blob: 318cf2e392bdbbc8874ad204360698f5468b9e65 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
|
# ==============================================================================
# Policy File of /system/bin/cameraserver Executable File
# ==============================================
# MTK Policy Rule
# ==============================================
# -----------------------------------
# Android O
# Purpose: Allow cameraserver to perform binder IPC to servers and callbacks.
# -----------------------------------
# call camerahalserver
binder_call(cameraserver, mtk_hal_camera)
# call the graphics allocator hal
binder_call(cameraserver, hal_graphics_allocator)
# -----------------------------------
# Android O
# Purpose: Debugging
# -----------------------------------
# Purpose: adb shell dumpsys media.camera --unreachable
allow cameraserver self:process { ptrace };
# -----------------------------------
# Purpose: property access
# -----------------------------------
allow cameraserver mtkcam_prop:file { open read getattr };
# Date : WK14.31
# Operation : Migration
# Purpose : camera devices access.
# allow cameraserver camera_isp_device:chr_file rw_file_perms;
# allow cameraserver ccu_device:chr_file rw_file_perms;
# allow cameraserver vpu_device:chr_file rw_file_perms;
# allow cameraserver kd_camera_hw_device:chr_file rw_file_perms;
# allow cameraserver seninf_device:chr_file rw_file_perms;
# allow cameraserver self:capability { setuid ipc_lock sys_nice };
# allow cameraserver sysfs_wake_lock:file rw_file_perms;
# allow cameraserver MTK_SMI_device:chr_file r_file_perms;
# allow cameraserver camera_pipemgr_device:chr_file r_file_perms;
# allow cameraserver kd_camera_flashlight_device:chr_file rw_file_perms;
# allow cameraserver lens_device:chr_file rw_file_perms;
# allow cameraserver nvdata_file:lnk_file read;
# Date : WK14.34
# Operation : Migration
# Purpose : nvram access (dumchar case for nand and legacy chip)
# allow cameraserver nvram_device:chr_file rw_file_perms;
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
# #allow cameraserver self:netlink_kobject_uevent_socket { create setopt bind };
# allow cameraserver self:capability { net_admin };
# Date : WK14.34
# Operation : Migration
# Purpose : VP/VR
# allow cameraserver devmap_device:chr_file { ioctl };
# Date : WK14.36
# Operation : Migration
# Purpose : media server and bt process communication for A2DP data.and other control flow
# allow cameraserver bluetooth:unix_dgram_socket sendto;
# allow cameraserver bt_a2dp_stream_socket:sock_file write;
# allow cameraserver bt_int_adp_socket:sock_file write;
# Date : WK14.37
# Operation : Migration
# Purpose : camera ioctl
# allow cameraserver camera_sysram_device:chr_file r_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : VDEC/VENC device node
# allow cameraserver Vcodec_device:chr_file rw_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : access nvram, otp, ccci cdoec devices.
