diff options
| author | Tri Vo <trong@google.com> | 2017-10-05 09:50:02 -0700 |
|---|---|---|
| committer | Tri Vo <trong@google.com> | 2017-10-05 10:58:15 -0700 |
| commit | ad0b6af1114b2603d788d241af5f5636e1c2638f (patch) | |
| tree | 7be5639302f40529d4c06baa497649d0636e3659 | |
| parent | f91eab2f09279fb6159686b566563b9a4a8899f1 (diff) | |
| download | bullhead-ad0b6af1114b2603d788d241af5f5636e1c2638f.tar.gz | |
surfaceflinger access to sysfs_graphics.
These files are now labeled as sysfs_graphics:
/sys/devices/virtual/graphics/fb*
/sys/devices/soc.0/fd900000.qcom,mdss_mdp/caps
surfaceflinger, hal_graphics_allocator_default have read access
to sysfs_graphics.
Bug: 65643247
Test: aosp_bullhead boots without denials from surfaceflinger or to
sysfs_graphics.
Change-Id: Idcda3627df4ac5f2c14118c756373556b070b08a
| -rw-r--r-- | sepolicy/file_contexts | 7 | ||||
| -rw-r--r-- | sepolicy/hal_graphics_allocator_default.te | 1 | ||||
| -rw-r--r-- | sepolicy/surfaceflinger.te | 1 |
3 files changed, 4 insertions, 5 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 314c7cd..ff8cff2 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -140,14 +140,10 @@ /sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/devices/soc.0/qpnp-fg-18/power_supply/bms/battery_type u:object_r:sysfs_batteryinfo:s0 /sys/devices/platform/battery_current_limit u:object_r:sysfs_thermal:s0 -/sys/devices/virtual/graphics/fb([0-2])+/idle_time u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb([0-2])+/dynamic_fps u:object_r:sysfs_graphics:s0 /sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/module/msm_thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/module/msm_performance(/.*)? u:object_r:sysfs_performance:s0 -/sys/devices/virtual/graphics/fb([0-2])+/hpd u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb([0-2])+/res_info u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb([0-2])+/s3d_mode u:object_r:sysfs_graphics:s0 +/sys/devices/virtual/graphics/fb([0-2])+(/.*)? u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb0/color_temp u:object_r:sysfs_display:s0 /sys/devices/msm_hsic_host/host_ready u:object_r:sysfs_hsic_host_rdy:s0 /sys/bus/msm_subsys(/.*)? u:object_r:sysfs_ssr:s0 @@ -161,6 +157,7 @@ /sys/devices/soc\.0/qcom,bcl[^/]*(/.*)? u:object_r:sysfs_thermal:s0 /sys/devices/soc\.0/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/default_pwrlevel u:object_r:sysfs_thermal:s0 /sys/devices/soc\.0/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/max_gpuclk u:object_r:sysfs_thermal:s0 +/sys/devices/soc\.0/fd900000\.qcom,mdss_mdp/caps u:object_r:sysfs_graphics:s0 /sys/devices/soc\.0/qpnp-smbcharger-[0-9a-f]+/power_supply/battery/capacity u:object_r:sysfs_batteryinfo:s0 /sys/module/lpm_levels(/.*)? u:object_r:sysfs_power_management:s0 /sys/module/cpu_boost(/.*)? u:object_r:sysfs_devices_system_cpu:s0 diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te new file mode 100644 index 0000000..cd49e68 --- /dev/null +++ b/sepolicy/hal_graphics_allocator_default.te @@ -0,0 +1 @@ +r_dir_file(hal_graphics_allocator_default, sysfs_graphics) diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te index 1b13fcb..0bda946 100644 --- a/sepolicy/surfaceflinger.te +++ b/sepolicy/surfaceflinger.te @@ -1 +1,2 @@ allow surfaceflinger sysfs_display:file rw_file_perms; +r_dir_file(surfaceflinger, sysfs_graphics) |