1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# Date : WK14.34 6# Operation : Migration 7# Purpose : VP/VR 8allow mediacodec devmap_device:chr_file { ioctl }; 9 10# Date : WK14.36 11# Operation : Migration 12# Purpose : VDEC/VENC device node 13allow mediacodec Vcodec_device:chr_file rw_file_perms; 14 15# Date : WK16.21 16# Operation : Migration 17# Purpose : VP & VR dump and debug 18allow mediacodec M4U_device_device:chr_file rw_file_perms; 19allow mediacodec debugfs_binder:dir search; 20allow mediacodec MTK_SMI_device:chr_file { ioctl read open }; 21allow mediacodec storage_file:lnk_file {read write open}; 22allow mediacodec tmpfs:dir search; 23allow mediacodec mnt_user_file:dir {write read search}; 24allow mediacodec mnt_user_file:lnk_file {read write}; 25allow mediacodec sdcard_type:dir {write read search add_name remove_name}; 26allow mediacodec sdcard_type:file {getattr write read create open append unlink}; 27allow mediacodec nvram_data_file:dir w_dir_perms; 28allow mediacodec nvram_data_file:file create_file_perms; 29allow mediacodec nvram_data_file:lnk_file read; 30allow mediacodec nvdata_file:lnk_file read; 31allow mediacodec nvdata_file:dir w_dir_perms; 32allow mediacodec nvdata_file:file create_file_perms; 33allow mediacodec devmap_device:chr_file r_file_perms; 34allow mediacodec proc_meminfo:file {read getattr open}; 35 36# Date : WK14.36 37# Operation : Migration 38# Purpose : for SW codec VP/VR 39allow mediacodec mtk_sched_device:chr_file { read write ioctl open }; 40 41# Data : WK14.39 42# Operation : Migration 43# Purpose : HW encrypt SW codec 44allow mediacodec mediacodec_data_file:file create_file_perms; 45allow mediacodec mediacodec_data_file:dir create_dir_perms; 46allow mediacodec sec_device:chr_file r_file_perms; 47 48# Data: WK14.44 49# Operation : Migration 50# Purpose : VP 51allow mediacodec surfaceflinger:file getattr; 52 53# Data: WK14.44 54# Operation : Migration 55# Purpose : for low SD card latency issue 56allow mediacodec sysfs_lowmemorykiller:file { read open }; 57 58# Data: WK14.45 59# Operation : Migration 60# Purpose : for change thermal policy when needed 61allow mediacodec proc_mtkcooler:dir search; 62allow mediacodec proc_mtktz:dir search; 63allow mediacodec proc_thermal:dir search; 64allow mediacodec proc_mtkcooler:file { read write open }; 65allow mediacodec proc_mtktz:file { read write open getattr }; 66allow mediacodec proc_thermal:file { read write open getattr}; 67allow mediacodec thermal_manager_data_file:file create_file_perms; 68allow mediacodec thermal_manager_data_file:dir { rw_dir_perms setattr }; 69allow mediacodec thermal_manager_data_file:dir search; 70 71# Data : WK14.47 72# Operation : CTS 73# Purpose : cts search strange app 74allow mediacodec untrusted_app:dir search; 75 76# Date : WK14.39 77# Operation : Migration 78# Purpose : MJC Driver 79allow mediacodec MJC_device:chr_file { read write ioctl open }; 80 81# Date : WK16.27 82# Operation : APE SQC 83# Purpose : for APE file playback 84allow mediacodec MtkCodecService:binder call; 85allow mediacodec MtkCodecService:binder transfer; 86 87# Date : WK16.33 88# Purpose: Allow to access ged for gralloc_extra functions 89allow mediacodec proc_ged:file rw_file_perms; 90allowxperm mediacodec proc_ged:file ioctl { proc_ged_ioctls }; 91 92# Data : WK16.42 93# Operator: Whitney bring up 94# Purpose: call surfaceflinger due to powervr 95allow mediacodec surfaceflinger:fifo_file rw_file_perms; 96 97# Date: WK16.43 98# Operator: Whitney SQC 99# Purpose: mediacodec use gpu 100allow mediacodec gpu_device:dir search; 101 102# Date : W18.01 103# Add for turn on SElinux in enforcing mode 104allow mediacodec vndbinder_device:chr_file rw_file_perms; 105 106vndbinder_use(mediacodec) 107 108# Date : WK1721 109# Purpose: For FULL TREBLE 110allow mediacodec system_file:dir r_dir_perms; 111allow mediacodec debugfs_ion:dir search; 112 113 114# Date : WK17.30 115# Operation : O Migration 116# Purpose: Allow mediacodec to access cmdq driver 117allow mediacodec mtk_cmdq_device:chr_file { read ioctl open }; 118allow mediacodec mtk_mdp_device:chr_file rw_file_perms; 119allow mediacodec sw_sync_device:chr_file rw_file_perms; 120 121# Date : WK17.28 122# Operation : MT6757 SQC 123# Purpose : Change thermal config 124 125 126# Date : WK17.30 127# Purpose : For Power Hal 128allow mediacodec mtk_hal_power_hwservice:hwservice_manager find; 129allow mediacodec mtk_hal_power:binder call; 130allow mediacodec mtk_hal_power:unix_stream_socket connectto; 131 132 133# Date : WK17.12 134# Operation : MT6799 SQC 135# Purpose : Change thermal config 136set_prop(mediacodec, mtk_thermal_config_prop) 137 138# Date : WK17.43 139# Operation : Migration 140# Purpose : DISP access 141allow mediacodec graphics_device:chr_file { ioctl open read }; 142allow mediacodec graphics_device:dir search; 143 144# Date : WK19.27 145# Purpose: Android Migration for SVP 146allow mediacodec proc_m4u:file r_file_perms; 147allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_SEC_INIT; 148 149# Date : WK19.40 150# Purpose: Android Migration for Hybrid Encoder 151allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CONFIG_PORT; 152allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CACHE_SYNC; 153allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_CONFIG_PORT_ARRAY; 154 155# Date : 2019/12/12 156# Purpose : allow media sources to access /sys/bus/platform/drivers/mem_bw_ctrl/* 157allow mediacodec sysfs_concurrency_scenario:file rw_file_perms; 158allow mediacodec sysfs_concurrency_scenario:dir search; 159