices/platform/13000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0
|
||||
genfscon sysfs /devices/platform/13040000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0
|
||||
genfscon sysfs /devices/platform/13040000.mali/kprcs u:object_r:sysfs_gpu:s0
|
||||
genfscon sysfs /devices/platform/13040000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0
|
||||
|
||||
# IRQ
|
||||
genfscon sysfs /kernel/irq u:object_r:sysfs_irq:s0
|
||||
genfscon proc /irq u:object_r:proc_irq:s0
|
||||
|
||||
228
basic/non_plat/hal_audio_default.te
Normal file
228
basic/non_plat/hal_audio_default.te
Normal file
@ -0,0 +1,228 @@
|
||||
# ==============================================
|
||||
# Common SEPolicy Rule
|
||||
# ==============================================
|
||||
wakelock_use(hal_audio_default)
|
||||
|
||||
add_hwservice(hal_audio_default, mtk_hal_bluetooth_audio_hwservice)
|
||||
allow hal_audio_default ion_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_audio_default system_file:dir r_dir_perms;
|
||||
|
||||
r_dir_file(hal_audio_default, proc)
|
||||
allow hal_audio_default audio_device:dir r_dir_perms;
|
||||
allow hal_audio_default audio_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : WK14.32
|
||||
# Operation : Migration
|
||||
# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
|
||||
allow hal_audio_default sdcard_type:dir create_dir_perms;
|
||||
allow hal_audio_default sdcard_type:file create_file_perms;
|
||||
allow hal_audio_default nvram_data_file:dir w_dir_perms;
|
||||
allow hal_audio_default nvram_data_file:file create_file_perms;
|
||||
allow hal_audio_default nvram_data_file:lnk_file r_file_perms;
|
||||
allow hal_audio_default nvdata_file:lnk_file r_file_perms;
|
||||
allow hal_audio_default nvdata_file:dir create_dir_perms;
|
||||
allow hal_audio_default nvdata_file:file create_file_perms;
|
||||
|
||||
# Date : WK14.34
|
||||
# Operation : Migration
|
||||
# Purpose : nvram access (dumchar case for nand and legacy chip)
|
||||
allow hal_audio_default nvram_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||
|
||||
# Date : WK14.36
|
||||
# Operation : Migration
|
||||
# Purpose : media server and bt process communication for A2DP data.and other control flow
|
||||
allow hal_audio_default bt_a2dp_stream_socket:sock_file w_file_perms;
|
||||
allow hal_audio_default bt_int_adp_socket:sock_file w_file_perms;
|
||||
|
||||
# Date : WK14.36
|
||||
# Operation : Migration
|
||||
# Purpose : access nvram, otp, ccci cdoec devices.
|
||||
allow hal_audio_default ccci_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default eemcs_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default devmap_device:chr_file r_file_perms;
|
||||
allow hal_audio_default ebc_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default nvram_device:blk_file rw_file_perms;
|
||||
|
||||
# Date : WK14.38
|
||||
# Operation : Migration
|
||||
# Purpose : FM driver access
|
||||
allow hal_audio_default fm_device:chr_file rw_file_perms;
|
||||
|
||||
# Data : WK14.39
|
||||
# Operation : Migration
|
||||
# Purpose : dump for debug
|
||||
set_prop(hal_audio_default, vendor_mtk_audiohal_prop)
|
||||
|
||||
# Date : WK14.40
|
||||
# Operation : Migration
|
||||
# Purpose : HDMI driver access
|
||||
allow hal_audio_default graphics_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : WK14.40
|
||||
# Operation : Migration
|
||||
# Purpose : Smartpa
|
||||
allow hal_audio_default smartpa_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default sysfs_rt_param:file rw_file_perms;
|
||||
allow hal_audio_default sysfs_rt_param:dir r_dir_perms;
|
||||
allow hal_audio_default sysfs_rt_calib:file rw_file_perms;
|
||||
allow hal_audio_default sysfs_rt_calib:dir r_dir_perms;
|
||||
|
||||
# Date : WK14.41
|
||||
# Operation : Migration
|
||||
# Purpose : WFD HID Driver
|
||||
allow hal_audio_default uhid_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : WK14.43
|
||||
# Operation : Migration
|
||||
# Purpose : VOW
|
||||
allow hal_audio_default vow_device:chr_file rw_file_perms;
|
||||
|
||||
# Date: WK14.44
|
||||
# Operation : Migration
|
||||
# Purpose : EVDO
|
||||
allow hal_audio_default rpc_socket:sock_file w_file_perms;
|
||||
allow hal_audio_default ttySDIO_device:chr_file rw_file_perms;
|
||||
|
||||
# Data: WK14.44
|
||||
# Operation : Migration
|
||||
# Purpose : for low SD card latency issue
|
||||
allow hal_audio_default sysfs_lowmemorykiller:file r_file_perms;
|
||||
|
||||
# Data: WK14.45
|
||||
# Operation : Migration
|
||||
# Purpose : for change thermal policy when needed
|
||||
allow hal_audio_default proc_mtkcooler:dir search;
|
||||
allow hal_audio_default proc_mtktz:dir search;
|
||||
allow hal_audio_default proc_thermal:dir search;
|
||||
allow hal_audio_default thermal_manager_data_file:file create_file_perms;
|
||||
allow hal_audio_default thermal_manager_data_file:dir { rw_dir_perms setattr };
|
||||
|
||||
# for as33970
|
||||
allow hal_audio_default sysfs_reset_dsp:file rw_file_perms;
|
||||
allow hal_audio_default tahiti_device:chr_file rw_file_perms_no_map;
|
||||
# for smartpa
|
||||
allow hal_audio_default sysfs_chip_vendor:file r_file_perms;
|
||||
allow hal_audio_default sysfs_pa_num:file rw_file_perms;
|
||||
|
||||
# Data : WK14.47
|
