Google Git
Sign in
android / device / mediatek / wembley-sepolicy / refs/heads/android13-qpr2-s1-release / . / non_plat / cameraserver.te
blob: 4acc82b1402786fb232548d820837b51a24f29fa [file] [log] [blame]
# ==============================================================================
# Policy File of /system/bin/cameraserver Executable File
# ==============================================
# MTK Policy Rule
# ==============================================
# -----------------------------------
# Android O
# Purpose: Allow cameraserver to perform binder IPC to servers and callbacks.
# -----------------------------------
# call camerahalserver
binder_call(cameraserver, mtk_hal_camera)
# call the graphics allocator hal
binder_call(cameraserver, hal_graphics_allocator)
# -----------------------------------
# Android O
# Purpose: Debugging
# -----------------------------------
# Purpose: adb shell dumpsys media.camera --unreachable
allow cameraserver self:process { ptrace };
# Date : WK14.34
# Operation : Migration
# Purpose : nvram access (dumchar case for nand and legacy chip)
# allow cameraserver nvram_device:chr_file rw_file_perms;
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
# #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind };
# allow cameraserver self:capability { net_admin };
# Date : WK14.34
# Operation : Migration
# Purpose : VP/VR
# allow cameraserver devmap_device:chr_file { ioctl };
# Date : WK14.36
# Operation : Migration
# Purpose : media server and bt process communication for A2DP data.and other control flow
# allow cameraserver bluetooth:unix_dgram_socket sendto;
# allow cameraserver bt_a2dp_stream_socket:sock_file write;
# allow cameraserver bt_int_adp_socket:sock_file write;
# Date : WK14.37
# Operation : Migration
# Purpose : camera ioctl
# allow cameraserver camera_sysram_device:chr_file r_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : VDEC/VENC device node
# allow cameraserver Vcodec_device:chr_file rw_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : access nvram, otp, ccci cdoec devices.
# allow cameraserver MtkCodecService:binder call;
# allow cameraserver ccci_device:chr_file rw_file_perms;
# allow cameraserver eemcs_device:chr_file rw_file_perms;
# allow cameraserver devmap_device:chr_file r_file_perms;
# allow cameraserver ebc_device:chr_file rw_file_perms;
# allow cameraserver nvram_device:blk_file rw_file_perms;
# allow cameraserver bootdevice_block_device:blk_file rw_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : for SW codec VP/VR
