sepolicy: qva: necessary sepolicy changes for vpp services
Add/update sepolicy files for vpp services Change-Id: Ic97f87e13132417cbaacce17a99deed390a7bd87
This commit is contained in:
Li Sun
Gerrit - the friendly Code Review server
parent
a43bfe4a1a
commit
d0a2404b49
6 changed files with 43 additions and 5 deletions
5
generic/vendor/common/mediacodec.te
vendored
5
generic/vendor/common/mediacodec.te
vendored
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
|
||||
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
|
|
@ -32,3 +32,6 @@ userdebug_or_eng(`
|
|||
#Allow mediacodec to access vendor_media_data_file files
|
||||
allow mediacodec vendor_media_data_file:dir create_dir_perms;
|
||||
allow mediacodec vendor_media_data_file:file create_file_perms;
|
||||
|
||||
#Allow mediacodec to access configstore
|
||||
hal_client_domain(mediacodec, hal_capabilityconfigstore_qti)
|
||||
|
|
|
|||
4
qva/vendor/common/file.te
vendored
4
qva/vendor/common/file.te
vendored
|
|
@ -71,3 +71,7 @@ type lm_data_file, file_type, data_file_type;
|
|||
type wifi_vendor_data_file, file_type, data_file_type;
|
||||
type wifi_vendor_wpa_socket, file_type, data_file_type;
|
||||
type hostapd_socket, file_type, data_file_type;
|
||||
|
||||
#vpp
|
||||
type vendor_vpp_data_file, file_type, data_file_type;
|
||||
type persist_vpp_file, file_type, vendor_persist_type;
|
||||
|
|
|
|||
3
qva/vendor/common/file_contexts
vendored
3
qva/vendor/common/file_contexts
vendored
|
|
@ -124,6 +124,7 @@
|
|||
/data/vendor/dataqti(/.*)? u:object_r:vendor_qti_data_file:s0
|
||||
/data/vendor/qdmastats(/.*)? u:object_r:vendor_qdma_data_file:s0
|
||||
/data/vendor/qdma(/.*)? u:object_r:vendor_qdma_data_file:s0
|
||||
/data/vendor/vpp(/.*)? u:object_r:vendor_vpp_data_file:s0
|
||||
|
||||
###################################
|
||||
# persist files
|
||||
|
|
@ -131,6 +132,8 @@
|
|||
/mnt/vendor/persist/secnvm(/.*)? u:object_r:persist_secnvm_file:s0
|
||||
/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_qti_fp_file:s0
|
||||
/mnt/vendor/persist/FTM_AP(/.*)? u:object_r:vendor_persist_mmi_file:s0
|
||||
/mnt/vendor/persist/vpp(/.*)? u:object_r:persist_vpp_file:s0
|
||||
|
||||
|
||||
# same-process HAL files and their dependencies
|
||||
#
|
||||
|
|
|
|||
4
qva/vendor/common/hal_camera.te
vendored
4
qva/vendor/common/hal_camera.te
vendored
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
|
||||
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
|
|
@ -27,3 +27,5 @@
|
|||
|
||||
allow hal_camera self:qipcrtr_socket create_socket_perms;
|
||||
allowxperm hal_camera self:qipcrtr_socket ioctl msm_sock_ipc_ioctls;
|
||||
|
||||
hal_client_domain(hal_camera_default, hal_vpp)
|
||||
|
|
|
|||
3
qva/vendor/common/mediacodec.te
vendored
3
qva/vendor/common/mediacodec.te
vendored
|
|
@ -31,3 +31,6 @@ allow mediacodec wfdnativemm_service:service_manager find;
|
|||
binder_call(mediacodec, wifidisplayhalservice_qti);
|
||||
|
||||
get_prop(mediacodec, vendor_video_prop)
|
||||
|
||||
#Allow mediacodec to access vpp
|
||||
hal_client_domain(mediacodec, hal_vpp)
|
||||
|
|
|
|||
29
qva/vendor/common/vppservice.te
vendored
29
qva/vendor/common/vppservice.te
vendored
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2018, The Linux Foundation. All rights reserved.
|
||||
# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
|
|
@ -33,8 +33,31 @@ init_daemon_domain(vendor_vppservice)
|
|||
|
||||
hal_server_domain(vendor_vppservice, hal_vpp)
|
||||
|
||||
add_hwservice(vendor_vppservice, hal_vpp_hwservice)
|
||||
hal_attribute_hwservice(hal_vpp, hal_vpp_hwservice)
|
||||
|
||||
allow hal_vpp_client hal_vpp_hwservice:hwservice_manager find;
|
||||
binder_call(hal_vpp_client, hal_vpp_server)
|
||||
binder_call(hal_vpp_server, hal_vpp_client)
|
||||
|
||||
# allow vppservice to access adsprpcd
|
||||
r_dir_file(vendor_vppservice, adsprpcd_file);
|
||||
#get_prop(vendor_vppservice, adsprpc_prop)
|
||||
|
||||
r_dir_file(vendor_vppservice, firmware_file);
|
||||
|
||||
# allow access to vppservice (/data/vendor/vpp)
|
||||
allow vendor_vppservice vendor_vpp_data_file:dir create_dir_perms;
|
||||
allow vendor_vppservice vendor_vpp_data_file:file create_file_perms;
|
||||
|
||||
# allow access to vppservice (/persist/vpp)
|
||||
r_dir_file(vendor_vppservice, persist_vpp_file)
|
||||
allow vendor_vppservice mnt_vendor_file:dir search;
|
||||
|
||||
# allow vppservice to access ion, video device & qdsp_device
|
||||
allow vendor_vppservice ion_device:chr_file rw_file_perms;
|
||||
allow vendor_vppservice video_device:chr_file rw_file_perms;
|
||||
allow vendor_vppservice qdsp_device:chr_file r_file_perms;
|
||||
allow vendor_vppservice xdsp_device:chr_file r_file_perms;
|
||||
allow vendor_vppservice gpu_device:chr_file rw_file_perms;
|
||||
|
||||
hal_client_domain(vendor_vppservice, hal_graphics_allocator)
|
||||
hal_client_domain(vendor_vppservice, hal_capabilityconfigstore_qti)
|
||||
|
|
|
|||
Loading…
Reference in a new issue