NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/atci_service.te
Mike Hsieh cff428b385 [ALPS04702268] Change sw_sync permission for 3rd party app access 
Change sw_sync permission for 3rd party app use.

MTK-Commit-Id: 756f028f822b28e5863c772c977f3fdfad1eb338

Change-Id: I5f1f4566e8d60b16fd300dc91ddba8cc6aa7e5c4
CR-Id: ALPS04702268
Feature: [Module]MDP Driver
(cherry picked from commit 8d036ea19e62d9f509f1c54d395d4a711b4a4bd7)
2020-01-18 10:18:34 +08:00

151 lines
6.8 KiB
Plaintext
Raw Blame History

# ==============================================
# Policy File of /vendor/bin/atci_service Executable File
# ==============================================
# ==============================================
# MTK Policy Rule
# ==============================================
type atci_service, domain;
type atci_service_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(atci_service)
allow atci_service block_device:dir search;
allow atci_service misc2_block_device:blk_file { open read write };
allow atci_service misc2_device:chr_file { open read write };
allow atci_service bootdevice_block_device:blk_file { open read write };
allow atci_service self:capability { net_raw chown fsetid sys_nice net_admin fowner sys_admin };
allow atci_service camera_isp_device:chr_file { read write ioctl open };
allow atci_service graphics_device:chr_file { read write ioctl open };
allow atci_service graphics_device:dir search;
allow atci_service kd_camera_hw_device:chr_file { read write ioctl open };
allow atci_service self:capability { sys_nice ipc_lock };
allow atci_service nvram_device:chr_file { read write open ioctl };
allow atci_service camera_isp_device:chr_file { read write ioctl open };
allow atci_service camera_sysram_device:chr_file { read ioctl open };
allow atci_service camera_tsf_device:chr_file rw_file_perms;
allow atci_service camera_rsc_device:chr_file rw_file_perms;
allow atci_service camera_gepf_device:chr_file rw_file_perms;
allow atci_service camera_fdvt_device:chr_file rw_file_perms;
allow atci_service camera_wpe_device:chr_file rw_file_perms;
allow atci_service camera_owe_device:chr_file rw_file_perms;
allow atci_service kd_camera_flashlight_device:chr_file { read write ioctl open };
allow atci_service ccu_device:chr_file { read write ioctl open };
allow atci_service vpu_device:chr_file { read write ioctl open };
allow atci_service MTK_SMI_device:chr_file { open read write ioctl };
#allow atci_service system_server:binder call;
#allow atci_service system_data_file:dir { write remove_name add_name };
allow atci_service DW9714AF_device:chr_file { read write ioctl open };
allow atci_service devmap_device:chr_file { open read write ioctl };
allow atci_service sdcard_type:dir { search write read open add_name remove_name create getattr setattr };
allow atci_service sdcard_type:file { setattr read create write getattr unlink open append };
allow atci_service mediaserver:binder call;
#allow atci_service sysfs:file write;
#allow atci_service system_server:unix_stream_socket { read write };
allow atci_service self:capability sys_boot;
# Date : 2015/09/17
# Operation : M-Migration
# Purpose : to operation CCT tool
allow atci_service nvram_device:blk_file { open read write };
allow atci_service input_device:dir { open read search };
allow atci_service input_device:file { open read write ioctl };
allow atci_service input_device:chr_file { open read write ioctl };
allow atci_service MAINAF_device:chr_file { open read write ioctl };
allow atci_service MAIN2AF_device:chr_file { open read write ioctl };
allow atci_service SUBAF_device:chr_file { open read write ioctl };
allow atci_service tmpfs:lnk_file read;
allow atci_service self:capability2 block_suspend;
# Date : 2015/10/13
# Operation : M-Migration
# Purpose : to operation CCT tool
#allow atci_service mediaserver_service:service_manager find;
allow atci_service mnt_user_file:dir search;
allow atci_service mnt_user_file:lnk_file read;
#allow atci_service mtk_perf_service:service_manager find;
#allow atci_service sensorservice_service:service_manager find;
allow atci_service storage_file:lnk_file read;
#allow atci_service media_rw_data_file:dir { write search create add_name };
#allow atci_service media_rw_data_file:file { read write create open };
#============= atci_service ==============
allow atci_service property_socket:sock_file write;
allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open};
allow atci_service init:unix_stream_socket connectto;
allow atci_service mtk_em_prop:property_service set;
# Date : 2016/03/02
# Operation : M-Migration
# Purpose : to support ATCI touch tool
allow atci_service vendor_shell_exec:file { read execute open execute_no_trans };
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow atci_service proc_ged:file rw_file_perms;
# Date : WK16.35
# Operation : Migration
# Purpose : Update camera flashlight driver device file
allow atci_service flashlight_device:chr_file { read write ioctl open };
# Date : WK17.01
# Operation : Migration
# Purpose : Update AT_Command NFC function
allow atci_service factory_data_file:sock_file write;
# Date : WK17.23
# Stage: O Migration, SQC
# Purpose: Allow to use HAL PQ
hal_client_domain(atci_service, hal_pq)
# Date : WK17.28
# Purpose : Allow to execute battery command
allow atci_service MT_pmic_adc_cali_device:chr_file rw_file_perms;
# Date : WK17.43
# Purpose : CCT
allow atci_service CAM_CAL_DRV_device:chr_file rw_file_perms;
allow atci_service CAM_CAL_DRV1_device:chr_file rw_file_perms;
allow atci_service CAM_CAL_DRV2_device:chr_file rw_file_perms;
allow atci_service fwk_sensor_hwservice:hwservice_manager find;
allow atci_service hidl_allocator_hwservice:hwservice_manager find;
allow atci_service hidl_memory_hwservice:hwservice_manager find;
allow atci_service ion_device:chr_file { read ioctl open };
allow atci_service mtk_cmdq_device:chr_file { read ioctl open };
allow atci_service mtk_mdp_device:chr_file rw_file_perms;
allow atci_service sw_sync_device:chr_file rw_file_perms;
allow atci_service mtk_hal_power:binder call;
allow atci_service mtk_hal_power_hwservice:hwservice_manager find;
allow atci_service sysfs_batteryinfo:dir search;
allow atci_service sysfs_batteryinfo:file { read getattr open };
#allow atci_service system_data_file:lnk_file read;
allow atci_service system_file:dir { read open };
allow atci_service camera_pipemgr_device:chr_file { read ioctl open };
#allow atci_service media_rw_data_file:dir { read getattr open };
#allow atci_service media_rw_data_file:file { getattr setattr };
allow atci_service mtkcam_prop:file { read getattr open };
#allow atci_service hal_camera_hwservice:hwservice_manager find;
allow atci_service mtk_hal_camera:binder call;
allow atci_service debugfs_ion:dir search;
allow atci_service sysfs_tpd_setting:file { read write open getattr };
allow atci_service sysfs_vibrator_setting:file { read write open getattr };
allow atci_service sysfs_leds_setting:file { read write open getattr };
allow atci_service proc:file getattr;
allow atci_service vendor_toolbox_exec:file { read getattr open execute execute_no_trans };
# Date : WK18.21
# Purpose: Allow to use HIDL
hwbinder_use(atci_service)
hal_client_domain(atci_service, hal_atci)
# Date : WK18.26
# Purpose: Allow gps socket sendto
allow atci_service mnld:unix_dgram_socket sendto;
# Date : WK18.35
# Purpose : allow CCT to allocate memory
hal_client_domain(atci_service, hal_allocator);
Reference in New Issue View Git Blame Copy Permalink