From cff428b385f0f83ab7d1136c163797ee5d8cd8df Mon Sep 17 00:00:00 2001
From: Mike Hsieh <mike.hsieh@mediatek.com>
Date: Sat, 18 Jan 2020 10:18:34 +0800
Subject: [PATCH] [ALPS04702268] Change  sw_sync permission for 3rd party app
 access

Change sw_sync permission for 3rd party app use.

MTK-Commit-Id: 756f028f822b28e5863c772c977f3fdfad1eb338

Change-Id: I5f1f4566e8d60b16fd300dc91ddba8cc6aa7e5c4
CR-Id: ALPS04702268
Feature: [Module]MDP Driver
(cherry picked from commit 8d036ea19e62d9f509f1c54d395d4a711b4a4bd7)
---
 non_plat/app.te                           | 1 +
 non_plat/atci_service.te                  | 1 +
 non_plat/factory.te                       | 1 +
 non_plat/hal_graphics_composer_default.te | 2 +-
 non_plat/mediacodec.te                    | 1 +
 non_plat/mtk_hal_camera.te                | 2 +-
 non_plat/mtk_hal_mms.te                   | 1 +
 non_plat/platform_app.te                  | 1 +
 8 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/non_plat/app.te b/non_plat/app.te
index 3b1ffe0..455cafb 100644
--- a/non_plat/app.te
+++ b/non_plat/app.te
@@ -32,6 +32,7 @@ allowxperm appdomain proc_perfmgr:file ioctl {
 # Purpose : Allow MDP user access mdp driver
 allow appdomain mdp_device:chr_file rw_file_perms;
 allow appdomain mtk_mdp_device:chr_file rw_file_perms;
+allow appdomain sw_sync_device:chr_file rw_file_perms;
 
 # Date : W19.23
 # Operation : Migration
diff --git a/non_plat/atci_service.te b/non_plat/atci_service.te
index 40bfb66..f3f8f21 100644
--- a/non_plat/atci_service.te
+++ b/non_plat/atci_service.te
@@ -116,6 +116,7 @@ allow atci_service hidl_memory_hwservice:hwservice_manager find;
 allow atci_service ion_device:chr_file { read ioctl open };
 allow atci_service mtk_cmdq_device:chr_file { read ioctl open };
 allow atci_service mtk_mdp_device:chr_file rw_file_perms;
+allow atci_service sw_sync_device:chr_file rw_file_perms;
 allow atci_service mtk_hal_power:binder call;
 allow atci_service mtk_hal_power_hwservice:hwservice_manager find;
 allow atci_service sysfs_batteryinfo:dir search;
diff --git a/non_plat/factory.te b/non_plat/factory.te
index 50174a1..903e96e 100644
--- a/non_plat/factory.te
+++ b/non_plat/factory.te
@@ -279,6 +279,7 @@ hal_client_domain(factory, hal_nfc);
 # Purpose: Allow to access cmdq driver
 allow factory mtk_cmdq_device:chr_file { read ioctl open };
 allow factory mtk_mdp_device:chr_file rw_file_perms;
+allow factory sw_sync_device:chr_file rw_file_perms;
 
 # Date: WK1733
 # Purpose: add selinux policy to stop 'ccci_fsd' for clear emmc in factory mode
diff --git a/non_plat/hal_graphics_composer_default.te b/non_plat/hal_graphics_composer_default.te
index c6936c1..242c062 100644
--- a/non_plat/hal_graphics_composer_default.te
+++ b/non_plat/hal_graphics_composer_default.te
@@ -12,7 +12,7 @@ allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read bi
 
 # Date : WK17.21
 # Purpose: GPU driver required
-allow hal_graphics_composer_default sw_sync_device:chr_file { read write open ioctl };
+allow hal_graphics_composer_default sw_sync_device:chr_file rw_file_perms;
 allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
 
 # Date : W17.24
diff --git a/non_plat/mediacodec.te b/non_plat/mediacodec.te
index e1f4cf5..76e8384 100644
--- a/non_plat/mediacodec.te
+++ b/non_plat/mediacodec.te
@@ -118,6 +118,7 @@ allow mediacodec debugfs_ion:dir search;
 # Purpose: Allow mediacodec to access cmdq driver
 allow mediacodec mtk_cmdq_device:chr_file { read ioctl open };
 allow mediacodec mtk_mdp_device:chr_file rw_file_perms;
+allow mediacodec sw_sync_device:chr_file rw_file_perms;
 
 # Date : WK17.28
 # Operation : MT6757 SQC
diff --git a/non_plat/mtk_hal_camera.te b/non_plat/mtk_hal_camera.te
index c2dffb8..d424a15 100644
--- a/non_plat/mtk_hal_camera.te
+++ b/non_plat/mtk_hal_camera.te
@@ -132,7 +132,7 @@ allow mtk_hal_camera CAM_CAL_DRV2_device:chr_file rw_file_perms;
 # Purpose: Other device drivers used by camera
 # -----------------------------------
 allow mtk_hal_camera ion_device:chr_file rw_file_perms;
-allow mtk_hal_camera sw_sync_device:chr_file getattr;
+allow mtk_hal_camera sw_sync_device:chr_file rw_file_perms;
 allow mtk_hal_camera MTK_SMI_device:chr_file r_file_perms;
 
 # -----------------------------------
diff --git a/non_plat/mtk_hal_mms.te b/non_plat/mtk_hal_mms.te
index 4f91b42..703ffda 100755
--- a/non_plat/mtk_hal_mms.te
+++ b/non_plat/mtk_hal_mms.te
@@ -29,6 +29,7 @@ allow mtk_hal_mms graphics_device:chr_file { read write open ioctl };
 allow mtk_hal_mms ion_device:chr_file { read open ioctl };
 allow mtk_hal_mms mtk_cmdq_device:chr_file { read open ioctl };
 allow mtk_hal_mms mtk_mdp_device:chr_file rw_file_perms;
+allow mtk_hal_mms sw_sync_device:chr_file rw_file_perms;
 allow mtk_hal_mms mtk_hal_pq_hwservice:hwservice_manager find;
 allow mtk_hal_mms proc:file r_file_perms;
 
diff --git a/non_plat/platform_app.te b/non_plat/platform_app.te
index a1cce9b..1fe51aa 100644
--- a/non_plat/platform_app.te
+++ b/non_plat/platform_app.te
@@ -115,6 +115,7 @@ allow platform_app mtk_hal_mms:binder call;
 # Package: com.mediatek.camera
 #allow platform_app hal_camera_hwservice:hwservice_manager find;
 allow platform_app mtk_hal_camera:binder call;
+allow platform_app sw_sync_device:chr_file rw_file_perms;
 
 # Date: 2019/07/04
 # Purpose: Allow platform app to use BGService HIDL and access mtk_hal_camera