r_non_plat/atci_service.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

# ==============================================
# Policy File of /vendor/bin/atci_service Executable File
# ==============================================

# ==============================================
# MTK Policy Rule
# ==============================================
type atci_service, domain;
type atci_service_exec, exec_type, file_type, vendor_file_type;

init_daemon_domain(atci_service)

allow atci_service block_device:dir search;
allow atci_service misc2_block_device:blk_file { open read write };
allow atci_service misc2_device:chr_file { open read write };
allow atci_service camera_isp_device:chr_file { read write ioctl open };
allow atci_service graphics_device:chr_file { read write ioctl open };
allow atci_service graphics_device:dir search;
allow atci_service kd_camera_hw_device:chr_file { read write ioctl open };
allow atci_service self:capability { sys_nice ipc_lock };
allow atci_service nvram_device:chr_file { read write open ioctl };
allow atci_service camera_isp_device:chr_file { read write ioctl open };
allow atci_service camera_sysram_device:chr_file { read ioctl open };
allow atci_service camera_tsf_device:chr_file rw_file_perms;
allow atci_service camera_rsc_device:chr_file rw_file_perms;
allow atci_service camera_gepf_device:chr_file rw_file_perms;
allow atci_service camera_fdvt_device:chr_file rw_file_perms;
allow atci_service camera_wpe_device:chr_file rw_file_perms;
allow atci_service camera_owe_device:chr_file rw_file_perms;
allow atci_service kd_camera_flashlight_device:chr_file { read write ioctl open };
allow atci_service ccu_device:chr_file { read write ioctl open };
allow atci_service vpu_device:chr_file { read write ioctl open };
allow atci_service MTK_SMI_device:chr_file { open read write ioctl };
allow atci_service DW9714AF_device:chr_file { read write ioctl open };
allow atci_service devmap_device:chr_file { open read write ioctl };
allow atci_service sdcard_type:dir { search write read open add_name remove_name create getattr setattr };
allow atci_service sdcard_type:file { setattr read create write getattr unlink open append };
allow atci_service mediaserver:binder call;
#allow atci_service system_server:unix_stream_socket { read write };
allow atci_service self:capability sys_boot;

# Date : 2015/09/17
# Operation : M-Migration
# Purpose : to operation CCT tool
allow atci_service nvram_device:blk_file { open read write };
allow atci_service input_device:dir { open read search };
allow atci_service input_device:file { open read write ioctl };
allow atci_service input_device:chr_file { open read write ioctl };
allow atci_service MAINAF_device:chr_file { open read write ioctl };
allow atci_service MAIN2AF_device:chr_file { open read write ioctl };
allow atci_service SUBAF_device:chr_file { open read write ioctl };
allow atci_service tmpfs:lnk_file read;
allow atci_service self:capability2 block_suspend;

# Date : 2015/10/13
# Operation : M-Migration
# Purpose : to operation CCT tool
#allow atci_service mediaserver_service:service_manager find;
allow atci_service mnt_user_file:dir search;
allow atci_service mnt_user_file:lnk_file read;
#allow atci_service mtk_perf_service:service_manager find;
#allow atci_service sensorservice_service:service_manager find;
allow atci_service storage_file:lnk_file read;
#allow atci_service media_rw_data_file:dir { write search create add_name };
#allow atci_service media_rw_data_file:file { read write create open };

#============= atci_service ==============
allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open};

set_prop(atci_service, mtk_em_prop)

# Date : 2016/03/02
# Operation : M-Migration
# Purpose : to support ATCI touch tool
allow atci_service vendor_shell_exec:file { read execute open execute_no_trans };

# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow atci_service proc_ged:file rw_file_perms;

# Date : WK16.35
# Operation : Migration
# Purpose : Update camera flashlight driver device file
allow atci_service flashlight_device:chr_file { read write ioctl open };

# Date : WK17.01
# Operation : Migration
# Purpose : Update AT_Command NFC function
allow atci_service factory_data_file:sock_file write;

# Date : WK17.23
# Stage: O Migration, SQC
# Purpose: Allow to use HAL PQ
hal_client_domain(atci_service, hal_pq)

# Date : WK17.28
# Purpose : Allow to execute battery command
allow atci_service MT_pmic_adc_cali_device:chr_file rw_file_perms;

# Date : WK17.43
# Purpose : CCT
allow atci_service CAM_CAL_DRV_device:chr_file rw_file_perms;
allow atci_service CAM_CAL_DRV1_device:chr_file rw_file_perms;
allow atci_service CAM_CAL_DRV2_device:chr_file rw_file_perms;
allow atci_service fwk_sensor_hwservice:hwservice_manager find;
allow atci_service hidl_allocator_hwservice:hwservice_manager find;
allow atci_service hidl_memory_hwservice:hwservice_manager find;
allow atci_service ion_device:chr_file { read ioctl open };
allow atci_service mtk_cmdq_device:chr_file { read ioctl open };
allow atci_service mtk_mdp_device:chr_file rw_file_perms;
allow atci_service sw_sync_device:chr_file rw_file_perms;
allow atci_service mtk_hal_power:binder call;
allow atci_service mtk_hal_power_hwservice:hwservice_manager find;
allow atci_service sysfs_batteryinfo:dir search;
allow atci_service sysfs_batteryinfo:file { read getattr open };
allow atci_service system_file:dir { read open };
allow atci_service camera_pipemgr_device:chr_file { read ioctl open };
allow atci_service mtkcam_prop:file { read getattr open };
allow atci_service mtk_hal_camera:binder call;
allow atci_service debugfs_ion:dir search;
allow atci_service sysfs_tpd_setting:file { read write open getattr };
allow atci_service sysfs_vibrator_setting:file { read write open getattr };
allow atci_service sysfs_leds_setting:file { read write open getattr };
allow atci_service vendor_toolbox_exec:file { read getattr open execute execute_no_trans };

# Date : WK18.21
# Purpose: Allow to use HIDL
hwbinder_use(atci_service)
hal_client_domain(atci_service, hal_atci)

# Date : WK18.26
# Purpose: Allow gps socket sendto
allow atci_service mnld:unix_dgram_socket sendto;

# Date : WK18.35
# Purpose : allow CCT to allocate memory
hal_client_domain(atci_service, hal_allocator);