||||
# Operation : Audio playback
|
||||
# Purpose : Music as ringtone
|
||||
allow hal_audio_default radio:dir r_dir_perms;
|
||||
allow hal_audio_default radio:file r_file_perms;
|
||||
|
||||
# Data : WK14.47
|
||||
# Operation : CTS
|
||||
# Purpose : cts search strange app
|
||||
allow hal_audio_default untrusted_app:dir search;
|
||||
|
||||
# Date : WK15.03
|
||||
# Operation : Migration
|
||||
# Purpose : offloadservice
|
||||
allow hal_audio_default offloadservice_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : WK15.34
|
||||
# Operation : Migration
|
||||
# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
|
||||
allow hal_audio_default storage_file:dir search;
|
||||
allow hal_audio_default storage_file:lnk_file rw_file_perms;
|
||||
allow hal_audio_default mnt_user_file:dir rw_dir_perms;
|
||||
allow hal_audio_default mnt_user_file:lnk_file rw_file_perms;
|
||||
|
||||
# Date : WK16.17
|
||||
# Operation : Migration
|
||||
# Purpose: read/open sysfs node
|
||||
allow hal_audio_default sysfs_ccci:file r_file_perms;
|
||||
allow hal_audio_default sysfs_ccci:dir search;
|
||||
|
||||
# Date : WK16.18
|
||||
# Operation : Migration
|
||||
# Purpose: research root dir "/"
|
||||
allow hal_audio_default tmpfs:dir search;
|
||||
|
||||
# Purpose: Dump debug info
|
||||
allow hal_audio_default kmsg_device:chr_file w_file_perms;
|
||||
allow hal_audio_default fuse:file rw_file_perms;
|
||||
|
||||
# Date : WK16.27
|
||||
# Operation : Migration
|
||||
# Purpose: tunning tool update parameters
|
||||
binder_call(hal_audio_default, radio)
|
||||
allow hal_audio_default mtk_audiohal_data_file:dir create_dir_perms;
|
||||
allow hal_audio_default mtk_audiohal_data_file:file create_file_perms;
|
||||
# Date : WK16.33
|
||||
# Purpose: Allow to access ged for gralloc_extra functions
|
||||
allow hal_audio_default proc_ged:file rw_file_perms;
|
||||
|
||||
# Fix bootup violation
|
||||
allow hal_audio_default fuse:dir r_dir_perms;
|
||||
|
||||
# for usb phone call, allow sys_nice
|
||||
allow hal_audio_default self:capability sys_nice;
|
||||
|
||||
# Date : W17.29
|
||||
# Boot for opening trace file: Permission denied (13)
|
||||
allow hal_audio_default debugfs_tracing:file w_file_perms;
|
||||
|
||||
# Audio Tuning Tool Android O porting
|
||||
binder_call(hal_audio_default, audiocmdservice_atci)
|
||||
|
||||
# Add for control PowerHAL
|
||||
hal_client_domain(hal_audio_default, hal_power)
|
||||
|
||||
# cm4 smartpa
|
||||
allow hal_audio_default audio_ipi_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default audio_scp_device:chr_file r_file_perms;
|
||||
|
||||
# Date : WK18.21
|
||||
# Operation: P migration
|
||||
# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
|
||||
allow hal_audio_default mnt_vendor_file:dir search;
|
||||
|
||||
# Date: 2019/06/14
|
||||
# Operation : Migration
|
||||
allow hal_audio_default audioserver:fifo_file w_file_perms;
|
||||
allow hal_audio_default sysfs_boot_mode:file r_file_perms;
|
||||
allow hal_audio_default sysfs_dt_firmware_android:dir search;
|
||||
|
||||
# Date : WK18.44
|
||||
# Operation: adsp
|
||||
allow hal_audio_default adsp_device:file rw_file_perms;
|
||||
allow hal_audio_default adsp_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : 2020/3/21
|
||||
# Operation: audio dptx
|
||||
allow hal_audio_default dri_device:chr_file rw_file_perms;
|
||||
allow hal_audio_default gpu_device:dir search;
|
||||
|
||||
# Date : WK20.26
|
||||
allow hal_audio_default sysfs_dt_firmware_android:file r_file_perms;
|
||||
|
||||
# Date : WK20.36
|
||||
# Operation : Migration
|
||||
# Purpose : AAudio HAL
|
||||
allow hal_audio_default debugfs_ion:dir search;
|
||||
|
||||
# Date : 2021/06/15
|
||||
# Purpose: Allow to change mtk MMQoS scenario
|
||||
allow hal_audio_default sysfs_mtk_mmqos_scen:file w_file_perms;
|
||||
allow hal_audio_default sysfs_mtk_mmqos_scen_v2:file w_file_perms;
|
||||
|
||||
# Allow ReadDefaultFstab().
|
||||
read_fstab(hal_audio_default)
|
||||
|
||||
# Date : WK21.23
|
||||
# Operation : Migration
|
||||
# Purpose : factory mode
|
||||
allow hal_audio_default sysfs_boot_info:file r_file_perms;
|
||||
|
||||
# Date : WK21.32
|
||||
# Operation : Migration
|
||||
# Purpose: permission for audioserver to use ccci node
|
||||
allow hal_audio_default ccci_aud_device:chr_file rw_file_perms;
|
||||
|
||||
# Date: 2022/12/01
|
||||
# Purpose: Allow Audio HAL to get and set vendor_mtk_audio_prop
|
||||
get_prop(hal_audio_default, vendor_mtk_audio_prop)
|
||||
set_prop(hal_audio_default, vendor_mtk_audio_prop)
|
||||
@ -14,4 +14,4 @@ hal_server_domain(hal_drm_clearkey, hal_drm)
|
||||
|
||||
vndbinder_use(hal_drm_clearkey)
|
||||
|
||||
allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
|
||||
allow hal_drm_clearkey { appdomain -isolated_app_all }:fd use;
|
||||
|
||||
@ -10,7 +10,7 @@ init_daemon_domain(hal_drm_widevine)
|
||||
hal_server_domain(hal_drm_widevine, hal_drm)
|
||||
|
||||
allow hal_drm_widevine mediacodec:fd use;
|
||||
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
|
||||
allow hal_drm_widevine { appdomain -isolated_app_all }:fd use;
|
||||
|
||||
vndbinder_use(hal_drm_widevine)
|
||||
|
||||
|
||||
@ -14,3 +14,5 @@ allow hal_keymint_default persist_data_file:file r_file_perms;
