tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Chia-I Wu fb08872a40 Add sepolicy for hwcomposer HAL 
Allow SurfaceFlinger to call into IComposer, and vice versa for
IComposerCallback.

Specifically,

hwbinder_use(...) for
avc: denied { call } for scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1
avc: denied { transfer } for scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1

binder_call(..., surfaceflinger) for
avc: denied { call } for scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:surfaceflinger:s0 tclass=binder permissive=1

allow ... gpu_device:chr_file rw_file_perms for
avc: denied { read write } for name="kgsl-3d0" dev="tmpfs" ino=14956 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1
avc: denied { open } for path="/dev/kgsl-3d0" dev="tmpfs" ino=14956 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for path="/dev/kgsl-3d0" dev="tmpfs" ino=14956 ioctlcmd=940 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=1

allow ... ion_device:chr_file r_file_perms for
avc: denied { ioctl } for path="/dev/ion" dev="tmpfs" ino=15014 ioctlcmd=4900 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1

allow ... graphics_device ... for
avc: denied { ioctl } for path="/dev/graphics/fb0" dev="tmpfs" ino=15121 ioctlcmd=5380 scontext=u:r:hal_graphics_composer:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1

allow ... ...:fd use for
avc: denied { use } for path="anon_inode:dmabuf" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:hal_graphics_allocator_service:s0 tclass=fd permissive=1
avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:bootanim:s0 tclass=fd permissive=1
avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:surfaceflinger:s0 tclass=fd permissive=1
avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:hal_graphics_composer:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=fd permissive=1

binder_call(surfaceflinger, ...) for
avc: denied { call } for scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=binder permissive=1
avc: denied { transfer } for scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=binder permissive=1
avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 ioctlcmd=3e02 scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=fd permissive=1
avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=12794 scontext=u:r:surfaceflinger:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=fd permissive=1

allow bootanim ...:fd use for
avc: denied { use } for path="anon_inode:sync_fence" dev="anon_inodefs" ino=11947 scontext=u:r:bootanim:s0 tcontext=u:r:hal_graphics_composer:s0 tclass=fd permissive=1

Bug: 32021609
Test: make bootimage
Change-Id: I036cdbebf0c619fef7559f294f1865f381b17588
2016-11-14 01:10:02 +00:00
..
access_vectors Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
adbd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
atrace.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
audioserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bluetooth.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootanim.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootstat.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cameraserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cppreopts.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
debuggerd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dhcp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
drmserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dumpstate.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ephemeral_app.te Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
file_contexts Add sepolicy for hwcomposer HAL 2016-11-14 01:10:02 +00:00
file_contexts_asan Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fingerprintd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fs_use Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
gatekeeperd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
genfs_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hal_audio.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_boot.te sepolicy for boot_control HAL service 2016-10-25 13:33:48 -07:00
hal_graphics_allocator.te Add sepolicy for gralloc-alloc HAL 2016-11-14 01:09:51 +00:00
hal_graphics_composer.te Add sepolicy for hwcomposer HAL 2016-11-14 01:10:02 +00:00
hal_light.te Sepolicy for light hal. 2016-11-01 21:30:51 +00:00
hal_memtrack.te hal_memtrack: Add sepolicy for memtrack service. 2016-11-03 13:05:48 -07:00
hal_nfc.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_power.te hal_power: Add sepolicy for power service. 2016-11-03 13:01:48 -07:00
hal_thermal.te sepolicy: Add policy for thermal HIDL service 2016-11-08 13:34:31 +01:00
hal_vibrator.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_vr.te clean up hal types 2016-10-26 09:50:04 -07:00
hal_wifi.te wifi_hal: Rename to 'hal_wifi' 2016-10-28 09:00:31 -07:00
hci_attach.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hostapd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hwservicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
init.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sid_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
initial_sids Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
inputflinger.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
install_recovery.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
installd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
kernel.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keys.conf Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
keystore.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
lmkd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
logd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mac_permissions.xml Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mdnsd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediacodec.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediadrmserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaextractor.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaserver.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mls Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mls_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mtp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
netd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_chroot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_slot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
perfprofd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
policy_capabilities Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
port_contexts Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall_dexopt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ppp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
property_contexts property.te: delete security_prop 2016-11-11 12:31:19 -08:00
racoon.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
recovery_persist.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
recovery_refresh.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
rild.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
roles Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
runas.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
sdcardd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
seapp_contexts Rename autoplay_app to ephemeral_app 2016-10-07 09:52:31 -07:00
security_classes Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
service_contexts [NAN-AWARE] Remove NAN service 2016-11-04 13:38:14 -07:00
servicemanager.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
su.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
surfaceflinger.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
system_server.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tee.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
toolbox.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tzdatacheck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ueventd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
uncrypt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_engine.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
users Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vdc.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
vold.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
webview_zygote.te Add the "webview_zygote" domain. 2016-11-11 10:13:17 -05:00
wificond.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
wpa.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
zygote.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00