1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
|
type mtk_hal_audio, domain;
hal_server_domain(mtk_hal_audio, hal_audio)
type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(mtk_hal_audio)
hal_client_domain(mtk_hal_audio, hal_allocator)
hwbinder_use(mtk_hal_audio)
wakelock_use(mtk_hal_audio);
add_hwservice(mtk_hal_audio, mtk_hal_bluetooth_audio_hwservice)
allow mtk_hal_audio ion_device:chr_file r_file_perms;
allow mtk_hal_audio system_file:dir { open read };
r_dir_file(mtk_hal_audio, proc)
allow mtk_hal_audio audio_device:dir r_dir_perms;
allow mtk_hal_audio audio_device:chr_file rw_file_perms;
###
### neverallow rules
###
# mtk_hal_audio should never execute any executable without
# a domain transition
neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans;
# mtk_hal_audio should never need network access.
# Disallow network sockets.
neverallow mtk_hal_audio domain:{ udp_socket rawip_socket } *;
neverallow mtk_hal_audio { domain userdebug_or_eng(`-su') }:tcp_socket *;
# Date : WK14.32
# Operation : Migration
# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
allow mtk_hal_audio sdcard_type:dir { w_dir_perms create };
allow mtk_hal_audio sdcard_type:file create;
allow mtk_hal_audio nvram_data_file:dir w_dir_perms;
allow mtk_hal_audio nvram_data_file:file create_file_perms;
allow mtk_hal_audio nvram_data_file:lnk_file read;
allow mtk_hal_audio nvdata_file:lnk_file read;
allow mtk_hal_audio nvdata_file:dir w_dir_perms;
allow mtk_hal_audio nvdata_file:file create_file_perms;
allow mtk_hal_audio sdcard_type:dir remove_name;
allow mtk_hal_audio sdcard_type:file unlink;
# Date : WK14.34
# Operation : Migration
# Purpose : nvram access (dumchar case for nand and legacy chip)
allow mtk_hal_audio nvram_device:chr_file rw_file_perms;
allow mtk_hal_audio self:netlink_kobject_uevent_socket { create setopt bind };
# Date : WK14.34
# Operation : Migration
# Purpose : Smartcard Service
allow mtk_hal_audio self:netlink_kobject_uevent_socket read;
# Date : WK14.36
# Operation : Migration
# Purpose : media server and bt process communication for A2DP data.and other control flow
allow mtk_hal_audio bt_a2dp_stream_socket:sock_file write;
allow mtk_hal_audio bt_int_adp_socket:sock_file write;
# Date : WK14.36
# Operation : Migration
# Purpose : access nvram, otp, ccci cdoec devices.
allow mtk_hal_audio MtkCodecService:binder call;
allow mtk_hal_audio ccci_device:chr_file rw_file_perms;
allow mtk_hal_audio eemcs_device:chr_file rw_file_perms;
allow mtk_hal_audio devmap_device:chr_file r_file_perms;
allow mtk_hal_audio ebc_device:chr_file rw_file_perms;
allow mtk_hal_audio nvram_device:blk_file rw_file_perms;
# Date : WK14.38
# Operation : Migration
# Purpose : NVRam access
allow mtk_hal_audio block_device:dir { write search };
# Date : WK14.38
# Operation : Migration
# Purpose : FM driver access
allow mtk_hal_audio fm_device:chr_file rw_file_perms;
# Data : WK14.38
# Operation : Migration
# Purpose : dump for debug
allow mtk_hal_audio sdcard_type:file append;
# Data : WK14.39
# Operation : Migration
# Purpose : dump for debug
set_prop(mtk_hal_audio, vendor_mtk_audiohal_prop)
# Date : WK14.40
# Operation : Migration
# Purpose : HDMI driver access
allow mtk_hal_audio graphics_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : Smartpa
allow mtk_hal_audio smartpa_device:chr_file rw_file_perms;
allow mtk_hal_audio sysfs_rt_param:file rw_file_perms;
allow mtk_hal_audio sysfs_rt_calib:file rw_file_perms;
allow mtk_hal_audio sysfs_rt_param:dir r_dir_perms;
allow mtk_hal_audio sysfs_rt_calib:dir r_dir_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : WFD HID Driver
allow mtk_hal_audio uhid_device:chr_file rw_file_perms;
# Date : WK14.43
# Operation : Migration
# Purpose : VOW
allow mtk_hal_audio vow_device:chr_file rw_file_perms;
# Date: WK14.44
# Operation : Migration
# Purpose : EVDO
allow mtk_hal_audio rpc_socket:sock_file write;
allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
allow mtk_hal_audio sysfs_lowmemorykiller:file { read open };
