From b110192c8379983b36c48db5c57b73e6a5a18305 Mon Sep 17 00:00:00 2001
From: mtk07742 <yongjun.luo@mediatek.com>
Date: Sat, 18 Jan 2020 10:12:48 +0800
Subject: [PATCH] [ALPS04462320] SEPolicy:add perm for system_server

For Android Q, there is a more stringent restriction for ioctl,
system_server need some permission to access proc_ged by ioctlcmd
in MTBF.

MTK-Commit-Id: 6fe037cc18f278a95a919bb3188ae50fb880a36e

Change-Id: I4f4a3b13f3ee49920ebb588ed5e7094ae0065494
CR-Id: ALPS04462320
Feature: [Module]SystemServer
---
 non_plat/system_server.te | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/non_plat/system_server.te b/non_plat/system_server.te
index 6ec3aac..c8a505e 100644
--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@@ -205,4 +205,9 @@ allow system_server alarm_device:chr_file rw_file_perms;
 # Date : WK19.7
 # Operation: Q migration
 # Purpose : Allow system_server to use ioctl/ioctlcmd
-allowxperm system_server proc_ged:file ioctl GED_BRIDGE_IO_LOG_BUF_GET;
+allowxperm system_server proc_ged:file ioctl {
+  GED_BRIDGE_IO_LOG_BUF_GET
+  GED_BRIDGE_IO_MONITOR_3D_FENCE
+  GED_BRIDGE_IO_GE_GET
+  GED_BRIDGE_IO_GE_SET
+  };