|
||||
# Purpose : Open MobiCore access permission for keystore.
|
||||
allow hal_keymint_default mobicore:unix_stream_socket { connectto read write };
|
||||
allow hal_keymint_default mobicore_user_device:chr_file rw_file_perms;
|
||||
|
||||
set_prop(hal_keymint_default, vendor_mtk_soter_teei_prop)
|
||||
|
||||
@ -2,12 +2,18 @@
|
||||
# Common SEPolicy Rule
|
||||
# ==============================================
|
||||
|
||||
r_dir_file(hal_thermal_default, sysfs_therm)
|
||||
allow hal_thermal_default sysfs_therm:file w_file_perms;
|
||||
|
||||
allow hal_thermal_default thermal_link_device:dir r_dir_perms;
|
||||
|
||||
allow hal_thermal_default proc_mtktz:dir search;
|
||||
allow hal_thermal_default proc_mtktz:file r_file_perms;
|
||||
allow hal_thermal_default proc_stat:file r_file_perms;
|
||||
|
||||
#for uevent handle
|
||||
allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||
allow hal_thermal_default self:netlink_generic_socket create_socket_perms_no_ioctl;
|
||||
|
||||
#for thermal sysfs
|
||||
allow hal_thermal_default sysfs_therm:file rw_file_perms;
|
||||
@ -15,4 +21,9 @@ allow hal_thermal_default sysfs_therm:dir search;
|
||||
|
||||
#for thermal hal socket
|
||||
allow hal_thermal_default thermal_hal_socket:dir { rw_dir_perms setattr};
|
||||
allow hal_thermal_default thermal_hal_socket:sock_file create_file_perms;
|
||||
allow hal_thermal_default thermal_hal_socket:sock_file create_file_perms;
|
||||
|
||||
hal_client_domain(hal_thermal_default, hal_power);
|
||||
|
||||
# read thermal_config
|
||||
get_prop(hal_thermal_default, vendor_thermal_prop)
|
||||
|
||||
10
basic/non_plat/init-thermal-logging.sh.te
Normal file
10
basic/non_plat/init-thermal-logging.sh.te
Normal file
@ -0,0 +1,10 @@
|
||||
type init-thermal-logging-sh, domain;
|
||||
type init-thermal-logging-sh_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(init-thermal-logging-sh)
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow init-thermal-logging-sh vendor_toolbox_exec:file rx_file_perms;
|
||||
allow init-thermal-logging-sh sysfs_therm:dir r_dir_perms;
|
||||
allow init-thermal-logging-sh sysfs_therm:file r_file_perms;
|
||||
')
|
||||
12
basic/non_plat/init-thermal-symlinks.sh.te
Normal file
12
basic/non_plat/init-thermal-symlinks.sh.te
Normal file
@ -0,0 +1,12 @@
|
||||
type init-thermal-symlinks-sh, domain;
|
||||
type init-thermal-symlinks-sh_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(init-thermal-symlinks-sh)
|
||||
|
||||
allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms;
|
||||
allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms;
|
||||
allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms;
|
||||
|
||||
r_dir_file(init-thermal-symlinks-sh, sysfs_therm)
|
||||
|
||||
set_prop(init-thermal-symlinks-sh, vendor_thermal_prop)
|
||||
@ -52,10 +52,6 @@ allow init tmpfs:lnk_file create_file_perms;
|
||||
# Purpose : bt hal interface permission
|
||||
allow init mtk_hal_bluetooth_exec:file getattr;
|
||||
|
||||
# Date : WK17.02
|
||||
# Purpose: Fix audio hal service fail
|
||||
allow init mtk_hal_audio_exec:file getattr;
|
||||
|
||||
# Date : W17.20
|
||||
# Purpose: Enable PRODUCT_FULL_TREBLE
|
||||
allow init vendor_block_device:lnk_file relabelto;
|
||||
@ -147,3 +143,6 @@ allow init sysfs_mtk_core_ctl:dir r_dir_perms;
|
||||
allow init sysfs_mtk_core_ctl:file rw_file_perms;
|
||||
|
||||
allow init xcap_socket:sock_file create_file_perms;
|
||||
|
||||
# Allow init to write to sysfs_devices_block
|
||||
allow init sysfs_devices_block:file w_file_perms;
|
||||
|
||||
@ -12,6 +12,13 @@ allow init_insmod_sh kernel:key search;
|
||||
# Purpose : modprobe need proc_modules
|
||||
allow init_insmod_sh proc_modules:file r_file_perms;
|
||||
|
||||
# Allow init.insmod.sh to read cmdline
|
||||
allow init_insmod_sh proc_cmdline:file r_file_perms;
|
||||
|
||||
# Allow required capabilities for modprobe
|
||||
allow init_insmod_sh self:capability sys_nice;
|
||||
allow init_insmod_sh kernel:process setsched;
|
||||
|
||||
# Date : WK20.46
|
||||
# Purpose : Set the vendor.all.modules.ready property
|
||||
set_prop(init_insmod_sh, vendor_mtk_device_prop)
|
||||
|
||||
@ -70,7 +70,7 @@ allow kernel audioserver:fd use;
|
||||
# Date : WK18.02
|
||||
# Operation: SQC
|
||||
# Purpose: Allow SCP SmartPA kthread to write debug dump to sdcard
|
||||
allow kernel mtk_hal_audio:fd use;
|
||||
allow kernel hal_audio_default:fd use;
|
||||
allow kernel factory:fd use;
|
||||
|
||||
# Date : WK18.29
|
||||
@ -85,3 +85,6 @@ allow kernel mtk_audiohal_data_file:file write;
|
||||
|
||||
# Date: WK19.03
|
||||
allow kernel expdb_block_device:blk_file rw_file_perms;
|
||||
|
||||
# b/220801802
|
||||
allow kernel same_process_hal_file:file r_file_perms;
|
||||
|
||||
@ -42,7 +42,7 @@ hal_client_domain(merged_hal_service, hal_allocator)
|
||||
#for default drm permissions
|
||||
hal_server_domain(merged_hal_service, hal_drm)
|
||||
allow merged_hal_service mediacodec:fd use;
|
||||
allow merged_hal_service { appdomain -isolated_app }:fd use;
|
||||
allow merged_hal_service { appdomain -isolated_app_all }:fd use;
|
||||
|
||||
# Date : WK18.23
|
||||
# Operation : P Migration
|
||||
|
||||
@ -266,7 +266,7 @@ allow meta_tst mddb_data_file:dir create_dir_perms;
|
||||
|
||||
# Date: W17.43
|
||||
# Purpose : Allow meta_tst to call Audio HAL service
|
||||
binder_call(meta_tst, mtk_hal_audio)
|
||||
binder_call(meta_tst, hal_audio_default)
|
||||
allow meta_tst mtk_audiohal_data_file:dir r_dir_perms;
|
||||
|
||||
#Data:W1745
|
||||
|
||||
@ -1,244 +0,0 @@
|
||||
# ==============================================
|
||||
# Common SEPolicy Rule
|
||||
# ==============================================
|
||||
type mtk_hal_audio, domain;
|
||||
|
||||
type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(mtk_hal_audio)
|
||||
|
||||
hal_server_domain(mtk_hal_audio, hal_audio)
|
||||
hal_client_domain(mtk_hal_audio, hal_allocator)
|
||||
|
||||
wakelock_use(mtk_hal_audio)
|
||||
|
||||
add_hwservice(mtk_hal_audio, mtk_hal_bluetooth_audio_hwservice)
|
||||
allow mtk_hal_audio ion_device:chr_file r_file_perms;
|
||||
|
||||
allow mtk_hal_audio system_file:dir r_dir_perms;
|
||||
|
||||
r_dir_file(mtk_hal_audio, proc)
|
||||
allow mtk_hal_audio audio_device:dir r_dir_perms;
|
||||
allow mtk_hal_audio audio_device:chr_file rw_file_perms;
|
||||
|
||||
# mtk_hal_audio should never execute any executable without
|
||||
# a domain transition
|
||||
neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans;
|
||||
|
||||
# mtk_hal_audio should never need network access.
|
||||
# Disallow network sockets apart from TCP sockets.
|
||||
neverallow mtk_hal_audio domain:{ udp_socket rawip_socket } *;
|
||||
|
||||
# Date : WK14.32
|
||||
# Operation : Migration
|
||||
# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
|
||||
allow mtk_hal_audio sdcard_type:dir create_dir_perms;
|
||||
allow mtk_hal_audio sdcard_type:file create_file_perms;
|
||||
allow mtk_hal_audio nvram_data_file:dir w_dir_perms;
|
||||
allow mtk_hal_audio nvram_data_file:file create_file_perms;
|
||||
allow mtk_hal_audio nvram_data_file:lnk_file r_file_perms;
|
||||
allow mtk_hal_audio nvdata_file:lnk_file r_file_perms;
|
||||
allow mtk_hal_audio nvdata_file:dir create_dir_perms;
|
||||
allow mtk_hal_audio nvdata_file:file create_file_perms;
|
||||
|
||||
# Date : WK14.34
|
||||
# Operation : Migration
|
||||
# Purpose : nvram access (dumchar case for nand and legacy chip)
|
||||
allow mtk_hal_audio nvram_device:chr_file rw_file_perms;
|
||||
allow mtk_hal_audio self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||
|
||||
# Date : WK14.36
|
||||
# Operation : Migration
|
||||
# Purpose : media server and bt process communication for A2DP data.and other control flow
|
||||
allow mtk_hal_audio bt_a2dp_stream_socket:sock_file w_file_perms;
|
||||
allow mtk_hal_audio bt_int_adp_socket:sock_file w_file_perms;
