vendor/common/mediaserver.te - device/qcom/sepolicy - Gitiles

 # allow mediaserver to communicate with cnd
 #unix_socket_connect(mediaserver, cnd, cnd)

 #unix_socket_send(mediaserver, camera, mm-qcamerad)

 allow mediaserver tee_device:chr_file rw_file_perms;
 allow mediaserver qdsp_device:chr_file r_file_perms;
 allow mediaserver xdsp_device:chr_file r_file_perms;

 allow mediaserver self:socket create_socket_perms_no_ioctl;

 binder_call(mediaserver, rild)

 #qmux_socket(mediaserver)
 allow mediaserver camera_data_file:sock_file w_file_perms;

 userdebug_or_eng(`
   allow mediaserver camera_data_file:dir rw_dir_perms;
   allow mediaserver camera_data_file:file create_file_perms;
   # Access to audio
   allow mediaserver qti_debugfs:file rw_file_perms;
 ')

 r_dir_file(mediaserver, sysfs_esoc)
 #allow mediaserver system_app_data_file:file rw_file_perms;

 # allow poweroffhandler to binder mediaserver
 binder_call(mediaserver, poweroffhandler);

 # Required for libqdutils MDPVersion::updatePanelInfo()
 # during WFD - opens /sys/class/graphics/fb0/msm_fb_type
 allow mediaserver sysfs_graphics:file r_file_perms;

 # for thermal sock files
 #unix_socket_connect(mediaserver, thermal, thermal-engine)

 #This is required for thermal sysfs access
 r_dir_file(mediaserver, sysfs_thermal);

 #allow mediaserver to communicate with timedaemon
 #allow mediaserver time_daemon:unix_stream_socket connectto;

 #allow mediaserver to access wfdservice
 binder_call(mediaserver, wfdservice)

 #allow mediaserver to access adsprpcd
 r_dir_file(mediaserver, adsprpcd_file);
 #allow mediaserver to access adsprpc_prop
 get_prop(mediaserver, adsprpc_prop)

 # allow mediaserver to communicate with bootanim
 binder_call(mediaserver, bootanim);

 #allow mediaserver to access audio properties
 get_prop(mediaserver, vendor_audio_prop)

 allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms;

 allow mediaserver mm_video_prop:file r_file_perms;
 hal_client_domain(mediaserver, hal_graphics_composer)
	# allow mediaserver to communicate with cnd
	#unix_socket_connect(mediaserver, cnd, cnd)

	#unix_socket_send(mediaserver, camera, mm-qcamerad)

	allow mediaserver tee_device:chr_file rw_file_perms;
	allow mediaserver qdsp_device:chr_file r_file_perms;
	allow mediaserver xdsp_device:chr_file r_file_perms;

	allow mediaserver self:socket create_socket_perms_no_ioctl;

	binder_call(mediaserver, rild)

	#qmux_socket(mediaserver)
	allow mediaserver camera_data_file:sock_file w_file_perms;

	userdebug_or_eng(`
	allow mediaserver camera_data_file:dir rw_dir_perms;
	allow mediaserver camera_data_file:file create_file_perms;
	# Access to audio
	allow mediaserver qti_debugfs:file rw_file_perms;
	')

	r_dir_file(mediaserver, sysfs_esoc)
	#allow mediaserver system_app_data_file:file rw_file_perms;

	# allow poweroffhandler to binder mediaserver
	binder_call(mediaserver, poweroffhandler);

	# Required for libqdutils MDPVersion::updatePanelInfo()
	# during WFD - opens /sys/class/graphics/fb0/msm_fb_type
	allow mediaserver sysfs_graphics:file r_file_perms;

	# for thermal sock files
	#unix_socket_connect(mediaserver, thermal, thermal-engine)

	#This is required for thermal sysfs access
	r_dir_file(mediaserver, sysfs_thermal);

	#allow mediaserver to communicate with timedaemon
	#allow mediaserver time_daemon:unix_stream_socket connectto;

	#allow mediaserver to access wfdservice
	binder_call(mediaserver, wfdservice)

	#allow mediaserver to access adsprpcd
	r_dir_file(mediaserver, adsprpcd_file);
	#allow mediaserver to access adsprpc_prop
	get_prop(mediaserver, adsprpc_prop)

	# allow mediaserver to communicate with bootanim
	binder_call(mediaserver, bootanim);

	#allow mediaserver to access audio properties
	get_prop(mediaserver, vendor_audio_prop)

	allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms;

	allow mediaserver mm_video_prop:file r_file_perms;
	hal_client_domain(mediaserver, hal_graphics_composer)