From a07397dc56e90da9579cb227e7b9d7b37dd53efc Mon Sep 17 00:00:00 2001 From: mtk07742 Date: Sat, 18 Jan 2020 10:13:34 +0800 Subject: [PATCH] [ALPS04525727] SEPolicy:add perm for system_server For Android Q, there is a more stringent restriction for ioctl, system_server need some permission to access proc_ged by ioctlcmd in MTBF. MTK-Commit-Id: d79045e8bfe072a3125efa56cf5012cfb84e416b Change-Id: Ic82c4ff92333077d9260f931c67453b9e53d305e CR-Id: ALPS04525727 Feature: [Module]SystemServer --- non_plat/system_server.te | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/non_plat/system_server.te b/non_plat/system_server.te index 7fcdcd2..0059e40 100644 --- a/non_plat/system_server.te +++ b/non_plat/system_server.te @@ -42,10 +42,6 @@ allow system_server debugfs_wakeup_sources:file r_file_perms; # Allow system_server to read/write /sys/power/dcm_state allow system_server sysfs_dcm:file rw_file_perms; -# Date : WK16.33 -# Purpose: Allow to access ged for gralloc_extra functions -allow system_server proc_ged:file {open read write ioctl getattr}; - # Date : WK16.36 # Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW allow system_server log_tag_prop:property_service set; @@ -205,12 +201,27 @@ allow system_server alarm_device:chr_file rw_file_perms; # Date : WK19.7 # Operation: Q migration # Purpose : Allow system_server to use ioctl/ioctlcmd +allow system_server proc_ged:file rw_file_perms; allowxperm system_server proc_ged:file ioctl { GED_BRIDGE_IO_LOG_BUF_GET + GED_BRIDGE_IO_LOG_BUF_WRITE + GED_BRIDGE_IO_LOG_BUF_RESET + GED_BRIDGE_IO_BOOST_GPU_FREQ GED_BRIDGE_IO_MONITOR_3D_FENCE + GED_BRIDGE_IO_QUERY_INFO + GED_BRIDGE_IO_NOTIFY_VSYNC + GED_BRIDGE_IO_DVFS_PROBE + GED_BRIDGE_IO_DVFS_UM_RETURN + GED_BRIDGE_IO_EVENT_NOTIFY + GED_BRIDGE_IO_WAIT_HW_VSYNC + GED_BRIDGE_IO_QUERY_TARGET_FPS + GED_BRIDGE_IO_VSYNC_WAIT + GED_BRIDGE_IO_GPU_HINT_TO_CPU + GED_BRIDGE_IO_GE_ALLOC GED_BRIDGE_IO_GE_GET GED_BRIDGE_IO_GE_SET - GED_BRIDGE_IO_LOG_BUF_WRITE - GED_BRIDGE_IO_BOOST_GPU_FREQ - GED_BRIDGE_IO_QUERY_INFO + GED_BRIDGE_IO_GPU_TIMESTAMP + GED_BRIDGE_IO_TARGET_FPS + GED_BRIDGE_IO_GE_INFO + GED_BRIDGE_IO_GPU_TUNER_STATUS };