NekoSakura/Android_Device_Mediatek_Sepolicy_Vndr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sepolicy: basic: non_plat: Add rules for MediaTek GPU HAL

Browse Source 
* Dropped in S sepolicy but we need it since we have
  blobs from R.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ifb8fa7d8e28b1d74c1bf3ea6b817afd3c84a90c6
This commit is contained in:
bengris32 2022-09-25 18:35:40 +01:00 committed by Matsvei Niaverau
parent 9235669c21
commit 3538c267c2
7 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
basic/non_plat/file_contexts
View File

@ -716,6 +716,10 @@
# Google Trusty system files # Google Trusty system files
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0
# gpu hal
/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.gpu@1\.0-service u:object_r:mtk_hal_gpu_exec:s0
/vendor/lib(64)?/vendor\.mediatek\.hardware\.gpu@1\.0.so u:object_r:same_process_hal_file:s0
# MTEE keymaster4.0/4.1 system files # MTEE keymaster4.0/4.1 system files
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service\.mtee u:object_r:hal_keymaster_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service\.mtee u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service\.mtee u:object_r:hal_keymaster_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service\.mtee u:object_r:hal_keymaster_default_exec:s0

6
basic/non_plat/hal_gpu.te Normal file
View File

@ -0,0 +1,6 @@
# HwBinder IPC from clients into server, and callbacks
binder_call(hal_gpu_client, hal_gpu_server)
binder_call(hal_gpu_server, hal_gpu_client)
# give permission for hal client
allow hal_gpu_client mtk_hal_gpu_hwservice :hwservice_manager find;

3
basic/non_plat/hwservice.te
View File

@ -74,3 +74,6 @@ type mtk_hal_bluetooth_audio_hwservice,hwservice_manager_type;
# Date: 2021/06/30 # Date: 2021/06/30
# composer extension HIDL # composer extension HIDL
type mtk_hal_composer_ext_hwservice, hwservice_manager_type, protected_hwservice; type mtk_hal_composer_ext_hwservice, hwservice_manager_type, protected_hwservice;
# GPU HIDL
type mtk_hal_gpu_hwservice, hwservice_manager_type;

3
basic/non_plat/hwservice_contexts
View File

@ -10,6 +10,9 @@ vendor.mediatek.hardware.radio::ISap u:object_r:m
vendor.mediatek.hardware.interfaces_tc1.mtkradioex_tc1::IMtkRadioEx u:object_r:mtk_hal_rild_hwservice:s0 vendor.mediatek.hardware.interfaces_tc1.mtkradioex_tc1::IMtkRadioEx u:object_r:mtk_hal_rild_hwservice:s0
vendor.mediatek.hardware.radio_op::IRadioOp u:object_r:mtk_hal_rild_hwservice:s0 vendor.mediatek.hardware.radio_op::IRadioOp u:object_r:mtk_hal_rild_hwservice:s0
# GPU HIDL
vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0
# Date: 2017/06/07 # Date: 2017/06/07
# power hidl # power hidl
vendor.mediatek.hardware.mtkpower::IMtkPerf u:object_r:hal_power_hwservice:s0 vendor.mediatek.hardware.mtkpower::IMtkPerf u:object_r:hal_power_hwservice:s0

30
basic/non_plat/mtk_hal_gpu.te Normal file
View File

@ -0,0 +1,30 @@
type mtk_hal_gpu, domain;
type mtk_hal_gpu_exec, exec_type, file_type, vendor_file_type;
# Setup for domain transition
init_daemon_domain(mtk_hal_gpu)
# Allow to use HWBinder IPC
hwbinder_use(mtk_hal_gpu);
# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder.
hal_server_domain(mtk_hal_gpu, hal_gpu)
# add/find permission rule to hwservicemanager
add_hwservice(hal_gpu, mtk_hal_gpu_hwservice)
allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find;
# Allow to allocate hidl memory
hal_client_domain(mtk_hal_gpu, hal_allocator)
# Purpose : Allow to use kernel driver
allow mtk_hal_gpu graphics_device:chr_file rw_file_perms;
allow mtk_hal_gpu proc_ged:file rw_file_perms;
allowxperm mtk_hal_gpu proc_ged:file ioctl { proc_ged_ioctls };
allow mtk_hal_gpu hal_graphics_allocator_default:fd use;
allow mtk_hal_gpu ion_device:chr_file r_file_perms;
allow mtk_hal_gpu debugfs_ion:dir search;
allow mtk_hal_gpu merged_hal_service:fd use;

5
basic/plat_public/attributes
View File

@ -33,6 +33,11 @@ attribute hal_mtk_lbs;
attribute hal_mtk_lbs_client; attribute hal_mtk_lbs_client;
attribute hal_mtk_lbs_server; attribute hal_mtk_lbs_server;
# GPU HIDL
attribute hal_gpu;
attribute hal_gpu_client;
attribute hal_gpu_server;
# Date: 2017/06/27 # Date: 2017/06/27
# IMSA HIDL # IMSA HIDL
attribute hal_mtk_imsa; attribute hal_mtk_imsa;

1
bsp/non_plat/camerapostalgo.te
View File

@ -23,4 +23,5 @@ hal_client_domain(camerapostalgo, hal_mtk_mms)
hal_client_domain(camerapostalgo, hal_graphics_allocator) hal_client_domain(camerapostalgo, hal_graphics_allocator)
allow camerapostalgo hal_graphics_mapper_hwservice:hwservice_manager find; allow camerapostalgo hal_graphics_mapper_hwservice:hwservice_manager find;
allow camerapostalgo hal_configstore_default:binder call; allow camerapostalgo hal_configstore_default:binder call;
allow camerapostalgo mtk_hal_gpu_hwservice:hwservice_manager find;