device/amlogic/common.git - Unnamed repository; edit this file 'description' to name the repository.

1 #allow system_server fuse:dir search;
2 #
3 #allow system_server mediaserver:process {signal sigkill};
4 #allow system_server { system_app_data_file media_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { getattr read search };
5 #
6 #allow system_server self:capability sys_module;
7 #
8 #allow system_server { system_control_service tvserver_service hdmi_cec_service }:service_manager find;
9 #
10 #allow system_server storage_stub_file:dir { getattr read open };
11 #
12 #allow system_server debugfs:dir { getattr read open };
13 #allow system_server debugfs:file r_file_perms;
14 #
15 #allow system_server system_app:fifo_file { read write getattr };
16 #
17 #allow system_server param_tv_file:dir { search };
18 #
19 #set_prop(system_server, uboot_prop)
20 #get_prop(system_server, uboot_prop)
21 #
22 #allow system_server { system_app platform_app untrusted_app priv_app }:file { write };
23 #allow system_server uhid_device:chr_file {write open ioctl};
24 #allow system_server dvb_device:chr_file rw_file_perms;
25 #
26
27 typeattribute system_server mlstrustedsubject;
28
29 allow system_server vendor_file:file { getattr read open execute };
30 allow system_server vendor_framework_file:dir { search getattr };
31 allow system_server vendor_framework_file:file { read getattr open };
32
33 get_prop(system_server, media_prop)
34
35 # For writing to /proc/<tid>/timerslack_ns (XXX - this is probably wrong)
36 allow system_server priv_app:file write;
37 allow system_server untrusted_app:file write;
38 allow system_server untrusted_app_25:file write;
39 allow system_server platform_app:file write;
40 allow system_server system_app:file write;
41 allow system_server isolated_app:file write;
42 allow system_server bluetooth:file write;
43
44 allow system_server audioserver:file write;
45
46 allow system_server socket_device:sock_file { write };
47 allow system_server hidraw_device:chr_file {open read write ioctl};
48 allow system_server audio_prop:property_service { set };
49 allow system_server uhid_device:chr_file { write open ioctl };
50
51 allow system_server hal_audio_default:file write;
52
53 allow system_server mediaprovider:file { write open };
1	#allow system_server fuse:dir search;
2	#
3	#allow system_server mediaserver:process {signal sigkill};
4	#allow system_server { system_app_data_file media_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:dir { getattr read search };
5	#
6	#allow system_server self:capability sys_module;
7	#
8	#allow system_server { system_control_service tvserver_service hdmi_cec_service }:service_manager find;
9	#
10	#allow system_server storage_stub_file:dir { getattr read open };
11	#
12	#allow system_server debugfs:dir { getattr read open };
13	#allow system_server debugfs:file r_file_perms;
14	#
15	#allow system_server system_app:fifo_file { read write getattr };
16	#
17	#allow system_server param_tv_file:dir { search };
18	#
19	#set_prop(system_server, uboot_prop)
20	#get_prop(system_server, uboot_prop)
21	#
22	#allow system_server { system_app platform_app untrusted_app priv_app }:file { write };
23	#allow system_server uhid_device:chr_file {write open ioctl};
24	#allow system_server dvb_device:chr_file rw_file_perms;
25	#
26
27	typeattribute system_server mlstrustedsubject;
28
29	allow system_server vendor_file:file { getattr read open execute };
30	allow system_server vendor_framework_file:dir { search getattr };
31	allow system_server vendor_framework_file:file { read getattr open };
32
33	get_prop(system_server, media_prop)
34
35	# For writing to /proc/<tid>/timerslack_ns (XXX - this is probably wrong)
36	allow system_server priv_app:file write;
37	allow system_server untrusted_app:file write;
38	allow system_server untrusted_app_25:file write;
39	allow system_server platform_app:file write;
40	allow system_server system_app:file write;
41	allow system_server isolated_app:file write;
42	allow system_server bluetooth:file write;
43
44	allow system_server audioserver:file write;
45
46	allow system_server socket_device:sock_file { write };
47	allow system_server hidraw_device:chr_file {open read write ioctl};
48	allow system_server audio_prop:property_service { set };
49	allow system_server uhid_device:chr_file { write open ioctl };
50
51	allow system_server hal_audio_default:file write;
52
53	allow system_server mediaprovider:file { write open };