platform_system_sepolicy/vendor/hal_sensors_default.te
Tri Vo a7f61021b7 sepolicy: ashmem entry point for libcutils
This duplicated ashmem device is intended to replace ashmemd.

Ashmem fd has a label of the domain that opens it. Now with ashmemd
removed, ashmem fds can have labels other than "ashmemd", e.g.
"system_server". We add missing permissions to make ashmem fds usable.

Bug: 139855428
Test: boot device
Change-Id: Iec8352567f1e4f171f76db1272935eee59156954
2019-09-25 11:26:18 -07:00

22 lines
850 B
Text

type hal_sensors_default, domain;
hal_server_domain(hal_sensors_default, hal_sensors)
type hal_sensors_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_sensors_default)
allow hal_sensors_default fwk_scheduler_hwservice:hwservice_manager find;
allow hal_sensors_default input_device:dir r_dir_perms;
allow hal_sensors_default input_device:chr_file r_file_perms;
# Allow sensor hals to access and use gralloc memory allocated by
# android.hardware.graphics.allocator
allow hal_sensors_default hal_graphics_allocator_default:fd use;
allow hal_sensors_default ion_device:chr_file r_file_perms;
# allow sensor hal to use lock for keeping system awake for wake up
# events delivery.
wakelock_use(hal_sensors_default);
# allow sensor hal to use ashmem fd from system_server.
allow hal_sensors_default system_server:fd use;