From 7010a1c7bdd4b66d03a4388a69e68be11b8899b2 Mon Sep 17 00:00:00 2001 From: Shanshan Guo Date: Sat, 18 Jan 2020 10:13:20 +0800 Subject: [PATCH] [ALPS04501651] Sepolicy: Kernel API dump [Detail] For Andorid Q, there is a more stringent restriction for ioctl, app need to access proc_ged by ioctlcmds. [Solution] Add sepolicy for app to access proc_ged by ioctlcmds. MTK-Commit-Id: 630cfe13e5928346453bb3800b75439d5e9e1235 Change-Id: I1bde81017e78d5b70fc78dd5fa148667360d2af4 CR-Id: ALPS04501651 Feature: Power Management --- non_plat/app.te | 15 ++++++++++++++- non_plat/ioctl_defines | 28 +++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/non_plat/app.te b/non_plat/app.te index f474f8c..40ee4ae 100644 --- a/non_plat/app.te +++ b/non_plat/app.te @@ -8,13 +8,26 @@ allow appdomain proc_ged:file rw_file_perms; allowxperm appdomain proc_ged:file ioctl { GED_BRIDGE_IO_LOG_BUF_GET GED_BRIDGE_IO_LOG_BUF_WRITE + GED_BRIDGE_IO_LOG_BUF_RESET GED_BRIDGE_IO_BOOST_GPU_FREQ GED_BRIDGE_IO_MONITOR_3D_FENCE GED_BRIDGE_IO_QUERY_INFO + GED_BRIDGE_IO_NOTIFY_VSYNC + GED_BRIDGE_IO_DVFS_PROBE + GED_BRIDGE_IO_DVFS_UM_RETURN + GED_BRIDGE_IO_EVENT_NOTIFY + GED_BRIDGE_IO_WAIT_HW_VSYNC + GED_BRIDGE_IO_QUERY_TARGET_FPS + GED_BRIDGE_IO_VSYNC_WAIT + GED_BRIDGE_IO_GPU_HINT_TO_CPU GED_BRIDGE_IO_GE_ALLOC GED_BRIDGE_IO_GE_GET GED_BRIDGE_IO_GE_SET - }; + GED_BRIDGE_IO_GPU_TIMESTAMP + GED_BRIDGE_IO_TARGET_FPS + GED_BRIDGE_IO_GE_INFO + GED_BRIDGE_IO_GPU_TUNER_STATUS +}; # Date : W16.42 # Operation : Integration diff --git a/non_plat/ioctl_defines b/non_plat/ioctl_defines index ede0be6..a49e819 100755 --- a/non_plat/ioctl_defines +++ b/non_plat/ioctl_defines @@ -1,3 +1,6 @@ +##################################### +# ged_bridge_id.h +# define(`GED_BRIDGE_IO_LOG_BUF_GET', `0x6700') define(`GED_BRIDGE_IO_LOG_BUF_WRITE', `0x6701') define(`GED_BRIDGE_IO_LOG_BUF_RESET', `0x6702') @@ -8,10 +11,10 @@ define(`GED_BRIDGE_IO_NOTIFY_VSYNC', `0x6706') define(`GED_BRIDGE_IO_DVFS_PROBE', `0x6707') define(`GED_BRIDGE_IO_DVFS_UM_RETURN', `0x6708') define(`GED_BRIDGE_IO_EVENT_NOTIFY', `0x6709') -define(`GED_BRIDGE_IO_WAIT_HW_VSYNC', `0x6710') -define(`GED_BRIDGE_IO_QUERY_TARGET_FPS', `0x6711') -define(`GED_BRIDGE_IO_VSYNC_WAIT', `0x6712') -define(`GED_BRIDGE_IO_GPU_HINT_TO_CPU', `0x6713') +define(`GED_BRIDGE_IO_WAIT_HW_VSYNC', `0x670a') +define(`GED_BRIDGE_IO_QUERY_TARGET_FPS', `0x670b') +define(`GED_BRIDGE_IO_VSYNC_WAIT', `0x670c') +define(`GED_BRIDGE_IO_GPU_HINT_TO_CPU', `0x670d') define(`GED_BRIDGE_IO_GE_ALLOC', `0x6764') define(`GED_BRIDGE_IO_GE_GET', `0x6765') @@ -19,23 +22,38 @@ define(`GED_BRIDGE_IO_GE_SET', `0x6766') define(`GED_BRIDGE_IO_GPU_TIMESTAMP', `0x6767') define(`GED_BRIDGE_IO_TARGET_FPS', `0x6768') define(`GED_BRIDGE_IO_GE_INFO', `0x6769') -define(`GED_BRIDGE_IO_GPU_TUNER_STATUS', `0x6770') +define(`GED_BRIDGE_IO_GPU_TUNER_STATUS', `0x676a') define(`GED_BRIDGE_IO_IOCTLCMD_0F', `0x670f') define(`GED_BRIDGE_IO_IOCTLCMD_10', `0x6710') +##################################### +# perf_ioctl.h +# define(`FPSGO_QUEUE', `0x6701') define(`FPSGO_DEQUEUE', `0x6703') define(`FPSGO_VSYNC', `0x6705') define(`FPSGO_TOUCH', `0x670a') define(`FPSGO_QUEUE_CONNECT', `0x670f') define(`FPSGO_BQID', `0x6710') + +##################################### +# +# define(`EARA_NN_BEGIN', `0x6701') define(`EARA_NN_END', `0x6702') define(`EARA_GETUSAGE', `0x6703') + +##################################### +# +# define(`PERFMGR_CPU_PREFER', `0x6701') define(`MMC_IOCTLCMD', `0xb300') define(`UFS_IOCTLCMD', `0x5388') + +##################################### +# +# define(`JPG_BRIDGE_ENC_IO_INIT', `0x780b') define(`JPG_BRIDGE_ENC_IO_CONFIG', `0x780c') define(`JPG_BRIDGE_ENC_IO_WAIT', `0x780d')