|
||||
|
||||
# Date : WK14.36
|
||||
# Operation : Migration
|
||||
# Purpose : access nvram, otp, ccci cdoec devices.
|
||||
allow mtk_hal_audio ccci_device:chr_file rw_file_perms;
|
||||
allow mtk_hal_audio eemcs_device:chr_file rw_file_perms;
|
||||
allow mtk_hal_audio devmap_device:chr_file r_file_perms;
|
||||
allow mtk_hal_audio ebc_device:chr_file rw_file_perms;
|
||||
allow mtk_hal_audio nvram_device:blk_file rw_file_perms;
|
||||
|
||||
# Date : WK14.38
|
||||
# Operation : Migration
|
||||
# Purpose : FM driver access
|
||||
allow mtk_hal_audio fm_device:chr_file rw_file_perms;
|
||||
|
||||
# Data : WK14.39
|
||||
# Operation : Migration
|
||||
# Purpose : dump for debug
|
||||
set_prop(mtk_hal_audio, vendor_mtk_audiohal_prop)
|
||||
|
||||
# Date : WK14.40
|
||||
# Operation : Migration
|
||||
# Purpose : HDMI driver access
|
||||
allow mtk_hal_audio graphics_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : WK14.40
|
||||
# Operation : Migration
|
||||
# Purpose : Smartpa
|
||||
allow mtk_hal_audio smartpa_device:chr_file rw_file_perms;
|
||||
allow mtk_hal_audio sysfs_rt_param:file rw_file_perms;
|
||||
allow mtk_hal_audio sysfs_rt_param:dir r_dir_perms;
|
||||
allow mtk_hal_audio sysfs_rt_calib:file rw_file_perms;
|
||||
allow mtk_hal_audio sysfs_rt_calib:dir r_dir_perms;
|
||||
|
||||
# Date : WK14.41
|
||||
# Operation : Migration
|
||||
# Purpose : WFD HID Driver
|
||||
allow mtk_hal_audio uhid_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : WK14.43
|
||||
# Operation : Migration
|
||||
# Purpose : VOW
|
||||
allow mtk_hal_audio vow_device:chr_file rw_file_perms;
|
||||
|
||||
# Date: WK14.44
|
||||
# Operation : Migration
|
||||
# Purpose : EVDO
|
||||
allow mtk_hal_audio rpc_socket:sock_file w_file_perms;
|
||||
allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms;
|
||||
|
||||
# Data: WK14.44
|
||||
# Operation : Migration
|
||||
# Purpose : for low SD card latency issue
|
||||
allow mtk_hal_audio sysfs_lowmemorykiller:file r_file_perms;
|
||||
|
||||
# Data: WK14.45
|
||||
# Operation : Migration
|
||||
# Purpose : for change thermal policy when needed
|
||||
allow mtk_hal_audio proc_mtkcooler:dir search;
|
||||
allow mtk_hal_audio proc_mtktz:dir search;
|
||||
allow mtk_hal_audio proc_thermal:dir search;
|
||||
allow mtk_hal_audio thermal_manager_data_file:file create_file_perms;
|
||||
allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr };
|
||||
|
||||
# for as33970
|
||||
allow mtk_hal_audio sysfs_reset_dsp:file rw_file_perms;
|
||||
allow mtk_hal_audio tahiti_device:chr_file rw_file_perms_no_map;
|
||||
# for smartpa
|
||||
allow mtk_hal_audio sysfs_chip_vendor:file r_file_perms;
|
||||
allow mtk_hal_audio sysfs_pa_num:file rw_file_perms;
|
||||
|
||||
# Data : WK14.47
|
||||
# Operation : Audio playback
|
||||
# Purpose : Music as ringtone
|
||||
allow mtk_hal_audio radio:dir r_dir_perms;
|
||||
allow mtk_hal_audio radio:file r_file_perms;
|
||||
|
||||
# Data : WK14.47
|
||||
# Operation : CTS
|
||||
# Purpose : cts search strange app
|
||||
allow mtk_hal_audio untrusted_app:dir search;
|
||||
|
||||
# Date : WK15.03
|
||||
# Operation : Migration
|
||||
# Purpose : offloadservice
|
||||
allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : WK15.34
|
||||
# Operation : Migration
|
||||
# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
|
||||
allow mtk_hal_audio storage_file:dir search;
|
||||
allow mtk_hal_audio storage_file:lnk_file rw_file_perms;
|
||||
allow mtk_hal_audio mnt_user_file:dir rw_dir_perms;
|
||||
allow mtk_hal_audio mnt_user_file:lnk_file rw_file_perms;
|
||||
|
||||
# Date : WK16.17
|
||||
# Operation : Migration
|
||||
# Purpose: read/open sysfs node
|
||||
allow mtk_hal_audio sysfs_ccci:file r_file_perms;
|
||||
allow mtk_hal_audio sysfs_ccci:dir search;
|
||||
|
||||
# Date : WK16.18
|
||||
# Operation : Migration
|
||||
# Purpose: research root dir "/"
|
||||
allow mtk_hal_audio tmpfs:dir search;
|
||||
|
||||
# Purpose: Dump debug info
|
||||
allow mtk_hal_audio kmsg_device:chr_file w_file_perms;
|
||||
allow mtk_hal_audio fuse:file rw_file_perms;
|
||||
|
||||
# Date : WK16.27
|
||||
# Operation : Migration
|
||||
# Purpose: tunning tool update parameters
|
||||
binder_call(mtk_hal_audio, radio)
|
||||
allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms;
|
||||
allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms;
|
||||
# Date : WK16.33
|
||||
# Purpose: Allow to access ged for gralloc_extra functions
|
||||
allow mtk_hal_audio proc_ged:file rw_file_perms;
|
||||
|
||||
# Fix bootup violation
|
||||
allow mtk_hal_audio fuse:dir r_dir_perms;
|
||||
|
||||
# for usb phone call, allow sys_nice
|
||||
allow mtk_hal_audio self:capability sys_nice;
|
||||
|
||||
# Date : W17.29
|
||||
# Boot for opening trace file: Permission denied (13)
|
||||
allow mtk_hal_audio debugfs_tracing:file w_file_perms;
|
||||
|
||||
# Audio Tuning Tool Android O porting
|
||||
binder_call(mtk_hal_audio, audiocmdservice_atci)
|
||||
|
||||
# Add for control PowerHAL
|
||||
hal_client_domain(mtk_hal_audio, hal_power)
|
||||
|
||||
# cm4 smartpa
|
||||
allow mtk_hal_audio audio_ipi_device:chr_file rw_file_perms;
|
||||
allow mtk_hal_audio audio_scp_device:chr_file r_file_perms;
|
||||
|
||||
# Date : WK18.21
|
||||
# Operation: P migration
|
||||
# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
|
||||
allow mtk_hal_audio mnt_vendor_file:dir search;
|
||||
|
||||
# Date: 2019/06/14
|
||||
# Operation : Migration
|
||||
allow mtk_hal_audio audioserver:fifo_file w_file_perms;
|
||||
allow mtk_hal_audio sysfs_boot_mode:file r_file_perms;
|
||||
allow mtk_hal_audio sysfs_dt_firmware_android:dir search;
|
||||
|
||||
# Date : WK18.44
|
||||
# Operation: adsp
|
||||
allow mtk_hal_audio adsp_device:file rw_file_perms;
|
||||
allow mtk_hal_audio adsp_device:chr_file rw_file_perms;
|
||||
|
||||
# Date : 2020/3/21
|
||||
# Operation: audio dptx
|
||||
allow mtk_hal_audio dri_device:chr_file rw_file_perms;
|
||||
allow mtk_hal_audio gpu_device:dir search;
|
||||
|
||||
# Date : WK20.26
|
||||
allow mtk_hal_audio sysfs_dt_firmware_android:file r_file_perms;
|
||||
|
||||
# Date : WK20.36
|
||||
# Operation : Migration
|
||||
# Purpose : AAudio HAL
|
||||
allow mtk_hal_audio debugfs_ion:dir search;
|
||||
|
||||
# Date : 2021/06/15
|
||||
# Purpose: Allow to change mtk MMQoS scenario
|
||||
allow mtk_hal_audio sysfs_mtk_mmqos_scen:file w_file_perms;
|
||||
allow mtk_hal_audio sysfs_mtk_mmqos_scen_v2:file w_file_perms;
