From 15fe055c40511f0d16c0ea12960d80fc6c51d79b Mon Sep 17 00:00:00 2001 From: Figo Wang Date: Sat, 18 Jan 2020 10:13:09 +0800 Subject: [PATCH] [ALPS04501667] SELINUX: Kernel API dump of GED access Add sepolicy to resolve the kernel api dump. MTK-Commit-Id: 471082eb801521fcba7cb9a2dc9105e9832047b7 Change-Id: Ica2001bcb4c998f2cdb2cba26f5351ea72c65153 Signed-off-by: Figo Wang CR-Id: ALPS04501667 Feature: Power Management --- non_plat/hal_graphics_allocator.te | 2 -- non_plat/hal_graphics_allocator_default.te | 11 ++++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/non_plat/hal_graphics_allocator.te b/non_plat/hal_graphics_allocator.te index a084d1d..310c04a 100644 --- a/non_plat/hal_graphics_allocator.te +++ b/non_plat/hal_graphics_allocator.te @@ -3,5 +3,3 @@ # Purpose : Add policy for gralloc HIDL allow hal_graphics_allocator proc_ged:file { read ioctl open }; - -allowxperm hal_graphics_allocator_default proc_ged:file ioctl { GED_BRIDGE_IO_GE_ALLOC GED_BRIDGE_IO_GE_GET }; diff --git a/non_plat/hal_graphics_allocator_default.te b/non_plat/hal_graphics_allocator_default.te index 573d2be..921aaac 100644 --- a/non_plat/hal_graphics_allocator_default.te +++ b/non_plat/hal_graphics_allocator_default.te @@ -15,4 +15,13 @@ allow hal_graphics_allocator_default debugfs_ion:dir search; allow hal_graphics_allocator_default debugfs_tracing:file write; #============= hal_graphics_allocator_default ============== -allow hal_graphics_allocator_default debugfs_tracing:file open; \ No newline at end of file +allow hal_graphics_allocator_default debugfs_tracing:file open; + +#============= hal_graphics_allocator_default ============== +allow hal_graphics_allocator_default proc_ged:file r_file_perms; +allowxperm hal_graphics_allocator_default proc_ged:file ioctl { +GED_BRIDGE_IO_GE_ALLOC +GED_BRIDGE_IO_GE_GET +GED_BRIDGE_IO_GE_SET +}; +