4c189644a9
type=1400 audit(0.0:77): avc: denied { search } for name="thermal"
dev="tmpfs" ino=1618 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:thermal_link_device:s0 tclass=dir permissive=0
type=1400 audit(0.0:74): avc: denied { search } for name="thermal"
dev="sysfs" ino=21594 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0
type=1400 audit(0.0:74): avc: denied { read } for name="temp"
dev="sysfs" ino=73536 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0
type=1400 audit(0.0:74): avc: denied { getattr } for
path="/sys/devices/virtual/thermal/thermal_zone12/temp" dev="sysfs"
ino=73537 scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0
Bug: 340846691
Test: check no avc pattern on logcat from test image
Flag: NONE add permission
Change-Id: I0f327b98e32627e00be4cc0d0a99be39d1ec3bf2
54 lines
2.4 KiB
Text
54 lines
2.4 KiB
Text
# allow HWC to access power hal
|
|
hal_client_domain(hal_graphics_composer_default, hal_power)
|
|
|
|
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
|
|
|
|
# access sysfs R/W
|
|
allow hal_graphics_composer_default sysfs_display:dir search;
|
|
allow hal_graphics_composer_default sysfs_display:file rw_file_perms;
|
|
|
|
# allow HWC to r/w backlight
|
|
allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
|
|
allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
|
|
|
|
# socket / vnd service
|
|
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
|
vndbinder_use(hal_graphics_composer_default)
|
|
|
|
# boot stauts prop
|
|
get_prop(hal_graphics_composer_default, boot_status_prop);
|
|
|
|
# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
|
|
get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)
|
|
|
|
add_service(hal_graphics_composer_default, hal_pixel_display_service)
|
|
|
|
# allow HWC/libdisplaycolor to read calibration data
|
|
allow hal_graphics_composer_default mnt_vendor_file:dir search;
|
|
allow hal_graphics_composer_default persist_file:dir search;
|
|
allow hal_graphics_composer_default persist_display_file:file r_file_perms;
|
|
allow hal_graphics_composer_default persist_display_file:dir search;
|
|
|
|
# allow HWC to get/set vendor_display_prop
|
|
set_prop(hal_graphics_composer_default, vendor_display_prop)
|
|
|
|
# allow HWC to access vendor_displaycolor_service
|
|
add_service(hal_graphics_composer_default, vendor_displaycolor_service)
|
|
|
|
add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
|
|
|
|
# allow HWC to read/write/search hwc_log_file
|
|
allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
|
|
allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;
|
|
allow hal_graphics_composer_default vendor_log_file:dir search;
|
|
|
|
# allow HWC to access powerstats
|
|
allow hal_graphics_composer_default hal_power_stats_vendor_service:service_manager find;
|
|
allow hal_graphics_composer_default thermal_link_device:dir search;
|
|
allow hal_graphics_composer_default sysfs_thermal:dir search;
|
|
allow hal_graphics_composer_default sysfs_thermal:file r_file_perms;
|
|
binder_call(hal_graphics_composer_default, hal_power_stats_default)
|
|
|
|
# allow HWC to access IStats AIDL
|
|
allow hal_graphics_composer_default fwk_stats_service:service_manager find;
|
|
binder_call(hal_graphics_composer_default, system_server);
|