# allow cameraserver MtkCodecService:binder call;
# allow cameraserver ccci_device:chr_file rw_file_perms;
# allow cameraserver eemcs_device:chr_file rw_file_perms;
# allow cameraserver devmap_device:chr_file r_file_perms;
# allow cameraserver ebc_device:chr_file rw_file_perms;
# allow cameraserver nvram_device:blk_file rw_file_perms;
# allow cameraserver bootdevice_block_device:blk_file rw_file_perms;
# Date : WK14.36
# Operation : Migration
# Purpose : for SW codec VP/VR
# allow cameraserver mtk_sched_device:chr_file rw_file_perms;
# Date : WK14.38
# Operation : Migration
# Purpose : NVRam access
# allow cameraserver block_device:dir { write search };
# Date : WK14.38
# Operation : Migration
# Purpose : FM driver access
# allow cameraserver fm_device:chr_file rw_file_perms;
# Data : WK14.38
# Operation : Migration
# Purpose : for VP/VR
# allow cameraserver block_device:dir search;
# allow cameraserver FM50AF_device:chr_file rw_file_perms;
# allow cameraserver AD5820AF_device:chr_file rw_file_perms;
# allow cameraserver DW9714AF_device:chr_file rw_file_perms;
# allow cameraserver DW9814AF_device:chr_file rw_file_perms;
# allow cameraserver AK7345AF_device:chr_file rw_file_perms;
# allow cameraserver DW9714A_device:chr_file rw_file_perms;
# allow cameraserver LC898122AF_device:chr_file rw_file_perms;
# allow cameraserver LC898212AF_device:chr_file rw_file_perms;
# allow cameraserver BU6429AF_device:chr_file rw_file_perms;
# allow cameraserver DW9718AF_device:chr_file rw_file_perms;
# allow cameraserver BU64745GWZAF_device:chr_file rw_file_perms;
# allow cameraserver MAINAF_device:chr_file rw_file_perms;
# allow cameraserver MAIN2AF_device:chr_file rw_file_perms;
# allow cameraserver SUBAF_device:chr_file rw_file_perms;
# Data : WK14.38
# Operation : Migration
# Purpose : for boot animation.
# allow cameraserver bootanim:binder { transfer call };
# allow cameraserver mtkbootanimation:binder { transfer call };
# Data : WK14.38
# Operation : Migration
# Purpose : dump for debug
# allow cameraserver sdcard_type:file append;
# Date : WK14.39
# Operation : Migration
# Purpose : FDVT Driver
# allow cameraserver camera_fdvt_device:chr_file rw_file_perms;
# Date : WK14.39
# Operation : Migration
# Purpose : APE PLAYBACK
# binder_call(cameraserver, MtkCodecService)
# Data : WK14.39
# Operation : Migration
# Purpose : HW encrypt SW codec
# allow cameraserver sec_device:chr_file r_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : HDMI driver access
allow cameraserver graphics_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : Smartpa
# allow cameraserver smartpa_device:chr_file rw_file_perms;
# Date : WK14.40
# Operation : Migration
# Purpose : mtk_jpeg
# allow cameraserver mtk_jpeg_device:chr_file r_file_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : WFD HID Driver
# allow cameraserver uhid_device:chr_file rw_file_perms;
# Date : WK14.41
# Operation : Migration
# Purpose : Camera EEPROM Calibration
# allow cameraserver CAM_CAL_DRV_device:chr_file rw_file_perms;
# allow cameraserver CAM_CAL_DRV1_device:chr_file rw_file_perms;
# allow cameraserver CAM_CAL_DRV2_device:chr_file rw_file_perms;
# Date : WK14.43
# Operation : Migration
# Purpose : VOW
# allow cameraserver vow_device:chr_file rw_file_perms;
# Date: WK14.44
# Operation : Migration
# Purpose : EVDO
# allow cameraserver rpc_socket:sock_file write;
# allow cameraserver ttySDIO_device:chr_file rw_file_perms;
# Data: WK14.44
# Operation : Migration
# Purpose : VP
# allow cameraserver surfaceflinger:file getattr;
# Data: WK14.44
# Operation : Migration
# Purpose : for low SD card latency issue
# allow cameraserver sysfs_lowmemorykiller:file { read open };
# Date : WK14.46
# Operation : Migration
# Purpose : for MTK Emulator HW GPU
# allow cameraserver qemu_pipe_device:chr_file rw_file_perms;
# Date : WK14.46
# Operation : Migration
# Purpose : for camera init
# allow cameraserver system_server:unix_stream_socket { read write };
# Data : WK14.46
# Operation : Migration
# Purpose : for SMS app
# allow cameraserver radio_data_file:dir search;
# allow cameraserver radio_data_file:file open;
# Data : WK14.47
# Operation : Launch camcorder from MMS
# Purpose : Camcorder
# allow cameraserver radio_data_file:file open;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
# allow cameraserver untrusted_app:dir search;
# Date : WK15.03
# Operation : Migration
# Purpose : offloadservice
# allow cameraserver offloadservice_device:chr_file rw_file_perms;
# Date : WK15.32
# Operation : Pre-sanity
# Purpose : 3A algorithm need to access sensor service
# allow cameraserver sensorservice_service:service_manager find;
# Date : WK15.35
# Operation : Migration
# Purpose: Allow cameraserver to read binder from surfaceflinger
# allow cameraserver surfaceflinger:fifo_file {read write};
# Date : WK15.46
# Operation : Migration
# Purpose : DPE Driver
# allow cameraserver camera_dpe_device:chr_file rw_file_perms;
# Date : WK15.46
# Operation : Migration
# Purpose : TSF Driver
# allow cameraserver camera_tsf_device:chr_file rw_file_perms;
# Date : WK16.20
# Operation : Migration
# Purpose: research root dir "/"
allow cameraserver tmpfs:dir search;
# Date : WK16.21
# Operation : Migration
# Purpose : EGL file access
allow cameraserver system_file:dir { read open };
allow cameraserver gpu_device:chr_file rw_file_perms;
allow cameraserver gpu_device:dir search;
# Date : WK16.32
# Operation : Migration
# Purpose : RSC Driver
# allow cameraserver camera_rsc_device:chr_file rw_file_perms;
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow cameraserver proc_ged:file rw_file_perms;
allowxperm cameraserver proc_ged:file ioctl { proc_ged_ioctls };
# Date : WK16.33
# Operation : Migration
# Purpose : GEPF Driver
# allow cameraserver camera_gepf_device:chr_file rw_file_perms;
# Date : WK16.35
# Operation : Migration
# Purpose : Update camera flashlight driver device file
# allow cameraserver flashlight_device:chr_file rw_file_perms;
# Data : WK16.42
# Operator: Whitney bring up
# Purpose: call surfaceflinger due to powervr
# allow cameraserver surfaceflinger:fifo_file rw_file_perms;
# Date : WK16.43
# Operation : Migration
# Purpose : WPE Driver
# allow cameraserver camera_wpe_device:chr_file rw_file_perms;
# Date : WK16.49
# Operation : label aee_aed sockets
# Purpose : Engineering mode need access for aee commmand
# userdebug_or_eng(`
# allow cameraserver aee_aed:unix_stream_socket connectto;
# ')
# Date : WK17.19
# Operation : Migration
# Purpose : OWE Driver
# allow cameraserver camera_owe_device:chr_file rw_file_perms;
# Date : WK17.25
# Operation : Migration
allow cameraserver debugfs_ion:dir search;
# Date : WK17.30
# Operation : O Migration
# Purpose: Allow to access cmdq driver
# allow cameraserver mtk_cmdq_device:chr_file { read ioctl open };
# Date : WK17.44
# Operation : Migration
# Purpose : DIP Driver
# allow cameraserver camera_dip_device:chr_file rw_file_perms;
# Date : WK17.44
# Operation : Migration
# Purpose : MFB Driver
# allow cameraserver camera_mfb_device:chr_file rw_file_perms;
# Date : WK17.49
# Operation : MT6771 SQC
# Purpose: Allow permgr access
allow cameraserver proc_perfmgr:dir {read search};
allow cameraserver proc_perfmgr:file r_file_perms;
allowxperm cameraserver proc_perfmgr:file ioctl {
PERFMGR_FPSGO_QUEUE
PERFMGR_FPSGO_DEQUEUE
PERFMGR_FPSGO_QUEUE_CONNECT
PERFMGR_FPSGO_BQID
};
|
