diff --git a/non_plat/cameraserver.te b/non_plat/cameraserver.te index 5df036f..43e068c 100644 --- a/non_plat/cameraserver.te +++ b/non_plat/cameraserver.te @@ -31,127 +31,127 @@ allow cameraserver mtkcam_prop:file { open read getattr }; # Date : WK14.31 # Operation : Migration # Purpose : camera devices access. -allow cameraserver camera_isp_device:chr_file rw_file_perms; -allow cameraserver ccu_device:chr_file rw_file_perms; -allow cameraserver vpu_device:chr_file rw_file_perms; -allow cameraserver kd_camera_hw_device:chr_file rw_file_perms; -allow cameraserver seninf_device:chr_file rw_file_perms; -allow cameraserver self:capability { setuid ipc_lock sys_nice }; -allow cameraserver sysfs_wake_lock:file rw_file_perms; -allow cameraserver MTK_SMI_device:chr_file r_file_perms; -allow cameraserver camera_pipemgr_device:chr_file r_file_perms; -allow cameraserver kd_camera_flashlight_device:chr_file rw_file_perms; -allow cameraserver lens_device:chr_file rw_file_perms; -allow cameraserver nvdata_file:lnk_file read; -allow cameraserver proc_meminfo:file { read getattr open }; +# allow cameraserver camera_isp_device:chr_file rw_file_perms; +# allow cameraserver ccu_device:chr_file rw_file_perms; +# allow cameraserver vpu_device:chr_file rw_file_perms; +# allow cameraserver kd_camera_hw_device:chr_file rw_file_perms; +# allow cameraserver seninf_device:chr_file rw_file_perms; +# allow cameraserver self:capability { setuid ipc_lock sys_nice }; +# allow cameraserver sysfs_wake_lock:file rw_file_perms; +# allow cameraserver MTK_SMI_device:chr_file r_file_perms; +# allow cameraserver camera_pipemgr_device:chr_file r_file_perms; +# allow cameraserver kd_camera_flashlight_device:chr_file rw_file_perms; +# allow cameraserver lens_device:chr_file rw_file_perms; +# allow cameraserver nvdata_file:lnk_file read; +# allow cameraserver proc_meminfo:file { read getattr open }; # Date : WK14.34 # Operation : Migration # Purpose : nvram access (dumchar case for nand and legacy chip) -allow cameraserver nvram_device:chr_file rw_file_perms; +# allow cameraserver nvram_device:chr_file rw_file_perms; ### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te -#allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind }; -allow cameraserver self:capability { net_admin }; +# #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind }; +# allow cameraserver self:capability { net_admin }; # Date : WK14.34 # Operation : Migration # Purpose : VP/VR -allow cameraserver devmap_device:chr_file { ioctl }; +# allow cameraserver devmap_device:chr_file { ioctl }; # Date : WK14.34 # Operation : Migration # Purpose : Smartcard Service ### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te -#allow cameraserver self:netlink_kobject_uevent_socket read; -allow cameraserver system_data_file:file open; +# #allow cameraserver self:netlink_kobject_uevent_socket read; +# allow cameraserver system_data_file:file open; # Date : WK14.36 # Operation : Migration # Purpose : media server and bt process communication for A2DP data.and other control flow -allow cameraserver bluetooth:unix_dgram_socket sendto; -allow cameraserver bt_a2dp_stream_socket:sock_file write; -allow cameraserver bt_int_adp_socket:sock_file write; +# allow cameraserver bluetooth:unix_dgram_socket sendto; +# allow cameraserver bt_a2dp_stream_socket:sock_file write; +# allow cameraserver bt_int_adp_socket:sock_file write; # Date : WK14.37 # Operation : Migration # Purpose : camera ioctl -allow cameraserver camera_sysram_device:chr_file r_file_perms; +# allow cameraserver camera_sysram_device:chr_file r_file_perms; # Date : WK14.36 # Operation : Migration # Purpose : VDEC/VENC device node -allow cameraserver Vcodec_device:chr_file rw_file_perms; +# allow cameraserver Vcodec_device:chr_file rw_file_perms; # Date : WK14.36 # Operation : Migration # Purpose : access nvram, otp, ccci cdoec devices. -allow cameraserver MtkCodecService:binder call; -allow cameraserver ccci_device:chr_file rw_file_perms; -allow cameraserver eemcs_device:chr_file rw_file_perms; -allow cameraserver devmap_device:chr_file r_file_perms; -allow cameraserver ebc_device:chr_file