blob: b1b450892c86fb51355f45cd07c131b7a13e60e6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
|
# ==============================================
# MTK Policy Rule
# ==============================================
# Date : WK15.02
# Operation : 120Hz Feature SQC
# Purpose : for 120Hz Smart Switch
allow mediaserver mtk_rrc_device:chr_file { read write ioctl open };
# Date : WK14.31
# Operation : Migration
# Purpose : for L early bring up.
allow mediaserver camera_isp_device:chr_file { read write ioctl open };
allow mediaserver kd_camera_hw_device:chr_file { read write ioctl open };
allow mediaserver self:capability { setuid ipc_lock };
allow mediaserver sysfs_wake_lock:file { read write open };
allow mediaserver MTK_SMI_device:chr_file { read ioctl open };
allow mediaserver camera_pipemgr_device:chr_file { read ioctl open };
allow mediaserver kd_camera_flashlight_device:chr_file { read write ioctl open };
allow mediaserver self:capability sys_nice;
# Date : WK14.32
# Operation : Migration
# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
allow mediaserver sdcard_internal:dir { write create add_name };
allow mediaserver sdcard_internal:file create;
allow mediaserver nvram_data_file:dir { add_name write search };
allow mediaserver nvram_data_file:file { write getattr setattr read create open };
allow mediaserver nvram_data_file:lnk_file read;
allow mediaserver nvdata_file:dir { add_name write search };
allow mediaserver nvdata_file:file { write getattr setattr read create open };
allow mediaserver fuse:dir remove_name;
allow mediaserver fuse:file unlink;
# Date : WK14.34
# Operation : Migration
# Purpose : for bring up
allow mediaserver platformblk_device:dir { search };
allow mediaserver nvram_device:chr_file { open read write };
allow mediaserver self:netlink_kobject_uevent_socket { create setopt bind };
allow mediaserver self:capability { net_admin dac_override };
# Date : WK14.34
# Operation : Migration
# Purpose : VP/VR
allow mediaserver devmap_device:chr_file { ioctl };
# Date : WK14.34
# Operation : Migration
# Purpose : Smartcard Service
allow mediaserver self:netlink_kobject_uevent_socket read;
allow mediaserver system_data_file:file open;
# Date : WK14.36
# Operation : Migration
# Purpose : guiext service for VP
allow mediaserver guiext-server:binder { transfer call };
# Date : WK14.36
# Operation : Migration
# Purpose : media server and bt process communication for A2DP data.and other control flow
allow mediaserver bluetooth:unix_dgram_socket sendto;
allow mediaserver bt_a2dp_stream_socket:sock_file write;
allow mediaserver bt_int_adp_socket:sock_file write;
allow mediaserver mtkbt:unix_dgram_socket sendto;
# Date : WK14.37
# Operation : Migration
# Purpose : WFD and MET Latency measurement
allow mediaserver media_wfd_prop:property_service set;
# Date : WK14.37
# Operation : Migration
# Purpose : camera ioctl
allow mediaserver camera_sysram_device:chr_file { read ioctl open };
# Date : WK14.36
# Operation : Migration
# Purpose : VDEC/VENC device node
allow mediaserver Vcodec_device:chr_file { read write ioctl open };
# Date : WK14.36
# Operation : Migration
# Purpose : MMProfile debug
# userdebug_or_eng(`
allow mediaserver debugfs:file {read ioctl};
# ')
# Date : WK14.36
# Operation : Migration
# Purpose : bring up
allow mediaserver MtkCodecService:binder call;
allow mediaserver ccci_device:chr_file { read write ioctl open };
allow mediaserver eemcs_device:chr_file { read write ioctl open };
allow mediaserver devmap_device:chr_file { read open };
allow mediaserver ebc_device:chr_file { read write ioctl open };
allow mediaserver platformblk_device:blk_file { read write open };
#allow mediaserver nvram_data_file:dir { write search };
#allow mediaserver system_data_file:dir { write add_name };
#allow mediaserver system_data_file:file { write create setattr };
# Date : WK14.36
# Operation : Migration
# Purpose : for SW codec VP/VR
#allow mediaserver mtk_device:chr_file { read write ioctl open };