# allow cameraserver mtk_sched_device:chr_file rw_file_perms;
# Date : WK14.38
# Operation : Migration
# Purpose : NVRam access
# allow cameraserver block_device:dir { write search };
# Date : WK14.38
# Operation : Migration
# Purpose : FM driver access
# allow cameraserver fm_device:chr_file rw_file_perms;
# Data : WK14.38
# Operation : Migration
# Purpose : for VP/VR
# allow cameraserver block_device:dir search;
# allow cameraserver FM50AF_device:chr_file rw_file_perms;
# allow cameraserver AD5820AF_device:chr_file rw_file_perms;
# allow cameraserver DW9714AF_device:chr_file rw_file_perms;
# allow cameraserver DW9814AF_device:chr_file rw_file_perms;
# allow cameraserver AK7345AF_device:chr_file rw_file_perms;
# allow cameraserver DW9714A_device:chr_file rw_file_perms;
# allow cameraserver LC898122AF_device:chr_file rw_file_perms;
# allow cameraserver LC898212AF_device:chr_file rw_file_perms;
# allow cameraserver BU6429AF_device:chr_file rw_file_perms;
# allow cameraserver DW9718AF_device:chr_file rw_file_perms;
# allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms;
# allow cameraserver MAINAF_device:chr_file rw_file_perms;
# allow cameraserver MAIN2AF_device:chr_file rw_file_perms;
# allow cameraserver SUBAF_device:chr_file rw_file_perms;
# Data : WK14.38
# Operation : Migration
# Purpose : for boot animation.
# allow cameraserver bootanim:binder { transfer call };
# allow cameraserver mtkbootanimation:binder { transfer call };
# Data : WK14.38
# Operation : Migration
# Purpose : dump for debug
# allow cameraserver sdcard_type:file append;
# Date : WK14.39
# Operation : Migration
# Purpose : FDVT Driver
# allow cameraserver camera_fdvt_device:chr_file rw_file_perms;
# Date : WK14.39
# Operation : Migration
# Purpose : APE PLAYBACK
# binder_call(cameraserver, MtkCodecService)
# Data : WK14.39
# Operation : Migration
# Purpose : HW encrypt SW codec
# allow cameraserver sec_device:chr_file r_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : HDMI driver access
allow cameraserver graphics_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : Smartpa
# allow cameraserver smartpa_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : mtk_jpeg
# allow cameraserver mtk_jpeg_device:chr_file r_file_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : WFD HID Driver
# allow cameraserver uhid_device:chr_file rw_file_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : Camera EEPROM Calibration
# allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms;
# allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms;
# allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms;
# Date : WK14.43
# Operation : Migration
# Purpose : VOW
# allow cameraserver vow_device:chr_file rw_file_perms;
# Date: WK14.44
# Operation : Migration
# Purpose : EVDO
# allow cameraserver rpc_socket:sock_file write;
# allow cameraserver ttySDIO_device:chr_file rw_file_perms;
# Data: WK14.44
# Operation : Migration
# Purpose : VP
# allow cameraserver surfaceflinger:file getattr;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
# allow cameraserver sysfs_lowmemorykiller:file { read open };
# Date : WK14.46
# Operation : Migration
# Purpose : for MTK Emulator HW GPU
# allow cameraserver qemu_pipe_device:chr_file rw_file_perms;
# Date : WK14.46
# Operation : Migration
# Purpose : for camera init
# allow cameraserver system_server:unix_stream_socket { read write };
# Data : WK14.46
# Operation : Migration
# Purpose : for SMS app
# allow cameraserver radio_data_file:dir search;
# allow cameraserver radio_data_file:file open;
# Data : WK14.47
# Operation : Launch camcorder from MMS
# Purpose : Camcorder
# allow cameraserver radio_data_file:file open;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
# allow cameraserver untrusted_app:dir search;
# Date : WK15.03
# Operation : Migration
# Purpose : offloadservice
# allow cameraserver offloadservice_device:chr_file rw_file_perms;
# Date : WK15.32
# Operation : Pre-sanity
# Purpose : 3A algorithm need to access sensor service
# allow cameraserver sensorservice_service:service_manager find;
# Date : WK15.35
# Operation : Migration
# Purpose: Allow cameraserver to read binder from surfaceflinger
# allow cameraserver surfaceflinger:fifo_file {read write};
# Date : WK15.46
# Operation : Migration
# Purpose : DPE Driver
# allow cameraserver camera_dpe_device:chr_file rw_file_perms;
# Date : WK15.46
# Operation : Migration
# Purpose : TSF Driver
# allow cameraserver camera_tsf_device:chr_file rw_file_perms;
# Date : WK16.20
# Operation : Migration
# Purpose: research root dir "/"
allow cameraserver tmpfs:dir search;
# Date : WK16.21
# Operation : Migration
# Purpose : EGL file access
allow cameraserver system_file:dir { read open };
allow cameraserver gpu_device:chr_file rw_file_perms;
allow cameraserver gpu_device:dir search;
# Date : WK16.32
# Operation : Migration
# Purpose : RSC Driver
# allow cameraserver camera_rsc_device:chr_file rw_file_perms;
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow cameraserver proc_ged:file rw_file_perms;
allowxperm cameraserver proc_ged:file ioctl { proc_ged_ioctls };
# Date : WK16.33
# Operation : Migration
# Purpose : GEPF Driver
# allow cameraserver camera_gepf_device:chr_file rw_file_perms;
# Date : WK16.35
# Operation : Migration
# Purpose : Update camera flashlight driver device file
# allow cameraserver flashlight_device:chr_file rw_file_perms;
# Data : WK16.42
# Operator: Whitney bring up
# Purpose: call surfaceflinger due to powervr
# allow cameraserver surfaceflinger:fifo_file rw_file_perms;
# Date : WK16.43
# Operation : Migration
# Purpose : WPE Driver
# allow cameraserver camera_wpe_device:chr_file rw_file_perms;
# Date : WK16.49
# Operation : label aee_aed sockets
# Purpose : Engineering mode need access for aee commmand
# userdebug_or_eng(`
# allow cameraserver aee_aed:unix_stream_socket connectto;
# ')
# Date : WK17.19
# Operation : Migration
# Purpose : OWE Driver
# allow cameraserver camera_owe_device:chr_file rw_file_perms;
# Date : WK17.25
# Operation : Migration
allow cameraserver debugfs_ion:dir search;
# Date : WK17.30
# Operation : O Migration
# Purpose: Allow to access cmdq driver
# allow cameraserver mtk_cmdq_device:chr_file { read ioctl open };
# Date : WK17.44
# Operation : Migration
# Purpose : DIP Driver
# allow cameraserver camera_dip_device:chr_file rw_file_perms;
# Date : WK17.44
# Operation : Migration
# Purpose : MFB Driver
# allow cameraserver camera_mfb_device:chr_file rw_file_perms;
# Date : WK17.49
# Operation : MT6771 SQC
# Purpose: Allow permgr access
allow cameraserver proc_perfmgr:dir {read search};
allow cameraserver proc_perfmgr:file r_file_perms;
allowxperm cameraserver proc_perfmgr:file ioctl {
PERFMGR_FPSGO_QUEUE
PERFMGR_FPSGO_DEQUEUE
PERFMGR_FPSGO_QUEUE_CONNECT
PERFMGR_FPSGO_BQID
};