android_device_mediatek_sep.../non_plat/mediacodec.te

# ==============================================
# MTK Policy Rule
# ==============================================

# Date : WK14.34
# Operation : Migration
# Purpose : VP/VR
allow mediacodec devmap_device:chr_file { ioctl };

# Date : WK14.34
# Operation : Migration
# Purpose : Smartcard Service
#allow mediacodec self:netlink_kobject_uevent_socket read;
#allow mediacodec system_data_file:file open;

# Date : WK14.36
# Operation : Migration
# Purpose : VDEC/VENC device node
allow mediacodec Vcodec_device:chr_file { read write ioctl open };

# Date : WK16.21
# Operation : Migration
# Purpose : VP & VR dump and debug
allow mediacodec M4U_device_device:chr_file rw_file_perms;
allow mediacodec proc:file {open read};
allow mediacodec sysfs:file {read write open};
allow mediacodec debugfs_binder:dir search;
allow mediacodec proc:file { getattr ioctl };
allow mediacodec MTK_SMI_device:chr_file { ioctl read open };
allow mediacodec storage_file:lnk_file {read write open};
allow mediacodec tmpfs:dir search;
allow mediacodec mnt_user_file:dir {write read search};
allow mediacodec mnt_user_file:lnk_file {read write};
allow mediacodec sdcard_type:dir {write read search add_name remove_name};
allow mediacodec sdcard_type:file {getattr write read create open append unlink};
allow mediacodec nvram_data_file:dir w_dir_perms;
allow mediacodec nvram_data_file:file create_file_perms;
allow mediacodec nvram_data_file:lnk_file read;
allow mediacodec nvdata_file:lnk_file read;
allow mediacodec nvdata_file:dir w_dir_perms;
allow mediacodec nvdata_file:file create_file_perms;
allow mediacodec devmap_device:chr_file r_file_perms;
allow mediacodec proc_meminfo:file {read getattr open};

# Date : WK14.36
# Operation : Migration
# Purpose : MMProfile debug
# userdebug_or_eng(`
#allow mediacodec debugfs:file {read ioctl getattr};
# ')

# Date : WK14.36
# Operation : Migration
# Purpose : for SW codec VP/VR
#allow mediacodec mtk_device:chr_file { read write ioctl open };
allow mediacodec mtk_sched_device:chr_file { read write ioctl open };

# Date : WK14.38
# Operation : Migration
# Purpose : NVRam access
#allow mediacodec block_device:dir { write search };

# Data : WK14.38
# Operation : Migration
# Purpose : for boot animation.
#allow mediacodec bootanim:binder { transfer call };

# Date : WK14.39
# Operation : Migration
# Purpose : APE PLAYBACK
#binder_call(mediacodec,MtkCodecService)

# Data : WK14.39
# Operation : Migration
# Purpose : HW encrypt SW codec
allow mediacodec mediacodec_data_file:file create_file_perms;
allow mediacodec mediacodec_data_file:dir create_dir_perms;
allow mediacodec sec_device:chr_file r_file_perms;

# Data: WK14.44
# Operation : Migration
# Purpose : VP
allow mediacodec surfaceflinger:file getattr;

# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
allow mediacodec sysfs_lowmemorykiller:file { read open };

# Data: WK14.45
# Operation : Migration
# Purpose : for change thermal policy when needed
allow mediacodec proc_mtkcooler:dir search;
allow mediacodec proc_mtktz:dir search;
allow mediacodec proc_thermal:dir search;
allow mediacodec proc_mtkcooler:file { read write open };
allow mediacodec proc_mtktz:file { read write open getattr };
allow mediacodec proc_thermal:file { read write open getattr};
allow mediacodec thermal_manager_data_file:file create_file_perms;
allow mediacodec thermal_manager_data_file:dir { rw_dir_perms setattr };
allow mediacodec thermal_manager_data_file:dir search;

# Date : WK14.46
# Operation : Migration
# Purpose : for MTK Emulator HW GPU
#allow mediacodec qemu_pipe_device:chr_file rw_file_perms;

# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow mediacodec untrusted_app:dir search;

# Date : WK15.35
# Operation : Migration
# Purpose: Allow mediacodec to read binder from surfaceflinger
#allow mediacodec surfaceflinger:fifo_file {read write};

