257 lines
8.1 KiB
Plaintext
257 lines
8.1 KiB
Plaintext
type mtk_hal_audio, domain;
|
|
hal_server_domain(mtk_hal_audio, hal_audio)
|
|
|
|
type mtk_hal_audio_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(mtk_hal_audio)
|
|
|
|
hal_client_domain(mtk_hal_audio, hal_allocator)
|
|
|
|
hwbinder_use(mtk_hal_audio)
|
|
wakelock_use(mtk_hal_audio);
|
|
|
|
add_hwservice(mtk_hal_audio, mtk_hal_bluetooth_audio_hwservice)
|
|
allow mtk_hal_audio ion_device:chr_file r_file_perms;
|
|
|
|
allow mtk_hal_audio system_file:dir { open read };
|
|
|
|
r_dir_file(mtk_hal_audio, proc)
|
|
allow mtk_hal_audio audio_device:dir r_dir_perms;
|
|
allow mtk_hal_audio audio_device:chr_file rw_file_perms;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# mtk_hal_audio should never execute any executable without
|
|
# a domain transition
|
|
neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans;
|
|
|
|
# mtk_hal_audio should never need network access.
|
|
# Disallow network sockets.
|
|
neverallow mtk_hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
|
|
|
|
# Date : WK14.32
|
|
# Operation : Migration
|
|
# Purpose : Set audio driver permission to access SD card for debug purpose and accss NVRam.
|
|
allow mtk_hal_audio sdcard_type:dir { w_dir_perms create };
|
|
allow mtk_hal_audio sdcard_type:file create;
|
|
allow mtk_hal_audio nvram_data_file:dir w_dir_perms;
|
|
allow mtk_hal_audio nvram_data_file:file create_file_perms;
|
|
allow mtk_hal_audio nvram_data_file:lnk_file read;
|
|
allow mtk_hal_audio nvdata_file:lnk_file read;
|
|
allow mtk_hal_audio nvdata_file:dir w_dir_perms;
|
|
allow mtk_hal_audio nvdata_file:file create_file_perms;
|
|
allow mtk_hal_audio sdcard_type:dir remove_name;
|
|
allow mtk_hal_audio sdcard_type:file unlink;
|
|
|
|
# Date : WK14.34
|
|
# Operation : Migration
|
|
# Purpose : nvram access (dumchar case for nand and legacy chip)
|
|
allow mtk_hal_audio nvram_device:chr_file rw_file_perms;
|
|
allow mtk_hal_audio self:netlink_kobject_uevent_socket { create setopt bind };
|
|
|
|
# Date : WK14.34
|
|
# Operation : Migration
|
|
# Purpose : Smartcard Service
|
|
allow mtk_hal_audio self:netlink_kobject_uevent_socket read;
|
|
|
|
# Date : WK14.36
|
|
# Operation : Migration
|
|
# Purpose : media server and bt process communication for A2DP data.and other control flow
|
|
allow mtk_hal_audio bt_a2dp_stream_socket:sock_file write;
|
|
allow mtk_hal_audio bt_int_adp_socket:sock_file write;
