android_device_mediatek_sepolicy/non_plat/app.te

# ==============================================
# MTK Policy Rule
# ============

# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow appdomain proc_ged:file rw_file_perms;
allowxperm appdomain proc_ged:file ioctl {
 GED_BRIDGE_IO_LOG_BUF_GET
 GED_BRIDGE_IO_LOG_BUF_WRITE
 GED_BRIDGE_IO_LOG_BUF_RESET
 GED_BRIDGE_IO_BOOST_GPU_FREQ
 GED_BRIDGE_IO_MONITOR_3D_FENCE
 GED_BRIDGE_IO_QUERY_INFO
 GED_BRIDGE_IO_NOTIFY_VSYNC
 GED_BRIDGE_IO_DVFS_PROBE
 GED_BRIDGE_IO_DVFS_UM_RETURN
 GED_BRIDGE_IO_EVENT_NOTIFY
 GED_BRIDGE_IO_WAIT_HW_VSYNC
 GED_BRIDGE_IO_QUERY_TARGET_FPS
 GED_BRIDGE_IO_VSYNC_WAIT
 GED_BRIDGE_IO_GPU_HINT_TO_CPU
 GED_BRIDGE_IO_GE_ALLOC
 GED_BRIDGE_IO_GE_GET
 GED_BRIDGE_IO_GE_SET
 GED_BRIDGE_IO_GPU_TIMESTAMP
 GED_BRIDGE_IO_TARGET_FPS
 GED_BRIDGE_IO_GE_INFO
 GED_BRIDGE_IO_GPU_TUNER_STATUS
};

# Date : W16.42
# Operation : Integration
# Purpose : DRM / DRI GPU driver required
allow appdomain gpu_device:dir search;

# Date : W17.30
# Purpose : Allow MDP user access cmdq driver
allow appdomain mtk_cmdq_device:chr_file {open read ioctl};

# Date : W17.41
# Operation: SQC
# Purpose : Allow HWUI to access perfmgr
allow appdomain proc_perfmgr:dir search;
allow appdomain proc_perfmgr:file { getattr open read ioctl};
allowxperm appdomain proc_perfmgr:file ioctl {
  PERFMGR_FPSGO_QUEUE
  PERFMGR_FPSGO_DEQUEUE
  PERFMGR_FPSGO_QUEUE_CONNECT
  PERFMGR_FPSGO_BQID
};

# Date : W19.4
# Purpose : Allow MDP user access mdp driver
allow appdomain mdp_device:chr_file rw_file_perms;

# Date : W19.23
# Operation : Migration
# Purpose : For platform app com.android.gallery3d
allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;