|
||||
|
||||
# Allow ReadDefaultFstab().
|
||||
read_fstab(mtk_hal_audio)
|
||||
|
||||
# Date : WK21.23
|
||||
# Operation : Migration
|
||||
# Purpose : factory mode
|
||||
allow mtk_hal_audio sysfs_boot_info:file r_file_perms;
|
||||
|
||||
# Date : WK21.32
|
||||
# Operation : Migration
|
||||
# Purpose: permission for audioserver to use ccci node
|
||||
allow mtk_hal_audio ccci_aud_device:chr_file rw_file_perms;
|
||||
|
||||
# Date: 2022/12/01
|
||||
# Purpose: Allow Audio HAL to get and set vendor_mtk_audio_prop
|
||||
get_prop(mtk_hal_audio, vendor_mtk_audio_prop)
|
||||
set_prop(mtk_hal_audio, vendor_mtk_audio_prop)
|
||||
@ -28,7 +28,8 @@ neverallow mtk_hal_c2 { file_type fs_type }:file execute_no_trans;
|
||||
# permissions and be isolated from the rest of the system and network.
|
||||
# Lengthier explanation here:
|
||||
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
|
||||
neverallow mtk_hal_c2 domain:{ tcp_socket udp_socket rawip_socket } *;
|
||||
neverallow mtk_hal_c2 domain:{ udp_socket rawip_socket } *;
|
||||
neverallow mtk_hal_c2 { domain userdebug_or_eng(`-su') }:tcp_socket *;
|
||||
|
||||
#============= mtk_hal_c2 ==============
|
||||
allow mtk_hal_c2 debugfs_ion:dir search;
|
||||
|
||||
@ -50,3 +50,7 @@ get_prop(mtk_hal_nvramagent, vendor_mtk_rat_config_prop)
|
||||
allow mtk_hal_nvramagent mnt_vendor_file:dir search;
|
||||
|
||||
allow mtk_hal_nvramagent sysfs_boot_mode:file r_file_perms;
|
||||
|
||||
r_dir_file(mtk_hal_nvramagent, sysfs_dt_firmware_android)
|
||||
|
||||
allow mtk_hal_nvramagent sysfs_dt_firmware_android:file r_file_perms;
|
||||
|
||||
@ -11,6 +11,9 @@ init_daemon_domain(mtk_hal_power)
|
||||
hal_server_domain(mtk_hal_power, hal_power)
|
||||
hal_server_domain(mtk_hal_power, hal_wifi)
|
||||
|
||||
# Allow mtkpower stub service to call powerhal
|
||||
binder_call(mtk_hal_power, hal_power_default)
|
||||
|
||||
# sysfs
|
||||
allow mtk_hal_power sysfs_devices_system_cpu:file rw_file_perms;
|
||||
allow mtk_hal_power sysfs_mtk_core_ctl:dir r_dir_perms;
|
||||
@ -21,7 +24,7 @@ allow mtk_hal_power sysfs_mtk_core_ctl:file rw_file_perms;
|
||||
allow mtk_hal_power proc_thermal:file rw_file_perms;
|
||||
|
||||
# proc info
|
||||
allow mtk_hal_power mtk_hal_audio:dir r_dir_perms;
|
||||
allow mtk_hal_power hal_audio_default:dir r_dir_perms;
|
||||
|
||||
# Date : 2017/10/02
|
||||
# Operation: SQC
|
||||
@ -120,7 +123,7 @@ allow mtk_hal_power sysfs_devices_block:file rw_file_perms;
|
||||
# Date : 2019/05/22
|
||||
# Operation: SQC
|
||||
# Purpose : Allow powerHAL to access prop
|
||||
set_prop(mtk_hal_power, vendor_mtk_powerhal_prop)
|
||||
set_prop(mtk_hal_power, vendor_power_prop)
|
||||
|
||||
# Date : 2019/05/29
|
||||
# Operation: SQC
|
||||
|
||||
@ -45,4 +45,7 @@ hal_client_domain(mtk_hal_pq, hal_mtk_mmagent)
|
||||
allow mtk_hal_pq dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
|
||||
# Purpose : Allow change priority
|
||||
allow mtk_hal_pq self:capability sys_nice;
|
||||
allow mtk_hal_pq self:capability sys_nice;
|
||||
|
||||
# Allow PQ HAL to use /dev/ion
|
||||
allow mtk_hal_pq ion_device:chr_file rw_file_perms;
|
||||
|
||||
@ -76,3 +76,7 @@ allow mtk_hal_sensors merged_hal_service:fd use;
|
||||
# Date : WK20.25
|
||||
# Purpose: Allow to read /bus/platform/drivers/mtk_nanohub/state
|
||||
allow mtk_hal_sensors sysfs_mtk_nanohub_state:file r_file_perms;
|
||||
|
||||
# Allow mtk_hal_sensors to access sysfs_scp
|
||||
allow mtk_hal_sensors sysfs_scp:dir search;
|
||||
allow mtk_hal_sensors sysfs_scp:file rw_file_perms;
|
||||
|
||||
@ -12,5 +12,8 @@ hal_server_domain(mtk_hal_usb, hal_usb_gadget)
|
||||
r_dir_file(mtk_hal_usb, sysfs_usb_nonplat)
|
||||
allow mtk_hal_usb sysfs_usb_nonplat:file w_file_perms;
|
||||
|
||||
allow mtk_hal_usb configfs:dir { create rmdir };
|
||||
allow mtk_hal_usb functionfs:dir { watch watch_reads };
|
||||
|
||||
set_prop(mtk_hal_usb, vendor_mtk_usb_prop)
|
||||
get_prop(mtk_hal_usb, usb_control_prop)
|
||||
|
||||
@ -4,5 +4,5 @@
|
||||
|
||||
# Date : W20.26
|
||||
# Operation : Migration
|
||||
# Purpose : For apps other than isolated_app call hidl
|
||||
binder_call(mtk_safe_halserverdomain_type, { appdomain -isolated_app })
|
||||
# Purpose : For apps other than isolated_app_all call hidl
|
||||
binder_call(mtk_safe_halserverdomain_type, { appdomain -isolated_app_all })
|
||||
|
||||
@ -31,7 +31,7 @@ allow netd untrusted_app:fd use;
|
||||
# Operation : SQC
|
||||
# Purpose : CTS for wifi
|
||||
allow netd untrusted_app:unix_stream_socket rw_socket_perms_no_ioctl;
|
||||
allow netd isolated_app:fd use;
|
||||
allow netd isolated_app_all:fd use;
|
||||
|
||||
# MTK support app feature
|
||||
get_prop(netd, vendor_mtk_app_prop)
|
||||
|
||||
@ -20,12 +20,12 @@ vendor_internal_prop(vendor_mtk_ctl_muxreport-daemon_prop)
|
||||
vendor_internal_prop(vendor_mtk_ctl_ril-daemon-mtk_prop)
|
||||
vendor_internal_prop(vendor_mtk_ctl_ril-proxy_prop)
|
||||
vendor_internal_prop(vendor_mtk_ctl_viarild_prop)
|
||||
vendor_internal_prop(vendor_mtk_powerhal_prop)
|
||||
vendor_internal_prop(vendor_mtk_wfc_serv_prop)
|
||||
vendor_internal_prop(vendor_mtk_factory_prop)
|
||||
vendor_internal_prop(vendor_mtk_factory_start_prop)
|
||||
vendor_internal_prop(vendor_mtk_eara_io_prop)
|
||||
vendor_internal_prop(vendor_power_prop)
|
||||
vendor_internal_prop(vendor_thermal_prop)
|
||||
|
||||
# Properties which can't be written outside vendor
|
||||
vendor_restricted_prop(vendor_mtk_aal_ro_prop)
|
||||
|
||||
@ -280,8 +280,8 @@ vendor.voicerecognize.noDL u:object_r:vendor_mtk_voicerecgnize_prop:s0
|
||||
