From 952673da5b09e4ecc88b7d3315581f950674736e Mon Sep 17 00:00:00 2001 From: Jooyung Han Date: Wed, 31 Jan 2024 09:32:48 +0900 Subject: [PATCH] Add hal_graphics_mapper_service type This is used for mapper sphal library which is defined in VINTF and queried via servicemanager. Bug: 317178925 Test: cuttlefish loads mapper.minigbm Change-Id: Ibddc0239e52065a89c656f885f34835406665009 --- private/compat/34.0/34.0.ignore.cil | 1 + public/hal_graphics_allocator.te | 1 + public/service.te | 1 + tests/sepolicy_tests.py | 1 + 4 files changed, 4 insertions(+) diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil index b9dfe5af6..0ae007646 100644 --- a/private/compat/34.0/34.0.ignore.cil +++ b/private/compat/34.0/34.0.ignore.cil @@ -12,6 +12,7 @@ fwk_vibrator_control_service ecm_enhanced_confirmation_service hal_authgraph_service + hal_graphics_mapper_service hal_secretkeeper_service hal_codec2_service hal_macsec_service diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te index 35a19debe..39ba46ef2 100644 --- a/public/hal_graphics_allocator.te +++ b/public/hal_graphics_allocator.te @@ -3,6 +3,7 @@ binder_call(hal_graphics_allocator_client, hal_graphics_allocator_server) hal_attribute_hwservice(hal_graphics_allocator, hal_graphics_allocator_hwservice) allow hal_graphics_allocator_client hal_graphics_mapper_hwservice:hwservice_manager find; +allow hal_graphics_allocator_client hal_graphics_mapper_service:service_manager find; allow hal_graphics_allocator_client same_process_hal_file:file { execute read open getattr map }; # GPU device access diff --git a/public/service.te b/public/service.te index 5c63e9ea9..0097d17d0 100644 --- a/public/service.te +++ b/public/service.te @@ -303,6 +303,7 @@ type hal_fingerprint_service, protected_service, hal_service_type, service_manag type hal_gnss_service, protected_service, hal_service_type, service_manager_type; type hal_graphics_allocator_service, hal_service_type, service_manager_type; type hal_graphics_composer_service, protected_service, hal_service_type, service_manager_type; +type hal_graphics_mapper_service, hal_service_type, service_manager_type; type hal_health_service, protected_service, hal_service_type, service_manager_type; type hal_health_storage_service, protected_service, hal_service_type, service_manager_type; type hal_identity_service, protected_service, hal_service_type, service_manager_type; diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py index 7a341cbcb..1df823183 100644 --- a/tests/sepolicy_tests.py +++ b/tests/sepolicy_tests.py @@ -190,6 +190,7 @@ def TestIsolatedAttributeConsistency(test_policy): "hal_graphics_allocator_hwservice":["hwservice_manager"], "hal_graphics_allocator_server":["binder", "service_manager"], "hal_graphics_mapper_hwservice":["hwservice_manager"], + "hal_graphics_mapper_service":["service_manager"], "hal_neuralnetworks": ["binder", "fd"], "hal_neuralnetworks_service": ["service_manager"], "hal_neuralnetworks_hwservice":["hwservice_manager"],