tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Grant surfaceflinger and graphics allocator access to the secure heap"

Browse source
This commit is contained in:
Jörg Wagner 2023-01-19 13:03:06 +00:00 committed by Gerrit Code Review
commit 9a3d794113
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/surfaceflinger.te
View file

@ -49,6 +49,9 @@ allow surfaceflinger graphics_device:chr_file rw_file_perms;
allow surfaceflinger video_device:dir r_dir_perms;
allow surfaceflinger video_device:chr_file rw_file_perms;
# Access the secure heap.
allow surfaceflinger dmabuf_system_secure_heap_device:chr_file r_file_perms;
# Create and use netlink kobject uevent sockets.
allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;

3
public/hal_graphics_allocator.te
View file

@ -11,6 +11,9 @@ allow hal_graphics_allocator gpu_device:dir r_dir_perms;
allow hal_graphics_allocator ion_device:chr_file r_file_perms;
allow hal_graphics_allocator dmabuf_system_heap_device:chr_file r_file_perms;
# Access the secure heap
allow hal_graphics_allocator dmabuf_system_secure_heap_device:chr_file r_file_perms;
# allow to run with real-time scheduling policy
allow hal_graphics_allocator self:global_capability_class_set sys_nice;