# Date : WK15.45
# Operation : 1/32x SlowMotion SQC
# Purpose : for Clearmotion LowPower Switch
#allow mediacodec mjc_lib_prop:property_service set;
#allow mediacodec mtk_mjc_prop:property_service set;

# Date : WK15.02
# Operation : 120Hz Feature SQC
# Purpose : for 120Hz Smart Switch
#allow mediacodec mtk_rrc_device:chr_file { read write ioctl open };

# Date : WK14.39
# Operation : Migration
# Purpose : MJC Driver
allow mediacodec MJC_device:chr_file { read write ioctl open };

# Date : WK16.27
# Operation : APE SQC
# Purpose : for APE file playback
allow mediacodec MtkCodecService:binder call;
allow mediacodec MtkCodecService:binder transfer;

# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow mediacodec proc_ged:file {open read write ioctl getattr};

# Data : WK16.42
# Operator: Whitney bring up
# Purpose: call surfaceflinger due to powervr
allow mediacodec surfaceflinger:fifo_file rw_file_perms;

# Date: WK16.43
# Operator: Whitney SQC
# Purpose: mediacodec use gpu
allow mediacodec gpu_device:dir search;
#allow mediacodec debug_prop:property_service set;
#allow mediacodec system_prop:property_service set;

# Date : W18.01
# Add for turn on SElinux in enforcing mode
allow mediacodec vndbinder_device:chr_file rw_file_perms;

vndbinder_use(mediacodec)

# Date : WK1721
# Purpose: For FULL TREBLE
allow mediacodec system_file:dir r_dir_perms;
allow mediacodec debugfs_ion:dir search;


# Date : WK17.30
# Operation : O Migration
# Purpose: Allow mediacodec to access cmdq driver
allow mediacodec mtk_cmdq_device:chr_file { read ioctl open };

# Date : WK17.28
# Operation : MT6757 SQC
# Purpose : Change thermal config
allow mediacodec mtk_thermal_config_prop:file { getattr open read };
allow mediacodec mtk_thermal_config_prop:property_service set;


# Date : WK17.30
# Purpose : For Power Hal
allow mediacodec mtk_hal_power_hwservice:hwservice_manager find;
allow mediacodec mtk_hal_power:binder call;
allow mediacodec mtk_hal_power:unix_stream_socket connectto;


# Date : WK17.12
# Operation : MT6799 SQC
# Purpose : Change thermal config
allow mediacodec mtk_thermal_config_prop:file { getattr open read };
allow mediacodec mtk_thermal_config_prop:property_service set;

# Date : WK17.43
# Operation : Migration
# Purpose : DISP access
allow mediacodec graphics_device:chr_file { ioctl open read };
allow mediacodec graphics_device:dir search;

# Date : WK18.03
# Operation : MT6771 SQC
# Purpose : Video SW decoder setprop for dex2oat thread 2
#allow mediacodec dalvik_prop:property_service set;
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`# ==============================================`
			`# MTK Policy Rule`
			`# ==============================================`

			`# Date : WK14.34`
			`# Operation : Migration`
			`# Purpose : VP/VR`
			`allow mediacodec devmap_device:chr_file { ioctl };`

			`# Date : WK14.34`
			`# Operation : Migration`
			`# Purpose : Smartcard Service`
			`#allow mediacodec self:netlink_kobject_uevent_socket read;`
			`#allow mediacodec system_data_file:file open;`

			`# Date : WK14.36`
			`# Operation : Migration`
			`# Purpose : VDEC/VENC device node`
			`allow mediacodec Vcodec_device:chr_file { read write ioctl open };`