allow mediaserver mtk_sched_device:chr_file { read write ioctl open };
# Date : WK14.36
# Operation : Migration
# Purpose : for DRM VP
allow mediaserver platform_app:dir search;
allow mediaserver platform_app:file { read getattr open };
# Date : WK14.38
# Operation : Migration
# Purpose : NVRam access
allow mediaserver block_device:dir { write search };
# Date : WK14.38
# Operation : Migration
# Purpose : FM driver access
allow mediaserver fm_device:chr_file { read write ioctl open };
# Data : WK14.38
# Operation : Migration
# Purpose : for VP/VR
allow mediaserver block_device:dir search;
allow mediaserver FM50AF_device:chr_file { read write ioctl open };
allow mediaserver AD5820AF_device:chr_file { read write ioctl open };
allow mediaserver DW9714AF_device:chr_file { read write ioctl open };
allow mediaserver AK7345AF_device:chr_file { read write ioctl open };
allow mediaserver DW9714A_device:chr_file { read write ioctl open };
allow mediaserver LC898122AF_device:chr_file { read write ioctl open };
allow mediaserver LC898212AF_device:chr_file { read write ioctl open };
allow mediaserver BU6429AF_device:chr_file { read write ioctl open };
allow mediaserver DW9718AF_device:chr_file { read write ioctl open };
allow mediaserver BU64745GWZAF_device:chr_file { read write ioctl open };
allow mediaserver BU64245_device:chr_file { read write ioctl open };
# Data : WK14.38
# Operation : Migration
# Purpose : WFD
allow mediaserver surfaceflinger:dir search;
allow mediaserver surfaceflinger:file { read open };
# Data : WK14.38
# Operation : Migration
# Purpose : bring up
allow mediaserver bootanim:binder { transfer call };
allow mediaserver tmpfs:lnk_file read;
#allow mediaserver default_android_service:service_manager { add };
# Data : WK14.38
# Operation : Migration
# Purpose : bring up
allow mediaserver bt_data_file:dir { write add_name search};
allow mediaserver bt_data_file:file { open write create setattr append };
# Data : WK14.38
# Operation : Migration
# Purpose : dump for debug
allow mediaserver fuse:file append;
# Date : WK14.39
# Operation : Migration
# Purpose : FDVT Driver
allow mediaserver camera_fdvt_device:chr_file { read write ioctl open };
# Date : WK14.39
# Operation : Migration
# Purpose : MJC Driver
allow mediaserver MJC_device:chr_file { read write ioctl open };
# Date : WK14.39
# Operation : Migration
# Purpose : APE PLAYBACK
binder_call(mediaserver,MtkCodecService)
# Data : WK14.39
# Operation : Migration
# Purpose : dump for debug
allow mediaserver audiohal_prop:property_service set;
# Data : WK14.39
# Operation : Migration
# Purpose : HW encrypt SW codec
allow mediaserver mediaserver_data_file:file { create open read write setattr };
allow mediaserver mediaserver_data_file:dir { search getattr open read write setattr add_name };
allow mediaserver sec_device:chr_file { read open ioctl };
# Date : WK14.39
# Operation : Migration
# Purpose : WFD UIBC Driver
allow mediaserver uibc_device:chr_file { read write getattr ioctl open };
# Date : WK14.40
# Operation : Migration
# Purpose : HDMI driver access
allow mediaserver graphics_device:chr_file { read write ioctl open };
# Date : WK14.40
# Operation : Migration
# Purpose : Smartpa
allow mediaserver smartpa_device:chr_file { read write ioctl open };
# Date : WK14.40
# Operation : Migration
# Purpose : Smartpa
allow mediaserver smartpa1_device:chr_file { read write ioctl open };
# Data : WK14.40
# Operation : Migration
# Purpose : permit 'call' by audio tunning tool audiocmdservice_atci
allow mediaserver audiocmdservice_atci:binder call;
binder_call(mediaserver,audiocmdservice_atci)
# Date : WK14.40
# Operation : Migration
# Purpose : mtk_jpeg
allow mediaserver mtk_jpeg_device:chr_file { read ioctl open };
# Date : WK14.41
# Operation : Migration
# Purpose : Lossless BT audio
allow mediaserver shell_exec:file { read open execute execute_no_trans };
allow mediaserver system_file:file execute_no_trans;
allow mediaserver zygote_exec:file execute_no_trans;