# Data: WK14.45
# Operation : Migration
# Purpose : for change thermal policy when needed
allow mtk_hal_audio proc_mtkcooler:dir search;
allow mtk_hal_audio proc_mtktz:dir search;
allow mtk_hal_audio proc_thermal:dir search;
allow mtk_hal_audio thermal_manager_data_file:file create_file_perms;
allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr };
# Data : WK14.47
# Operation : Audio playback
# Purpose : Music as ringtone
allow mtk_hal_audio radio:dir { search read };
allow mtk_hal_audio radio:file r_file_perms;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow mtk_hal_audio untrusted_app:dir search;
# Date : WK15.03
# Operation : Migration
# Purpose : offloadservice
allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms;
# Date : WK15.34
# Operation : Migration
# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
allow mtk_hal_audio storage_file:dir search;
allow mtk_hal_audio storage_file:lnk_file {read write};
allow mtk_hal_audio mnt_user_file:dir {write read search};
allow mtk_hal_audio mnt_user_file:lnk_file {read write};
# Date : WK16.17
# Operation : Migration
# Purpose: read/open sysfs node
allow mtk_hal_audio sysfs_ccci:file r_file_perms;
allow mtk_hal_audio sysfs_ccci:dir search;
# Date : WK16.18
# Operation : Migration
# Purpose: research root dir "/"
allow mtk_hal_audio tmpfs:dir search;
# Purpose: Dump debug info
allow mtk_hal_audio debugfs_binder:dir search;
allow mtk_hal_audio kmsg_device:chr_file { open write };
allow mtk_hal_audio fuse:file rw_file_perms;
# Date : WK16.27
# Operation : Migration
# Purpose: tunning tool update parameters
binder_call(mtk_hal_audio,radio)
allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms;
allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms;
# Date : WK16.28
# Operation : Migration
# Purpose: Write audio dump files to external SDCard.
allow mtk_hal_audio sdcard_type:file { create_file_perms };
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow mtk_hal_audio proc_ged:file rw_file_perms;
set_prop(mtk_hal_audio, hwservicemanager_prop)
allow mtk_hal_audio storage_file:dir search;
# Fix bootup violation
allow mtk_hal_audio fuse:dir read;
# for usb phone call, allow sys_nice
allow mtk_hal_audio self:capability sys_nice;
# Date : W17.29
# Boot for opening trace file: Permission denied (13)
allow mtk_hal_audio debugfs_tracing:file { write open };
# for usb phone call, allow sys_nice
allow mtk_hal_audio self:capability sys_nice;
# Audio Tuning Tool Android O porting
binder_call(mtk_hal_audio,audiocmdservice_atci);
# Add for control PowerHAL
hal_client_domain(mtk_hal_audio, hal_power)
# cm4 smartpa
allow mtk_hal_audio audio_ipi_device:chr_file { read write ioctl open };
allow mtk_hal_audio audio_scp_device:chr_file r_file_perms;
# Date : WK18.21
# Operation: P migration
# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
allow mtk_hal_audio mnt_vendor_file:dir search;
# Date: 2019/06/14
# Operation : Migration
allow mtk_hal_audio audioserver:fifo_file w_file_perms;
allow mtk_hal_audio sysfs_boot_mode:file r_file_perms;
allow mtk_hal_audio sysfs_dt_firmware_android:dir search;
# Date : WK18.44
# Operation: adsp
allow mtk_hal_audio adsp_device:file rw_file_perms;
allow mtk_hal_audio adsp_device:chr_file rw_file_perms;
# Date : 2020/3/21
# Operation: audio dptx
allow mtk_hal_audio dri_device:chr_file rw_file_perms;
allow mtk_hal_audio gpu_device:dir search;
allow mtk_hal_audio mtk_hal_bluetooth_audio_hwservice:hwservice_manager find;
# Date : WK20.26
allow mtk_hal_audio sysfs_dt_firmware_android:file r_file_perms;
allow mtk_hal_audio metadata_file:dir search;
allow mtk_hal_audio nvdata_file:dir create_dir_perms;
# Date : WK20.29
# Purpose: no trigger avc log when call nvram api
dontaudit mtk_hal_audio gsi_metadata_file:dir search;
# Date : WK20.29
# Operation : Migration
# Purpose : SoundTrigger Hal for tablet
allow mtk_hal_audio adsp_misc_device:chr_file rw_file_perms;
allow mtk_hal_audio self:netlink_kobject_uevent_socket getopt;
|
