diff options
-rw-r--r-- | sepolicy/file_contexts | 4 | ||||
-rw-r--r-- | sepolicy/hal_graphics_allocator_default.te | 2 | ||||
-rw-r--r-- | sepolicy/hal_graphics_composer_default.te | 2 | ||||
-rw-r--r-- | sepolicy/init.te | 3 | ||||
-rw-r--r-- | sepolicy/surfaceflinger.te | 1 | ||||
-rw-r--r-- | sepolicy/system_server.te | 5 | ||||
-rw-r--r-- | sepolicy/vendor_init.te | 4 | ||||
-rw-r--r-- | ueventd.common.rc | 2 |
8 files changed, 18 insertions, 5 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index d9658d3f..a356e0b0 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -14,12 +14,16 @@ /dev/hi_vdec u:object_r:video_device:s0 /dev/hi_venc u:object_r:video_device:s0 +/dev/graphics/fb0 u:object_r:graphics_device:s0 # files in /vendor /(vendor|system/vendor)/bin/uim u:object_r:hci_attach_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service\.hikey u:object_r:hal_bluetooth_hikey_exec:s0 /(vendor|system/vendor)/bin/nanoapp_cmd u:object_r:nanoapp_cmd_exec:s0 +/(vendor|system/vendor)/lib(64)?/hw/gralloc\.hikey960\.so u:object_r:same_process_hal_file:s0 +/(vendor|system/vendor)/lib(64)?/hw/gralloc\.hikey\.so u:object_r:same_process_hal_file:s0 + # /data /data/vendor/sensor(/.*)? u:object_r:sensor_vendor_data_file:s0 diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te new file mode 100644 index 00000000..b17dc7d4 --- /dev/null +++ b/sepolicy/hal_graphics_allocator_default.te @@ -0,0 +1,2 @@ +allow hal_graphics_allocator_default graphics_device:dir search; +allow hal_graphics_allocator_default graphics_device:chr_file { open read write ioctl map rw_file_perms}; diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te new file mode 100644 index 00000000..d7715de2 --- /dev/null +++ b/sepolicy/hal_graphics_composer_default.te @@ -0,0 +1,2 @@ +vndbinder_use(hal_graphics_composer_default) + diff --git a/sepolicy/init.te b/sepolicy/init.te index 16d3a3e1..7f18b9b2 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -4,3 +4,6 @@ allow init configfs:file write; allow init configfs:lnk_file { create unlink }; # for symlink /sdcard /mnt/sdcard allow init tmpfs:lnk_file create; +allow init configfs:lnk_file create; + +dontaudit init kernel:system module_request; diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te deleted file mode 100644 index f53f2b46..00000000 --- a/sepolicy/surfaceflinger.te +++ /dev/null @@ -1 +0,0 @@ -hal_server_domain(surfaceflinger, hal_graphics_allocator) diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te new file mode 100644 index 00000000..335bfe33 --- /dev/null +++ b/sepolicy/system_server.te @@ -0,0 +1,5 @@ +# TODO(b/73123675): BatterySaver needs access to cpufreq. Remove this access +# once cpufreq functionality is hidden behind a HAL. +allow system_server sysfs_devices_system_cpu:file w_file_perms; + +dontaudit system_server self:capability sys_module; diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te deleted file mode 100644 index 733a112c..00000000 --- a/sepolicy/vendor_init.te +++ /dev/null @@ -1,4 +0,0 @@ -allow vendor_init { - hostapd_socket - wifi_data_file -}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; diff --git a/ueventd.common.rc b/ueventd.common.rc index b76dd4ca..ff82f70c 100644 --- a/ueventd.common.rc +++ b/ueventd.common.rc @@ -11,6 +11,8 @@ subsystem usbmisc /dev/hifi_misc 0666 system audio /dev/hi_vdec 0660 system camera /dev/hi_venc 0660 system camera +/dev/ion 0666 system graphics +/dev/graphics/fb0 0666 system graphics /sys/devices/platform/ddr_devfreq/devfreq/ddr_devfreq min_freq 0644 system system /sys/devices/platform/e82c0000.mali/devfreq/e82c0000.mali min_freq 0644 system system |