# ==============================================
# MTK Policy Rule
# ==============================================

# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow appdomain proc_ged:file rw_file_perms;
allowxperm appdomain proc_ged:file ioctl { proc_ged_ioctls };

# Data : WK16.42
# Operator: Whitney bring up
# Purpose: call surfaceflinger due to powervr
allow appdomain surfaceflinger:fifo_file rw_file_perms;

# Date : W16.42
# Operation : Integration
# Purpose : DRM / DRI GPU driver required
allow appdomain gpu_device:dir search;

# Date : W17.41
# Operation: SQC
# Purpose : Allow HWUI to access perfmgr
allow appdomain proc_perfmgr:dir search;
allow appdomain proc_perfmgr:file { getattr open read ioctl};
allowxperm appdomain proc_perfmgr:file ioctl {
  PERFMGR_FPSGO_QUEUE
  PERFMGR_FPSGO_DEQUEUE
  PERFMGR_FPSGO_QUEUE_CONNECT
  PERFMGR_FPSGO_BQID
};

# Date : W19.23
# Operation : Migration
# Purpose : For platform app com.android.gallery3d
allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;

# Date : W19.23
# Operation : Migration
# Purpose : For app com.tencent.qqpimsecure
allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;

# Date : W20.26
# Operation : Migration
# Purpose : For apps other than isolated_app call hidl
hwbinder_use({ appdomain -isolated_app })
get_prop({ appdomain -isolated_app }, hwservicemanager_prop)
allow { appdomain -isolated_app } hidl_manager_hwservice:hwservice_manager find;
binder_call({ appdomain -isolated_app }, mtk_safe_halserverdomain_type)
binder_call(mtk_safe_halserverdomain_type, { appdomain -isolated_app })
allow { appdomain -isolated_app } mtk_safe_hwservice_manager_type:hwservice_manager find;