[Display] Add SELinux policy for hal_graphics_composer_default

Add SELinux policy for hal_graphics_composer_default to find persist_display_file Bug: 202487234 Test: device boot will not find avc denied log as "avc: denied { search } for name="display" dev="sda1" ino=21 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:persist_display_file:s0 tclass=dir permissive=0" Change-Id: I8fc386cb18397911404e1f2803601711e40edead
2021-10-08 07:38:26 +00:00 · 2021-10-08 07:38:26 +00:00 · 24693cd264
commit 24693cd264
parent 2a166c0eb5
1 changed files with 1 additions and 0 deletions
--- a/display/gs101/hal_graphics_composer_default.te
+++ b/display/gs101/hal_graphics_composer_default.te
@ -16,6 +16,7 @@ userdebug_or_eng(`
 allow hal_graphics_composer_default mnt_vendor_file:dir search;
 allow hal_graphics_composer_default persist_file:dir search;
 allow hal_graphics_composer_default persist_display_file:file r_file_perms;
+allow hal_graphics_composer_default persist_display_file:dir search;

 # allow HWC to r/w backlight
 allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;