Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy / 2320dcdc4b9c565b9ee683aad9a2e63d8884cd1e / . / common / mediaserver.te
blob: a65142536e89907a4bc3356c6506b9fe642a1404 [file] [log] [blame]
Avijit Kanti Das0196c6a2014-07-23 23:44:35 -0700[diff] [blame]1# allow mediaserver to communicate with cnd
2unix_socket_connect(mediaserver, cnd, cnd)
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]3
4allow mediaserver camera_device:chr_file rw_file_perms;
5unix_socket_send(mediaserver, camera, mm-qcamerad)
Avijit Kanti Das226cc032014-10-06 19:09:05 -0700[diff] [blame]6
Dinesh K Garge5bafbf2014-10-22 00:13:49 -0700[diff] [blame]7allow mediaserver tee_device:chr_file rw_file_perms;
Naveen Kumar9f752942014-11-01 10:39:13 -0700[diff] [blame]8allow mediaserver qdsp_device:chr_file r_file_perms;
Biswajit Paul64f83f62014-10-13 14:36:16 -0700[diff] [blame]9
10allow mediaserver self:socket create_socket_perms;
11
12binder_call(mediaserver, rild)
13
14qmux_socket(mediaserver)
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]15allow mediaserver camera_data_file:sock_file w_file_perms;
16
Jayasena Sangaraboinac9253472014-10-24 18:55:25 -0700[diff] [blame]17userdebug_or_eng(`
18 allow mediaserver camera_data_file:dir rw_dir_perms;
19 allow mediaserver camera_data_file:file create_file_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]20 # Access to audio
21 allow mediaserver debugfs:file rw_file_perms;
Jayasena Sangaraboinac9253472014-10-24 18:55:25 -0700[diff] [blame]22')
Avijit Kanti Dasfe61c2d2014-10-16 20:17:03 -0700[diff] [blame]23
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]24r_dir_file(mediaserver, sysfs_esoc)
Venkateshwarlu Domakonda612197a2014-11-07 18:04:55 +0530[diff] [blame]25allow mediaserver system_app_data_file:file rw_file_perms;
Alexy Josepha2ff47f2015-01-07 15:15:05 -0800[diff] [blame]26
27# allow mediaserver to write DTS files
28allow mediaserver dts_data_file:dir rw_dir_perms;
29allow mediaserver dts_data_file:file create_file_perms;
30
Vince Leung06bd7d82014-10-15 15:15:57 -0700[diff] [blame]31# access to perflock
32allow mediaserver mpctl_socket:dir r_dir_perms;
33unix_socket_send(mediaserver, mpctl, mpdecision)
34unix_socket_connect(mediaserver, mpctl, mpdecision)
Vince Leung358d6f32014-10-16 15:10:52 -0700[diff] [blame]35
36# access to perflock
37allow mediaserver mpctl_socket:dir r_dir_perms;
38unix_socket_send(mediaserver, mpctl, perfd)
39unix_socket_connect(mediaserver, mpctl, perfd)
Kurva Harisha86fd522014-11-19 17:06:16 -0800[diff] [blame]40
41# for thermal sock files
42unix_socket_connect(mediaserver, thermal, thermal-engine)
Praveen Chavandfd0d6c2015-01-08 15:00:42 -0800[diff] [blame]43
44#allow mediaserver to communicate with timedaemon
45allow mediaserver time_daemon:unix_stream_socket connectto;
Ravit Denniseef34992014-10-29 20:09:18 +0200[diff] [blame]46
47# Allow mediaserver to create socket files for audio arbitration
48allow mediaserver audio_data_file:sock_file { create setattr unlink };
49allow mediaserver audio_data_file:dir remove_name;
Srikanth Uyyala79af9682014-11-12 18:16:10 +0530[diff] [blame]50
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]51#Allow mediaserver to set camera properties
52allow mediaserver camera_prop:property_service set;
53
54#allow mediaserver to access wfdservice
55binder_call(mediaserver, wfdservice)