platform_system_sepolicy/public/hal_graphics_composer.te

type hal_graphics_composer_server_tmpfs, file_type;
attribute hal_graphics_composer_client_tmpfs;
expandattribute hal_graphics_composer_client_tmpfs true;

# HwBinder IPC from client to server, and callbacks
binder_call(hal_graphics_composer_client, hal_graphics_composer_server)
binder_call(hal_graphics_composer_server, hal_graphics_composer_client)
allow hal_graphics_composer_client hal_graphics_composer_server_tmpfs:file { getattr map read write };
allow hal_graphics_composer_server hal_graphics_composer_client_tmpfs:file { getattr map read write };

hal_attribute_hwservice(hal_graphics_composer, hal_graphics_composer_hwservice)

# Coordinate with hal_graphics_mapper
allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find;

# GPU device access
allow hal_graphics_composer gpu_device:chr_file rw_file_perms;
allow hal_graphics_composer ion_device:chr_file r_file_perms;
allow hal_graphics_composer dmabuf_system_heap_device:chr_file r_file_perms;
allow hal_graphics_composer hal_graphics_allocator:fd use;

# Access /dev/graphics/fb0.
allow hal_graphics_composer graphics_device:dir search;
allow hal_graphics_composer graphics_device:chr_file rw_file_perms;

# Fences
allow hal_graphics_composer system_server:fd use;
allow hal_graphics_composer bootanim:fd use;
allow hal_graphics_composer appdomain:fd use;

# allow self to set SCHED_FIFO
allow hal_graphics_composer self:global_capability_class_set sys_nice;