tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Add missing permission for accessing the DMA-BUF system heap"

Browse source
This commit is contained in:
Hridya Valsaraju 2021-03-09 06:11:17 +00:00 committed by Gerrit Code Review
commit 69b91ffb1e
7 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/surfaceflinger.te
View file

@ -109,6 +109,7 @@ allow surfaceflinger tmpfs:dir r_dir_perms;
allow surfaceflinger system_server:fd use;
allow surfaceflinger system_server:unix_stream_socket { read write };
allow surfaceflinger ion_device:chr_file r_file_perms;
allow surfaceflinger dmabuf_system_heap_device:chr_file r_file_perms;
# pdx IPC
pdx_server(surfaceflinger, display_client)

4
public/bootanim.te
View file

@ -27,6 +27,10 @@ allow bootanim surfaceflinger:unix_stream_socket { read write };
# Allow access to ion memory allocation device
allow bootanim ion_device:chr_file rw_file_perms;
# Allow access to DMA-BUF system heap
allow bootanim dmabuf_system_heap_device:chr_file r_file_perms;
allow bootanim hal_graphics_allocator:fd use;
# Fences

1
public/cameraserver.te
View file

@ -13,6 +13,7 @@ hal_client_domain(cameraserver, hal_camera)
hal_client_domain(cameraserver, hal_graphics_allocator)
allow cameraserver ion_device:chr_file rw_file_perms;
allow cameraserver dmabuf_system_heap_device:chr_file r_file_perms;
# Talk with graphics composer fences
allow cameraserver hal_graphics_composer:fd use;

2
public/hal_camera.te
View file

@ -9,6 +9,8 @@ allow hal_camera video_device:dir r_dir_perms;
allow hal_camera video_device:chr_file rw_file_perms;
allow hal_camera camera_device:chr_file rw_file_perms;
allow hal_camera ion_device:chr_file rw_file_perms;
allow hal_camera dmabuf_system_heap_device:chr_file r_file_perms;
# Both the client and the server need to use the graphics allocator
allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;

1
public/hal_graphics_allocator.te
View file

@ -8,6 +8,7 @@ allow hal_graphics_allocator_client same_process_hal_file:file { execute read op
# GPU device access
allow hal_graphics_allocator gpu_device:chr_file rw_file_perms;
allow hal_graphics_allocator ion_device:chr_file r_file_perms;
allow hal_graphics_allocator dmabuf_system_heap_device:chr_file r_file_perms;
# allow to run with real-time scheduling policy
allow hal_graphics_allocator self:global_capability_class_set sys_nice;

1
public/hal_graphics_composer.te
View file

@ -16,6 +16,7 @@ allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manag
# GPU device access
allow hal_graphics_composer gpu_device:chr_file rw_file_perms;
allow hal_graphics_composer ion_device:chr_file r_file_perms;
allow hal_graphics_composer dmabuf_system_heap_device:chr_file r_file_perms;
allow hal_graphics_composer hal_graphics_allocator:fd use;
# Access /dev/graphics/fb0.

1
vendor/hal_sensors_default.te vendored
View file

@ -13,6 +13,7 @@ allow hal_sensors_default input_device:chr_file r_file_perms;
# android.hardware.graphics.allocator
allow hal_sensors_default hal_graphics_allocator_default:fd use;
allow hal_sensors_default ion_device:chr_file r_file_perms;
allow hal_sensors_default dmabuf_system_heap_device:chr_file r_file_perms;
# allow sensor hal to use lock for keeping system awake for wake up
# events delivery.