initial releasecm-13.0

author: Mister Oyster <oysterized@gmail.com> 2017-01-02 12:44:35 +0100
committer: Mister Oyster <oysterized@gmail.com> 2017-01-02 12:44:35 +0100
commit: a184d985bf43d3fe6eeba971bc6b32f79ea38b37 (patch)
tree: 6f6e56e090777cc149bc1ab39e5987cc2b03e867 /sepolicy/mediaserver.te
1 files changed, 361 insertions, 0 deletions
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
new file mode 100644
index 0000000..b1b4508
--- /dev/null
+++ b/sepolicy/mediaserver.te
@@ -0,0 +1,361 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : WK15.02
+# Operation : 120Hz Feature SQC
+# Purpose : for 120Hz Smart Switch
+allow mediaserver mtk_rrc_device:chr_file { read write ioctl open };
+
+# Date : WK14.31
+# Operation : Migration
+# Purpose : for L early bring up.
+allow mediaserver camera_isp_device:chr_file { read write ioctl open };
+allow mediaserver kd_camera_hw_device:chr_file { read write ioctl open };
+allow mediaserver self:capability { setuid ipc_lock };
+allow mediaserver sysfs_wake_lock:file { read write open };
+allow mediaserver MTK_SMI_device:chr_file { read ioctl open };
+allow mediaserver camera_pipemgr_device:chr_file { read ioctl open };
+allow mediaserver kd_camera_flashlight_device:chr_file { read write ioctl open };
+allow mediaserver self:capability sys_nice;
+
+
+# Date : WK14.32
+# Operation : Migration
+# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
+allow mediaserver sdcard_internal:dir { write create add_name };
+allow mediaserver sdcard_internal:file create;
+allow mediaserver nvram_data_file:dir { add_name write search };
+allow mediaserver nvram_data_file:file { write getattr setattr read create open };
+allow mediaserver nvram_data_file:lnk_file read;
+allow mediaserver nvdata_file:dir { add_name write search };
+allow mediaserver nvdata_file:file { write getattr setattr read create open };
+allow mediaserver fuse:dir remove_name;
+allow mediaserver fuse:file unlink;
+
+# Date : WK14.34
+# Operation : Migration
+# Purpose : for bring up
+allow mediaserver platformblk_device:dir { search };
+allow mediaserver nvram_device:chr_file { open read write };
+allow mediaserver self:netlink_kobject_uevent_socket { create setopt bind };
+allow mediaserver self:capability { net_admin dac_override };
+
+# Date : WK14.34
+# Operation : Migration
+# Purpose : VP/VR
+allow mediaserver devmap_device:chr_file { ioctl };
+
+# Date : WK14.34
+# Operation : Migration
+# Purpose : Smartcard Service
+allow mediaserver self:netlink_kobject_uevent_socket read;
+allow mediaserver system_data_file:file open;
+
+# Date : WK14.36
+# Operation : Migration
+# Purpose : guiext service for VP
+allow mediaserver guiext-server:binder { transfer call };
+
+# Date : WK14.36
+# Operation : Migration
+# Purpose : media server and bt process communication for A2DP data.and other control flow
+allow mediaserver bluetooth:unix_dgram_socket sendto;
+allow mediaserver bt_a2dp_stream_socket:sock_file write;
+allow mediaserver bt_int_adp_socket:sock_file write;
+allow mediaserver mtkbt:unix_dgram_socket sendto;
+
+# Date : WK14.37
+# Operation : Migration
+# Purpose : WFD and MET Latency measurement
+allow mediaserver media_wfd_prop:property_service set;
+
+# Date : WK14.37
+# Operation : Migration
+# Purpose : camera ioctl
+allow mediaserver camera_sysram_device:chr_file { read ioctl open };
+
+# Date : WK14.36
+# Operation : Migration
+# Purpose : VDEC/VENC device node
+allow mediaserver Vcodec_device:chr_file { read write ioctl open };
+
+# Date : WK14.36
+# Operation : Migration
+# Purpose : MMProfile debug
+# userdebug_or_eng(`
+allow mediaserver debugfs:file {read ioctl};
+# ')
+
+# Date : WK14.36
+# Operation : Migration
+# Purpose : bring up
+allow mediaserver MtkCodecService:binder call;
+allow mediaserver ccci_device:chr_file { read write ioctl open };
+allow mediaserver eemcs_device:chr_file { read write ioctl open };
+allow mediaserver devmap_device:chr_file { read open };
+allow mediaserver ebc_device:chr_file { read write ioctl open };
+allow mediaserver platformblk_device:blk_file { read write open };
+#allow mediaserver nvram_data_file:dir { write search };
+#allow mediaserver system_data_file:dir { write add_name };
+#allow mediaserver system_data_file:file { write create setattr };
+
+# Date : WK14.36
+# Operation : Migration
