NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS04328846] power: add system server permission

Browse Source 
[Detail]
1. Add system server permission for power_hal_mgr_service
2. Remove su permission
3. Use macro to set permission

MTK-Commit-Id: 465f6b986296ecd46404c4cfd497bfd80c0a1842

Change-Id: I65041fd264cae53b850e013f12679c84c3b9eb36
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
This commit is contained in:
Ian-Y Chen 2020-01-18 10:12:13 +08:00
parent 203b3d02de
commit f6646fd2a6
1 changed files with 32 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
non_plat/mtk_hal_power.te
View File

@ -19,28 +19,27 @@ allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find;
hal_server_domain(mtk_hal_power, hal_power); hal_server_domain(mtk_hal_power, hal_power);
# proc fs # proc fs
allow mtk_hal_power proc:dir {search getattr}; allow mtk_hal_power proc:dir r_dir_perms;
allow mtk_hal_power proc:file {getattr open read write ioctl}; allow mtk_hal_power proc:file rw_file_perms;
# sysfs # sysfs
allow mtk_hal_light sysfs:file rw_file_perms; allow mtk_hal_power sysfs_devices_system_cpu:file rw_file_perms;
allow mtk_hal_power sysfs_devices_system_cpu:file write;
# debugfs # debugfs
allow mtk_hal_power debugfs_ged:dir search; allow mtk_hal_power debugfs_ged:dir r_dir_perms;
allow mtk_hal_power debugfs_ged:file { getattr open read write }; allow mtk_hal_power debugfs_ged:file rw_file_perms;
# proc_thermal # proc_thermal
allow mtk_hal_power proc_thermal:file { write open }; allow mtk_hal_power proc_thermal:file w_file_perms;
# proc info # proc info
allow mtk_hal_power mtk_hal_audio:dir getattr; allow mtk_hal_power mtk_hal_audio:dir r_dir_perms;
# Date : 2017/10/02 # Date : 2017/10/02
# Operation: SQC # Operation: SQC
# Purpose : Allow powerHAL to access perfmgr # Purpose : Allow powerHAL to access perfmgr
allow mtk_hal_power proc_perfmgr:dir search; allow mtk_hal_power proc_perfmgr:dir r_dir_perms;
allow mtk_hal_power proc_perfmgr:file { getattr open read write ioctl }; allow mtk_hal_power proc_perfmgr:file rw_file_perms;
allowxperm mtk_hal_power proc_perfmgr:file ioctl FPSGO_TOUCH; allowxperm mtk_hal_power proc_perfmgr:file ioctl FPSGO_TOUCH;
# Date : 2017/10/11 # Date : 2017/10/11
@ -56,55 +55,51 @@ allow mtk_hal_power mtk_powerhal_data_file:file {create_file_perms rw_file_perms
allow mtk_hal_power mtk_powerhal_data_file:sock_file {create_file_perms rw_file_perms}; allow mtk_hal_power mtk_powerhal_data_file:sock_file {create_file_perms rw_file_perms};
#camera contorl cpu #camera contorl cpu
allow mtk_hal_power mtk_hal_camera:dir { search getattr }; allow mtk_hal_power mtk_hal_camera:dir r_dir_perms;
allow mtk_hal_power mtk_hal_camera:file { getattr open write read }; allow mtk_hal_power mtk_hal_camera:file r_file_perms;
# Date : 2017/10/24 # Date : 2017/10/24
# Operation: SQC # Operation: SQC
# Purpose : Allow powerHAL to access thermal # Purpose : Allow powerHAL to access thermal
allow mtk_hal_power proc_thermal:dir search; allow mtk_hal_power proc_thermal:dir r_dir_perms;
allow mtk_hal_power sysfs:file {open write read}; allow mtk_hal_power sysfs:file rw_file_perms;
allow mtk_hal_power debugfs_fpsgo:dir search; allow mtk_hal_power debugfs_fpsgo:dir r_dir_perms;
allow mtk_hal_power debugfs_fpsgo:file { getattr open write read }; allow mtk_hal_power debugfs_fpsgo:file rw_file_perms;
# Date : 2017/12/19 # Date : 2017/12/19
# Operation: SQC # Operation: SQC
# Purpose : Allow powerHAL to access wlan # Purpose : Allow powerHAL to access wlan
allow mtk_hal_power proc_net:file {open write}; allow mtk_hal_power proc_net:file w_file_perms;
# Date : 2017/12/21 # Date : 2017/12/21
# Operation: SQC # Operation: SQC
# Purpose : Allow powerHAL to access mediacodec # Purpose : Allow powerHAL to access mediacodec
allow mtk_hal_power mediacodec:dir search; allow mtk_hal_power mediacodec:dir r_dir_perms;
allow mtk_hal_power mediacodec:dir getattr; allow mtk_hal_power mediacodec:file r_file_perms;
allow mtk_hal_power mediacodec:file { getattr open write read };
set_prop(mtk_hal_power, mtk_thermal_config_prop) set_prop(mtk_hal_power, mtk_thermal_config_prop)
# Date : 2018/01/31
# Operation: SQC
# Purpose : Allow powerHAL to access /proc/[pid]
# 2019/04/24 : redundant setting
# allow mtk_hal_power su:dir { search getattr };
# allow mtk_hal_power su:file { read open };
# Date : 2018/03/16 # Date : 2018/03/16
# Operation: SQC # Operation: SQC
# Purpose : Allow powerHAL to access /d/mtkfb # Purpose : Allow powerHAL to access /d/mtkfb
allow mtk_hal_power debugfs_fb:dir search; allow mtk_hal_power debugfs_fb:dir r_dir_perms;
allow mtk_hal_power debugfs_fb:file { getattr open read write }; allow mtk_hal_power debugfs_fb:file rw_file_perms;
# Date : 2018/06/26 # Date : 2018/06/26
# Operation: Thermal change policy in perfservice # Operation: Thermal change policy in perfservice
allow mtk_hal_power proc_thermal:file read; allow mtk_hal_power proc_thermal:file r_file_perms;
allow mtk_hal_power thermal_manager_data_file:file { write getattr setattr read lock open }; allow mtk_hal_power thermal_manager_data_file:file create_file_perms;
allow mtk_hal_power thermalloadalgod:unix_stream_socket connectto; allow mtk_hal_power thermalloadalgod:unix_stream_socket connectto;
allow mtk_hal_power proc_mtkcooler:dir search; allow mtk_hal_power proc_mtkcooler:dir r_dir_perms;
allow mtk_hal_power proc_mtkcooler:file { read write open }; allow mtk_hal_power proc_mtkcooler:file rw_file_perms;
allow mtk_hal_power proc_mtktz:dir search; allow mtk_hal_power proc_mtktz:dir r_dir_perms;
allow mtk_hal_power proc_mtktz:file {open read write }; allow mtk_hal_power proc_mtktz:file rw_file_perms;
# Date : 2019/05/08
# Operation: SQC
# Purpose : Allow powerHAL to access /proc/[pid]
# 2019/04/24 : redundant setting
allow mtk_hal_power system_server:dir r_dir_perms;
allow mtk_hal_power system_server:file r_file_perms;