| # ============================================================================== |
| # Policy File of /system/bin/cameraserver Executable File |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| |
| # ----------------------------------- |
| # Android O |
| # Purpose: Allow cameraserver to perform binder IPC to servers and callbacks. |
| # ----------------------------------- |
| |
| # call camerahalserver |
| binder_call(cameraserver, mtk_hal_camera) |
| |
| # call the graphics allocator hal |
| binder_call(cameraserver, hal_graphics_allocator) |
| |
| # ----------------------------------- |
| # Android O |
| # Purpose: Debugging |
| # ----------------------------------- |
| # Purpose: adb shell dumpsys media.camera --unreachable |
| allow cameraserver self:process { ptrace }; |
| |
| # Date : WK14.34 |
| # Operation : Migration |
| # Purpose : nvram access (dumchar case for nand and legacy chip) |
| # allow cameraserver nvram_device:chr_file rw_file_perms; |
| ### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te |
| # #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind }; |
| # allow cameraserver self:capability { net_admin }; |
| |
| # Date : WK14.34 |
| # Operation : Migration |
| # Purpose : VP/VR |
| # allow cameraserver devmap_device:chr_file { ioctl }; |
| |
| # Date : WK14.36 |
| # Operation : Migration |
| # Purpose : media server and bt process communication for A2DP data.and other control flow |
| # allow cameraserver bluetooth:unix_dgram_socket sendto; |
| # allow cameraserver bt_a2dp_stream_socket:sock_file write; |
| # allow cameraserver bt_int_adp_socket:sock_file write; |
| |
| # Date : WK14.37 |
| # Operation : Migration |
| # Purpose : camera ioctl |
| # allow cameraserver camera_sysram_device:chr_file r_file_perms; |
| |
| # Date : WK14.36 |
| # Operation : Migration |
| # Purpose : VDEC/VENC device node |
| # allow cameraserver Vcodec_device:chr_file rw_file_perms; |
| |
| # Date : WK14.36 |
| # Operation : Migration |
| # Purpose : access nvram, otp, ccci cdoec devices. |
| # allow cameraserver MtkCodecService:binder call; |
| # allow cameraserver ccci_device:chr_file rw_file_perms; |
| # allow cameraserver eemcs_device:chr_file rw_file_perms; |
| # allow cameraserver devmap_device:chr_file r_file_perms; |
| # allow cameraserver ebc_device:chr_file rw_file_perms; |
| # allow cameraserver nvram_device:blk_file rw_file_perms; |
| # allow cameraserver bootdevice_block_device:blk_file rw_file_perms; |
| |
| # Date : WK14.36 |
| # Operation : Migration |
| # Purpose : for SW codec VP/VR |
| # allow cameraserver mtk_sched_device:chr_file rw_file_perms; |
| |
| # Date : WK14.38 |
| # Operation : Migration |
| # Purpose : NVRam access |
| # allow cameraserver block_device:dir { write search }; |
| |
| # Date : WK14.38 |
| # Operation : Migration |
| # Purpose : FM driver access |
| # allow cameraserver fm_device:chr_file rw_file_perms; |
| |
| # Data : WK14.38 |
| # Operation : Migration |
| # Purpose : for VP/VR |
| # allow cameraserver block_device:dir search; |
| # allow cameraserver FM50AF_device:chr_file rw_file_perms; |
| # allow cameraserver AD5820AF_device:chr_file rw_file_perms; |
| # allow cameraserver DW9714AF_device:chr_file rw_file_perms; |
| # allow cameraserver DW9814AF_device:chr_file rw_file_perms; |
| # allow cameraserver AK7345AF_device:chr_file rw_file_perms; |
| # allow cameraserver DW9714A_device:chr_file rw_file_perms; |
| # allow cameraserver LC898122AF_device:chr_file rw_file_perms; |