+# Purpose : for SW codec VP/VR
+#allow mediaserver mtk_device:chr_file { read write ioctl open };
+allow mediaserver mtk_sched_device:chr_file { read write ioctl open };
+
+# Date : WK14.36
+# Operation : Migration
+# Purpose : for DRM VP
+allow mediaserver platform_app:dir search;
+allow mediaserver platform_app:file { read getattr open };
+
+
+# Date : WK14.38
+# Operation : Migration
+# Purpose : NVRam access
+allow mediaserver block_device:dir { write search };
+
+# Date : WK14.38
+# Operation : Migration
+# Purpose : FM driver access
+allow mediaserver fm_device:chr_file { read write ioctl open };
+
+# Data : WK14.38
+# Operation : Migration
+# Purpose : for VP/VR
+allow mediaserver block_device:dir search;
+allow mediaserver FM50AF_device:chr_file { read write ioctl open };
+allow mediaserver AD5820AF_device:chr_file { read write ioctl open };
+allow mediaserver DW9714AF_device:chr_file { read write ioctl open };
+allow mediaserver AK7345AF_device:chr_file { read write ioctl open };
+allow mediaserver DW9714A_device:chr_file { read write ioctl open };
+allow mediaserver LC898122AF_device:chr_file { read write ioctl open };
+allow mediaserver LC898212AF_device:chr_file { read write ioctl open };
+allow mediaserver BU6429AF_device:chr_file { read write ioctl open };
+allow mediaserver DW9718AF_device:chr_file { read write ioctl open };
+allow mediaserver BU64745GWZAF_device:chr_file { read write ioctl open };
+allow mediaserver BU64245_device:chr_file { read write ioctl open };
+
+# Data : WK14.38
+# Operation : Migration
+# Purpose : WFD
+allow mediaserver surfaceflinger:dir search;
+allow mediaserver surfaceflinger:file { read open };
+
+# Data : WK14.38
+# Operation : Migration
+# Purpose : bring up
+allow mediaserver bootanim:binder { transfer call };
+allow mediaserver tmpfs:lnk_file read;
+#allow mediaserver default_android_service:service_manager { add };
+
+# Data : WK14.38
+# Operation : Migration
+# Purpose : bring up
+allow mediaserver bt_data_file:dir { write add_name search};
+allow mediaserver bt_data_file:file { open write create setattr append };
+
+# Data : WK14.38
+# Operation : Migration
+# Purpose : dump for debug
+allow mediaserver fuse:file append;
+
+# Date : WK14.39
+# Operation : Migration
+# Purpose : FDVT Driver
+allow mediaserver camera_fdvt_device:chr_file { read write ioctl open };
+
+# Date : WK14.39
+# Operation : Migration
+# Purpose : MJC Driver
+allow mediaserver MJC_device:chr_file { read write ioctl open };
+
+# Date : WK14.39
+# Operation : Migration
+# Purpose : APE PLAYBACK
+binder_call(mediaserver,MtkCodecService)
+
+# Data : WK14.39
+# Operation : Migration
+# Purpose : dump for debug
+allow mediaserver audiohal_prop:property_service set;
+
+# Data : WK14.39
+# Operation : Migration
+# Purpose : HW encrypt SW codec
+allow mediaserver mediaserver_data_file:file { create open read write setattr };
+allow mediaserver mediaserver_data_file:dir { search getattr open read write setattr add_name };
+allow mediaserver sec_device:chr_file { read open ioctl };
+
+# Date : WK14.39
+# Operation : Migration
+# Purpose : WFD UIBC Driver
+allow mediaserver uibc_device:chr_file { read write getattr ioctl open };
+
+# Date : WK14.40
+# Operation : Migration
+# Purpose : HDMI driver access
+allow mediaserver graphics_device:chr_file { read write ioctl open };
+
+# Date : WK14.40
+# Operation : Migration
+# Purpose : Smartpa
+allow mediaserver smartpa_device:chr_file { read write ioctl open };
+
+# Date : WK14.40
+# Operation : Migration
+# Purpose : Smartpa
+allow mediaserver smartpa1_device:chr_file { read write ioctl open };
+
+# Data : WK14.40
+# Operation : Migration
+# Purpose : permit 'call' by audio tunning tool audiocmdservice_atci
+allow mediaserver audiocmdservice_atci:binder call;
+binder_call(mediaserver,audiocmdservice_atci)
+
+# Date : WK14.40
+# Operation : Migration
+# Purpose : mtk_jpeg
+allow mediaserver mtk_jpeg_device:chr_file { read ioctl open };
+
+# Date : WK14.41
+# Operation : Migration
+# Purpose : Lossless BT audio
+allow mediaserver shell_exec:file { read open execute execute_no_trans };
+allow mediaserver system_file:file execute_no_trans;
+allow mediaserver zygote_exec:file execute_no_trans;
+
+# Date : WK14.41
+# Operation : Migration
+# Purpose : WFD HID Driver
+allow mediaserver uhid_device:chr_file { read write ioctl open };
