Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 1 | # Copyright (c) 2019, The Linux Foundation. All rights reserved. |
| 2 | # |
| 3 | # Redistribution and use in source and binary forms, with or without |
| 4 | # modification, are permitted provided that the following conditions are |
| 5 | # met: |
| 6 | # * Redistributions of source code must retain the above copyright |
| 7 | # notice, this list of conditions and the following disclaimer. |
| 8 | # * Redistributions in binary form must reproduce the above |
| 9 | # copyright notice, this list of conditions and the following |
| 10 | # disclaimer in the documentation and/or other materials provided |
| 11 | # with the distribution. |
| 12 | # * Neither the name of The Linux Foundation nor the names of its |
| 13 | # contributors may be used to endorse or promote products derived |
| 14 | # from this software without specific prior written permission. |
| 15 | # |
| 16 | # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 28 | allow system_server self:capability sys_module; |
| 29 | |
| 30 | # allow system_server to communicate with cnd process over cnd_socket |
| 31 | #unix_socket_connect(system_server, cnd, cnd) |
| 32 | |
| 33 | # Access to sensors socket |
| 34 | #unix_socket_connect(system_server, sensors, sensors) |
| 35 | #unix_socket_send(system_server, sensors, sensors) |
| 36 | #allow system_server sensors:unix_stream_socket sendto; |
| 37 | #allow system_server sensors_socket:sock_file r_file_perms; |
| 38 | #qmux_socket(system_server); |
| 39 | |
| 40 | allow system_server self:socket create_socket_perms; |
| 41 | allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls; |
| 42 | allow system_server sysfs_sensors:dir search; |
| 43 | allow system_server sysfs_sensors:file rw_file_perms; |
| 44 | |
| 45 | allow system_server { |
| 46 | # For wifistatemachine |
| 47 | wbc_service |
| 48 | # Allow system_server to add digital pen system service |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 49 | #dpmservice |
| 50 | }:service_manager add; |
| 51 | |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 52 | # required for ANT App to connectto wcnss_filter sockets |
| 53 | allow system_server bluetooth:unix_stream_socket connectto; |
| 54 | # access to iop |
| 55 | unix_socket_send(system_server, iop, dumpstate) |
| 56 | unix_socket_connect(system_server, iop, dumpstate) |
| 57 | |
Bharat Pawar | 13ef09f | 2020-09-03 17:02:27 +0530 | [diff] [blame^] | 58 | hal_client_domain(system_server, hal_srvctracker) |
| 59 | |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 60 | # allow system/framework applications to update the dpmd configuration files |
| 61 | #unix_socket_connect(system_server, dpmd, dpmd); |
| 62 | #allow system_server { dpmd_socket socket_device }:sock_file w_file_perms; |
| 63 | #allow system_server dpmd_data_file:dir create_dir_perms; |
| 64 | #allow system_server dpmd_data_file:file create_file_perms; |
| 65 | |
| 66 | # For location |
| 67 | binder_call(system_server, location); |
| 68 | type_transition system_server location_data_file:sock_file location_socket "location-mq-s"; |
| 69 | type_transition system_server location_data_file:sock_file location_socket "alarm_svc"; |
| 70 | #allow system_server location:unix_stream_socket connectto; |
| 71 | #allow system_server location_socket:sock_file create_file_perms; |
| 72 | |
| 73 | #For wifistatemachine |
| 74 | allow system_server kernel:key search; |
| 75 | allow system_server wlan_device:chr_file rw_file_perms; |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 76 | get_prop(system_server, vendor_softap_prop) |
| 77 | |
| 78 | #For ssr |
| 79 | allow system_server ssr_device:chr_file r_file_perms; |
| 80 | |
| 81 | allow system_server { fuse }:dir search; |
| 82 | |
| 83 | allow system_server proc_audiod:file r_file_perms; |
| 84 | |
| 85 | allow system_server { |
| 86 | serial_device |
| 87 | smd_device |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 88 | #allow access to power control ANT chip |
| 89 | bt_device |
| 90 | }:chr_file rw_file_perms; |
| 91 | |
Pavan Kumar M | 58d519c | 2019-03-01 16:23:41 +0530 | [diff] [blame] | 92 | hal_client_domain(system_server, hal_dataconnection_qti) |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 93 | |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 94 | #Allow access to netmgrd socket |
