aosp12/device/mediatek/wembley-sepolicy/non_plat/platform_app.te

119 lines
4.1 KiB
Plaintext

# ==============================================
# MTK Policy Rule
# ==============================================
# GOOGLE commented out. Causes screenshots to fail. See b/169108544.
# typeattribute platform_app mlstrustedsubject;
# Date : 2017/07/03
# Operation : Migration
# Purpose : get/set agps configuration via mtk_hal_lbs
hal_client_domain(platform_app, mtk_hal_lbs)
# Date : 2014/08/21
# Operation : Migration
# Purpose : FMRadio enable driver access permission for fmradio hardware device
# Package: com.mediatek.fmradio
allow platform_app fm_device:chr_file rw_file_perms;
# Date : 2014/09/11
# Operation : Migration
# Purpose : MTKLogger need setup local socket with native daemon:mobile_logd,
# netdialog,mdlogger,emdlogger,cmddumper
# Package: com.mediatek.mtklogger
allow platform_app mobile_log_d:unix_stream_socket connectto;
allow platform_app mdlogger:unix_stream_socket connectto;
allow platform_app emdlogger:unix_stream_socket connectto;
allow platform_app cmddumper:unix_stream_socket connectto;
allow platform_app connsyslogger:unix_stream_socket connectto;
unix_socket_connect(platform_app, netdiag, netdiag)
# Date: 2018/11/17
# purpose: allow MTKLogger to control Bluetooth HCI log via socket
allow platform_app bluetooth:unix_stream_socket connectto;
# Date : 2014/10/17
# Operation : Migration
# Purpose :Make MTKLogger or VIASaber apk can Access TTYSDIO_device
# Package: com.mediatek.mtklogger
allow platform_app ttySDIO_device:chr_file rw_file_perms;
# Date : 2014/10/17
# Operation : Migration
# Purpose :Make MTKLogger or VIASaber apk can Access storage
# Package: com.mediatek.mtklogger
allow platform_app sdcard_type:file create_file_perms;
allow platform_app sdcard_type:dir create_dir_perms;
# Date : 2014/11/12
# Operation : Migration
# Purpose : MTKLogger need copy exception db from data folder
# Package: com.mediatek.mtklogger
allow platform_app aee_exp_data_file:file r_file_perms;
allow platform_app aee_exp_data_file:dir r_dir_perms;
# Date : 2014/11/14
# Operation : Migration
# Purpose : MTKLogger need update md config file in data for mode changed
# Package: com.mediatek.mtklogger
allow platform_app mdlog_data_file:file rw_file_perms;
allow platform_app mdlog_data_file:dir rw_dir_perms;
# Date : 2015/01/13
# Operation : New feature for GPS Log
# Purpose : MTKLogger need setup local socket with mnld
# Package: com.mediatek.mtklogger
# TODO:: MTK need to remove later
not_full_treble(`
allow platform_app mnld:unix_stream_socket connectto;
')
# Date : WK17.46
# Operation : Migration
# Purpose : allow MTKLogger to read KE DB
allow platform_app aee_dumpsys_data_file:file r_file_perms;
# Date : WK18.17
# Operation : P Migration
# Purpose: allow platform_app to read /data/vendor/mtklog/aee_exp
allow platform_app aee_exp_vendor_file:dir search;
allow platform_app aee_exp_vendor_file:dir { read getattr open };
allow platform_app aee_exp_vendor_file:file { read getattr open };
# Date : WK18.21
# Operation : Migration
# Purpose : Do FM operation via mtk_hal_fm
hal_client_domain(platform_app, mtk_hal_fm)
# Date: 2018/03/23
# Operation : Migration
# Purpose : MTKLogger need connect to log hidl server
# Package: com.mediatek.mtklogger
hal_client_domain(platform_app, mtk_hal_log)
# Date: 2019/07/04
# Stage: Migration
# Purpose: Allow to use lomo effect
# Package: com.mediatek.camera
#allow platform_app hal_camera_hwservice:hwservice_manager find;
allow platform_app mtk_hal_camera:binder call;
allow platform_app sw_sync_device:chr_file rw_file_perms;
# Date: 2019/07/04
# Purpose: Allow platform app to use BGService HIDL and access mtk_hal_camera
hal_client_domain(platform_app, mtk_hal_bgs)
allow platform_app mtk_hal_bgs_hwservice:hwservice_manager find;
binder_call(platform_app, mtk_hal_bgs)
binder_call(mtk_hal_bgs, platform_app)
binder_call(platform_app, mtk_hal_camera)
binder_call(mtk_hal_camera, platform_app)
# Date: 2020/06/08
# Purpose: Allow platform app to access mtk jpeg
allow platform_app proc_mtk_jpeg:file rw_file_perms;
allowxperm platform_app proc_mtk_jpeg:file ioctl {
JPG_BRIDGE_DEC_IO_LOCK
JPG_BRIDGE_DEC_IO_WAIT
JPG_BRIDGE_DEC_IO_UNLOCK
};