platform_system_sepolicy/vendor/hal_evs_default.te
Changyeon Jo a083d7a8d8 Updates sepolicy for EVS HAL
This CL updates hal_evs_default to be sufficient for the defautl EVS HAL
implementation and modifies other services' policies to be able to
communicate with EVS HAL implementations

Bug: 217271351
Test: m -j selinux_policy and Treehugger
Change-Id: I2df8e10f574d62f8b84e0ff0381656ab1b18b52f
2022-02-10 01:42:59 +00:00

24 lines
938 B
Text

# evs_mock mock hardware driver service
type hal_evs_default, domain;
hal_server_domain(hal_evs_default, hal_evs)
# allow init to launch processes in this context
type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_evs_default)
# allow to use a graphic buffer
hal_client_domain(hal_evs_default, hal_configstore)
hal_client_domain(hal_evs_default, hal_graphics_allocator)
hal_client_domain(hal_evs_default, hal_graphics_composer)
# allow to use automotive display service
binder_call(hal_evs_default, automotive_display_service_server)
allow hal_evs_default fwk_automotive_display_hwservice:hwservice_manager find;
# allow to access EGL
allow hal_evs_default gpu_device:chr_file rw_file_perms;
allow hal_evs_default gpu_device:dir search;
# allow to monitor uevents and access video devices
allow hal_evs_default device:dir r_dir_perms;
allow hal_evs_default video_device:chr_file rw_file_perms;