Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
device_google_zumapro/vendor/hal_graphics_composer_default.te
Wiwit Rifa'i 24ad0c2d7f Allow binder calls between composer and powerstats 
This will fix some avc denials:

* SELinux : avc:  denied  { find } for pid=508 uid=1000
name=power.stats-vendor scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_power_stats_vendor_service:s0
tclass=service_manager permissive=0

* binder:501_1: type=1400 audit(0.0:30): avc:  denied  { call } for
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0

* android.hardwar: type=1400 audit(0.0:10): avc:  denied  { call }
for  scontext=u:r:hal_power_stats_default:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 315497129
Test: check no avc denied between composer & powerstats
Change-Id: I6033e088d5706a0d2a6f942f983a05e6148764a9
2024-02-01 09:13:27 +08:00

47 lines
2 KiB
Text
Raw Blame History

# allow HWC to access power hal
hal_client_domain(hal_graphics_composer_default, hal_power)
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
# access sysfs R/W
allow hal_graphics_composer_default sysfs_display:dir search;
allow hal_graphics_composer_default sysfs_display:file rw_file_perms;
# allow HWC to r/w backlight
allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
# socket / vnd service
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
vndbinder_use(hal_graphics_composer_default)
# boot stauts prop
get_prop(hal_graphics_composer_default, boot_status_prop);
# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)
add_service(hal_graphics_composer_default, hal_pixel_display_service)
# allow HWC/libdisplaycolor to read calibration data
allow hal_graphics_composer_default mnt_vendor_file:dir search;
allow hal_graphics_composer_default persist_file:dir search;
allow hal_graphics_composer_default persist_display_file:file r_file_perms;
allow hal_graphics_composer_default persist_display_file:dir search;
# allow HWC to get/set vendor_display_prop
set_prop(hal_graphics_composer_default, vendor_display_prop)
# allow HWC to access vendor_displaycolor_service
add_service(hal_graphics_composer_default, vendor_displaycolor_service)
add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
# allow HWC to read/write/search hwc_log_file
allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;
allow hal_graphics_composer_default vendor_log_file:dir search;
# allow HWC to access powerstats
allow hal_graphics_composer_default hal_power_stats_vendor_service:service_manager find;
binder_call(hal_graphics_composer_default, hal_power_stats_default)
Reference in a new issue View git blame Copy permalink