ro.vendor.mtk.bt_sap_enable u:object_r:vendor_mtk_bt_sap_enable_prop:s0
|
||||
|
||||
# powerhal config
|
||||
persist.vendor.powerhal. u:object_r:vendor_mtk_powerhal_prop:s0
|
||||
vendor.powerhal. u:object_r:vendor_mtk_powerhal_prop:s0
|
||||
persist.vendor.powerhal. u:object_r:vendor_power_prop:s0
|
||||
vendor.powerhal. u:object_r:vendor_power_prop:s0
|
||||
vendor.powerhal.gpu. u:object_r:vendor_mtk_powerhal_gpu_prop:s0
|
||||
|
||||
# MTK Wifi wlan_assistant property
|
||||
@ -403,9 +403,5 @@ persist.vendor.eara_io. u:object_r:vendor_mtk_eara_io_prop:s0
|
||||
persist.vendor.mdrsra_v2_support u:object_r:vendor_mtk_mdrsra_v2_support_prop:s0
|
||||
persist.vendor.xfrm_support u:object_r:vendor_mtk_xfrm_support_prop:s0
|
||||
|
||||
mtk.vendor.omx.core.log u:object_r:vendor_mtk_omx_core_prop:s0
|
||||
ro.mtk_crossmount_support u:object_r:vendor_mtk_crossmount_prop:s0
|
||||
ro.mtk_deinterlace_support u:object_r:vendor_mtk_deinterlace_prop:s0
|
||||
|
||||
# Power
|
||||
vendor.mediatek.powerhal. u:object_r:vendor_power_prop:s0
|
||||
# Thermal
|
||||
vendor.thermal. u:object_r:vendor_thermal_prop:s0
|
||||
|
||||
@ -47,7 +47,7 @@ hal_client_domain(radio, hal_mtk_imsa)
|
||||
|
||||
#Dat: 2017/06/29
|
||||
#Purpose: For audio parameter tuning
|
||||
binder_call(radio, mtk_hal_audio)
|
||||
binder_call(radio, hal_audio_default)
|
||||
|
||||
# Date : WK18.16
|
||||
# Operation: P migration
|
||||
|
||||
13
basic/non_plat/rebalance_interrupts.te
Normal file
13
basic/non_plat/rebalance_interrupts.te
Normal file
@ -0,0 +1,13 @@
|
||||
# rebalance_interrupts vendor
|
||||
type rebalance_interrupts_vendor, domain;
|
||||
|
||||
type rebalance_interrupts_vendor_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(rebalance_interrupts_vendor)
|
||||
|
||||
allow rebalance_interrupts_vendor sysfs_irq:dir r_dir_perms;
|
||||
allow rebalance_interrupts_vendor sysfs_irq:file r_file_perms;
|
||||
allow rebalance_interrupts_vendor proc_irq:dir r_dir_perms;
|
||||
allow rebalance_interrupts_vendor proc_irq:file { rw_file_perms setattr };
|
||||
allow rebalance_interrupts_vendor self:capability { chown setuid setgid };
|
||||
|
||||
r_dir_file(rebalance_interrupts_vendor, sysfs_devices_system_cpu)
|
||||
@ -160,7 +160,7 @@ allow rild netd_socket:sock_file { write read };
|
||||
|
||||
#Date : W17.20
|
||||
#Purpose: allow access to audio hal
|
||||
binder_call(rild, mtk_hal_audio)
|
||||
binder_call(rild, hal_audio_default)
|
||||
hal_client_domain(rild, hal_audio)
|
||||
|
||||
# Date : W19.16
|
||||
|
||||
@ -62,7 +62,7 @@ allow system_server proc_mtktz:file r_file_perms;
|
||||
# Date:W17.02
|
||||
# Operation : audio hal developing
|
||||
# Purpose : audio hal interface permission
|
||||
allow system_server mtk_hal_audio:process { getsched setsched };
|
||||
allow system_server hal_audio_default:process { getsched setsched };
|
||||
|
||||
# Dat: 2017/02/14
|
||||
# Purpose: allow get telephony Sensitive property
|
||||
@ -262,8 +262,8 @@ allow system_server mediaserver_tmpfs:file w_file_perms;
|
||||
dontaudit system_server hal_wifi_default:process sigkill;
|
||||
dontaudit system_server eara_io:process sigkill;
|
||||
|
||||
# Purpose : dontaudit system_server is not allowed to kill mtk_hal_audio
|
||||
dontaudit system_server mtk_hal_audio:process sigkill;
|
||||
# Purpose : dontaudit system_server is not allowed to kill hal_audio_default
|
||||
dontaudit system_server hal_audio_default:process sigkill;
|
||||
dontaudit system_server mtk_hal_c2:process sigkill;
|
||||
|
||||
# Search /proc/mgq
|
||||
|
||||
@ -15,6 +15,7 @@ allow vendor_init proc_cpufreq:file w_file_perms;
|
||||
allow vendor_init proc_bootprof:file w_file_perms;
|
||||
allow vendor_init proc_pl_lk:file w_file_perms;
|
||||
allow vendor_init proc_mtprintk:file w_file_perms;
|
||||
allow vendor_init proc_vm_dirty:file w_file_perms;
|
||||
allow vendor_init rootfs:dir create_dir_perms;
|
||||
allow vendor_init self:capability sys_module;
|
||||
allow vendor_init tmpfs:dir create_dir_perms;
|
||||
@ -38,6 +39,9 @@ set_prop(vendor_init, vendor_mtk_bt_sap_enable_prop)
|
||||
set_prop(vendor_init, vendor_mtk_factory_prop)
|
||||
get_prop(vendor_init, vendor_mtk_soc_prop)
|
||||
set_prop(vendor_init, vendor_mtk_prefer64_prop)
|
||||
set_prop(vendor_init, vendor_mtk_audio_prop)
|
||||
set_prop(vendor_init, vendor_mtk_audiohal_prop)
|
||||
set_prop(vendor_init, vendor_mtk_pq_prop)
|
||||
|
||||
# allow create symbolic link, /mnt/sdcard, for meta/factory mode
|
||||
allow vendor_init tmpfs:lnk_file create_file_perms;
|
||||
@ -68,7 +72,7 @@ allow vendor_init expdb_block_device:blk_file rw_file_perms;
|
||||
|
||||
set_prop(vendor_init, vendor_mtk_wifi_hotspot_prop)
|
||||
set_prop(vendor_init, vendor_mtk_wifi_hal_prop)
|
||||
set_prop(vendor_init, vendor_mtk_powerhal_prop)
|
||||
set_prop(vendor_init, vendor_power_prop)
|
||||
|
||||
# mmstat tracer
|
||||
allow vendor_init debugfs_tracing_instances:dir create_dir_perms;
|
||||
@ -165,3 +169,11 @@ set_prop(vendor_init, vendor_mtk_xfrm_support_prop)
|
||||
|
||||
# Power
|
||||
set_prop(vendor_init, vendor_power_prop)
|
||||
|
||||
# Allow vendor_init to write to sysfs_devices_block
|
||||
allow vendor_init sysfs_devices_block:file w_file_perms;
|
||||
|
||||
# Thermal
|
||||
allow vendor_init thermal_link_device:dir r_dir_perms;
|
||||
allow vendor_init thermal_link_device:lnk_file r_file_perms;
|
||||
set_prop(vendor_init, vendor_thermal_prop)
|
||||
|
||||
@ -31,14 +31,11 @@
|
||||
# Operation: R migration
|
||||
# Purpose: Add permission for pl path utilities for OTA
|
||||
/system/bin/mtk_plpath_utils u:object_r:mtk_plpath_utils_exec:s0
|
||||
