Blame - common/mm-pp-daemon.te - platform_device_qcom_sepolicy-legacy

blob: ad8850e9dad5f8b227bc57de301058c9e85ed0c1 [file] [log] [blame]

Biswajit Paul	6786a92	2017-03-16 11:53:53 -0700	[diff] [blame]	1	type mm-pp-daemon, domain;
Ravi Kumar Siddojigari	c7def12	2017-06-13 00:49:19 +0530	[diff] [blame]	2	type mm-pp-daemon_exec, exec_type, vendor_file_type, file_type;
Avijit Kanti Das	808ae2f	2014-10-21 17:11:11 -0700	[diff] [blame]	3
				4	init_daemon_domain(mm-pp-daemon)
				5
Avijit Kanti Das	808ae2f	2014-10-21 17:11:11 -0700	[diff] [blame]	6	#Need to use fb ioctls to communicate with kernel
				7	allow mm-pp-daemon graphics_device:chr_file rw_file_perms;
Avijit Kanti Das	441bad4	2015-05-12 14:07:41 -0700	[diff] [blame]	8	allow mm-pp-daemon graphics_device:dir r_dir_perms;
Avijit Kanti Das	808ae2f	2014-10-21 17:11:11 -0700	[diff] [blame]	9
Nitesh Gupta	29d4b6a	2015-01-16 17:34:55 +0530	[diff] [blame]	10	# Allow reading/writing to '/persist/display/*'
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	11	# The color config file is dynamically created
Nitesh Gupta	29d4b6a	2015-01-16 17:34:55 +0530	[diff] [blame]	12	allow mm-pp-daemon persist_display_file:dir rw_dir_perms;
				13	allow mm-pp-daemon persist_display_file:file create_file_perms;
				14
				15	# Allow for directory search only to '/persist'
				16	allow mm-pp-daemon persist_file:dir search;
Avijit Kanti Das	808ae2f	2014-10-21 17:11:11 -0700	[diff] [blame]	17
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	18	# Allow reading/writing data config files
Bruno Martins	f689f7f	2018-09-16 23:23:14 +0100	[diff] [blame]	19	allow mm-pp-daemon display_vendor_data_file:dir create_dir_perms;
				20	allow mm-pp-daemon display_vendor_data_file:file create_file_perms;
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	21
Nirmal Abraham	117e831	2014-12-01 17:20:56 +0530	[diff] [blame]	22	# Allow read to sensor device and read/write to sensor socket
				23	allow mm-pp-daemon sensors_device:chr_file r_file_perms;
				24	allow mm-pp-daemon sensors_socket:sock_file rw_file_perms;
				25	allow mm-pp-daemon sensors:unix_stream_socket connectto;
				26
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	27
Rajesh Yadav	51e4b84	2017-04-19 14:54:04 +0530	[diff] [blame]	28	# Rule for IPC communication
				29	allow mm-pp-daemon qdisplay_service:service_manager find;
				30	vndbinder_use(mm-pp-daemon)
				31	hal_client_domain(mm-pp-daemon, hal_graphics_composer)
				32	allow mm-pp-daemon fwk_sensor_hwservice:hwservice_manager find;
Ravi Kumar Siddojigari	c7def12	2017-06-13 00:49:19 +0530	[diff] [blame]	33	# Allow service manager to find surface flinger service,
				34	# sensorservice service, permission_service, and power service (for
				35	# acquire wakelock)
				36	#allow mm-pp-daemon { surfaceflinger_service sensorservice_service
				37	# permission_service power_service }:service_manager find;
				38	# Allow mm-pp-daemon to call binder for screen refresh
				39	#binder_use(mm-pp-daemon)
Krishna Chaitanya Parimi	b96f833	2015-01-16 11:08:29 +0530	[diff] [blame]	40	binder_call(mm-pp-daemon, system_server)
Krishna Chaitanya Parimi	b96f833	2015-01-16 11:08:29 +0530	[diff] [blame]	41
Avijit Kanti Das	808ae2f	2014-10-21 17:11:11 -0700	[diff] [blame]	42	userdebug_or_eng(`
Avijit Kanti Das	441bad4	2015-05-12 14:07:41 -0700	[diff] [blame]	43	# This allows pp-daemon to use shell commands to blank
				44	# the display - it uses input keyevent to do this
Ravi Kumar Siddojigari	c7def12	2017-06-13 00:49:19 +0530	[diff] [blame]	45	allow mm-pp-daemon { vendor_shell_exec
				46	#zygote_exec
				47	}:file rx_file_perms;
Avijit Kanti Das	441bad4	2015-05-12 14:07:41 -0700	[diff] [blame]	48	allow mm-pp-daemon system_file:file x_file_perms;
				49	allow mm-pp-daemon self:process ptrace;
Krishna Chaitanya Parimi	8c8f3b4	2015-06-26 12:05:43 +0530	[diff] [blame]	50
Nirmal Abraham	7759338	2016-10-14 15:10:20 +0530	[diff] [blame]	51
				52	# This allow pp-daemon access to diag
				53	diag_use(mm-pp-daemon)
Avijit Kanti Das	808ae2f	2014-10-21 17:11:11 -0700	[diff] [blame]	54	')
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	55
Rajesh Yadav	51e4b84	2017-04-19 14:54:04 +0530	[diff] [blame]	56	# Allow mm-pp-daemon to change the brightness
				57	allow mm-pp-daemon sysfs_leds:dir r_dir_perms;
				58	allow mm-pp-daemon sysfs_leds:file rw_file_perms;
				59	allow mm-pp-daemon sysfs_leds:lnk_file read;
Ch Ganesh Kumar	c04e426	2017-06-08 19:51:24 +0530	[diff] [blame]	60	allow mm-pp-daemon sysfs_graphics:dir r_dir_perms;
Rajesh Yadav	51e4b84	2017-04-19 14:54:04 +0530	[diff] [blame]	61	allow mm-pp-daemon sysfs_graphics:file rw_file_perms;
Sravan Kumar D.V.N	f1ae735	2017-06-14 16:57:07 +0530	[diff] [blame]	62	allow mm-pp-daemon sysfs_data:file r_file_perms;
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	63
sahil madeka	a3608c9	2017-05-12 15:41:40 -0700	[diff] [blame]	64	userdebug_or_eng(`
				65	set_prop(mm-pp-daemon, debug_prop)
				66	')
				67
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	68	# Allow socket calls in pp-daemon
Zohaib Alam	bbd4175	2014-11-13 09:12:02 -0500	[diff] [blame]	69	unix_socket_connect(mm-pp-daemon, pps, init)
Biswajit Paul	a143265	2015-01-22 15:19:38 -0800	[diff] [blame]	70
				71	allow mm-pp-daemon init:unix_stream_socket { listen accept };
Ping Li	e7a5e64	2015-07-10 16:02:08 -0700	[diff] [blame]	72
				73	# Allow connections between sensor manager and mm-pp-daemon
Ravi Kumar Siddojigari	c7def12	2017-06-13 00:49:19 +0530	[diff] [blame]	74	#allow mm-pp-daemon system_server:unix_stream_socket rw_socket_perms;
Biswajit Paul	f63bd14	2017-03-16 16:41:02 -0700	[diff] [blame]	75
				76	# access lcd-backlight
				77	r_dir_file(mm-pp-daemon, sysfs_leds)