# ============================================== # MTK Policy Rule # ============================================== # Date : WK14.31 # Operation : Migration # Purpose : camera devices access. allow mediaserver camera_isp_device:chr_file rw_file_perms; allow mediaserver ccu_device:chr_file rw_file_perms; allow mediaserver vpu_device:chr_file rw_file_perms; allow mediaserver kd_camera_hw_device:chr_file rw_file_perms; allow mediaserver seninf_device:chr_file rw_file_perms; allow mediaserver self:capability { setuid ipc_lock sys_nice }; allow mediaserver sysfs_wake_lock:file rw_file_perms; allow mediaserver MTK_SMI_device:chr_file r_file_perms; allow mediaserver camera_pipemgr_device:chr_file r_file_perms; allow mediaserver kd_camera_flashlight_device:chr_file rw_file_perms; allow mediaserver lens_device:chr_file rw_file_perms; # Date : WK14.32 # Operation : Migration # Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam. allow mediaserver sdcard_type:dir { w_dir_perms create }; allow mediaserver sdcard_type:file create; allow mediaserver nvram_data_file:lnk_file read; allow mediaserver nvdata_file:lnk_file read; allow mediaserver sdcard_type:dir remove_name; allow mediaserver sdcard_type:file unlink; # Date : WK14.34 # Operation : Migration # Purpose : nvram access (dumchar case for nand and legacy chip) allow mediaserver nvram_device:chr_file rw_file_perms; allow mediaserver self:capability { net_admin }; # Date : WK14.34 # Operation : Migration # Purpose : VP/VR allow mediaserver devmap_device:chr_file { ioctl }; # Date : WK14.36 # Operation : Migration # Purpose : media server and bt process communication for A2DP data.and other control flow allow mediaserver bluetooth:unix_dgram_socket sendto; allow mediaserver bt_a2dp_stream_socket:sock_file write; allow mediaserver bt_int_adp_socket:sock_file write; # Date : WK14.37 # Operation : Migration # Purpose : camera ioctl allow mediaserver camera_sysram_device:chr_file r_file_perms; # Date : WK14.36 # Operation : Migration # Purpose : VDEC/VENC device node allow mediaserver Vcodec_device:chr_file rw_file_perms; # Date : WK14.36 # Operation : Migration # Purpose : access nvram, otp, ccci cdoec devices. allow mediaserver MtkCodecService:binder call; allow mediaserver ccci_device:chr_file rw_file_perms; allow mediaserver eemcs_device:chr_file rw_file_perms; allow mediaserver devmap_device:chr_file r_file_perms; allow mediaserver ebc_device:chr_file rw_file_perms; allow mediaserver nvram_device:blk_file rw_file_perms; allow mediaserver bootdevice_block_device:blk_file rw_file_perms; # Date : WK14.36 # Operation : Migration # Purpose : for SW codec VP/VR allow mediaserver mtk_sched_device:chr_file rw_file_perms; # Date : WK14.38 # Operation : Migration # Purpose : NVRam access allow mediaserver block_device:dir { write search }; # Date : WK14.38 # Operation : Migration # Purpose : FM driver access allow mediaserver fm_device:chr_file rw_file_perms; # Data : WK14.38 # Operation : Migration # Purpose : for VP/VR allow mediaserver block_device:dir search; allow mediaserver FM50AF_device:chr_file rw_file_perms; allow mediaserver AD5820AF_device:chr_file rw_file_perms; allow mediaserver DW9714AF_device:chr_file rw_file_perms; allow mediaserver DW9814AF_device:chr_file rw_file_perms; allow mediaserver AK7345AF_device:chr_file rw_file_perms; allow mediaserver DW9714A_device:chr_file rw_file_perms; allow mediaserver LC898122AF_device:chr_file rw_file_perms; allow mediaserver LC898212AF_device:chr_file rw_file_perms; allow