[ALPS03902348] GPU: Add sepolicy for graphics

[Detail] More strictly selinux policy that system process cannot access vendor partition, unless label the specific vendor lib to same_process_hal_file [Solution] Add same-process HAL files and their dependencies MTK-Commit-Id: 142626c1bf5c65f7781d3c75969cacd86afa938a Change-Id: I4f6f1be7eef4f013578fe06512ba32e43d107ddf CR-Id: ALPS03902348 Feature: OpenGL|ES
2020-01-18 09:48:20 +08:00 · 2020-01-18 09:48:20 +08:00 · 833b333821
commit 833b333821
parent 2376a2348f
1 changed files with 22 additions and 0 deletions
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -570,3 +570,25 @@

 #hidl process merging
 /(system\/vendor|vendor)/bin/hw/merged_hal_service          u:object_r:merged_hal_service_exec:s0
+
+
+###############################################
+# same-process HAL files and their dependencies
+#
+/vendor/lib(64)?/hw/gralloc\.mt[0-9]+\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/vulkan\.mt[0-9]+\.so     u:object_r:same_process_hal_file:s0
+
+/vendor/lib(64)?/libIMGegl\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libsrv_um\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libtqvalidate\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libusc\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libglslcompiler\.so   u:object_r:same_process_hal_file:s0
+
+/vendor/lib(64)?/libGLES_mali\.so   u:object_r:same_process_hal_file:s0
+
+/vendor/lib(64)?/libgralloc_extra\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpu_aux\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libged\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libdrm\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libion_mtk\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libion_ulit\.so   u:object_r:same_process_hal_file:s0