diff options
| author | Mister Oyster <oysterized@gmail.com> | 2017-01-02 12:44:35 +0100 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-01-02 12:44:35 +0100 |
| commit | a184d985bf43d3fe6eeba971bc6b32f79ea38b37 (patch) | |
| tree | 6f6e56e090777cc149bc1ab39e5987cc2b03e867 /sepolicy/drmserver.te | |
initial releasecm-13.0
Diffstat (limited to 'sepolicy/drmserver.te')
| -rw-r--r-- | sepolicy/drmserver.te | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te new file mode 100644 index 0000000..2403ad3 --- /dev/null +++ b/sepolicy/drmserver.te @@ -0,0 +1,76 @@ +# ============================================== +# MTK Policy Rule +# ============ + +#Add by rui.hu + +# Date : WK14.30 +# Operation : DRM UT +# Purpose : To pass DRM UT + +allow drmserver nvram_agent_binder:binder call; +allow drmserver platform_app:dir search; +allow drmserver platform_app:file { read getattr open }; +allow drmserver property_socket:sock_file write; +allow drmserver radio_data_file:file { read getattr open }; +allow drmserver sdcard_internal:file open; +allow drmserver tmpfs:lnk_file read; + +#Add by rui.hu +# Date : WK14.36 +# Operation : DRM UT +# Purpose : Make drmserver and binder read /proc/pid/cmdline to get process name +#system app to drmserver +allow drmserver system_app:dir search; +allow drmserver system_app:file { read open getattr }; +#Mediaserver to drmserver +allow drmserver mediaserver:dir search; +allow drmserver mediaserver:file { read open getattr }; + +#Add by rui.hu +# Date : WK14.36.5 +# Operation : DRM UT +# Purpose : Make widevine mediacodec mode work +allow drmserver untrusted_app:dir search; +allow drmserver untrusted_app:file { read open getattr }; + +#Add by rui.hu +# Date : WK14.40.1 +# Operation : DRM SQC - play OMA DRM audio file failed +# Purpose : Make OMA DRM audio file can be played +allow drmserver radio_data_file:dir search; + +#Add by rui.hu +# Date : WK14.44.2 +# Operation : DRM SQC - view image failed +# Purpose : To fix ALPS01790300 +allow drmserver surfaceflinger:fd use; + +#Add by rui.hu +# Date : WK14.44.3 +# Operation : MTBF test fail +# Purpose : To fix ALPS01793801 +allow drmserver mediaserver:fifo_file read; + +#Add by rui.hu +# Date : WK14.46.4 +# Operation : DRM SQC - view image failed +# Purpose : To fix ALPS01822176 +allow drmserver mediaserver:fifo_file write; + +# Date : WK14.52 +# Operation : WVL1 IT +# Purpose : SVP module operates secmem driver and SVP module operate tee +allow drmserver mobicore:unix_stream_socket connectto; +allow drmserver mobicore_data_file:file { read getattr open lock}; +allow drmserver mobicore_data_file:dir search; +allow drmserver mobicore_user_device:chr_file { read write ioctl open }; +allow drmserver persist_data_file:file { read getattr open }; +allow drmserver persist_data_file:dir search; +allow drmserver proc_secmem:file { read write ioctl open }; + +# Date : WK15.07 +# Operation : DRM SQC +# Purpose : For gmo project, low memory kill +allow drmserver platform_app_tmpfs:file write; + |