mediaserver BU6429AF_device:chr_file rw_file_perms; allow mediaserver DW9718AF_device:chr_file rw_file_perms; allow mediaserver BU64745GWZAF_device:chr_file rw_file_perms; allow mediaserver MAINAF_device:chr_file rw_file_perms; allow mediaserver MAIN2AF_device:chr_file rw_file_perms; allow mediaserver MAIN3AF_device:chr_file rw_file_perms; allow mediaserver MAIN4AF_device:chr_file rw_file_perms; allow mediaserver SUBAF_device:chr_file rw_file_perms; allow mediaserver SUB2AF_device:chr_file rw_file_perms; # Data : WK14.38 # Operation : Migration # Purpose : for boot animation. allow mediaserver bootanim:binder { transfer call }; allow mediaserver mtkbootanimation:binder { transfer call }; # Data : WK14.38 # Operation : Migration # Purpose : dump for debug allow mediaserver sdcard_type:file append; # Date : WK14.39 # Operation : Migration # Purpose : FDVT Driver allow mediaserver camera_fdvt_device:chr_file rw_file_perms; # Date : WK14.39 # Operation : Migration # Purpose : APE PLAYBACK binder_call(mediaserver,MtkCodecService) # Date : WK14.40 # Operation : Migration # Purpose : HDMI driver access allow mediaserver graphics_device:chr_file rw_file_perms; # Date : WK14.40 # Operation : Migration # Purpose : Smartpa allow mediaserver smartpa_device:chr_file rw_file_perms; # Data : WK14.40 # Operation : Migration # Purpose : permit 'call' by audio tunning tool audiocmdservice_atci allow mediaserver audiocmdservice_atci:binder call; binder_call(mediaserver,audiocmdservice_atci) # Date : WK14.40 # Operation : Migration # Purpose : mtk_jpeg allow mediaserver mtk_jpeg_device:chr_file r_file_perms; # Date : WK14.41 # Operation : Migration # Purpose : WFD HID Driver allow mediaserver uhid_device:chr_file rw_file_perms; # Date : WK14.41 # Operation : Migration # Purpose : Camera EEPROM Calibration allow mediaserver CAM_CAL_DRV_device:chr_file rw_file_perms; allow mediaserver CAM_CAL_DRV1_device:chr_file rw_file_perms; allow mediaserver CAM_CAL_DRV2_device:chr_file rw_file_perms; allow mediaserver camera_eeprom_device:chr_file rw_file_perms; # Date : WK14.43 # Operation : Migration # Purpose : VOW allow mediaserver vow_device:chr_file rw_file_perms; # Date: WK14.44 # Operation : Migration # Purpose : EVDO allow mediaserver rpc_socket:sock_file write; allow mediaserver ttySDIO_device:chr_file rw_file_perms; # Data: WK14.44 # Operation : Migration # Purpose : VP allow mediaserver surfaceflinger:file getattr; # Data: WK14.44 # Operation : Migration # Purpose : for low SD card latency issue allow mediaserver sysfs_lowmemorykiller:file { read open }; # Data: WK14.45 # Operation : Migration # Purpose : for change thermal policy when needed allow mediaserver proc_mtkcooler:dir search; allow mediaserver proc_mtktz:dir search; allow mediaserver proc_thermal:dir search; # Date : WK14.46 # Operation : Migration # Purpose : for MTK Emulator HW GPU allow mediaserver qemu_pipe_device:chr_file rw_file_perms; # Date : WK14.46 # Operation : Migration # Purpose : for camera init allow mediaserver system_server:unix_stream_socket { read write }; # Data : WK14.46 # Operation : Migration # Purpose : for SMS app allow mediaserver radio_data_file:dir search; allow mediaserver radio_data_file:file open; # Data : WK14.47 # Operation : Audio playback # Purpose : Music as ringtone allow mediaserver radio:dir { search read }; allow mediaserver radio:file r_file_perms; # Data : WK14.47 # Operation : Launch camcorder from MMS # Purpose : Camcorder allow mediaserver radio_data_file:file