Merge "sepolicy: ashmem entry point for libcutils"

am: e612ecd6ed

Change-Id: I5bcc2aff671060bd0dd87d9f448a63056a69a672
This commit is contained in:
Tri Vo 2019-09-26 11:35:38 -07:00 committed by android-build-merger
commit e570bf7ea4
5 changed files with 9 additions and 0 deletions

View file

@ -5,6 +5,7 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
ashmem_libcutils_device
boringssl_self_test
charger_prop
cold_boot_done_prop

View file

@ -75,6 +75,7 @@
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
/dev/ashmem u:object_r:ashmem_device:s0
/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0
/dev/audio.* u:object_r:audio_device:s0
/dev/binder u:object_r:binder_device:s0
/dev/block(/.*)? u:object_r:block_device:s0

View file

@ -1,6 +1,7 @@
# Device types
type device, dev_type, fs_type;
type ashmem_device, dev_type, mlstrustedobject;
type ashmem_libcutils_device, dev_type, mlstrustedobject;
type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
type hwbinder_device, dev_type, mlstrustedobject;

View file

@ -80,6 +80,9 @@ allow {
-untrusted_app_all
} ashmem_device:chr_file rw_file_perms;
# This device is used by libcutils.
allow domain ashmem_libcutils_device:chr_file rw_file_perms;
# Allow using fds to /dev/ashmem.
allow domain ashmem_server:fd use;

View file

@ -17,3 +17,6 @@ allow hal_sensors_default ion_device:chr_file r_file_perms;
# allow sensor hal to use lock for keeping system awake for wake up
# events delivery.
wakelock_use(hal_sensors_default);
# allow sensor hal to use ashmem fd from system_server.
allow hal_sensors_default system_server:fd use;