			`# Date : WK16.21`
			`# Operation : Migration`
			`# Purpose : VP & VR dump and debug`
			`allow mediacodec M4U_device_device:chr_file rw_file_perms;`
			`allow mediacodec proc:file {open read};`
			`allow mediacodec sysfs:file {read write open};`
			`allow mediacodec debugfs_binder:dir search;`
			`allow mediacodec proc:file { getattr ioctl };`
			`allow mediacodec MTK_SMI_device:chr_file { ioctl read open };`
			`allow mediacodec storage_file:lnk_file {read write open};`
			`allow mediacodec tmpfs:dir search;`
			`allow mediacodec mnt_user_file:dir {write read search};`
			`allow mediacodec mnt_user_file:lnk_file {read write};`
			`allow mediacodec sdcard_type:dir {write read search add_name remove_name};`
			`allow mediacodec sdcard_type:file {getattr write read create open append unlink};`
			`allow mediacodec nvram_data_file:dir w_dir_perms;`
			`allow mediacodec nvram_data_file:file create_file_perms;`
			`allow mediacodec nvram_data_file:lnk_file read;`
			`allow mediacodec nvdata_file:lnk_file read;`
			`allow mediacodec nvdata_file:dir w_dir_perms;`
			`allow mediacodec nvdata_file:file create_file_perms;`
			`allow mediacodec devmap_device:chr_file r_file_perms;`
			`allow mediacodec proc_meminfo:file {read getattr open};`

			`# Date : WK14.36`
			`# Operation : Migration`
			`# Purpose : MMProfile debug`
			# userdebug_or_eng(`
			`#allow mediacodec debugfs:file {read ioctl getattr};`
			`# ')`

			`# Date : WK14.36`
			`# Operation : Migration`
			`# Purpose : for SW codec VP/VR`
			`#allow mediacodec mtk_device:chr_file { read write ioctl open };`
			`allow mediacodec mtk_sched_device:chr_file { read write ioctl open };`

			`# Date : WK14.38`
			`# Operation : Migration`
			`# Purpose : NVRam access`
			`#allow mediacodec block_device:dir { write search };`

			`# Data : WK14.38`
			`# Operation : Migration`
			`# Purpose : for boot animation.`
			`#allow mediacodec bootanim:binder { transfer call };`

			`# Date : WK14.39`
			`# Operation : Migration`
			`# Purpose : APE PLAYBACK`
			`#binder_call(mediacodec,MtkCodecService)`

			`# Data : WK14.39`
			`# Operation : Migration`
			`# Purpose : HW encrypt SW codec`
			`allow mediacodec mediacodec_data_file:file create_file_perms;`
			`allow mediacodec mediacodec_data_file:dir create_dir_perms;`
			`allow mediacodec sec_device:chr_file r_file_perms;`

			`# Data: WK14.44`
			`# Operation : Migration`
			`# Purpose : VP`
			`allow mediacodec surfaceflinger:file getattr;`

			`# Data: WK14.44`
			`# Operation : Migration`
			`# Purpose : for low SD card latency issue`
			`allow mediacodec sysfs_lowmemorykiller:file { read open };`

			`# Data: WK14.45`
			`# Operation : Migration`
			`# Purpose : for change thermal policy when needed`
			`allow mediacodec proc_mtkcooler:dir search;`
			`allow mediacodec proc_mtktz:dir search;`
			`allow mediacodec proc_thermal:dir search;`
			`allow mediacodec proc_mtkcooler:file { read write open };`
			`allow mediacodec proc_mtktz:file { read write open getattr };`
[ALPS03852480] add sepolicy for mediacodec getattr proc_thermal [Detail] Add sepolicy for mediacodec since SW decoder would control CPU freq and will need to getattr proc_thermal MTK-Commit-Id: 5ce3aa68771bdb3af46a43b1c3455d365256c99c Change-Id: I4ca98c4ae7b06e616e19f582190826beec490a04 CR-Id: ALPS03852480 Feature: VP9 Decoder (cherry picked from commit f173ea13c62696f30465a4cb23061e1512c0ae1f) 2020-01-18 09:45:32 +08:00			`allow mediacodec proc_thermal:file { read write open getattr};`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`allow mediacodec thermal_manager_data_file:file create_file_perms;`
			`allow mediacodec thermal_manager_data_file:dir { rw_dir_perms setattr };`
			`allow mediacodec thermal_manager_data_file:dir search;`

			`# Date : WK14.46`
			`# Operation : Migration`
			`# Purpose : for MTK Emulator HW GPU`
			`#allow mediacodec qemu_pipe_device:chr_file rw_file_perms;`

			`# Data : WK14.47`
			`# Operation : CTS`
			`# Purpose : cts search strange app`
			`allow mediacodec untrusted_app:dir search;`

			`# Date : WK15.35`
			`# Operation : Migration`
			`# Purpose: Allow mediacodec to read binder from surfaceflinger`
			`#allow mediacodec surfaceflinger:fifo_file {read write};`