| # allow cameraserver LC898212AF_device:chr_file rw_file_perms; |
| # allow cameraserver BU6429AF_device:chr_file rw_file_perms; |
| # allow cameraserver DW9718AF_device:chr_file rw_file_perms; |
| # allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms; |
| # allow cameraserver MAINAF_device:chr_file rw_file_perms; |
| # allow cameraserver MAIN2AF_device:chr_file rw_file_perms; |
| # allow cameraserver SUBAF_device:chr_file rw_file_perms; |
| |
| # Data : WK14.38 |
| # Operation : Migration |
| # Purpose : for boot animation. |
| # allow cameraserver bootanim:binder { transfer call }; |
| |
| # allow cameraserver mtkbootanimation:binder { transfer call }; |
| # Data : WK14.38 |
| # Operation : Migration |
| # Purpose : dump for debug |
| # allow cameraserver sdcard_type:file append; |
| |
| # Date : WK14.39 |
| # Operation : Migration |
| # Purpose : FDVT Driver |
| # allow cameraserver camera_fdvt_device:chr_file rw_file_perms; |
| |
| # Date : WK14.39 |
| # Operation : Migration |
| # Purpose : APE PLAYBACK |
| # binder_call(cameraserver, MtkCodecService) |
| |
| # Data : WK14.39 |
| # Operation : Migration |
| # Purpose : HW encrypt SW codec |
| # allow cameraserver sec_device:chr_file r_file_perms; |
| |
| # Date : WK14.40 |
| # Operation : Migration |
| # Purpose : HDMI driver access |
| allow cameraserver graphics_device:chr_file rw_file_perms; |
| |
| # Date : WK14.40 |
| # Operation : Migration |
| # Purpose : Smartpa |
| # allow cameraserver smartpa_device:chr_file rw_file_perms; |
| |
| # Date : WK14.40 |
| # Operation : Migration |
| # Purpose : mtk_jpeg |
| # allow cameraserver mtk_jpeg_device:chr_file r_file_perms; |
| |
| # Date : WK14.41 |
| # Operation : Migration |
| # Purpose : WFD HID Driver |
| # allow cameraserver uhid_device:chr_file rw_file_perms; |
| |
| # Date : WK14.41 |
| # Operation : Migration |
| # Purpose : Camera EEPROM Calibration |
| # allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms; |
| # allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms; |
| # allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms; |
| |
| # Date : WK14.43 |
| # Operation : Migration |
| # Purpose : VOW |
| # allow cameraserver vow_device:chr_file rw_file_perms; |
| |
| # Date: WK14.44 |
| # Operation : Migration |
| # Purpose : EVDO |
| # allow cameraserver rpc_socket:sock_file write; |
| # allow cameraserver ttySDIO_device:chr_file rw_file_perms; |
| |
| # Data: WK14.44 |
| # Operation : Migration |
| # Purpose : VP |
| # allow cameraserver surfaceflinger:file getattr; |
| |
| # Data: WK14.44 |
| # Operation : Migration |
| # Purpose : for low SD card latency issue |
| # allow cameraserver sysfs_lowmemorykiller:file { read open }; |
| |
| # Date : WK14.46 |
| # Operation : Migration |
| # Purpose : for MTK Emulator HW GPU |
| # allow cameraserver qemu_pipe_device:chr_file rw_file_perms; |
| |
| # Date : WK14.46 |
| # Operation : Migration |
| # Purpose : for camera init |
| # allow cameraserver system_server:unix_stream_socket { read write }; |
| |
| # Data : WK14.46 |
| # Operation : Migration |
| # Purpose : for SMS app |
| # allow cameraserver radio_data_file:dir search; |
| # allow cameraserver radio_data_file:file open; |
| |
| # Data : WK14.47 |
| # Operation : Launch camcorder from MMS |
| # Purpose : Camcorder |
| # allow cameraserver radio_data_file:file open; |
| |
| # Data : WK14.47 |
| # Operation : CTS |
| # Purpose : cts search strange app |
| # allow cameraserver untrusted_app:dir search; |