+
+# Date : WK14.41
+# Operation : Migration
+# Purpose : Camera EEPROM Calibration
+allow mediaserver CAM_CAL_DRV_device:chr_file { read write ioctl open };
+
+# Date : WK14.43
+# Operation : Migration
+# Purpose : VOW
+allow mediaserver vow_device:chr_file { read write ioctl open };
+
+# Date: WK14.44
+# Operation : Migration
+# Purpose : EVDO
+allow mediaserver rpc_socket:sock_file write;
+allow mediaserver statusd:unix_stream_socket connectto;
+allow mediaserver ttySDIO_device:chr_file { read write };
+allow mediaserver ttySDIO_device:chr_file open;
+
+# Data: WK14.44
+# Operation : Migration
+# Purpose : VP
+allow mediaserver surfaceflinger:file getattr;
+
+# Data: WK14.44
+# Operation : Migration
+# Purpose : for low SD card latency issue
+allow mediaserver sysfs_lowmemorykiller:file { read open };
+
+# Date: WK14.45
+# Operation : Migration
+# Purpose : HDCP
+allow mediaserver mobicore:unix_stream_socket connectto;
+allow mediaserver mobicore_data_file:dir search;
+allow mediaserver mobicore_data_file:file { getattr read open lock};
+allow mediaserver mobicore_user_device:chr_file { read write open ioctl};
+allow mediaserver persist_data_file:dir { create write add_name search};
+allow mediaserver persist_data_file:file { read write create open getattr };
+
+# Data: WK14.45
+# Operation : Migration
+# Purpose : for change thermal policy when needed
+allow mediaserver proc_mtkcooler:dir search;
+allow mediaserver proc_mtktz:dir search;
+allow mediaserver proc_thermal:dir search;
+
+# Date : WK14.46
+# Operation : Migration
+# Purpose : for MTK Emulator HW GPU
+allow mediaserver qemu_pipe_device:chr_file rw_file_perms;
+
+# Date : WK14.46
+# Operation : Migration
+# Purpose : for camera init
+allow mediaserver system_server:unix_stream_socket { read write };
+
+# Data : WK14.46
+# Operation : Migration
+# Purpose : for SMS app
+allow mediaserver radio_data_file:dir search;
+allow mediaserver radio_data_file:file open;
+
+# Data : WK14.47
+# Operation : Migration
+# Purpose : for WFD looper
+allow mediaserver custom_file:dir search;
+
+# Data : WK14.47
+# Operation : OMA DRM SQC
+# Purpose : for OMA DRM - set OMA DRM file to ringtone
+allow mediaserver system_app:dir search;
+
+# Data : WK14.47
+# Operation : Audio playback
+# Purpose : Music as ringtone
+allow mediaserver radio:dir { search read };
+allow mediaserver radio:file { read getattr open };
+
+# Data : WK14.47
+# Operation : Launch camcorder from MMS 
+# Purpose : Camcorder
+allow mediaserver radio_data_file:file open;
+
+# Data : WK14.47
+# Operation : CTS
+# Purpose : cts search strange app
+allow mediaserver untrusted_app:dir search;
+
+# Data : 2014/11/25
+# Operation : OMA DRM SQC
+# Purpose : for OMA DRM - set OMA DRM file to ringtone and play OMA DRM file
+allow mediaserver system_app:file { read open getattr };
+
+# Data : 2014/11/25
+# Operation : OMA DRM SQC
+# Purpose : for OMA DRM - set OMA DRM file to ringtone and play DRM ringtone
+allow mediaserver untrusted_app:file { read open getattr };
+
+# Data : 2014/11/26
+# Operation : Camera display client
+# Purpose : for access proc_secmem
+allow mediaserver proc_secmem:file { read write open};
+
+# Data : WK14.48
+# Operation : WFD
+# Purpose : For WFD scenario
+allow mediaserver untrusted_app_tmpfs:file write;
+
+# Date : WK14.49
+# Operation : WFD
+# Purpose : WFD notifies its status to thermal module
+allow mediaserver proc_thermal:file { write getattr open };
+allow mediaserver thermal_manager_exec:file { getattr execute read open execute_no_trans };
+allow mediaserver proc_mtkcooler:file { read write open };
+allow mediaserver proc_mtktz:file { read write open };
+allow mediaserver proc_thermal:file { read write open };
+
+# Date : WK14.52
+# Operation : WVL1 IT
+# Purpose : SVP module operates secmem driver
+allow mediaserver mobicore_data_file:file getattr;
+allow mediaserver proc_secmem:file ioctl;
+
+# Date : WK15.03
+# Operation : Migration
+# Purpose : offloadservice
+allow mediaserver offloadservice_device:chr_file { read write ioctl open };
author	Mister Oyster <oysterized@gmail.com>	2017-01-02 12:44:35 +0100
committer	Mister Oyster <oysterized@gmail.com>	2017-01-02 12:44:35 +0100
commit	a184d985bf43d3fe6eeba971bc6b32f79ea38b37 (patch)
tree	6f6e56e090777cc149bc1ab39e5987cc2b03e867 /sepolicy/mediaserver.te