blob: 9cc050e6f16c6daf4d8fed0dcbbdadc67793cb04 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
# ==============================================
# MTK Policy Rule
# ============
# for debug purpose
allow surfaceflinger self:capability { net_admin sys_nice };
allow surfaceflinger self:netlink_socket { read bind create };
allow surfaceflinger debug_prop:property_service set;
file_type_auto_trans(surfaceflinger, system_data_file, sf_bqdump_data_file);
allow surfaceflinger anr_data_file:dir { write search create add_name };
allow surfaceflinger anr_data_file:file { create write};
allow surfaceflinger aee_exp_data_file:file write;
allow surfaceflinger custom_file:dir search;
binder_call(surfaceflinger, debuggerd)
allow surfaceflinger aee_dumpsys_data_file:file write;
allow surfaceflinger RT_Monitor_device:chr_file { read ioctl open };
# watch dog use shell to move debug file
allow surfaceflinger shell_exec:file { read execute open execute_no_trans };
# for using toolbox
allow surfaceflinger system_file:file x_file_perms;
# for sf_dump
userdebug_or_eng(`
allow surfaceflinger sf_bqdump_data_file:{dir file} {relabelto open create read write getattr };
allow surfaceflinger sf_bqdump_data_file:dir {search add_name};
')
# for driver access
allow surfaceflinger sw_sync_device:chr_file { read write open ioctl getattr };
allow surfaceflinger MTK_SMI_device:chr_file { read write open ioctl };
# for bootanimation
allow surfaceflinger bootanim:dir search;
allow surfaceflinger bootanim:file { read getattr open };
allow surfaceflinger self:capability dac_override;
# for ipo
allow surfaceflinger ipod:dir search;
binder_call(surfaceflinger, ipod)
# for MTK Emulator HW GPU
allow surfaceflinger qemu_pipe_device:chr_file rw_file_perms;
# for SVP secure memory allocation
allow surfaceflinger proc_secmem:file { read write open ioctl };
# for watchdog
allow surfaceflinger anr_data_file:dir { relabelfrom read remove_name getattr };
allow surfaceflinger anr_data_file:file { rename getattr unlink open };
allow surfaceflinger sf_rtt_file:dir { create search write add_name remove_name};
allow surfaceflinger sf_rtt_file:file { open read write create rename append getattr unlink};
allow surfaceflinger sf_rtt_file:dir {relabelto getattr};
# for system shrinks memory pages when low memory
allow surfaceflinger platform_app_tmpfs:file write;
allow surfaceflinger isolated_app_tmpfs:file write;
allow surfaceflinger untrusted_app_tmpfs:file write;
# for BufferQueue check process name of em_svr
allow surfaceflinger em_svr:dir search;
allow surfaceflinger em_svr:file { read getattr open };
# need to check what is this allowance for
allow surfaceflinger mobicore:unix_stream_socket connectto;
allow surfaceflinger mobicore_data_file:file { read getattr open };
allow surfaceflinger mobicore_user_device:chr_file { read write ioctl open };
allow surfaceflinger mobicore_data_file:dir search;
# take down the boot time for bootprof
allow surfaceflinger proc:file write;
# notify perf service of SF information for performance
allow surfaceflinger mtk_perf_service:service_manager find;
# Date : WK15.38
# Operation : Migration
# Purpose : allow surfaceflinger to find pq_service
allow surfaceflinger pq_service:service_manager { find };
# HWC need to write mhl 4k information to debug node of GED
allow surfaceflinger debugfs:file { open write read };
|