# Date : WK14.41
# Operation : Migration
# Purpose : WFD HID Driver
allow mediaserver uhid_device:chr_file { read write ioctl open };
# Date : WK14.41
# Operation : Migration
# Purpose : Camera EEPROM Calibration
allow mediaserver CAM_CAL_DRV_device:chr_file { read write ioctl open };
# Date : WK14.43
# Operation : Migration
# Purpose : VOW
allow mediaserver vow_device:chr_file { read write ioctl open };
# Date: WK14.44
# Operation : Migration
# Purpose : EVDO
allow mediaserver rpc_socket:sock_file write;
allow mediaserver statusd:unix_stream_socket connectto;
allow mediaserver ttySDIO_device:chr_file { read write };
allow mediaserver ttySDIO_device:chr_file open;
# Data: WK14.44
# Operation : Migration
# Purpose : VP
allow mediaserver surfaceflinger:file getattr;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
allow mediaserver sysfs_lowmemorykiller:file { read open };
# Date: WK14.45
# Operation : Migration
# Purpose : HDCP
allow mediaserver mobicore:unix_stream_socket connectto;
allow mediaserver mobicore_data_file:dir search;
allow mediaserver mobicore_data_file:file { getattr read open lock};
allow mediaserver mobicore_user_device:chr_file { read write open ioctl};
allow mediaserver persist_data_file:dir { create write add_name search};
allow mediaserver persist_data_file:file { read write create open getattr };
# Data: WK14.45
# Operation : Migration
# Purpose : for change thermal policy when needed
allow mediaserver proc_mtkcooler:dir search;
allow mediaserver proc_mtktz:dir search;
allow mediaserver proc_thermal:dir search;
# Date : WK14.46
# Operation : Migration
# Purpose : for MTK Emulator HW GPU
allow mediaserver qemu_pipe_device:chr_file rw_file_perms;
# Date : WK14.46
# Operation : Migration
# Purpose : for camera init
allow mediaserver system_server:unix_stream_socket { read write };
# Data : WK14.46
# Operation : Migration
# Purpose : for SMS app
allow mediaserver radio_data_file:dir search;
allow mediaserver radio_data_file:file open;
# Data : WK14.47
# Operation : Migration
# Purpose : for WFD looper
allow mediaserver custom_file:dir search;
# Data : WK14.47
# Operation : OMA DRM SQC
# Purpose : for OMA DRM - set OMA DRM file to ringtone
allow mediaserver system_app:dir search;
# Data : WK14.47
# Operation : Audio playback
# Purpose : Music as ringtone
allow mediaserver radio:dir { search read };
allow mediaserver radio:file { read getattr open };
# Data : WK14.47
# Operation : Launch camcorder from MMS
# Purpose : Camcorder
allow mediaserver radio_data_file:file open;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow mediaserver untrusted_app:dir search;
# Data : 2014/11/25
# Operation : OMA DRM SQC
# Purpose : for OMA DRM - set OMA DRM file to ringtone and play OMA DRM file
allow mediaserver system_app:file { read open getattr };
# Data : 2014/11/25
# Operation : OMA DRM SQC
# Purpose : for OMA DRM - set OMA DRM file to ringtone and play DRM ringtone
allow mediaserver untrusted_app:file { read open getattr };
# Data : 2014/11/26
# Operation : Camera display client
# Purpose : for access proc_secmem
allow mediaserver proc_secmem:file { read write open};
# Data : WK14.48
# Operation : WFD
# Purpose : For WFD scenario
allow mediaserver untrusted_app_tmpfs:file write;
# Date : WK14.49
# Operation : WFD
# Purpose : WFD notifies its status to thermal module
allow mediaserver proc_thermal:file { write getattr open };
allow mediaserver thermal_manager_exec:file { getattr execute read open execute_no_trans };
allow mediaserver proc_mtkcooler:file { read write open };
allow mediaserver proc_mtktz:file { read write open };
allow mediaserver proc_thermal:file { read write open };
# Date : WK14.52
# Operation : WVL1 IT
# Purpose : SVP module operates secmem driver
allow mediaserver mobicore_data_file:file getattr;
allow mediaserver proc_secmem:file ioctl;
# Date : WK15.03
# Operation : Migration
# Purpose : offloadservice
allow mediaserver offloadservice_device:chr_file { read write ioctl open };
|
