non_plat/platform_app.te - device/mediatek/wembley-sepolicy - Git at Google

 # ==============================================
 # MTK Policy Rule
 # ==============================================

 # GOOGLE commented out.  Causes screenshots to fail.  See b/169108544.
 # typeattribute platform_app mlstrustedsubject;

 # Date : 2017/07/03
 # Operation : Migration
 # Purpose : get/set agps configuration via mtk_hal_lbs
 hal_client_domain(platform_app, mtk_hal_lbs)


 # Date : 2014/08/21
 # Operation : Migration
 # Purpose : FMRadio enable driver access permission for fmradio hardware device
 # Package: com.mediatek.fmradio
 allow platform_app fm_device:chr_file rw_file_perms;

 # Date : 2014/09/11
 # Operation : Migration
 # Purpose : MTKLogger need setup local socket with native daemon:mobile_logd,
 # netdialog,mdlogger,emdlogger,cmddumper
 # Package: com.mediatek.mtklogger
 allow platform_app mobile_log_d:unix_stream_socket connectto;
 allow platform_app mdlogger:unix_stream_socket connectto;
 allow platform_app emdlogger:unix_stream_socket connectto;
 allow platform_app cmddumper:unix_stream_socket connectto;
 allow platform_app connsyslogger:unix_stream_socket connectto;
 unix_socket_connect(platform_app, netdiag, netdiag)
 # Date: 2018/11/17
 # purpose: allow MTKLogger to control Bluetooth HCI log via socket
 allow platform_app bluetooth:unix_stream_socket connectto;

 # Date : 2014/10/17
 # Operation : Migration
 # Purpose :Make MTKLogger or VIASaber apk can Access TTYSDIO_device
 # Package: com.mediatek.mtklogger
 allow platform_app ttySDIO_device:chr_file rw_file_perms;

 # Date : 2014/10/17
 # Operation : Migration
 # Purpose :Make MTKLogger or VIASaber apk can Access storage
 # Package: com.mediatek.mtklogger
 allow platform_app sdcard_type:file create_file_perms;
 allow platform_app sdcard_type:dir create_dir_perms;

 # Date : 2014/11/12
 # Operation : Migration
 # Purpose : MTKLogger need copy exception db from data folder
 # Package: com.mediatek.mtklogger
 allow platform_app aee_exp_data_file:file r_file_perms;
 allow platform_app aee_exp_data_file:dir r_dir_perms;

 # Date : 2014/11/14
 # Operation : Migration
 # Purpose : MTKLogger need update md config file in data for mode changed
 # Package: com.mediatek.mtklogger
 allow platform_app mdlog_data_file:file rw_file_perms;
 allow platform_app mdlog_data_file:dir rw_dir_perms;

 # Date : 2015/01/13
 # Operation : New feature for GPS Log
 # Purpose : MTKLogger need setup local socket with mnld
 # Package: com.mediatek.mtklogger
 # TODO:: MTK need to remove later
 not_full_treble(`
 	allow platform_app mnld:unix_stream_socket connectto;
 ')

 # Date : WK17.46
 # Operation : Migration
 # Purpose : allow MTKLogger to read KE DB
 allow platform_app aee_dumpsys_data_file:file r_file_perms;

 # Date : WK18.17
 # Operation : P Migration
 # Purpose: allow platform_app to read /data/vendor/mtklog/aee_exp
 allow platform_app aee_exp_vendor_file:dir search;
 allow platform_app aee_exp_vendor_file:dir { read getattr open };
 allow platform_app aee_exp_vendor_file:file { read getattr open };

 # Date : WK18.21
 # Operation : Migration
 # Purpose : Do FM operation via mtk_hal_fm
 hal_client_domain(platform_app, mtk_hal_fm)

 # Date: 2018/03/23
 # Operation : Migration
 # Purpose : MTKLogger need connect to log hidl server
 # Package: com.mediatek.mtklogger
 hal_client_domain(platform_app, mtk_hal_log)

 # Date: 2019/07/04
 # Stage: Migration
 # Purpose: Allow to use lomo effect
 # Package: com.mediatek.camera
 #allow platform_app hal_camera_hwservice:hwservice_manager find;
 allow platform_app mtk_hal_camera:binder call;
 allow platform_app sw_sync_device:chr_file rw_file_perms;

 # Date: 2019/07/04
 # Purpose: Allow platform app to use BGService HIDL and access mtk_hal_camera
 hal_client_domain(platform_app, mtk_hal_bgs)
 allow platform_app mtk_hal_bgs_hwservice:hwservice_manager find;
 binder_call(platform_app, mtk_hal_bgs)
 binder_call(mtk_hal_bgs, platform_app)
 binder_call(platform_app, mtk_hal_camera)
 binder_call(mtk_hal_camera, platform_app)

 # Date: 2020/06/08
 # Purpose: Allow platform app to access mtk jpeg
 allow platform_app proc_mtk_jpeg:file rw_file_perms;
 allowxperm platform_app proc_mtk_jpeg:file ioctl {
       JPG_BRIDGE_DEC_IO_LOCK
       JPG_BRIDGE_DEC_IO_WAIT
       JPG_BRIDGE_DEC_IO_UNLOCK
 };
	# ==============================================
	# MTK Policy Rule
	# ==============================================

