Sepolicy: Allow processes to access new restricted DSP device node
Allow the known processes to offload to ADSP / SLPI using the new device node. Change-Id: Icaf8c4e1195b10711208bb5a331572ce78143560
This commit is contained in:
Tharun Kumar Merugu
parent
fc5556a815
commit
aec6e0f2ec
10 changed files with 10 additions and 1 deletions
1
vendor/common/adsprpcd.te
vendored
1
vendor/common/adsprpcd.te
vendored
|
|
@ -5,6 +5,7 @@ init_daemon_domain(adsprpcd)
|
|||
|
||||
allow adsprpcd ion_device:chr_file r_file_perms;
|
||||
allow adsprpcd qdsp_device:chr_file r_file_perms;
|
||||
allow adsprpcd xdsp_device:chr_file r_file_perms;
|
||||
|
||||
allow adsprpcd system_file:dir r_dir_perms;
|
||||
|
||||
|
|
|
|||
1
vendor/common/cdsprpcd.te
vendored
1
vendor/common/cdsprpcd.te
vendored
|
|
@ -36,6 +36,7 @@ init_daemon_domain(cdsprpcd)
|
|||
r_dir_file(cdsprpcd, adsprpcd_file)
|
||||
|
||||
allow cdsprpcd qdsp_device:chr_file r_file_perms;
|
||||
allow cdsprpcd xdsp_device:chr_file r_file_perms;
|
||||
allow cdsprpcd ion_device:chr_file r_file_perms;
|
||||
|
||||
r_dir_file(cdsprpcd, sysfs_devfreq)
|
||||
|
|
|
|||
1
vendor/common/chre.te
vendored
1
vendor/common/chre.te
vendored
|
|
@ -9,4 +9,5 @@ r_dir_file(chre, adsprpcd_file)
|
|||
|
||||
allow chre ion_device:chr_file r_file_perms;
|
||||
allow chre qdsp_device:chr_file r_file_perms;
|
||||
allow chre xdsp_device:chr_file r_file_perms;
|
||||
allow chre dsp_device:chr_file r_file_perms;
|
||||
|
|
|
|||
1
vendor/common/device.te
vendored
1
vendor/common/device.te
vendored
|
|
@ -7,6 +7,7 @@ type citadel_device, dev_type;
|
|||
type custom_ab_block_device, dev_type;
|
||||
type diag_device, dev_type, mlstrustedobject;
|
||||
type dsp_device, dev_type;
|
||||
type xdsp_device, dev_type;
|
||||
type easel_device, dev_type;
|
||||
type hbtp_device, dev_type;
|
||||
type hvdcp_device, dev_type;
|
||||
|
|
|
|||
1
vendor/common/file_contexts
vendored
1
vendor/common/file_contexts
vendored
|
|
@ -22,6 +22,7 @@
|
|||
/dev/spcom u:object_r:spcom_device:s0
|
||||
/dev/jpeg[0-9]* u:object_r:video_device:s0
|
||||
/dev/adsprpc-smd u:object_r:qdsp_device:s0
|
||||
/dev/adsprpc-smd-secure u:object_r:xdsp_device:s0
|
||||
/dev/sdsprpc-smd u:object_r:dsp_device:s0
|
||||
/dev/wcd-dsp-glink u:object_r:audio_device:s0
|
||||
/dev/wcd_dsp0_control u:object_r:audio_device:s0
|
||||
|
|
|
|||
1
vendor/common/hal_camera.te
vendored
1
vendor/common/hal_camera.te
vendored
|
|
@ -46,6 +46,7 @@ allow hal_camera sysfs_easel:file rw_file_perms;
|
|||
|
||||
# access hexagon
|
||||
allow hal_camera qdsp_device:chr_file r_file_perms;
|
||||
allow hal_camera xdsp_device:chr_file r_file_perms;
|
||||
|
||||
#needed for full_treble
|
||||
hal_client_domain(hal_camera_default, hal_graphics_composer)
|
||||
|
|
|
|||
1
vendor/common/hal_sensors_default.te
vendored
1
vendor/common/hal_sensors_default.te
vendored
|
|
@ -8,6 +8,7 @@ allowxperm hal_sensors_default self:socket ioctl msm_sock_ipc_ioctls;
|
|||
allow hal_sensors sysfs_soc:file r_file_perms;
|
||||
|
||||
allow hal_sensors_default qdsp_device:chr_file r_file_perms;
|
||||
allow hal_sensors_default xdsp_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_sensors sysfs_data:file r_file_perms;
|
||||
allow hal_sensors sysfs_sensors:dir r_dir_perms;
|
||||
|
|
|
|||
2
vendor/common/hbtp.te
vendored
2
vendor/common/hbtp.te
vendored
|
|
@ -4,7 +4,7 @@ type hbtp_exec, exec_type, vendor_file_type, file_type;
|
|||
init_daemon_domain(hbtp)
|
||||
hal_server_domain(hbtp, hal_hbtp)
|
||||
# Allow access for /dev/hbtp_input and /dev/jdi-bu21150
|
||||
allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device }:chr_file rw_file_perms;
|
||||
allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device xdsp_device }:chr_file rw_file_perms;
|
||||
|
||||
allow hbtp hbtp_log_file:dir rw_dir_perms;
|
||||
allow hbtp hbtp_log_file:file create_file_perms;
|
||||
|
|
|
|||
1
vendor/common/sensors.te
vendored
1
vendor/common/sensors.te
vendored
|
|
@ -30,6 +30,7 @@ allow sensors sysfs_data:file r_file_perms;
|
|||
|
||||
allow sensors ion_device:chr_file r_file_perms;
|
||||
allow sensors qdsp_device:chr_file r_file_perms;
|
||||
allow sensors xdsp_device:chr_file r_file_perms;
|
||||
|
||||
# For reading dir/files on /dsp
|
||||
r_dir_file(sensors, adsprpcd_file)
|
||||
|
|
|
|||
1
vendor/sdm845/hal_neuralnetworks.te
vendored
1
vendor/sdm845/hal_neuralnetworks.te
vendored
|
|
@ -33,6 +33,7 @@ init_daemon_domain(hal_neuralnetworks_default)
|
|||
|
||||
allow hal_neuralnetworks_default fwk_sensor_hwservice:hwservice_manager find;
|
||||
allow hal_neuralnetworks_default qdsp_device:chr_file r_file_perms;
|
||||
allow hal_neuralnetworks_default xdsp_device:chr_file r_file_perms;
|
||||
allow hal_neuralnetworks_default ion_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_neuralnetworks_default app_data_file:file { read getattr };
|
||||
|
|
|
|||
Loading…
Reference in a new issue