rw_file_perms; -allow cameraserver nvram_device:blk_file rw_file_perms; -allow cameraserver bootdevice_block_device:blk_file rw_file_perms; +# allow cameraserver MtkCodecService:binder call; +# allow cameraserver ccci_device:chr_file rw_file_perms; +# allow cameraserver eemcs_device:chr_file rw_file_perms; +# allow cameraserver devmap_device:chr_file r_file_perms; +# allow cameraserver ebc_device:chr_file rw_file_perms; +# allow cameraserver nvram_device:blk_file rw_file_perms; +# allow cameraserver bootdevice_block_device:blk_file rw_file_perms; # Date : WK14.36 # Operation : Migration # Purpose : for SW codec VP/VR -allow cameraserver mtk_sched_device:chr_file rw_file_perms; +# allow cameraserver mtk_sched_device:chr_file rw_file_perms; # Date : WK14.38 # Operation : Migration # Purpose : NVRam access -allow cameraserver block_device:dir { write search }; +# allow cameraserver block_device:dir { write search }; # Date : WK14.38 # Operation : Migration # Purpose : FM driver access -allow cameraserver fm_device:chr_file rw_file_perms; +# allow cameraserver fm_device:chr_file rw_file_perms; # Data : WK14.38 # Operation : Migration # Purpose : for VP/VR -allow cameraserver block_device:dir search; -allow cameraserver FM50AF_device:chr_file rw_file_perms; -allow cameraserver AD5820AF_device:chr_file rw_file_perms; -allow cameraserver DW9714AF_device:chr_file rw_file_perms; -allow cameraserver DW9814AF_device:chr_file rw_file_perms; -allow cameraserver AK7345AF_device:chr_file rw_file_perms; -allow cameraserver DW9714A_device:chr_file rw_file_perms; -allow cameraserver LC898122AF_device:chr_file rw_file_perms; -allow cameraserver LC898212AF_device:chr_file rw_file_perms; -allow cameraserver BU6429AF_device:chr_file rw_file_perms; -allow cameraserver DW9718AF_device:chr_file rw_file_perms; -allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms; -allow cameraserver MAINAF_device:chr_file rw_file_perms; -allow cameraserver MAIN2AF_device:chr_file rw_file_perms; -allow cameraserver SUBAF_device:chr_file rw_file_perms; +# allow cameraserver block_device:dir search; +# allow cameraserver FM50AF_device:chr_file rw_file_perms; +# allow cameraserver AD5820AF_device:chr_file rw_file_perms; +# allow cameraserver DW9714AF_device:chr_file rw_file_perms; +# allow cameraserver DW9814AF_device:chr_file rw_file_perms; +# allow cameraserver AK7345AF_device:chr_file rw_file_perms; +# allow cameraserver DW9714A_device:chr_file rw_file_perms; +# allow cameraserver LC898122AF_device:chr_file rw_file_perms; +# allow cameraserver LC898212AF_device:chr_file rw_file_perms; +# allow cameraserver BU6429AF_device:chr_file rw_file_perms; +# allow cameraserver DW9718AF_device:chr_file rw_file_perms; +# allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms; +# allow cameraserver MAINAF_device:chr_file rw_file_perms; +# allow cameraserver MAIN2AF_device:chr_file rw_file_perms; +# allow cameraserver SUBAF_device:chr_file rw_file_perms; # Data : WK14.38 # Operation : Migration # Purpose : for boot animation. -allow cameraserver bootanim:binder { transfer call }; +# allow cameraserver bootanim:binder { transfer call }; -allow cameraserver mtkbootanimation:binder { transfer call }; +# allow cameraserver mtkbootanimation:binder { transfer call }; # Data : WK14.38 # Operation : Migration # Purpose : dump for debug -allow cameraserver sdcard_type:file append; +# allow cameraserver sdcard_type:file append; # Date : WK14.39 # Operation : Migration # Purpose : FDVT Driver -allow cameraserver camera_fdvt_device:chr_file rw_file_perms; +# allow cameraserver camera_fdvt_device:chr_file rw_file_perms; # Date : WK14.39 # Operation : Migration # Purpose : APE PLAYBACK -binder_call(cameraserver,MtkCodecService) +# binder_call(cameraserver, MtkCodecService) # Data : WK14.39 # Operation : Migration # Purpose : HW encrypt SW codec -allow cameraserver sec_device:chr_file r_file_perms; +# allow cameraserver sec_device:chr_file r_file_perms; # Date : WK14.40 # Operation : Migration @@ -161,111 +161,111 @@ allow cameraserver graphics_device:chr_file rw_file_perms; # Date : WK14.40 # Operation : Migration # Purpose : Smartpa -allow cameraserver smartpa_device:chr_file rw_file_perms; +# allow cameraserver smartpa_device:chr_file rw_file_perms; # Date : WK14.40 # Operation : Migration # Purpose : mtk_jpeg -allow cameraserver mtk_jpeg_device:chr_file r_file_perms; +# allow cameraserver mtk_jpeg_device:chr_file r_file_perms; # Date : WK14.41 # Operation : Migration # Purpose : WFD HID Driver -allow cameraserver uhid_device:chr_file rw_file_perms; +# allow cameraserver uhid_device:chr_file rw_file_perms; # Date : WK14.41 # Operation : Migration # Purpose : Camera EEPROM Calibration -allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms; -allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms; -allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms; +# allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms; +# allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms; +# allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms; # Date : WK14.43 # Operation : Migration # Purpose : VOW -allow cameraserver vow_device:chr_file rw_file_perms; +# allow cameraserver vow_device:chr_file rw_file_perms; # Date: WK14.44 # Operation : Migration # Purpose : EVDO -allow cameraserver rpc_socket:sock_file write; -allow cameraserver ttySDIO_device:chr_file rw_file_perms; +# allow cameraserver rpc_socket:sock_file write; +# allow cameraserver ttySDIO_device:chr_file rw_file_perms; # Data: WK14.44 # Operation : Migration # Purpose : VP -allow cameraserver surfaceflinger:file getattr; +# allow cameraserver surfaceflinger:file getattr; # Data: WK14.44 # Operation : Migration # Purpose : for low SD card latency issue -allow cameraserver sysfs_lowmemorykiller:file { read open }; +# allow cameraserver sysfs_lowmemorykiller:file { read open }; # Data: WK14.45 # Operation : Migration # Purpose : for change thermal policy when needed -allow cameraserver proc_mtkcooler:dir search; -allow cameraserver proc_mtktz:dir search; -allow cameraserver proc_thermal:dir search; +# allow cameraserver proc_mtkcooler:dir search; +# allow cameraserver proc_mtktz:dir search; +# allow cameraserver proc_thermal:dir search; # Date : WK14.46 # Operation : Migration # Purpose : for MTK Emulator HW GPU -allow cameraserver qemu_pipe_device:chr_file rw_file_perms; +# allow cameraserver qemu_pipe_device:chr_file rw_file_perms; # Date : WK14.46 # Operation : Migration # Purpose : for camera init -allow cameraserver system_server:unix_stream_socket { read write }; +# allow cameraserver system_server:unix_stream_socket { read write }; # Data : WK14.46 # Operation : Migration # Purpose : for SMS app -allow cameraserver radio_data_file:dir search; -allow cameraserver radio_data_file:file open; +# allow cameraserver radio_data_file:dir search; +# allow cameraserver radio_data_file:file open; # Data : WK14.47 # Operation : Launch camcorder from MMS # Purpose : Camcorder -allow cameraserver radio_data_file:file open; +# allow cameraserver radio_data_file:file open; # Data : WK14.47 # Operation : CTS # Purpose : cts search strange app -allow cameraserver untrusted_app:dir search; +# allow cameraserver untrusted_app:dir search; # Date : WK15.03 # Operation : Migration # Purpose : offloadservice -allow cameraserver offloadservice_device:chr_file rw_file_perms; +# allow cameraserver offloadservice_device:chr_file rw_file_perms; # Date : WK15.32 # Operation : Pre-sanity # Purpose : 3A algorithm need to access sensor service -allow cameraserver sensorservice_service:service_manager find; +# allow cameraserver sensorservice_service:service_manager find; # Date : WK15.34 # Operation : Migration # Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -allow cameraserver system_data_file:dir write; -allow cameraserver storage_file:lnk_file {read write}; -allow cameraserver mnt_user_file:dir {write read search}; -allow cameraserver mnt_user_file:lnk_file {read write}; +# allow cameraserver system_data_file:dir write; +# allow cameraserver storage_file:lnk_file {read write}; +# allow cameraserver mnt_user_file:dir {write read search}; +# allow cameraserver mnt_user_file:lnk_file {read write}; # Date : WK15.35 # Operation : Migration # Purpose: Allow cameraserver to read binder from surfaceflinger -allow cameraserver surfaceflinger:fifo_file {read write}; +# allow cameraserver surfaceflinger:fifo_file {read write}; # Date : WK15.46 # Operation : Migration # Purpose : DPE Driver -allow cameraserver camera_dpe_device:chr_file rw_file_perms; +# allow cameraserver camera_dpe_device:chr_file rw_file_perms; # Date : WK15.46 # Operation : Migration # Purpose : TSF Driver -allow cameraserver camera_tsf_device:chr_file rw_file_perms; +# allow cameraserver camera_tsf_device:chr_file rw_file_perms; # Date : WK16.20 # Operation : Migration @@ -282,15 +282,15 @@ allow cameraserver gpu_device:dir search; # Date : WK16.30 # Operation : Migration # Purpose : Use file_type_auto_trans to specify label to avoid violated(never allow) -allow cameraserver property_socket:sock_file write; -allow cameraserver proc:file getattr; -allow cameraserver shell_exec:file { execute read getattr open}; -allow cameraserver init:unix_stream_socket connectto; +# allow cameraserver property_socket:sock_file write; +# allow cameraserver proc:file getattr; +# allow cameraserver shell_exec:file { execute read getattr open}; +# allow cameraserver init:unix_stream_socket connectto; # Date : WK16.32 # Operation : Migration # Purpose : RSC Driver -allow cameraserver camera_rsc_device:chr_file rw_file_perms; +# allow cameraserver camera_rsc_device:chr_file rw_file_perms; # Date : WK16.33 # Purpose: Allow to access ged for gralloc_extra functions @@ -299,29 +299,29 @@ allow cameraserver proc_ged:file {open read write ioctl getattr}; # Date : WK16.33 # Operation : Migration # Purpose : GEPF Driver -allow cameraserver camera_gepf_device:chr_file rw_file_perms; +# allow cameraserver camera_gepf_device:chr_file rw_file_perms; # Date : WK16.35 # Operation : Migration # Purpose : Update camera flashlight driver device file -allow cameraserver flashlight_device:chr_file rw_file_perms; +# allow cameraserver flashlight_device:chr_file rw_file_perms; # Data : WK16.42 # Operator: Whitney bring up # Purpose: call surfaceflinger due to powervr -allow cameraserver surfaceflinger:fifo_file rw_file_perms; +# allow cameraserver surfaceflinger:fifo_file rw_file_perms; # Date : WK16.43 # Operation : Migration # Purpose : WPE Driver -allow cameraserver camera_wpe_device:chr_file rw_file_perms; +# allow cameraserver camera_wpe_device:chr_file rw_file_perms; # Date : WK16.49 # Operation : label aee_aed sockets # Purpose : Engineering mode need access for aee commmand -userdebug_or_eng(` -allow cameraserver aee_aed:unix_stream_socket connectto; -') +# userdebug_or_eng(` +# allow cameraserver aee_aed:unix_stream_socket connectto; +# ') # Purpose: Allow to access debugfs_ion dir. allow cameraserver system_data_file:lnk_file read; @@ -329,7 +329,7 @@ allow cameraserver system_data_file:lnk_file read; # Date : WK17.19 # Operation : Migration # Purpose : OWE Driver -allow cameraserver camera_owe_device:chr_file rw_file_perms; +# allow cameraserver camera_owe_device:chr_file rw_file_perms; # Date : WK17.25 # Operation : Migration @@ -338,24 +338,24 @@ allow cameraserver debugfs_ion:dir search; # Date : WK17.30 # Operation : O Migration # Purpose: Allow to access cmdq driver -allow cameraserver mtk_cmdq_device:chr_file { read ioctl open }; +# allow cameraserver mtk_cmdq_device:chr_file { read ioctl open }; # Date : WK17.28 # Operation : MT6757 SQC # Purpose : Change thermal config -typeattribute cameraserver system_writes_vendor_properties_violators; -allow cameraserver mtk_thermal_config_prop:file { getattr open read }; +# typeattribute cameraserver system_writes_vendor_properties_violators; +# allow cameraserver mtk_thermal_config_prop:file { getattr open read }; # Date : WK17.44 # Operation : Migration # Purpose : DIP Driver -allow cameraserver camera_dip_device:chr_file rw_file_perms; +# allow cameraserver camera_dip_device:chr_file rw_file_perms; # Date : WK17.44 # Operation : Migration # Purpose : MFB Driver -allow cameraserver camera_mfb_device:chr_file rw_file_perms; +# allow cameraserver camera_mfb_device:chr_file rw_file_perms; # Date : WK17.49 # Operation : MT6771 SQC