| # ============================================== |
| # Policy File of /system/bin/guiext-server Executable File |
| |
| # ============================================== |
| # Type Declaration |
| # ============================================== |
| type guiext-server, domain; |
| type guiext-server_exec, exec_type, file_type; |
| |
| # ============================================== |
| # MTK Policy Rule |
| # ============================================== |
| init_daemon_domain(guiext-server) |
| |
| # for bqdump and conversion pool |
| binder_service(guiext-server) |
| binder_use(guiext-server) |
| binder_call({domain -init -netd}, guiext-server) |
| binder_call(guiext-server, {domain -init -netd}) |
| |
| # to allocate GraphicBuffer |
| allow guiext-server surfaceflinger:binder call; |
| allow guiext-server surfaceflinger:fd use; |
| allow guiext-server gpu_device:chr_file { open read write ioctl }; |
| |
| # to be a service |
| allow guiext-server guiext-server_service:service_manager add; |
| |
| # for dump |
| allow guiext-server system_server:binder call; |
| |
| # for MiraVision |
| allow guiext-server graphics_device:chr_file { open read write ioctl }; |
| |
| # for CTS |
| allow guiext-server platform_app:binder call; |
| allow guiext-server app_data_file:file write; |
| |
| # for SVP secure memory allocation |
| allow guiext-server proc_secmem:file { read write open }; |
| |
| # need to get display information from SF |
| allow guiext-server surfaceflinger_service:service_manager find; |
| |
| # allow processes register buffer queue information to gui_ext |
| allow {domain -init -isolated_app} guiext-server_service:service_manager find; |
| |
| # to check permission when dumpsys |
| allow guiext-server permission_service:service_manager find; |
| |
| # allow guiext-server to read/write fifo |
| allow guiext-server surfaceflinger:fifo_file {read write}; |
| |
| # for debug purpose |
| allow guiext-server aee_exp_data_file:file write; |