/system/bin/create_pl_dev u:object_r:mtk_plpath_utils_exec:s0
|
||||
|
||||
# mediaserver 64 bit support
|
||||
/system/bin/mediaserver64 u:object_r:mediaserver_exec:s0
|
||||
/system/bin/mediahelper u:object_r:mediahelper_exec:s0
|
||||
|
||||
# drmserver 64 bit support
|
||||
/system/bin/drmserver64 u:object_r:drmserver_exec:s0
|
||||
|
||||
##########################
|
||||
# SystemExt files
|
||||
#
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
# Date : WK15.29
|
||||
# Operation : Migration
|
||||
# Purpose : for device bring up, not to block early migration
|
||||
allow { domain -isolated_app } storage_file:dir search;
|
||||
allow { domain -isolated_app_all } storage_file:dir search;
|
||||
|
||||
# Date : W17.47
|
||||
# Allow system_server to enable/disable logmuch_prop for Wi-Fi logging purpose
|
||||
|
||||
@ -17,8 +17,8 @@ allow factory protect1_block_device:blk_file getattr;
|
||||
allow factory protect2_block_device:blk_file getattr;
|
||||
|
||||
# Purpose : Allow factory to call android.hardware.audio@2.0-service-mediatek
|
||||
binder_call(factory, mtk_hal_audio)
|
||||
allow factory mtk_hal_audio:binder call;
|
||||
binder_call(factory, hal_audio_default)
|
||||
allow factory hal_audio_default:binder call;
|
||||
allow factory mtk_audiohal_data_file:dir r_dir_perms;
|
||||
allow factory audio_device:chr_file rw_file_perms;
|
||||
allow factory audio_device:dir w_dir_perms;
|
||||
|
||||
@ -8,9 +8,6 @@ vendor.mediatek.hardware.camera.advcam::IAdvCamControl u:object_r:hal_camera_hws
|
||||
# Date : 2017/06/15
|
||||
vendor.mediatek.hardware.wfo::IWifiOffload u:object_r:mtk_hal_wfo_hwservice:s0
|
||||
|
||||
# Date: 2017/06/22
|
||||
vendor.mediatek.hardware.camera.lomoeffect::ILomoEffect u:object_r:hal_camera_hwservice:s0
|
||||
|
||||
# Date : 2017/07/11
|
||||
vendor.mediatek.hardware.videotelephony::IVideoTelephony u:object_r:mtk_hal_videotelephony_hwservice:s0
|
||||
|
||||
@ -23,9 +20,6 @@ vendor.mediatek.hardware.netdagent::INetdagent u:object_r:mtk_hal_netdagent_hwse
|
||||
# Date : 2017/08/4
|
||||
vendor.mediatek.hardware.rcs::IRcs u:object_r:volte_rcs_ua_hwservice:s0
|
||||
|
||||
# Date: 2017/06/22
|
||||
vendor.mediatek.hardware.camera.ccap::ICCAPControl u:object_r:hal_camera_hwservice:s0
|
||||
|
||||
# Date : 2017/10/22
|
||||
vendor.mediatek.hardware.dfps::IFpsPolicyService u:object_r:mtk_hal_dfps_hwservice:s0
|
||||
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
# Purpose : adsp
|
||||
allow mtk_hal_audio adsp_device:chr_file { rw_file_perms };
|
||||
allow hal_audio_default adsp_device:chr_file { rw_file_perms };
|
||||
|
||||
@ -16,3 +16,10 @@ allow netutils_wrapper rild:fifo_file rw_file_perms;
|
||||
|
||||
allow netutils_wrapper wo_epdg_client:unix_stream_socket { read write };
|
||||
allow netutils_wrapper wo_epdg_client:fd use;
|
||||
|
||||
allow netutils_wrapper {
|
||||
gsm0710muxd_device
|
||||
ccci_vts_device
|
||||
ccci_wifi_proxy_device
|
||||
ccci_device
|
||||
}:chr_file rw_file_perms;
|
||||
|
||||
@ -196,8 +196,6 @@ ro.vendor.mtk_vibspk_support u:object_r:vendor_mtk_default_prop:s0
|
||||
# fm 50khz support
|
||||
ro.vendor.mtk_fm_50khz_support u:object_r:vendor_mtk_default_prop:s0
|
||||
|
||||
debuglog.drv u:object_r:vendor_mtk_camera_prop:s0
|
||||
debuglog.drv. u:object_r:vendor_mtk_camera_prop:s0
|
||||
vendor.camera.save.temp.video u:object_r:vendor_mtk_camera_prop:s0
|
||||
vendor.camera_af_power_debug u:object_r:vendor_mtk_camera_prop:s0
|
||||
vendor.com.mediatek.gesture.pose u:object_r:vendor_mtk_camera_prop:s0
|
||||
@ -256,7 +254,6 @@ ro.vendor.mtk_ct4greg_app u:object_r:vendor_mtk_default_prop:s0
|
||||
ro.vendor.mtk_devreg_app u:object_r:vendor_mtk_default_prop:s0
|
||||
|
||||
vendor.cdma. u:object_r:vendor_mtk_cdma_prop:s0
|
||||
ril.cdma.inecmmode u:object_r:vendor_mtk_cdma_prop:s0
|
||||
|
||||
persist.vendor.service.rcs u:object_r:vendor_mtk_service_rcs_prop:s0
|
||||
persist.vendor.service.tag.rcs u:object_r:vendor_mtk_service_rcs_prop:s0
|
||||
|
||||
@ -19,8 +19,8 @@ allow zygote servicemanager:binder call;
|
||||
|
||||
# Date : WK14.49
|
||||
# Operation : SQC
|
||||
# Purpose : for isolated_app to use fd (ex: share image by gmail)
|
||||
allow zygote isolated_app:fd use;
|
||||
# Purpose : for isolated_app_all to use fd (ex: share image by gmail)
|
||||
allow zygote isolated_app_all:fd use;
|
||||
|
||||
# Date : WK15.02
|
||||
# Operation : SQC
|
||||
|
||||
@ -8,13 +8,13 @@
|
||||
# MTK Adv Camera Server
|
||||
/system/bin/mtk_advcamserver u:object_r:mtk_advcamserver_exec:s0
|
||||
|
||||
/system/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
|
||||
/(system|system_ext|system/system_ext)/bin/kpoc_charger u:object_r:kpoc_charger_exec:s0
|
||||
|
||||
# MTK Thermald
|
||||
/system/bin/thermald u:object_r:thermald_exec:s0
|
||||
|
||||
# MTK VTService
|
||||
/system/bin/vtservice u:object_r:vtservice_exec:s0
|
||||
/(system|system_ext|system/system_ext)/bin/vtservice u:object_r:vtservice_exec:s0
|
||||
|
||||
# MTK ATCI
|
||||
/system/bin/atci_service_sys u:object_r:atci_service_sys_exec:s0
|
||||
|
||||
@ -181,3 +181,6 @@ get_prop(radio, system_mtk_fd_prop)
|
||||
# Date : 2021/12/22
|
||||
# Purpose : Allow radio to read ims debug property
|
||||
get_prop(radio, system_mtk_dbg_ims_prop)
|
||||
|
||||
# Allow radio to get system_mtk_vodata_prop
|
||||
get_prop(radio, system_mtk_vodata_prop)
|
||||
|
||||
@ -42,3 +42,4 @@ type mtk_vowbridge_service, app_api_service, system_server_service, service_mana
|
||||
type mtk_appdetection_service, app_api_service, system_server_service, service_manager_type;
|
||||
