Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
device_google_gs101/display/gs101/hal_graphics_composer_default.te
linpeter 81aaf6cda3 Add sepolicy for hwcomposer to access lhbm sysfs 
avc: denied { read write } for comm="android.hardwar" name="local_hbm_mode" dev="sysfs" ino=70189 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 190563896
test: check avc denied
Change-Id: I0f6abc1244d24781ff3318908b524a889490993d
2021-06-15 19:37:14 +08:00

45 lines
2 KiB
Text
Raw Blame History

allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
vndbinder_use(hal_graphics_composer_default)
userdebug_or_eng(`
allow hal_graphics_composer_default vendor_log_file:dir create_dir_perms;
# For HWC/libdisplaycolor to generate calibration file.
allow hal_graphics_composer_default persist_display_file:file create_file_perms;
allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
')
# allow HWC/libdisplaycolor to read calibration data
allow hal_graphics_composer_default mnt_vendor_file:dir search;
allow hal_graphics_composer_default persist_file:dir search;
allow hal_graphics_composer_default persist_display_file:file r_file_perms;
# allow HWC to r/w backlight
allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
# allow HWC to get vendor_persist_sys_default_prop
get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop)
# allow HWC to get vendor_display_prop
get_prop(hal_graphics_composer_default, vendor_display_prop)
# allow HWC to access vendor_displaycolor_service
add_service(hal_graphics_composer_default, vendor_displaycolor_service)
add_service(hal_graphics_composer_default, hal_pixel_display_service)
binder_use(hal_graphics_composer_default)
get_prop(hal_graphics_composer_default, boot_status_prop);
# allow HWC to access vendor log file
allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
# allow HWC to output to dumpstate via pipe fd
allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
allow hal_graphics_composer_default hal_dumpstate_default:fd use;
# allow HWC to access LHBM sysfs
allow hal_graphics_composer_default sysfs_lhbm:file rw_file_perms;
Reference in a new issue View git blame Copy permalink