01ae15f287
[Detail] Add sepolicy for gpu hidl MTK-Commit-Id: c603f9f321c0f50cf21227787ccc3c35e50e55d2 Change-Id: I7a0ed82e546391a509687ef1b4cf5927cfbefe46 CR-Id: ALPS04383692 Feature: OpenGL|ES
52 lines
1.6 KiB
Plaintext
52 lines
1.6 KiB
Plaintext
# ==============================================
|
|
# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.gpu@1.0-service Executable File
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
|
|
type mtk_hal_gpu, domain;
|
|
type mtk_hal_gpu_exec, exec_type, file_type, vendor_file_type;
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# Setup for domain transition
|
|
init_daemon_domain(mtk_hal_gpu)
|
|
|
|
# Allow to use HWBinder IPC
|
|
hwbinder_use(mtk_hal_gpu);
|
|
|
|
# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder.
|
|
hal_server_domain(mtk_hal_gpu, hal_gpu)
|
|
|
|
# add/find permission rule to hwservicemanager
|
|
add_hwservice(hal_gpu, mtk_hal_gpu_hwservice)
|
|
allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find;
|
|
|
|
# Allow to allocate hidl memory
|
|
hal_client_domain(mtk_hal_gpu, hal_allocator)
|
|
|
|
# Purpose : Allow to use kernel driver
|
|
allow mtk_hal_gpu graphics_device:chr_file rw_file_perms;
|
|
|
|
# Purpose : Allow property set
|
|
allow mtk_hal_gpu init:unix_stream_socket connectto;
|
|
allow mtk_hal_gpu property_socket:sock_file write;
|
|
|
|
|
|
# Purpose : Allow permission to set pq property
|
|
#set_prop(mtk_hal_gpu, mtk_gpu_prop)
|
|
|
|
allow mtk_hal_gpu debugfs_ged:dir rw_dir_perms;
|
|
allow mtk_hal_gpu debugfs_ged:file rw_file_perms;
|
|
allow mtk_hal_gpu proc_ged:file rw_file_perms;
|
|
|
|
allow mtk_hal_gpu hal_graphics_allocator_default:fd use;
|
|
allow mtk_hal_gpu ion_device:chr_file r_file_perms;
|
|
allow mtk_hal_gpu debugfs_ion:dir search;
|
|
|
|
|
|
|