f30a82efe2
Right now, the hwcomposer hidl hal is unable to figure out where
to get the hidl mapper implementation.
It is expected that all graphics composer objects will need this
permission. The interfaces are written to work together with the
"IMapper" being the same-process ("sphal") component and the
"IComposer" interface being the binderized compoenent.
10-09 00:24:38.900 457 457 E SELinux : avc: denied { find } for
interface=android.hardware.graphics.mapper::IMapper pid=495
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager
Test: boot marlin, denial no longer present.
Bug: 38415912
Change-Id: I1b274be10e115fa7b53fb81e85be8827da05997e
26 lines
1.1 KiB
Text
26 lines
1.1 KiB
Text
# HwBinder IPC from client to server, and callbacks
|
|
binder_call(hal_graphics_composer_client, hal_graphics_composer_server)
|
|
binder_call(hal_graphics_composer_server, hal_graphics_composer_client)
|
|
|
|
add_hwservice(hal_graphics_composer_server, hal_graphics_composer_hwservice)
|
|
allow hal_graphics_composer_client hal_graphics_composer_hwservice:hwservice_manager find;
|
|
|
|
# Coordinate with hal_graphics_mapper
|
|
allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find;
|
|
|
|
# GPU device access
|
|
allow hal_graphics_composer gpu_device:chr_file rw_file_perms;
|
|
allow hal_graphics_composer ion_device:chr_file r_file_perms;
|
|
allow hal_graphics_composer hal_graphics_allocator:fd use;
|
|
|
|
# Access /dev/graphics/fb0.
|
|
allow hal_graphics_composer graphics_device:dir search;
|
|
allow hal_graphics_composer graphics_device:chr_file rw_file_perms;
|
|
|
|
# Fences
|
|
allow hal_graphics_composer system_server:fd use;
|
|
allow hal_graphics_composer bootanim:fd use;
|
|
allow hal_graphics_composer appdomain:fd use;
|
|
|
|
# allow self to set SCHED_FIFO
|
|
allow hal_graphics_composer self:capability sys_nice;
|