	# GOOGLE commented out. Causes screenshots to fail. See b/169108544.
	# typeattribute platform_app mlstrustedsubject;

	# Date : 2017/07/03
	# Operation : Migration
	# Purpose : get/set agps configuration via mtk_hal_lbs
	hal_client_domain(platform_app, mtk_hal_lbs)


	# Date : 2014/08/21
	# Operation : Migration
	# Purpose : FMRadio enable driver access permission for fmradio hardware device
	# Package: com.mediatek.fmradio
	allow platform_app fm_device:chr_file rw_file_perms;

	# Date : 2014/09/11
	# Operation : Migration
	# Purpose : MTKLogger need setup local socket with native daemon:mobile_logd,
	# netdialog,mdlogger,emdlogger,cmddumper
	# Package: com.mediatek.mtklogger
	allow platform_app mobile_log_d:unix_stream_socket connectto;
	allow platform_app mdlogger:unix_stream_socket connectto;
	allow platform_app emdlogger:unix_stream_socket connectto;
	allow platform_app cmddumper:unix_stream_socket connectto;
	allow platform_app connsyslogger:unix_stream_socket connectto;
	unix_socket_connect(platform_app, netdiag, netdiag)
	# Date: 2018/11/17
	# purpose: allow MTKLogger to control Bluetooth HCI log via socket
	allow platform_app bluetooth:unix_stream_socket connectto;

	# Date : 2014/10/17
	# Operation : Migration
	# Purpose :Make MTKLogger or VIASaber apk can Access TTYSDIO_device
	# Package: com.mediatek.mtklogger
	allow platform_app ttySDIO_device:chr_file rw_file_perms;

	# Date : 2014/10/17
	# Operation : Migration
	# Purpose :Make MTKLogger or VIASaber apk can Access storage
	# Package: com.mediatek.mtklogger
	allow platform_app sdcard_type:file create_file_perms;
	allow platform_app sdcard_type:dir create_dir_perms;

	# Date : 2014/11/12
	# Operation : Migration
	# Purpose : MTKLogger need copy exception db from data folder
	# Package: com.mediatek.mtklogger
	allow platform_app aee_exp_data_file:file r_file_perms;
	allow platform_app aee_exp_data_file:dir r_dir_perms;

	# Date : 2014/11/14
	# Operation : Migration
	# Purpose : MTKLogger need update md config file in data for mode changed
	# Package: com.mediatek.mtklogger
	allow platform_app mdlog_data_file:file rw_file_perms;
	allow platform_app mdlog_data_file:dir rw_dir_perms;

	# Date : 2015/01/13
	# Operation : New feature for GPS Log
	# Purpose : MTKLogger need setup local socket with mnld
	# Package: com.mediatek.mtklogger
	# TODO:: MTK need to remove later
	not_full_treble(`
	allow platform_app mnld:unix_stream_socket connectto;
	')

	# Date : WK17.46
	# Operation : Migration
	# Purpose : allow MTKLogger to read KE DB
	allow platform_app aee_dumpsys_data_file:file r_file_perms;

	# Date : WK18.17
	# Operation : P Migration
	# Purpose: allow platform_app to read /data/vendor/mtklog/aee_exp
	allow platform_app aee_exp_vendor_file:dir search;
	allow platform_app aee_exp_vendor_file:dir { read getattr open };
	allow platform_app aee_exp_vendor_file:file { read getattr open };

	# Date : WK18.21
	# Operation : Migration
	# Purpose : Do FM operation via mtk_hal_fm
	hal_client_domain(platform_app, mtk_hal_fm)

	# Date: 2018/03/23
	# Operation : Migration
	# Purpose : MTKLogger need connect to log hidl server
	# Package: com.mediatek.mtklogger
	hal_client_domain(platform_app, mtk_hal_log)

	# Date: 2019/07/04
	# Stage: Migration
	# Purpose: Allow to use lomo effect
	# Package: com.mediatek.camera
	#allow platform_app hal_camera_hwservice:hwservice_manager find;
	allow platform_app mtk_hal_camera:binder call;
	allow platform_app sw_sync_device:chr_file rw_file_perms;

	# Date: 2019/07/04
	# Purpose: Allow platform app to use BGService HIDL and access mtk_hal_camera
	hal_client_domain(platform_app, mtk_hal_bgs)
	allow platform_app mtk_hal_bgs_hwservice:hwservice_manager find;
	binder_call(platform_app, mtk_hal_bgs)
	binder_call(mtk_hal_bgs, platform_app)
	binder_call(platform_app, mtk_hal_camera)
	binder_call(mtk_hal_camera, platform_app)

	# Date: 2020/06/08
	# Purpose: Allow platform app to access mtk jpeg
	allow platform_app proc_mtk_jpeg:file rw_file_perms;
	allowxperm platform_app proc_mtk_jpeg:file ioctl {
	JPG_BRIDGE_DEC_IO_LOCK
	JPG_BRIDGE_DEC_IO_WAIT
	JPG_BRIDGE_DEC_IO_UNLOCK
	};