Give the DMA-BUF CMA heap its own label

Currently, it is labelled as graphics_device. This patch
creates a new type for it with attribute dmabuf_heap_device_type.

Test: build
Change-Id: I8456b28f6b3a6eb202431926163c70c66d22347c

2 files changed, 4 insertions, 1 deletions

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index e3add29c..6a1f8d3d 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -13,7 +13,7 @@
 /dev/hifi_misc         u:object_r:audio_device:s0
 /dev/hi_vdec	       u:object_r:video_device:s0
 /dev/hi_venc	       u:object_r:video_device:s0
-/dev/dma_heap/linux,cma u:object_r:graphics_device:s0
+/dev/dma_heap/linux,cma u:object_r:dmabuf_cma_heap_device:s0
 /dev/graphics/fb0      u:object_r:graphics_device:s0
 
 # files in /vendor
diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te
index 833e957a..7f2b36bd 100644
--- a/sepolicy/hal_graphics_allocator_default.te
+++ b/sepolicy/hal_graphics_allocator_default.te
@@ -1,3 +1,6 @@
+type dmabuf_cma_heap_device, dmabuf_heap_device_type, dev_type;
+
 allow hal_graphics_allocator_default graphics_device:dir search;
 allow hal_graphics_allocator_default graphics_device:chr_file { open read write ioctl map rw_file_perms};
 allow hal_graphics_allocator_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default dmabuf_cma_heap_device:chr_file r_file_perms;