Skip to content

Commit

Permalink
Add sepolicy for hwc3
Browse files Browse the repository at this point in the history
TrackedOn:No
Signed-off-by: manxiaoliang <[email protected]>
  • Loading branch information
manxiaoliang committed Dec 19, 2022
1 parent 1c30b91 commit 3ffe727
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 0 deletions.
2 changes: 2 additions & 0 deletions graphics/composer3/file_contexts
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer3-service\.intel u:hal_graphics_composer_default_exec:s0

3 changes: 3 additions & 0 deletions graphics/composer3/hal_graphics_allocator_default.te
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#============= hal_graphics_allocator_default ==============
allow hal_graphics_allocator_default gpu_device:chr_file rw_file_perms;
allow hal_graphics_allocator_default gpu_device:dir r_dir_perms;
18 changes: 18 additions & 0 deletions graphics/composer3/hal_graphics_composer_default.te
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
vndbinder_use(hal_graphics_composer_default)

binder_call(hal_graphics_composer_default, hal_graphics_allocator_default)

allow hal_graphics_composer_default cache_file:dir create_dir_perms;
allow hal_graphics_composer_default cache_file:file create_file_perms;
allow hal_graphics_composer_default gpu_device:chr_file rw_file_perms;
allow hal_graphics_composer_default gpu_device:dir r_dir_perms;

allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read bind create setopt };

add_service(hal_graphics_composer_default, hwc_info_service)

hal_client_domain(hal_graphics_composer_default, hal_configstore)
allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)

allow hal_graphics_composer_default sysfs_app_readable:file r_file_perms;
2 changes: 2 additions & 0 deletions graphics/composer3/violators_blacklist.te
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
typeattribute hal_graphics_composer_default data_between_core_and_vendor_violators;

0 comments on commit 3ffe727

Please sign in to comment.