diff --git a/non_plat/mtk_hal_power.te b/non_plat/mtk_hal_power.te index 48a6062..d45caa6 100644 --- a/non_plat/mtk_hal_power.te +++ b/non_plat/mtk_hal_power.te @@ -19,28 +19,27 @@ allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find; hal_server_domain(mtk_hal_power, hal_power); # proc fs -allow mtk_hal_power proc:dir {search getattr}; -allow mtk_hal_power proc:file {getattr open read write ioctl}; +allow mtk_hal_power proc:dir r_dir_perms; +allow mtk_hal_power proc:file rw_file_perms; # sysfs -allow mtk_hal_light sysfs:file rw_file_perms; -allow mtk_hal_power sysfs_devices_system_cpu:file write; +allow mtk_hal_power sysfs_devices_system_cpu:file rw_file_perms; # debugfs -allow mtk_hal_power debugfs_ged:dir search; -allow mtk_hal_power debugfs_ged:file { getattr open read write }; +allow mtk_hal_power debugfs_ged:dir r_dir_perms; +allow mtk_hal_power debugfs_ged:file rw_file_perms; # proc_thermal -allow mtk_hal_power proc_thermal:file { write open }; +allow mtk_hal_power proc_thermal:file w_file_perms; # proc info -allow mtk_hal_power mtk_hal_audio:dir getattr; +allow mtk_hal_power mtk_hal_audio:dir r_dir_perms; # Date : 2017/10/02 # Operation: SQC # Purpose : Allow powerHAL to access perfmgr -allow mtk_hal_power proc_perfmgr:dir search; -allow mtk_hal_power proc_perfmgr:file { getattr open read write ioctl }; +allow mtk_hal_power proc_perfmgr:dir r_dir_perms; +allow mtk_hal_power proc_perfmgr:file rw_file_perms; allowxperm mtk_hal_power proc_perfmgr:file ioctl FPSGO_TOUCH; # Date : 2017/10/11 @@ -56,55 +55,51 @@ allow mtk_hal_power mtk_powerhal_data_file:file {create_file_perms rw_file_perms allow mtk_hal_power mtk_powerhal_data_file:sock_file {create_file_perms rw_file_perms}; #camera contorl cpu -allow mtk_hal_power mtk_hal_camera:dir { search getattr }; -allow mtk_hal_power mtk_hal_camera:file { getattr open write read }; +allow mtk_hal_power mtk_hal_camera:dir r_dir_perms; +allow mtk_hal_power mtk_hal_camera:file r_file_perms; # Date : 2017/10/24 # Operation: SQC # Purpose : Allow powerHAL to access thermal -allow mtk_hal_power proc_thermal:dir search; -allow mtk_hal_power sysfs:file {open write read}; -allow mtk_hal_power debugfs_fpsgo:dir search; -allow mtk_hal_power debugfs_fpsgo:file { getattr open write read }; +allow mtk_hal_power proc_thermal:dir r_dir_perms; +allow mtk_hal_power sysfs:file rw_file_perms; +allow mtk_hal_power debugfs_fpsgo:dir r_dir_perms; +allow mtk_hal_power debugfs_fpsgo:file rw_file_perms; # Date : 2017/12/19 # Operation: SQC # Purpose : Allow powerHAL to access wlan -allow mtk_hal_power proc_net:file {open write}; +allow mtk_hal_power proc_net:file w_file_perms; # Date : 2017/12/21 # Operation: SQC # Purpose : Allow powerHAL to access mediacodec -allow mtk_hal_power mediacodec:dir search; -allow mtk_hal_power mediacodec:dir getattr; -allow mtk_hal_power mediacodec:file { getattr open write read }; +allow mtk_hal_power mediacodec:dir r_dir_perms; +allow mtk_hal_power mediacodec:file r_file_perms; set_prop(mtk_hal_power, mtk_thermal_config_prop) -# Date : 2018/01/31 -# Operation: SQC -# Purpose : Allow powerHAL to access /proc/[pid] -# 2019/04/24 : redundant setting -# allow mtk_hal_power su:dir { search getattr }; -# allow mtk_hal_power su:file { read open }; - # Date : 2018/03/16 # Operation: SQC # Purpose : Allow powerHAL to access /d/mtkfb -allow mtk_hal_power debugfs_fb:dir search; -allow mtk_hal_power debugfs_fb:file { getattr open read write }; +allow mtk_hal_power debugfs_fb:dir r_dir_perms; +allow mtk_hal_power debugfs_fb:file rw_file_perms; # Date : 2018/06/26 # Operation: Thermal change policy in perfservice -allow mtk_hal_power proc_thermal:file read; -allow mtk_hal_power thermal_manager_data_file:file { write getattr setattr read lock open }; +allow mtk_hal_power proc_thermal:file r_file_perms; +allow mtk_hal_power thermal_manager_data_file:file create_file_perms; allow mtk_hal_power thermalloadalgod:unix_stream_socket connectto; -allow mtk_hal_power proc_mtkcooler:dir search; -allow mtk_hal_power proc_mtkcooler:file { read write open }; -allow mtk_hal_power proc_mtktz:dir search; -allow mtk_hal_power proc_mtktz:file {open read write }; - - +allow mtk_hal_power proc_mtkcooler:dir r_dir_perms; +allow mtk_hal_power proc_mtkcooler:file rw_file_perms; +allow mtk_hal_power proc_mtktz:dir r_dir_perms; +allow mtk_hal_power proc_mtktz:file rw_file_perms; +# Date : 2019/05/08 +# Operation: SQC +# Purpose : Allow powerHAL to access /proc/[pid] +# 2019/04/24 : redundant setting +allow mtk_hal_power system_server:dir r_dir_perms; +allow mtk_hal_power system_server:file r_file_perms;