open; # Data : WK14.47 # Operation : CTS # Purpose : cts search strange app allow mediaserver untrusted_app:dir search; # Date : WK15.03 # Operation : Migration # Purpose : offloadservice allow mediaserver offloadservice_device:chr_file rw_file_perms; # Date : WK15.32 # Operation : Pre-sanity # Purpose : 3A algorithm need to access sensor service allow mediaserver sensorservice_service:service_manager find; # Date : WK15.34 # Operation : Migration # Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump allow mediaserver storage_file:lnk_file {read write}; allow mediaserver mnt_user_file:dir {write read search}; allow mediaserver mnt_user_file:lnk_file {read write}; # Date : WK15.35 # Operation : Migration # Purpose: Allow mediaserver to read binder from surfaceflinger allow mediaserver surfaceflinger:fifo_file {read write}; # Date : WK15.46 # Operation : Migration # Purpose : DPE Driver allow mediaserver camera_dpe_device:chr_file rw_file_perms; # Date : WK15.46 # Operation : Migration # Purpose : TSF Driver allow mediaserver camera_tsf_device:chr_file rw_file_perms; # Date : WK16.32 # Operation : N Migration # Purpose : RSC Driver allow mediaserver camera_rsc_device:chr_file rw_file_perms; # Date : WK16.33 # Purpose: Allow to access ged for gralloc_extra functions allow mediaserver proc_ged:file rw_file_perms; allowxperm mediaserver proc_ged:file ioctl { proc_ged_ioctls }; # Date : WK16.33 # Operation : N Migration # Purpose : GEPF Driver allow mediaserver camera_gepf_device:chr_file rw_file_perms; # Date : WK16.35 # Operation : Migration # Purpose : Update camera flashlight driver device file allow mediaserver flashlight_device:chr_file rw_file_perms; # Data : WK16.42 # Operator: Whitney bring up # Purpose: call surfaceflinger due to powervr allow dumpstate surfaceflinger:fifo_file rw_file_perms; # Date : WK16.43 # Operation : N Migration # Purpose : WPE Driver allow mediaserver camera_wpe_device:chr_file rw_file_perms; allow mediaserver gpu_device:dir search; allow mediaserver sw_sync_device:chr_file rw_file_perms; # Date : WK17.19 # Operation : N Migration # Purpose : OWE Driver allow mediaserver camera_owe_device:chr_file rw_file_perms; # Date : WK17.30 # Operation : O Migration # Purpose: Allow to access cmdq driver allow mediaserver mtk_cmdq_device:chr_file r_file_perms; allow mediaserver mtk_mdp_device:chr_file r_file_perms; allow mediaserver mtk_mdp_sync:chr_file r_file_perms; # Date : WK17.43 # Operation : Migration # Purpose : DISP access allow mediaserver graphics_device:chr_file { ioctl open read }; allow mediaserver graphics_device:dir search; # Date : WK17.44 # Operation : Migration # Purpose : DIP Driver allow mediaserver camera_dip_device:chr_file rw_file_perms; # Date : WK17.44 # Operation : Migration # Purpose : MFB Driver allow mediaserver camera_mfb_device:chr_file rw_file_perms; # Date : WK17.49 # Operation : MT6771 SQC # Purpose : Allow permgr access allow mediaserver proc_perfmgr:dir {read search}; allow mediaserver proc_perfmgr:file r_file_perms; allowxperm mediaserver proc_perfmgr:file ioctl { PERFMGR_FPSGO_DEQUEUE PERFMGR_FPSGO_QUEUE_CONNECT PERFMGR_FPSGO_QUEUE PERFMGR_FPSGO_BQID }; # Date : WK18.18 # Operation : Migration # Purpose : wifidisplay hdcp # DRM Key Manage HIDL allow mediaserver mtk_hal_keymanage:binder call; # Purpose : Allow mediadrmserver to call vendor.mediatek.hardware.keymanage@1.0-service. hal_client_domain(mediaserver , hal_keymaster) allow mediaserver mtk_hal_keymanage_hwservice:hwservice_manager find;