Merge "sepolicy: ashmem entry point for libcutils"
This commit is contained in:
commit
e612ecd6ed
5 changed files with 9 additions and 0 deletions
|
@ -5,6 +5,7 @@
|
||||||
(typeattribute new_objects)
|
(typeattribute new_objects)
|
||||||
(typeattributeset new_objects
|
(typeattributeset new_objects
|
||||||
( new_objects
|
( new_objects
|
||||||
|
ashmem_libcutils_device
|
||||||
boringssl_self_test
|
boringssl_self_test
|
||||||
charger_prop
|
charger_prop
|
||||||
cold_boot_done_prop
|
cold_boot_done_prop
|
||||||
|
|
|
@ -75,6 +75,7 @@
|
||||||
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
||||||
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
||||||
/dev/ashmem u:object_r:ashmem_device:s0
|
/dev/ashmem u:object_r:ashmem_device:s0
|
||||||
|
/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0
|
||||||
/dev/audio.* u:object_r:audio_device:s0
|
/dev/audio.* u:object_r:audio_device:s0
|
||||||
/dev/binder u:object_r:binder_device:s0
|
/dev/binder u:object_r:binder_device:s0
|
||||||
/dev/block(/.*)? u:object_r:block_device:s0
|
/dev/block(/.*)? u:object_r:block_device:s0
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# Device types
|
# Device types
|
||||||
type device, dev_type, fs_type;
|
type device, dev_type, fs_type;
|
||||||
type ashmem_device, dev_type, mlstrustedobject;
|
type ashmem_device, dev_type, mlstrustedobject;
|
||||||
|
type ashmem_libcutils_device, dev_type, mlstrustedobject;
|
||||||
type audio_device, dev_type;
|
type audio_device, dev_type;
|
||||||
type binder_device, dev_type, mlstrustedobject;
|
type binder_device, dev_type, mlstrustedobject;
|
||||||
type hwbinder_device, dev_type, mlstrustedobject;
|
type hwbinder_device, dev_type, mlstrustedobject;
|
||||||
|
|
|
@ -80,6 +80,9 @@ allow {
|
||||||
-untrusted_app_all
|
-untrusted_app_all
|
||||||
} ashmem_device:chr_file rw_file_perms;
|
} ashmem_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# This device is used by libcutils.
|
||||||
|
allow domain ashmem_libcutils_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
# Allow using fds to /dev/ashmem.
|
# Allow using fds to /dev/ashmem.
|
||||||
allow domain ashmem_server:fd use;
|
allow domain ashmem_server:fd use;
|
||||||
|
|
||||||
|
|
3
vendor/hal_sensors_default.te
vendored
3
vendor/hal_sensors_default.te
vendored
|
@ -17,3 +17,6 @@ allow hal_sensors_default ion_device:chr_file r_file_perms;
|
||||||
# allow sensor hal to use lock for keeping system awake for wake up
|
# allow sensor hal to use lock for keeping system awake for wake up
|
||||||
# events delivery.
|
# events delivery.
|
||||||
wakelock_use(hal_sensors_default);
|
wakelock_use(hal_sensors_default);
|
||||||
|
|
||||||
|
# allow sensor hal to use ashmem fd from system_server.
|
||||||
|
allow hal_sensors_default system_server:fd use;
|
||||||
|
|
Loading…
Reference in a new issue