5c6a227ebb
Copy the final system sepolicy from oc-dev to its prebuilt dir corresponding to its version (26.0) so that we can uprev policy and start maintaining compatibility files, as well as use it for CTS tests targeting future platforms. Bug: 37896931 Test: none, this just copies the old policy. Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
20 lines
704 B
Text
20 lines
704 B
Text
# bufferhubd
|
|
type bufferhubd, domain, mlstrustedsubject;
|
|
type bufferhubd_exec, exec_type, file_type;
|
|
|
|
hal_client_domain(bufferhubd, hal_graphics_allocator)
|
|
|
|
pdx_server(bufferhubd, bufferhub_client)
|
|
pdx_client(bufferhubd, performance_client)
|
|
|
|
# Access the GPU.
|
|
allow bufferhubd gpu_device:chr_file rw_file_perms;
|
|
|
|
# Access /dev/ion
|
|
allow bufferhubd ion_device:chr_file r_file_perms;
|
|
|
|
# Receive sync fence FDs from mediacodec. Note that mediacodec never directly
|
|
# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between
|
|
# those two: it talks to mediacodec via Binder and talks to bufferhubd via PDX.
|
|
# Thus, there is no need to use pdx_client macro.
|
|
allow bufferhubd mediacodec:fd use;
|