Android_Device_Mediatek_Sepolicy_Vndr/bsp/non_plat/untrusted_app.te

# ==============================================
# Common SEPolicy Rule
# ==============================================

# TODO:: Security Issue
# Date : W1452
# Operation : WVL1 Modular DRM IT
# Purpose : Allow svp client alloc sec mem
allow untrusted_app proc_secmem:file r_file_perms;

# TrustKernel add
userdebug_or_eng(`
	allow untrusted_app tkcore_admin_device:chr_file rw_file_perms;
')

# Date : 2016/07/12
# Operation : SQC
# Purpose : allow untrusted_app access ntfs device
allow untrusted_app fuseblk:dir search;
allow untrusted_app fuseblk:file rw_file_perms;

# Date : 2016/7/22
# Operation: Migration
# Purpose : Move from tk sepolicy for ViLTE
allow untrusted_app vtservice:dir search;
allow untrusted_app mediaserver:dir search;

# Date: 2018/04/18
# Purpose: Allow untrusted_app to use HIDL and access mtk_hal_neuralnetworks
allow untrusted_app mtk_hal_neuralnetworks:binder { call transfer };
allow untrusted_app debugfs_ion:dir search;

# Date: 2020/06/29
# Operation : eMBMS Migration
# Purpose :allow EXPWAY middleware to access the socket
allow untrusted_app radio:unix_stream_socket connectto;

# Purpose: Allow untrusted_app to access mdlactl_device and vpu_device
allow untrusted_app mdla_device:chr_file { rw_file_perms };
allow untrusted_app vpu_device:chr_file { rw_file_perms };

# Purpose: Allow untrusted_app to access mcdi device
allow untrusted_app proc_mcdi:dir search;
allow untrusted_app proc_mcdi:file rw_file_perms;
allow untrusted_app proc_mcdi:chr_file rw_file_perms;

# Purpose: Netflix Widevine
allow untrusted_app proc_atf_log:dir search;
allow untrusted_app proc_m4u:dir search;
get_prop(untrusted_app, vendor_mtk_microtrust_tee_prop)
get_prop(untrusted_app, vendor_mtk_trustonic_tee_prop)