type vtservice_hidl_service, service_manager_type;
|
||||
type teei_ifaa_service, app_api_service, service_manager_type;
|
||||
type mtk_hal_sf_service, service_manager_type;
|
||||
|
||||
@ -54,3 +54,72 @@ media.VTS.HiDL u:object_r:vtservice_hid
|
||||
# MICROTRUST SEPolicy Rule
|
||||
# for ifaa upgrade on android O
|
||||
ifaa_service u:object_r:teei_ifaa_service:s0
|
||||
|
||||
# Data: 2022/01/04
|
||||
# add telephony aidl
|
||||
vendor.mediatek.hardware.mtkradioex.data.IMtkRadioExData/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.data.IMtkRadioExData/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.data.IMtkRadioExData/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.data.IMtkRadioExData/slot4 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.ims.IMtkRadioExIms/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.ims.IMtkRadioExIms/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.ims.IMtkRadioExIms/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.ims.IMtkRadioExIms/slot4 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.messaging.IMtkRadioExMessaging/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.messaging.IMtkRadioExMessaging/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.messaging.IMtkRadioExMessaging/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.messaging.IMtkRadioExMessaging/slot4 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.modem.IMtkRadioExModem/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.modem.IMtkRadioExModem/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.modem.IMtkRadioExModem/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.modem.IMtkRadioExModem/slot4 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.network.IMtkRadioExNetwork/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.network.IMtkRadioExNetwork/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.network.IMtkRadioExNetwork/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.network.IMtkRadioExNetwork/slot4 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.sim.IMtkRadioExSim/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.sim.IMtkRadioExSim/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.sim.IMtkRadioExSim/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.sim.IMtkRadioExSim/slot4 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.voice.IMtkRadioExVoice/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.voice.IMtkRadioExVoice/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.voice.IMtkRadioExVoice/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.voice.IMtkRadioExVoice/slot4 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.rcs.IMtkRadioExRcs/slot1 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.rcs.IMtkRadioExRcs/slot2 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.rcs.IMtkRadioExRcs/slot3 u:object_r:hal_radio_service:s0
|
||||
vendor.mediatek.hardware.mtkradioex.rcs.IMtkRadioExRcs/slot4 u:object_r:hal_radio_service:s0
|
||||
|
||||
# Data: 2022/01/10
|
||||
# add telephony aidl
|
||||
android.hardware.radio.modem.IRadioModem/imsSlot1 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.modem.IRadioModem/imsSlot2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.modem.IRadioModem/imsSlot3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.modem.IRadioModem/imsSlot4 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.network.IRadioNetwork/imsSlot1 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.network.IRadioNetwork/imsSlot2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.network.IRadioNetwork/imsSlot3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.network.IRadioNetwork/imsSlot4 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/imsSlot1 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/imsSlot2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/imsSlot3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/imsSlot4 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.voice.IRadioVoice/imsSlot1 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.voice.IRadioVoice/imsSlot2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.voice.IRadioVoice/imsSlot3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.voice.IRadioVoice/imsSlot4 u:object_r:hal_radio_service:s0
|
||||
|
||||
# Data: 2022/03/21
|
||||
# add telephony aidl
|
||||
android.hardware.radio.modem.IRadioModem/se1 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.modem.IRadioModem/se2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.modem.IRadioModem/se3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.modem.IRadioModem/se4 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/se1 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/se2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/se3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.sim.IRadioSim/se4 u:object_r:hal_radio_service:s0
|
||||
|
||||
# Data: 2022/05/13
|
||||
# add mtk sf aidl
|
||||
vendor.mediatek.framework.mtksf_ext.IMtkSF_ext/default u:object_r:mtk_hal_sf_service:s0
|
||||
|
||||
7
legacy/non_plat/property_contexts
Normal file
7
legacy/non_plat/property_contexts
Normal file
@ -0,0 +1,7 @@
|
||||
mtk.vendor.omx.core.log u:object_r:vendor_mtk_omx_core_prop:s0
|
||||
ro.mtk_crossmount_support u:object_r:vendor_mtk_crossmount_prop:s0
|
||||
ro.mtk_deinterlace_support u:object_r:vendor_mtk_deinterlace_prop:s0
|
||||
|
||||
debuglog.drv u:object_r:vendor_mtk_camera_prop:s0
|
||||
debuglog.drv. u:object_r:vendor_mtk_camera_prop:s0
|
||||
ril.cdma.inecmmode u:object_r:vendor_mtk_cdma_prop:s0
|
||||
Loading…
x
Reference in New Issue
Block a user