| |
| # Date : WK15.03 |
| # Operation : Migration |
| # Purpose : offloadservice |
| # allow cameraserver offloadservice_device:chr_file rw_file_perms; |
| |
| # Date : WK15.32 |
| # Operation : Pre-sanity |
| # Purpose : 3A algorithm need to access sensor service |
| # allow cameraserver sensorservice_service:service_manager find; |
| |
| # Date : WK15.35 |
| # Operation : Migration |
| # Purpose: Allow cameraserver to read binder from surfaceflinger |
| # allow cameraserver surfaceflinger:fifo_file {read write}; |
| |
| # Date : WK15.46 |
| # Operation : Migration |
| # Purpose : DPE Driver |
| # allow cameraserver camera_dpe_device:chr_file rw_file_perms; |
| |
| # Date : WK15.46 |
| # Operation : Migration |
| # Purpose : TSF Driver |
| # allow cameraserver camera_tsf_device:chr_file rw_file_perms; |
| |
| # Date : WK16.20 |
| # Operation : Migration |
| # Purpose: research root dir "/" |
| allow cameraserver tmpfs:dir search; |
| |
| # Date : WK16.21 |
| # Operation : Migration |
| # Purpose : EGL file access |
| allow cameraserver system_file:dir { read open }; |
| allow cameraserver gpu_device:chr_file rw_file_perms; |
| allow cameraserver gpu_device:dir search; |
| |
| # Date : WK16.32 |
| # Operation : Migration |
| # Purpose : RSC Driver |
| # allow cameraserver camera_rsc_device:chr_file rw_file_perms; |
| |
| # Date : WK16.33 |
| # Purpose: Allow to access ged for gralloc_extra functions |
| allow cameraserver proc_ged:file rw_file_perms; |
| allowxperm cameraserver proc_ged:file ioctl { proc_ged_ioctls }; |
| |
| # Date : WK16.33 |
| # Operation : Migration |
| # Purpose : GEPF Driver |
| # allow cameraserver camera_gepf_device:chr_file rw_file_perms; |
| |
| # Date : WK16.35 |
| # Operation : Migration |
| # Purpose : Update camera flashlight driver device file |
| # allow cameraserver flashlight_device:chr_file rw_file_perms; |
| |
| # Data : WK16.42 |
| # Operator: Whitney bring up |
| # Purpose: call surfaceflinger due to powervr |
| # allow cameraserver surfaceflinger:fifo_file rw_file_perms; |
| |
| # Date : WK16.43 |
| # Operation : Migration |
| # Purpose : WPE Driver |
| # allow cameraserver camera_wpe_device:chr_file rw_file_perms; |
| |
| # Date : WK16.49 |
| # Operation : label aee_aed sockets |
| # Purpose : Engineering mode need access for aee commmand |
| # userdebug_or_eng(` |
| # allow cameraserver aee_aed:unix_stream_socket connectto; |
| # ') |
| |
| # Date : WK17.19 |
| # Operation : Migration |
| # Purpose : OWE Driver |
| # allow cameraserver camera_owe_device:chr_file rw_file_perms; |
| |
| # Date : WK17.25 |
| # Operation : Migration |
| allow cameraserver debugfs_ion:dir search; |
| |
| # Date : WK17.30 |
| # Operation : O Migration |
| # Purpose: Allow to access cmdq driver |
| # allow cameraserver mtk_cmdq_device:chr_file { read ioctl open }; |
| |
| # Date : WK17.44 |
| # Operation : Migration |
| # Purpose : DIP Driver |
| # allow cameraserver camera_dip_device:chr_file rw_file_perms; |
| |
| # Date : WK17.44 |
| # Operation : Migration |
| # Purpose : MFB Driver |
| # allow cameraserver camera_mfb_device:chr_file rw_file_perms; |
| |
| # Date : WK17.49 |
| # Operation : MT6771 SQC |
| # Purpose: Allow permgr access |
| allow cameraserver proc_perfmgr:dir {read search}; |
| allow cameraserver proc_perfmgr:file r_file_perms; |
| allowxperm cameraserver proc_perfmgr:file ioctl { |
| PERFMGR_FPSGO_QUEUE |
| PERFMGR_FPSGO_DEQUEUE |
| PERFMGR_FPSGO_QUEUE_CONNECT |
| PERFMGR_FPSGO_BQID |
| }; |
| |