blob: 853da9b51964638e29b218c3482204d2aca8d46c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
# ==============================================
# MTK Policy Rule
# ==============================================
# Date : WK14.34
# Operation : Migration
# Purpose : VP/VR
allow mediacodec devmap_device:chr_file { ioctl };
# Date : WK14.36
# Operation : Migration
# Purpose : VDEC/VENC device node
allow mediacodec Vcodec_device:chr_file rw_file_perms;
# Date : WK16.21
# Operation : Migration
# Purpose : VP & VR dump and debug
allow mediacodec M4U_device_device:chr_file rw_file_perms;
allow mediacodec debugfs_binder:dir search;
allow mediacodec MTK_SMI_device:chr_file { ioctl read open };
allow mediacodec storage_file:lnk_file {read write open};
allow mediacodec tmpfs:dir search;
allow mediacodec mnt_user_file:dir {write read search};
allow mediacodec mnt_user_file:lnk_file {read write};
allow mediacodec sdcard_type:dir {write read search add_name remove_name};
allow mediacodec sdcard_type:file {getattr write read create open append unlink};
allow mediacodec nvram_data_file:dir w_dir_perms;
allow mediacodec nvram_data_file:file create_file_perms;
allow mediacodec nvram_data_file:lnk_file read;
allow mediacodec nvdata_file:lnk_file read;
allow mediacodec nvdata_file:dir w_dir_perms;
allow mediacodec nvdata_file:file create_file_perms;
allow mediacodec devmap_device:chr_file r_file_perms;
allow mediacodec proc_meminfo:file {read getattr open};
# Date : WK14.36
# Operation : Migration
# Purpose : for SW codec VP/VR
allow mediacodec mtk_sched_device:chr_file { read write ioctl open };
# Data : WK14.39
# Operation : Migration
# Purpose : HW encrypt SW codec
allow mediacodec mediacodec_data_file:file create_file_perms;
allow mediacodec mediacodec_data_file:dir create_dir_perms;
allow mediacodec sec_device:chr_file r_file_perms;
# Data: WK14.44
# Operation : Migration
# Purpose : VP
allow mediacodec surfaceflinger:file getattr;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
allow mediacodec sysfs_lowmemorykiller:file { read open };
# Data: WK14.45
# Operation : Migration
# Purpose : for change thermal policy when needed
allow mediacodec proc_mtkcooler:dir search;
allow mediacodec proc_mtktz:dir search;
allow mediacodec proc_thermal:dir search;
allow mediacodec proc_mtkcooler:file { read write open };
allow mediacodec proc_mtktz:file { read write open getattr };
allow mediacodec proc_thermal:file { read write open getattr};
allow mediacodec thermal_manager_data_file:file create_file_perms;
allow mediacodec thermal_manager_data_file:dir { rw_dir_perms setattr };
allow mediacodec thermal_manager_data_file:dir search;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow mediacodec untrusted_app:dir search;
# Date : WK14.39
# Operation : Migration
# Purpose : MJC Driver
allow mediacodec MJC_device:chr_file { read write ioctl open };
# Date : WK16.27
# Operation : APE SQC
# Purpose : for APE file playback
allow mediacodec MtkCodecService:binder call;
allow mediacodec MtkCodecService:binder transfer;
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow mediacodec proc_ged:file rw_file_perms;
allowxperm mediacodec proc_ged:file ioctl { proc_ged_ioctls };
# Data : WK16.42
# Operator: Whitney bring up
# Purpose: call surfaceflinger due to powervr
allow mediacodec surfaceflinger:fifo_file rw_file_perms;
# Date: WK16.43
# Operator: Whitney SQC
# Purpose: mediacodec use gpu
allow mediacodec gpu_device:dir search;
# Date : W18.01
# Add for turn on SElinux in enforcing mode
allow mediacodec vndbinder_device:chr_file rw_file_perms;
vndbinder_use(mediacodec)
# Date : WK1721
# Purpose: For FULL TREBLE
allow mediacodec system_file:dir r_dir_perms;
allow mediacodec debugfs_ion:dir search;
# Date : WK17.30
# Operation : O Migration
# Purpose: Allow mediacodec to access cmdq driver
allow mediacodec mtk_cmdq_device:chr_file r_file_perms;
allow mediacodec mtk_mdp_device:chr_file r_file_perms;
allow mediacodec mtk_mdp_sync:chr_file r_file_perms;
allow mediacodec sw_sync_device:chr_file r_file_perms;
# Date : WK17.28
# Operation : MT6757 SQC
# Purpose : Change thermal config
# Date : WK17.30
# Purpose : For Power Hal
hal_client_domain(mediacodec, hal_power)
# Date : WK17.12
# Operation : MT6799 SQC
# Purpose : Change thermal config
set_prop(mediacodec, vendor_mtk_thermal_config_prop)
# Date : WK17.43
# Operation : Migration
# Purpose : DISP access
allow mediacodec graphics_device:chr_file { ioctl open read };
allow mediacodec graphics_device:dir search;
# Date : WK19.27
# Purpose: Android Migration for SVP
allow mediacodec proc_m4u:file r_file_perms;
allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_SEC_INIT;
# Date : WK19.40
# Purpose: Android Migration for Hybrid Encoder
allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CONFIG_PORT;
allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CACHE_SYNC;
allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CONFIG_PORT_ARRAY;
# Date : 2019/12/12
# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/*
allow mediacodec sysfs_concurrency_scenario:file rw_file_perms;
allow mediacodec sysfs_concurrency_scenario:dir search;
|
