Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy / 54a0b94b2204f20d443545b3ab949e0afbf766be / . / common / mediaserver.te
blob: 06980d79984b09141c5d8600c5b44242fea06cfc [file] [log] [blame]
Avijit Kanti Das0196c6a2014-07-23 23:44:35 -0700[diff] [blame]1# allow mediaserver to communicate with cnd
2unix_socket_connect(mediaserver, cnd, cnd)
Avijit Kanti Das36fb2c12014-10-06 15:21:57 -0700[diff] [blame]3
4allow mediaserver camera_device:chr_file rw_file_perms;
5unix_socket_send(mediaserver, camera, mm-qcamerad)
Avijit Kanti Das226cc032014-10-06 19:09:05 -0700[diff] [blame]6
Dinesh K Garge5bafbf2014-10-22 00:13:49 -0700[diff] [blame]7allow mediaserver tee_device:chr_file rw_file_perms;
Naveen Kumar9f752942014-11-01 10:39:13 -0700[diff] [blame]8allow mediaserver qdsp_device:chr_file r_file_perms;
Biswajit Paul64f83f62014-10-13 14:36:16 -0700[diff] [blame]9
10allow mediaserver self:socket create_socket_perms;
11
12binder_call(mediaserver, rild)
13
14qmux_socket(mediaserver)
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]15allow mediaserver camera_data_file:sock_file w_file_perms;
16
Jayasena Sangaraboinac9253472014-10-24 18:55:25 -0700[diff] [blame]17userdebug_or_eng(`
18 allow mediaserver camera_data_file:dir rw_dir_perms;
19 allow mediaserver camera_data_file:file create_file_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]20 # Access to audio
21 allow mediaserver debugfs:file rw_file_perms;
Jayasena Sangaraboinac9253472014-10-24 18:55:25 -0700[diff] [blame]22')
Avijit Kanti Dasfe61c2d2014-10-16 20:17:03 -0700[diff] [blame]23
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]24r_dir_file(mediaserver, sysfs_esoc)
Venkateshwarlu Domakonda612197a2014-11-07 18:04:55 +0530[diff] [blame]25allow mediaserver system_app_data_file:file rw_file_perms;
Alexy Josepha2ff47f2015-01-07 15:15:05 -0800[diff] [blame]26
27# allow mediaserver to write DTS files
28allow mediaserver dts_data_file:dir rw_dir_perms;
29allow mediaserver dts_data_file:file create_file_perms;
30
Vince Leung06bd7d82014-10-15 15:15:57 -0700[diff] [blame]31# access to perflock
32allow mediaserver mpctl_socket:dir r_dir_perms;
33unix_socket_send(mediaserver, mpctl, mpdecision)
34unix_socket_connect(mediaserver, mpctl, mpdecision)
Vince Leung358d6f32014-10-16 15:10:52 -0700[diff] [blame]35
36# access to perflock
37allow mediaserver mpctl_socket:dir r_dir_perms;
38unix_socket_send(mediaserver, mpctl, perfd)
39unix_socket_connect(mediaserver, mpctl, perfd)
Kurva Harisha86fd522014-11-19 17:06:16 -0800[diff] [blame]40
41# for thermal sock files
42unix_socket_connect(mediaserver, thermal, thermal-engine)
Praveen Chavandfd0d6c2015-01-08 15:00:42 -0800[diff] [blame]43
Biswajit Paul28439f92015-07-15 13:28:27 -0700[diff] [blame]44#This is required for thermal sysfs access
45r_dir_file(mediaserver, sysfs_thermal);
46
Praveen Chavandfd0d6c2015-01-08 15:00:42 -0800[diff] [blame]47#allow mediaserver to communicate with timedaemon
48allow mediaserver time_daemon:unix_stream_socket connectto;
Ravit Denniseef34992014-10-29 20:09:18 +0200[diff] [blame]49
50# Allow mediaserver to create socket files for audio arbitration
51allow mediaserver audio_data_file:sock_file { create setattr unlink };
52allow mediaserver audio_data_file:dir remove_name;
Srikanth Uyyala79af9682014-11-12 18:16:10 +0530[diff] [blame]53
Dhananjay Kumar8a0fb732015-09-04 12:39:39 +0530[diff] [blame]54# Allow mediaserver to create audio pp files
55allow mediaserver audio_pp_data_file:dir rw_dir_perms;
56allow mediaserver audio_pp_data_file:file create_file_perms;
57
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]58#Allow mediaserver to set camera properties
59allow mediaserver camera_prop:property_service set;
60
61#allow mediaserver to access wfdservice
62binder_call(mediaserver, wfdservice)
Manikanta Sivapala3c213112015-07-31 15:10:09 +0530[diff] [blame]63
64#allow mediaserver to access adsprpcd
65r_dir_file(mediaserver, adsprpcd_file);
Manikanta Sivapala40a38642015-02-08 00:04:32 +0530[diff] [blame]66
67#Allow mediaserver to connect to unix sockets for staproxy service
68allow mediaserver system_app:unix_stream_socket { connectto read write setopt };
69
70#Allow mediaserver to access service manager STAProxyService
Manoj Kumar AVM6d8f7392015-09-10 12:11:21 -0700[diff] [blame]71#Allow mediaserver to access service manager wfdservice
72allow mediaserver { STAProxyService wfdservice_service }:service_manager find;