non_plat/system_app.te - device/mediatek/wembley-sepolicy - Git at Google

 # ==============================================
 # MTK Policy Rule
 # ==============================================

 typeattribute system_app mlstrustedsubject;

 # Date : 2017/07/21
 # Purpose :[CdsInfo] read/ write WI-FI MAC address by NVRAM API
 # Package Name: com.mediatek.connectivity
 hal_client_domain(system_app, hal_nvramagent);

 hal_client_domain(system_app, mtk_hal_lbs)

 #Dat: 2017/02/14
 #Purpose: allow set telephony Sensitive property
 get_prop(system_app, vendor_mtk_telephony_sensitive_prop)


 # Date : WK17.12
 # Operation : MT6799 SQC
 # Purpose : Change thermal config
 get_prop(system_app, vendor_mtk_thermal_config_prop)

 # Date : 2017/11/07
 # Operation : Migration
 # Purpose : CAT need copy exception db file from data folder
 # Package: CAT tool
 allow system_app aee_exp_data_file:file r_file_perms;
 allow system_app aee_exp_data_file:dir r_dir_perms;

 # Date: 2019/06/14
 # Operation : Migration
 # Purpose : system_app need vendor_default_prop
 # GOOGLE: Commented out for b/169606103
 #get_prop(system_app, vendor_default_prop)

 # Date: 2019/07/16
 # Operation : Migration
 # Purpose : system_app need use hdmi service and create socktet
 allow system_app mtk_hal_hdmi_hwservice:hwservice_manager find;
 allow system_app mtk_hal_hdmi:binder call;
 allow system_app self:netlink_kobject_uevent_socket {read bind create setopt };
 # system_app need to read from sysfs /sys/class/switch/hdmi/state
 r_dir_file(system_app, sysfs_switch);

 # Date: 2020/06/08
 # Purpose: Allow system app to access mtk jpeg
 allow system_app proc_mtk_jpeg:file rw_file_perms;
 allowxperm system_app proc_mtk_jpeg:file ioctl {
       JPG_BRIDGE_DEC_IO_LOCK
       JPG_BRIDGE_DEC_IO_WAIT
       JPG_BRIDGE_DEC_IO_UNLOCK
 };

 # Date: 2020/06/29
 # Purpose: Allow system app to access mtk fpsgo
 allow system_app sysfs_fpsgo:dir search;
 allow system_app sysfs_fpsgo:file r_file_perms;

 # Date 2021/03/29
 # Purpose: To support System navigation selection
 allow system_app mtk_cmdq_device:chr_file read;
 allow system_app mtk_cmdq_device:chr_file open;
 allow system_app mtk_cmdq_device:chr_file ioctl;
 allow system_app mtk_mdp_sync:chr_file read;
 allow system_app mtk_mdp_sync:chr_file open;
 allow system_app mtk_mdp_sync:chr_file ioctl;
	# ==============================================
	# MTK Policy Rule
	# ==============================================

	typeattribute system_app mlstrustedsubject;

	# Date : 2017/07/21
	# Purpose :[CdsInfo] read/ write WI-FI MAC address by NVRAM API
	# Package Name: com.mediatek.connectivity
	hal_client_domain(system_app, hal_nvramagent);

	hal_client_domain(system_app, mtk_hal_lbs)

	#Dat: 2017/02/14
	#Purpose: allow set telephony Sensitive property
	get_prop(system_app, vendor_mtk_telephony_sensitive_prop)


	# Date : WK17.12
	# Operation : MT6799 SQC
	# Purpose : Change thermal config
	get_prop(system_app, vendor_mtk_thermal_config_prop)

	# Date : 2017/11/07
	# Operation : Migration
	# Purpose : CAT need copy exception db file from data folder
	# Package: CAT tool
	allow system_app aee_exp_data_file:file r_file_perms;
	allow system_app aee_exp_data_file:dir r_dir_perms;

	# Date: 2019/06/14
	# Operation : Migration
	# Purpose : system_app need vendor_default_prop
	# GOOGLE: Commented out for b/169606103
	#get_prop(system_app, vendor_default_prop)

	# Date: 2019/07/16
	# Operation : Migration
	# Purpose : system_app need use hdmi service and create socktet
	allow system_app mtk_hal_hdmi_hwservice:hwservice_manager find;
	allow system_app mtk_hal_hdmi:binder call;
	allow system_app self:netlink_kobject_uevent_socket {read bind create setopt };
	# system_app need to read from sysfs /sys/class/switch/hdmi/state
	r_dir_file(system_app, sysfs_switch);

	# Date: 2020/06/08
	# Purpose: Allow system app to access mtk jpeg
	allow system_app proc_mtk_jpeg:file rw_file_perms;
	allowxperm system_app proc_mtk_jpeg:file ioctl {
	JPG_BRIDGE_DEC_IO_LOCK
	JPG_BRIDGE_DEC_IO_WAIT
	JPG_BRIDGE_DEC_IO_UNLOCK
	};

	# Date: 2020/06/29
	# Purpose: Allow system app to access mtk fpsgo
	allow system_app sysfs_fpsgo:dir search;
	allow system_app sysfs_fpsgo:file r_file_perms;

	# Date 2021/03/29
	# Purpose: To support System navigation selection
	allow system_app mtk_cmdq_device:chr_file read;
	allow system_app mtk_cmdq_device:chr_file open;
	allow system_app mtk_cmdq_device:chr_file ioctl;
	allow system_app mtk_mdp_sync:chr_file read;
	allow system_app mtk_mdp_sync:chr_file open;
	allow system_app mtk_mdp_sync:chr_file ioctl;