diff --git a/generic/vendor/common/bootanim.te b/generic/vendor/common/bootanim.te index 5c0ff820..21172a65 100644 --- a/generic/vendor/common/bootanim.te +++ b/generic/vendor/common/bootanim.te @@ -32,6 +32,4 @@ allow bootanim hwservicemanager:binder call; # this denial on phones since this functionality is not used. dontaudit bootanim system_data_file:dir read; -dontaudit bootanim vendor_hal_qspmhal_hwservice:hwservice_manager find; - -allow bootanim vendor_sysfs_kgsl_gpu_model:file r_file_perms; \ No newline at end of file +dontaudit bootanim vendor_hal_qspmhal_hwservice:hwservice_manager find; \ No newline at end of file diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te index fee30cea..91ac4936 100644 --- a/generic/vendor/common/domain.te +++ b/generic/vendor/common/domain.te @@ -56,3 +56,6 @@ neverallow { -ueventd -vold } vendor_persist_type: { dir file } *; + +# Allow all context to read gpu model +allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms; \ No newline at end of file diff --git a/generic/vendor/common/gmscore_app.te b/generic/vendor/common/gmscore_app.te index 12df1ba4..41573ff8 100644 --- a/generic/vendor/common/gmscore_app.te +++ b/generic/vendor/common/gmscore_app.te @@ -25,8 +25,6 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -allow gmscore_app vendor_sysfs_kgsl_gpu_model:file r_file_perms; - dontaudit gmscore_app vendor_hal_qspmhal_default:binder {call}; unix_socket_connect(gmscore_app, vendor_dpmtcm, vendor_dpmd); diff --git a/generic/vendor/common/priv_app.te b/generic/vendor/common/priv_app.te index 5a32387f..50e3afec 100644 --- a/generic/vendor/common/priv_app.te +++ b/generic/vendor/common/priv_app.te @@ -30,6 +30,3 @@ hal_client_domain(priv_app, vendor_hal_perf) # TODO(b/123050471): this grants renderscript exec permissions to the # priv_app domain allow priv_app rs_exec:file rx_file_perms; - -allow priv_app vendor_sysfs_kgsl_gpu_model:file r_file_perms; - diff --git a/generic/vendor/common/system_server.te b/generic/vendor/common/system_server.te index 6aea52a0..abfd9bdf 100644 --- a/generic/vendor/common/system_server.te +++ b/generic/vendor/common/system_server.te @@ -51,6 +51,4 @@ get_prop(system_server, vendor_display_prop) # allow system_server to read/acess peripheral manager. get_prop(system_server, vendor_per_mgr_state_prop); -hal_client_domain(system_server, vendor_hal_dataconnection_qti) - -allow system_server vendor_sysfs_kgsl_gpu_model:file r_file_perms; \ No newline at end of file +hal_client_domain(system_server, vendor_hal_dataconnection_qti) \ No newline at end of file diff --git a/legacy/vendor/common/domain.te b/legacy/vendor/common/domain.te index c2f4709d..83bb377c 100644 --- a/legacy/vendor/common/domain.te +++ b/legacy/vendor/common/domain.te @@ -64,4 +64,7 @@ allowxperm domain domain:icmp_socket ioctl { unpriv_sock_ioctls unpriv_tty_ioctl get_prop(domain, vendor_security_patch_level_prop) get_prop(domain, public_vendor_default_prop) -allow domain qti_debugfs:dir search; \ No newline at end of file +allow domain qti_debugfs:dir search; + +# allow all context to read gpu model +allow { domain - isolated_app } sysfs_kgsl_gpu_model:file r_file_perms; \ No newline at end of file diff --git a/legacy/vendor/common/location_app.te b/legacy/vendor/common/location_app.te index 82df910c..104c78fe 100644 --- a/legacy/vendor/common/location_app.te +++ b/legacy/vendor/common/location_app.te @@ -54,5 +54,4 @@ allow vendor_location_app radio_service:service_manager find; allowxperm vendor_location_app self:socket ioctl msm_sock_ipc_ioctls; allow vendor_location_app self:qipcrtr_socket create_socket_perms_no_ioctl; allow vendor_location_app sysfs_data:file r_file_perms; -unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd) -#allow location_app sysfs_kgsl_gpu_model:file r_file_perms; +unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd) \ No newline at end of file diff --git a/legacy/vendor/common/priv_app.te b/legacy/vendor/common/priv_app.te index 723f1c2b..0717cd6d 100644 --- a/legacy/vendor/common/priv_app.te +++ b/legacy/vendor/common/priv_app.te @@ -28,6 +28,4 @@ hal_client_domain(priv_app, hal_perf) # TODO(b/123050471): this grants renderscript exec permissions to the # priv_app domain -allow priv_app rs_exec:file rx_file_perms; - -allow priv_app sysfs_kgsl_gpu_model:file r_file_perms; \ No newline at end of file +allow priv_app rs_exec:file rx_file_perms; \ No newline at end of file