From 833b333821c15b306b675921d851a43ad6ca9fb2 Mon Sep 17 00:00:00 2001 From: Caroline Yang Date: Sat, 18 Jan 2020 09:48:20 +0800 Subject: [PATCH] [ALPS03902348] GPU: Add sepolicy for graphics [Detail] More strictly selinux policy that system process cannot access vendor partition, unless label the specific vendor lib to same_process_hal_file [Solution] Add same-process HAL files and their dependencies MTK-Commit-Id: 142626c1bf5c65f7781d3c75969cacd86afa938a Change-Id: I4f6f1be7eef4f013578fe06512ba32e43d107ddf CR-Id: ALPS03902348 Feature: OpenGL|ES --- non_plat/file_contexts | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/non_plat/file_contexts b/non_plat/file_contexts index 6d9c1e0..d69eaa0 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -570,3 +570,25 @@ #hidl process merging /(system\/vendor|vendor)/bin/hw/merged_hal_service u:object_r:merged_hal_service_exec:s0 + + +############################################### +# same-process HAL files and their dependencies +# +/vendor/lib(64)?/hw/gralloc\.mt[0-9]+\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.mt[0-9]+\.so u:object_r:same_process_hal_file:s0 + +/vendor/lib(64)?/libIMGegl\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libsrv_um\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libtqvalidate\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libusc\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libglslcompiler\.so u:object_r:same_process_hal_file:s0 + +/vendor/lib(64)?/libGLES_mali\.so u:object_r:same_process_hal_file:s0 + +/vendor/lib(64)?/libgralloc_extra\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libgpu_aux\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libged\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libion_mtk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libion_ulit\.so u:object_r:same_process_hal_file:s0