You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 lines
2.9 KiB
75 lines
2.9 KiB
# ==============================================================================
|
|
# Type Declaration
|
|
# ==============================================================================
|
|
type merged_hal_service, domain;
|
|
#type merged_hal_service, domain;
|
|
type merged_hal_service_exec, exec_type, file_type, vendor_file_type;
|
|
|
|
init_daemon_domain(merged_hal_service)
|
|
|
|
hwbinder_use(merged_hal_service)
|
|
hal_server_domain(merged_hal_service, hal_vibrator)
|
|
hal_server_domain(merged_hal_service, hal_light)
|
|
hal_server_domain(merged_hal_service, hal_power)
|
|
hal_server_domain(merged_hal_service, hal_thermal)
|
|
hal_server_domain(merged_hal_service, hal_memtrack)
|
|
|
|
#mtk libs_hidl_service permissions
|
|
hal_server_domain(merged_hal_service, mtk_hal_lbs)
|
|
vndbinder_use(merged_hal_service)
|
|
#r_dir_file(merged_hal_service, system_file)
|
|
unix_socket_connect(merged_hal_service, agpsd, mtk_agpsd);
|
|
allow merged_hal_service mtk_agpsd:unix_dgram_socket sendto;
|
|
|
|
#mtk_gnss permissions
|
|
hal_server_domain(merged_hal_service, hal_gnss);
|
|
allow merged_hal_service mnld_data_file:sock_file create_file_perms;
|
|
allow merged_hal_service mnld_data_file:sock_file rw_file_perms;
|
|
allow merged_hal_service mnld_data_file:dir create_file_perms;
|
|
allow merged_hal_service mnld_data_file:dir rw_dir_perms;
|
|
allow merged_hal_service mnld:unix_dgram_socket sendto;
|
|
|
|
#graphics allocator permissions
|
|
hal_server_domain(merged_hal_service, hal_graphics_allocator)
|
|
allow merged_hal_service gpu_device:dir search;
|
|
allow merged_hal_service sw_sync_device:chr_file rw_file_perms;
|
|
allow merged_hal_service debugfs_ion:dir search;
|
|
allow merged_hal_service debugfs_tracing:file write;
|
|
allow merged_hal_service debugfs_tracing:file open;
|
|
|
|
#for ape hidl permissions
|
|
hal_server_domain(merged_hal_service,hal_mtkcodecservice)
|
|
allow merged_hal_service hidl_allocator_hwservice:hwservice_manager find;
|
|
allow merged_hal_service hidl_memory_hwservice:hwservice_manager find;
|
|
hal_client_domain(merged_hal_service, hal_allocator)
|
|
|
|
#for default drm permissions
|
|
hal_server_domain(merged_hal_service, hal_drm)
|
|
allow merged_hal_service mediacodec:fd use;
|
|
allow merged_hal_service { appdomain -isolated_app }:fd use;
|
|
allow merged_hal_service debugfs_tracing:file write;
|
|
|
|
# Date : WK18.23
|
|
# Operation : P Migration
|
|
# Purpose : add grant permission for Thermal HAL mtktz and proc
|
|
allow merged_hal_service proc_mtktz:dir search;
|
|
allow merged_hal_service proc_mtktz:file {open read getattr};
|
|
allow merged_hal_service proc_stat:file {open read getattr };
|
|
|
|
#for uevent handle
|
|
allow merged_hal_service self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
|
|
|
#for thermal sysfs
|
|
allow merged_hal_service sysfs_therm:file w_file_perms;
|
|
allow merged_hal_service sysfs_therm:file r_file_perms;
|
|
allow merged_hal_service sysfs_therm:dir search;
|
|
|
|
|
|
# Date : WK19.11
|
|
# Operation : Q Migration
|
|
allowxperm merged_hal_service proc_ged:file ioctl { proc_ged_ioctls };
|
|
|
|
# Date: 2019/06/14
|
|
# Operation : Migration
|
|
allow merged_hal_service nvram_agent_binder_hwservice:hwservice_manager find;
|