mirror of
https://github.com/Moyster/mm_device_meizu_m2note
synced 2024-06-16 16:18:32 +02:00
72 lines
2.9 KiB
Plaintext
72 lines
2.9 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ============
|
|
|
|
# for debug purpose
|
|
allow surfaceflinger self:capability { net_admin sys_nice };
|
|
allow surfaceflinger self:netlink_socket { read bind create };
|
|
allow surfaceflinger debug_prop:property_service set;
|
|
allow surfaceflinger guiext-server:binder { transfer call };
|
|
allow surfaceflinger system_data_file:dir { write add_name create};
|
|
allow surfaceflinger system_data_file:file { open };
|
|
allow surfaceflinger proc:file write;
|
|
allow surfaceflinger shell_exec:file { read execute open execute_no_trans };
|
|
allow surfaceflinger anr_data_file:dir { write search create add_name };
|
|
allow surfaceflinger anr_data_file:file { create write};
|
|
allow surfaceflinger aee_exp_data_file:file write;
|
|
allow surfaceflinger custom_file:dir search;
|
|
binder_call(surfaceflinger, debuggerd)
|
|
allow surfaceflinger aee_dumpsys_data_file:file write;
|
|
allow surfaceflinger RT_Monitor_device:chr_file { read ioctl open };
|
|
|
|
# for using toolbox
|
|
allow surfaceflinger system_file:file x_file_perms;
|
|
|
|
# for sf_dump
|
|
userdebug_or_eng(`
|
|
allow surfaceflinger system_data_file:dir {relabelfrom read};
|
|
allow surfaceflinger sf_bqdump_data_file:{dir file} {relabelto open create read write getattr };
|
|
allow surfaceflinger sf_bqdump_data_file:dir {search add_name};
|
|
')
|
|
|
|
# for driver access
|
|
allow surfaceflinger sw_sync_device:chr_file { read write open ioctl };
|
|
allow surfaceflinger MTK_SMI_device:chr_file { read write open ioctl };
|
|
|
|
# for bootanimation
|
|
allow surfaceflinger bootanim:dir search;
|
|
allow surfaceflinger bootanim:file { read getattr open };
|
|
allow surfaceflinger self:capability dac_override;
|
|
|
|
# for ipo
|
|
allow surfaceflinger ipod:dir search;
|
|
binder_call(surfaceflinger, ipod)
|
|
|
|
# for MTK Emulator HW GPU
|
|
allow surfaceflinger qemu_pipe_device:chr_file rw_file_perms;
|
|
|
|
# for SVP secure memory allocation
|
|
allow surfaceflinger proc_secmem:file { read write open ioctl };
|
|
|
|
# for watchdog
|
|
allow surfaceflinger anr_data_file:dir { relabelfrom read remove_name getattr };
|
|
allow surfaceflinger anr_data_file:file { rename getattr unlink open };
|
|
allow surfaceflinger sf_rtt_file:dir { create search write add_name remove_name};
|
|
allow surfaceflinger sf_rtt_file:file { open read write create rename append getattr unlink};
|
|
allow surfaceflinger sf_rtt_file:dir {relabelto getattr};
|
|
|
|
# for system shrinks memory pages when low memory
|
|
allow surfaceflinger platform_app_tmpfs:file write;
|
|
allow surfaceflinger isolated_app_tmpfs:file write;
|
|
allow surfaceflinger untrusted_app_tmpfs:file write;
|
|
|
|
#for BufferQueue check process name of em_svr
|
|
allow surfaceflinger em_svr:dir search;
|
|
allow surfaceflinger em_svr:file { read getattr open };
|
|
|
|
# need to check what is this allowance for
|
|
allow surfaceflinger mobicore:unix_stream_socket connectto;
|
|
allow surfaceflinger mobicore_data_file:file { read getattr open };
|
|
allow surfaceflinger mobicore_user_device:chr_file { read write ioctl open };
|
|
allow surfaceflinger mobicore_data_file:dir search;
|