|
|
|
|
# Date : WK14.36
|
|
# Operation : Migration
|
|
# Purpose : access nvram, otp, ccci cdoec devices.
|
|
allow mtk_hal_audio MtkCodecService:binder call;
|
|
allow mtk_hal_audio ccci_device:chr_file rw_file_perms;
|
|
allow mtk_hal_audio eemcs_device:chr_file rw_file_perms;
|
|
allow mtk_hal_audio devmap_device:chr_file r_file_perms;
|
|
allow mtk_hal_audio ebc_device:chr_file rw_file_perms;
|
|
allow mtk_hal_audio nvram_device:blk_file rw_file_perms;
|
|
|
|
# Date : WK14.38
|
|
# Operation : Migration
|
|
# Purpose : NVRam access
|
|
allow mtk_hal_audio block_device:dir { write search };
|
|
|
|
# Date : WK14.38
|
|
# Operation : Migration
|
|
# Purpose : FM driver access
|
|
allow mtk_hal_audio fm_device:chr_file rw_file_perms;
|
|
|
|
# Data : WK14.38
|
|
# Operation : Migration
|
|
# Purpose : dump for debug
|
|
allow mtk_hal_audio sdcard_type:file append;
|
|
|
|
# Data : WK14.39
|
|
# Operation : Migration
|
|
# Purpose : dump for debug
|
|
set_prop(mtk_hal_audio, vendor_mtk_audiohal_prop)
|
|
|
|
# Date : WK14.40
|
|
# Operation : Migration
|
|
# Purpose : HDMI driver access
|
|
allow mtk_hal_audio graphics_device:chr_file rw_file_perms;
|
|
|
|
# Date : WK14.40
|
|
# Operation : Migration
|
|
# Purpose : Smartpa
|
|
allow mtk_hal_audio smartpa_device:chr_file rw_file_perms;
|
|
allow mtk_hal_audio sysfs_rt_param:file rw_file_perms;
|
|
allow mtk_hal_audio sysfs_rt_calib:file rw_file_perms;
|
|
allow mtk_hal_audio sysfs_rt_param:dir r_dir_perms;
|
|
allow mtk_hal_audio sysfs_rt_calib:dir r_dir_perms;
|
|
|
|
# Date : WK14.41
|
|
# Operation : Migration
|
|
# Purpose : WFD HID Driver
|
|
allow mtk_hal_audio uhid_device:chr_file rw_file_perms;
|
|
|
|
# Date : WK14.43
|
|
# Operation : Migration
|
|
# Purpose : VOW
|
|
allow mtk_hal_audio vow_device:chr_file rw_file_perms;
|
|
|
|
# Date: WK14.44
|
|
# Operation : Migration
|
|
# Purpose : EVDO
|
|
allow mtk_hal_audio rpc_socket:sock_file write;
|
|
allow mtk_hal_audio ttySDIO_device:chr_file rw_file_perms;
|
|
|
|
# Data: WK14.44
|
|
# Operation : Migration
|
|
# Purpose : for low SD card latency issue
|
|
allow mtk_hal_audio sysfs_lowmemorykiller:file { read open };
|
|
|
|
# Data: WK14.45
|
|
# Operation : Migration
|
|
# Purpose : for change thermal policy when needed
|
|
allow mtk_hal_audio proc_mtkcooler:dir search;
|
|
allow mtk_hal_audio proc_mtktz:dir search;
|
|
allow mtk_hal_audio proc_thermal:dir search;
|
|
allow mtk_hal_audio thermal_manager_data_file:file create_file_perms;
|
|
allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr };
|
|
|
|
# Data : WK14.47
|
|
# Operation : Audio playback
|
|
# Purpose : Music as ringtone
|
|
allow mtk_hal_audio radio:dir { search read };
|
|
allow mtk_hal_audio radio:file r_file_perms;
|
|
|
|
# Data : WK14.47
|
|
# Operation : CTS
|
|
# Purpose : cts search strange app
|
|
allow mtk_hal_audio untrusted_app:dir search;
|
|
|
|
# Date : WK15.03
|
|
# Operation : Migration
|
|
# Purpose : offloadservice
|
|
allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms;
|
|
|
|
# Date : WK15.34
|
|
# Operation : Migration
|
|
# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
|
|
allow mtk_hal_audio storage_file:dir search;
|
|
allow mtk_hal_audio storage_file:lnk_file {read write};
|
|
allow mtk_hal_audio mnt_user_file:dir {write read search};
|
|
allow mtk_hal_audio mnt_user_file:lnk_file {read write};
|
|
|
|
# Date : WK16.17
|
|
# Operation : Migration
|
|
# Purpose: read/open sysfs node
|
|
allow mtk_hal_audio sysfs_ccci:file r_file_perms;
|
|
allow mtk_hal_audio sysfs_ccci:dir search;
|
|
|
|
# Date : WK16.18
|
|
# Operation : Migration
|
|
# Purpose: research root dir "/"
|
|
allow mtk_hal_audio tmpfs:dir search;
|
|
|
|
# Purpose: Dump debug info
|
|
allow mtk_hal_audio debugfs_binder:dir search;
|
|
allow mtk_hal_audio kmsg_device:chr_file { open write };
|
|
allow mtk_hal_audio fuse:file rw_file_perms;
|
|
|
|
# Date : WK16.27
|
|
# Operation : Migration
|
|
# Purpose: tunning tool update parameters
|
|
binder_call(mtk_hal_audio,radio)
|
|
allow mtk_hal_audio mtk_audiohal_data_file:dir create_dir_perms;
|
|
allow mtk_hal_audio mtk_audiohal_data_file:file create_file_perms;