			`# Date : WK15.45`
			`# Operation : 1/32x SlowMotion SQC`
			`# Purpose : for Clearmotion LowPower Switch`
			`#allow mediacodec mjc_lib_prop:property_service set;`
			`#allow mediacodec mtk_mjc_prop:property_service set;`

			`# Date : WK15.02`
			`# Operation : 120Hz Feature SQC`
			`# Purpose : for 120Hz Smart Switch`
			`#allow mediacodec mtk_rrc_device:chr_file { read write ioctl open };`

			`# Date : WK14.39`
			`# Operation : Migration`
			`# Purpose : MJC Driver`
			`allow mediacodec MJC_device:chr_file { read write ioctl open };`

			`# Date : WK16.27`
			`# Operation : APE SQC`
			`# Purpose : for APE file playback`
			`allow mediacodec MtkCodecService:binder call;`
			`allow mediacodec MtkCodecService:binder transfer;`

			`# Date : WK16.33`
			`# Purpose: Allow to access ged for gralloc_extra functions`
			`allow mediacodec proc_ged:file {open read write ioctl getattr};`

			`# Data : WK16.42`
			`# Operator: Whitney bring up`
			`# Purpose: call surfaceflinger due to powervr`
			`allow mediacodec surfaceflinger:fifo_file rw_file_perms;`

			`# Date: WK16.43`
			`# Operator: Whitney SQC`
			`# Purpose: mediacodec use gpu`
			`allow mediacodec gpu_device:dir search;`
[ALPS03881723] Workaround build error [Detail] enable PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE = true, will cause build error [Solution] Mark rules that violate AOSP neverallow rules MTK-Commit-Id: c850c6f1fcb8de76235ea2be51becb7a2ccc6190 Change-Id: Ib9a80f4495d6db588133f929c9ea70e7215ad2aa CR-Id: ALPS03881723 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:35:54 +08:00			`#allow mediacodec debug_prop:property_service set;`
			`#allow mediacodec system_prop:property_service set;`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00
			`# Date : W18.01`
			`# Add for turn on SElinux in enforcing mode`
			`allow mediacodec vndbinder_device:chr_file rw_file_perms;`

			`vndbinder_use(mediacodec)`

			`# Date : WK1721`
			`# Purpose: For FULL TREBLE`
			`allow mediacodec system_file:dir r_dir_perms;`
			`allow mediacodec debugfs_ion:dir search;`


			`# Date : WK17.30`
			`# Operation : O Migration`
			`# Purpose: Allow mediacodec to access cmdq driver`
			`allow mediacodec mtk_cmdq_device:chr_file { read ioctl open };`

			`# Date : WK17.28`
			`# Operation : MT6757 SQC`
			`# Purpose : Change thermal config`
			`allow mediacodec mtk_thermal_config_prop:file { getattr open read };`
			`allow mediacodec mtk_thermal_config_prop:property_service set;`


			`# Date : WK17.30`
			`# Purpose : For Power Hal`
			`allow mediacodec mtk_hal_power_hwservice:hwservice_manager find;`
			`allow mediacodec mtk_hal_power:binder call;`
			`allow mediacodec mtk_hal_power:unix_stream_socket connectto;`


			`# Date : WK17.12`
			`# Operation : MT6799 SQC`
			`# Purpose : Change thermal config`
			`allow mediacodec mtk_thermal_config_prop:file { getattr open read };`
			`allow mediacodec mtk_thermal_config_prop:property_service set;`

			`# Date : WK17.43`
			`# Operation : Migration`
			`# Purpose : DISP access`
			`allow mediacodec graphics_device:chr_file { ioctl open read };`
			`allow mediacodec graphics_device:dir search;`

			`# Date : WK18.03`
			`# Operation : MT6771 SQC`
			`# Purpose : Video SW decoder setprop for dex2oat thread 2`
[ALPS03881723] Workaround build error [Detail] enable PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE = true, will cause build error [Solution] Mark rules that violate AOSP neverallow rules MTK-Commit-Id: c850c6f1fcb8de76235ea2be51becb7a2ccc6190 Change-Id: Ib9a80f4495d6db588133f929c9ea70e7215ad2aa CR-Id: ALPS03881723 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:35:54 +08:00			`#allow mediacodec dalvik_prop:property_service set;`