tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public/vr_hwc.te

30 lines
784 B
Text
Raw Normal View History

VR: Add sepolicy for VR HWC service VR HWC is being split out of VR Window Manager. It creates a HW binder interface used by SurfaceFlinger which implements the HWComposer HAL and a regular binder interface which will be used by a system app to receive the SurfaceFlinger output. Bug: b/36051907 Test: Ran in permissive mode and ensured no permission errors show in logcat. Change-Id: If1360bc8fa339a80100124c4e89e69c64b29d2ae
2017-03-14 21:26:17 +01:00
type vr_hwc, domain;
type vr_hwc_exec, exec_type, file_type;
# Get buffer metadata.
hal_client_domain(vr_hwc, hal_graphics_allocator)
binder_use(vr_hwc)
binder_service(vr_hwc)
binder_call(vr_hwc, surfaceflinger)
binder_call(vr_hwc, vr_wm)
add_service(vr_hwc, vr_hwc_service)
# Hosts the VR HWC implementation and provides a simple Binder interface for VR
# Window Manager to receive the layers/buffers.
hwbinder_use(vr_hwc)
# Load vendor libraries.
allow vr_hwc system_file:dir r_dir_perms;
allow vr_hwc ion_device:chr_file r_file_perms;
# Allow connection to VR DisplayClient to get the primary display metadata
# (ie: size).
use_pdx(vr_hwc, surfaceflinger)
# Limit access so only vr_wm can connect.
neverallow { domain -vr_hwc -vr_wm } vr_hwc_service:service_manager find;
Reference in a new issue Copy permalink