|
|
|
|
# Date : WK16.28
|
|
# Operation : Migration
|
|
# Purpose: Write audio dump files to external SDCard.
|
|
allow mtk_hal_audio sdcard_type:file { create_file_perms };
|
|
|
|
# Date : WK16.33
|
|
# Purpose: Allow to access ged for gralloc_extra functions
|
|
allow mtk_hal_audio proc_ged:file rw_file_perms;
|
|
|
|
set_prop(mtk_hal_audio, hwservicemanager_prop)
|
|
allow mtk_hal_audio storage_file:dir search;
|
|
|
|
# Fix bootup violation
|
|
allow mtk_hal_audio fuse:dir read;
|
|
|
|
# for usb phone call, allow sys_nice
|
|
allow mtk_hal_audio self:capability sys_nice;
|
|
|
|
# Date : W17.29
|
|
# Boot for opening trace file: Permission denied (13)
|
|
allow mtk_hal_audio debugfs_tracing:file { write open };
|
|
|
|
# for usb phone call, allow sys_nice
|
|
allow mtk_hal_audio self:capability sys_nice;
|
|
|
|
# Audio Tuning Tool Android O porting
|
|
binder_call(mtk_hal_audio,audiocmdservice_atci);
|
|
|
|
|
|
# Add for control PowerHAL
|
|
hal_client_domain(mtk_hal_audio, hal_power)
|
|
|
|
# cm4 smartpa
|
|
allow mtk_hal_audio audio_ipi_device:chr_file { read write ioctl open };
|
|
allow mtk_hal_audio audio_scp_device:chr_file r_file_perms;
|
|
|
|
# Date : WK18.21
|
|
# Operation: P migration
|
|
# Purpose: Allow to search /mnt/vendor/nvdata for fstab when using NVM_Init()
|
|
allow mtk_hal_audio mnt_vendor_file:dir search;
|
|
|
|
# Date: 2019/06/14
|
|
# Operation : Migration
|
|
allow mtk_hal_audio audioserver:fifo_file w_file_perms;
|
|
allow mtk_hal_audio sysfs_boot_mode:file r_file_perms;
|
|
allow mtk_hal_audio sysfs_dt_firmware_android:dir search;
|
|
|
|
# Date : WK18.44
|
|
# Operation: adsp
|
|
allow mtk_hal_audio adsp_device:file rw_file_perms;
|
|
allow mtk_hal_audio adsp_device:chr_file rw_file_perms;
|
|
|
|
# Date : 2020/3/21
|
|
# Operation: audio dptx
|
|
allow mtk_hal_audio dri_device:chr_file rw_file_perms;
|
|
allow mtk_hal_audio gpu_device:dir search;
|
|
|
|
allow mtk_hal_audio mtk_hal_bluetooth_audio_hwservice:hwservice_manager find;
|
|
|
|
# Date : WK20.26
|
|
allow mtk_hal_audio sysfs_dt_firmware_android:file r_file_perms;
|
|
allow mtk_hal_audio metadata_file:dir search;
|
|
allow mtk_hal_audio nvdata_file:dir create_dir_perms;
|
|
|
|
# Date : WK20.29
|
|
# Purpose: no trigger avc log when call nvram api
|
|
dontaudit mtk_hal_audio gsi_metadata_file:dir search;
|
|
|
|
# Date : WK20.29
|
|
# Operation : Migration
|
|
# Purpose : SoundTrigger Hal for tablet
|
|
allow mtk_hal_audio adsp_misc_device:chr_file rw_file_perms;
|
|
allow mtk_hal_audio self:netlink_kobject_uevent_socket getopt; |