| 95 | #netmgr_socket(system_server); |
| 96 | # So init can manage our process |
| 97 | allow system_server RIDL:fd use; |
| 98 | allow system_server RIDL:fifo_file write; |
| 99 | |
| 100 | # So init can manage our process |
| 101 | allow system_server qti_logkit:fd use; |
| 102 | allow system_server qti_logkit:fifo_file write; |
| 103 | |
| 104 | #Rules for system server to talk to peripheral manager |
| 105 | get_prop(system_server, vendor_per_mgr_state_prop); |
| 106 | |
| 107 | # Allow system server access to qfp daemon |
| 108 | binder_call(system_server, qfp-daemon); |
| 109 | binder_call(system_server, fps_hal) |
| 110 | allow system_server iqfp_service:service_manager find; |
| 111 | |
| 112 | # For shutdown animation |
| 113 | allow system_server ctl_bootanim_prop:property_service set; |
| 114 | |
| 115 | # allow tethering to access dhcp leases |
| 116 | r_dir_file(system_server, dhcp_data_file) |
| 117 | |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 118 | #allow access to fingerprintd data file |
| 119 | allow system_server fingerprintd_data_file:file { r_file_perms unlink }; |
| 120 | allow system_server fingerprintd_data_file:dir { rw_dir_perms rmdir }; |
| 121 | |
| 122 | #for Wifi module this is needed |
| 123 | allow system_server system_file:system module_load; |
| 124 | |
| 125 | userdebug_or_eng(` |
| 126 | diag_use(system_server) |
| 127 | ') |
| 128 | |
| 129 | # allow access to low persistence mode sysfs node |
| 130 | allow system_server sysfs_graphics:file rw_file_perms; |
| 131 | |
| 132 | # timerslack_ns |
Jaihind Yadav | c03022a | 2020-01-09 16:00:28 +0530 | [diff] [blame] | 133 | allow system_server { vendor_location_app system_app } :file write; |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 134 | |
| 135 | #OpenGLES version |
| 136 | get_prop(system_server, vendor_opengles_prop) |
| 137 | #get_prop(system_server, qemu_hw_mainkeys_prop) |
| 138 | |
| 139 | get_prop(system_server, hwui_prop) |
| 140 | get_prop(system_server, bservice_prop) |
| 141 | get_prop(system_server, reschedule_service_prop) |
| 142 | allow system_server appdomain:file w_file_perms; |
| 143 | get_prop(system_server, vendor_cgroup_follow_prop) |
| 144 | |
| 145 | # Allow system_server to access ActivityManager tuning properties from vendor |
| 146 | get_prop(system_server, vendor_am_prop) |
| 147 | get_prop(system_server, vendor_mpctl_prop) |
| 148 | |
| 149 | # IPC call for sensor feed |
| 150 | binder_call(system_server, hal_graphics_composer) |
| 151 | binder_call(system_server, hal_camera) |
| 152 | binder_call(system_server, mm-pp-daemon) |
| 153 | |
| 154 | # Ant ipc |
| 155 | hal_client_domain(system_server,hal_bluetooth); |
| 156 | |
| 157 | hal_client_domain(system_server, hal_perf) |
| 158 | hal_client_domain(system_server, hal_sensors) |
| 159 | |
| 160 | # allow WIGIG framework hosted in system_server to access wigig_hal |
| 161 | hal_client_domain(system_server, hal_wigig) |
| 162 | # allow WIGIG framework to access network performance tuner |
| 163 | hal_client_domain(system_server, hal_wigig_npt) |
| 164 | # allow WIGIG framework access to wil6210 sysfs files like thermal_throttling |
| 165 | allow system_server sysfs_wigig:file rw_file_perms; |
| 166 | |
| 167 | # allow system_server to access IOP HAL service |
| 168 | hal_client_domain(system_server, hal_iop) |
| 169 | |
| 170 | # Allow Gesture based boost from System Server |
| 171 | get_prop(system_server, vendor_scroll_prop) |
| 172 | |
| 173 | # allow system_server to access vendor display property. |
| 174 | get_prop(system_server, vendor_display_prop) |
| 175 | get_prop(system_server, vendor_iop_prop) |
| 176 | |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 177 | # allow system server to get vendor_audio_prop |
| 178 | get_prop(system_server, vendor_audio_prop) |
| 179 | |
Pavan Kumar M | 31367a7 | 2020-02-18 19:53:15 +0530 | [diff] [blame] | 180 | # allow system server to get vendor_xlat_prop |
| 181 | get_prop(system_server, vendor_xlat_prop) |
| 182 | |
Jaihind Yadav | 78f021f | 2019-01-25 15:44:50 +0530 | [diff] [blame] | 183 | # allow system_server to access IWifiStats HAL service |
| 184 | hal_client_domain(system_server, hal_wifilearner) |