Allow qemu_device read-write access to various processes

Basically, allow access of qemu_device where gpu_device is allowed, for the case when the emulator runs with OpenGL/ES emulation. Most noticably, surfaceflinger crashes without qemu_device access. Bug: 15052949 Change-Id: Ib891365a6d503309bced64e2512c4d8f29d9a07e
2014-05-19 20:43:23 +09:00 · 2014-05-19 20:43:23 +09:00 · 93e450767f
commit 93e450767f
parent c89e1826ba
10 changed files with 14 additions and 1 deletions
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@ -78,6 +78,7 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
 BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
 BOARD_SEPOLICY_UNION += \
        adbd.te \
+        app.te \
        bootanim.te \
        device.te \
        domain.te \
@ -88,4 +89,5 @@ BOARD_SEPOLICY_UNION += \
        rild.te \
        shell.te \
        surfaceflinger.te \
-        system_server.te
+        system_server.te \
+        zygote.te
--- a/target/board/generic/sepolicy/app.te
+++ b/target/board/generic/sepolicy/app.te
@ -0,0 +1 @@
+allow appdomain qemu_device:chr_file rw_file_perms;
--- a/target/board/generic/sepolicy/bootanim.te
+++ b/target/board/generic/sepolicy/bootanim.te
@ -1,2 +1,3 @@
 allow bootanim self:process execmem;
 allow bootanim ashmem_device:chr_file execute;
+allow bootanim qemu_device:chr_file rw_file_perms;
--- a/target/board/generic/sepolicy/surfaceflinger.te
+++ b/target/board/generic/sepolicy/surfaceflinger.te
@ -1,2 +1,3 @@
 allow surfaceflinger self:process execmem;
 allow surfaceflinger ashmem_device:chr_file execute;
+allow surfaceflinger qemu_device:chr_file rw_file_perms;
--- a/target/board/generic/sepolicy/zygote.te
+++ b/target/board/generic/sepolicy/zygote.te
@ -0,0 +1 @@
+allow zygote qemu_device:chr_file rw_file_perms;
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@ -44,7 +44,9 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true

 BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
 BOARD_SEPOLICY_UNION += \
+        app.te \
        adbd.te \
+        bootanim.te \
        device.te \
        domain.te \
        file.te \
@ -55,5 +57,6 @@ BOARD_SEPOLICY_UNION += \
        qemud.te \
        rild.te \
        shell.te \
+        surfaceflinger.te \
        system_server.te \
        zygote.te
--- a/target/board/generic_x86/sepolicy/app.te
+++ b/target/board/generic_x86/sepolicy/app.te
@ -0,0 +1 @@
+allow appdomain qemu_device:chr_file rw_file_perms;
--- a/target/board/generic_x86/sepolicy/bootanim.te
+++ b/target/board/generic_x86/sepolicy/bootanim.te
@ -0,0 +1 @@
+allow bootanim qemu_device:chr_file rw_file_perms;
--- a/target/board/generic_x86/sepolicy/surfaceflinger.te
+++ b/target/board/generic_x86/sepolicy/surfaceflinger.te
@ -0,0 +1 @@
+allow surfaceflinger qemu_device:chr_file rw_file_perms;
--- a/target/board/generic_x86/sepolicy/zygote.te
+++ b/target/board/generic_x86/sepolicy/zygote.te
@ -1,2 +1,3 @@
 allow zygote self:process execmem;
 allow zygote self:capability sys_nice;
+allow zygote qemu_device:chr_file rw_file_perms;
				`@ -0,0 +1 @@`
				`allow appdomain qemu_device:chr_file rw_file_perms;`
				`@ -0,0 +1 @@`
				`allow zygote qemu_device:chr_file rw_file_perms;`
				`@ -0,0 +1 @@`
				`allow bootanim qemu_device:chr_file rw_file_perms;`
				`@ -0,0 +1 @@`
				`allow surfaceflinger qemu_device:chr_file rw_file_perms;`