Add policy for USF low latency transport gralloc usage. am: 1082e886c0

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14144079 Change-Id: I32cc4ea5c2f396ddb1b3b288d5531116bf185baf
2021-04-12 02:27:27 +00:00 · 2021-04-12 02:27:27 +00:00 · 7e5ceecdf6
commit 7e5ceecdf6
parent b67548e8cf 1082e886c0
4 changed files with 25 additions and 0 deletions
--- a/usf/sensor_hal.te
+++ b/usf/sensor_hal.te
@ -41,6 +41,9 @@ allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;
 # Allow access to the sysfs_aoc.
 allow hal_sensors_default sysfs_aoc:dir search;

+# Allow use of the USF low latency transport.
+usf_low_latency_transport(hal_sensors_default)
+
 #
 # Suez type enforcements.
 #
--- a/usf/te_macros
+++ b/usf/te_macros
@ -0,0 +1,14 @@
+#
+# USF SELinux type enforcement macros.
+#
+
+#
+# usf_low_latency_transport(domain)
+#
+# Allows domain use of the USF low latency transport.
+#
+define(`usf_low_latency_transport', `
+  allow $1 hal_graphics_mapper_hwservice:hwservice_manager find;
+  hal_client_domain($1, hal_graphics_allocator)
+')
+
--- a/whitechapel/vendor/google/chre.te
+++ b/whitechapel/vendor/google/chre.te
@ -11,3 +11,7 @@ allow chre sysfs_aoc_boottime:file r_file_perms;

 # Allow CHRE to create thread to watch AOC's device
 allow chre device:dir r_dir_perms;
+
+# Allow CHRE to use the USF low latency transport
+usf_low_latency_transport(chre)
+
--- a/whitechapel/vendor/google/rlsservice.te
+++ b/whitechapel/vendor/google/rlsservice.te
@ -22,3 +22,7 @@ binder_call(rlsservice, hal_camera_default)
 # Allow access to always-on compute device node
 allow rlsservice device:dir { read watch };
 allow rlsservice aoc_device:chr_file rw_file_perms;
+
+# Allow use of the USF low latency transport
+usf_low_latency_transport(rlsservice)
+