Allow hals to read hwservicemanager prop.
Test: no relevant denials on marlin while booting Test: no relevant denials on angler while booting Bug: 36278706 Change-Id: Ieba79e1c8fca4f74c63bc63e6dd0bdcf59204ca2
This commit is contained in:
Steven Moreland
parent
63211f8da2
commit
d3ce5dc38c
8 changed files with 24 additions and 0 deletions
|
|
@ -244,6 +244,9 @@ allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
|
|||
# TODO is write really necessary ?
|
||||
auditallow { appdomain userdebug_or_eng(`-su') } ion_device:chr_file { write append };
|
||||
|
||||
# TODO(b/36375899) replace with hal_client_domain for mediacodec (hal_omx)
|
||||
get_prop({ appdomain -isolated_app }, hwservicemanager_prop);
|
||||
|
||||
# Allow app to access the graphic allocator HAL
|
||||
binder_call({ appdomain -isolated_app }, hal_graphics_allocator)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,3 +5,6 @@
|
|||
# Find out whether a HAL in passthrough/in-process mode or
|
||||
# binderized/out-of-process mode
|
||||
hwbinder_use(halclientdomain)
|
||||
|
||||
# Used to wait for hwservicemanager
|
||||
get_prop(halclientdomain, hwservicemanager_prop)
|
||||
|
|
|
|||
|
|
@ -7,3 +7,6 @@ hwbinder_use(halserverdomain)
|
|||
|
||||
# Find HAL implementations
|
||||
allow halserverdomain system_file:dir r_dir_perms;
|
||||
|
||||
# Used to wait for hwservicemanager
|
||||
get_prop(halserverdomain, hwservicemanager_prop)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,9 @@
|
|||
type bootanim, domain;
|
||||
type bootanim_exec, exec_type, file_type;
|
||||
|
||||
hal_client_domain(bootanim, hal_graphics_allocator)
|
||||
hal_client_domain(bootanim, hal_graphics_composer)
|
||||
|
||||
binder_use(bootanim)
|
||||
binder_call(bootanim, surfaceflinger)
|
||||
binder_call(bootanim, audioserver)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
type bufferhubd, domain, mlstrustedsubject;
|
||||
type bufferhubd_exec, exec_type, file_type;
|
||||
|
||||
hal_client_domain(bufferhubd, hal_graphics_allocator)
|
||||
|
||||
pdx_server(bufferhubd)
|
||||
use_pdx(bufferhubd, performanced)
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@ type mediacodec_exec, exec_type, file_type;
|
|||
|
||||
typeattribute mediacodec mlstrustedsubject;
|
||||
|
||||
# TODO(b/36375899) attributize this domain appropriately as hal_omx
|
||||
# and use macro hal_server_domain
|
||||
get_prop(mediacodec, hwservicemanager_prop)
|
||||
|
||||
binder_use(mediacodec)
|
||||
binder_call(mediacodec, binderservicedomain)
|
||||
binder_call(mediacodec, appdomain)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ type mediaserver_exec, exec_type, file_type;
|
|||
|
||||
typeattribute mediaserver mlstrustedsubject;
|
||||
|
||||
# TODO(b/36375899): replace with hal_client_domain macro on hal_omx
|
||||
typeattribute mediaserver halclientdomain;
|
||||
|
||||
net_domain(mediaserver)
|
||||
|
||||
r_dir_file(mediaserver, sdcard_type)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,9 @@
|
|||
type sensord, domain, mlstrustedsubject;
|
||||
type sensord_exec, exec_type, file_type;
|
||||
|
||||
hal_client_domain(sensord, hal_graphics_allocator)
|
||||
allow sensord hal_graphics_allocator:fd use;
|
||||
|
||||
pdx_server(sensord)
|
||||
use_pdx(sensord, bufferhubd)
|
||||
use_pdx(sensord, performanced)
|
||||
|
|
|
|||
Loading…
Reference in a new issue