NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../r_non_plat/mtk_hal_gpu.te
Juju Sung 212d0f50ad [ALPS04793867] selinux: policy sync 
Android Q and R have different policy in basic.
We sync it from Q policy and fix R neverallow rule

MTK-Commit-Id: 67144e1e0efe28d30381b1f3a98728c1a87e396e

Change-Id: Id7c92fa79976951c86d1286262f684e8f747427b
CR-Id: ALPS04793867
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 10:20:50 +08:00

48 lines
1.5 KiB
Plaintext
Raw Blame History

# ==============================================
# Policy File of /vendor/bin/hw/vendor.mediatek.hardware.gpu@1.0-service Executable File
# ==============================================
# Type Declaration
# ==============================================
type mtk_hal_gpu, domain;
type mtk_hal_gpu_exec, exec_type, file_type, vendor_file_type;
# ==============================================
# MTK Policy Rule
# ==============================================
# Setup for domain transition
init_daemon_domain(mtk_hal_gpu)
# Allow to use HWBinder IPC
hwbinder_use(mtk_hal_gpu);
# Allow a set of permissions required for a domain to be a server which provides a HAL implementation over HWBinder.
hal_server_domain(mtk_hal_gpu, hal_gpu)
# add/find permission rule to hwservicemanager
add_hwservice(hal_gpu, mtk_hal_gpu_hwservice)
allow hal_gpu_client mtk_hal_gpu_hwservice:hwservice_manager find;
# Allow to allocate hidl memory
hal_client_domain(mtk_hal_gpu, hal_allocator)
# Purpose : Allow to use kernel driver
allow mtk_hal_gpu graphics_device:chr_file rw_file_perms;
# Purpose : Allow permission to set pq property
#set_prop(mtk_hal_gpu, mtk_gpu_prop)
allow mtk_hal_gpu debugfs_ged:dir rw_dir_perms;
allow mtk_hal_gpu debugfs_ged:file rw_file_perms;
allow mtk_hal_gpu proc_ged:file rw_file_perms;
allowxperm mtk_hal_gpu proc_ged:file ioctl { proc_ged_ioctls };
allow mtk_hal_gpu hal_graphics_allocator_default:fd use;
allow mtk_hal_gpu ion_device:chr_file r_file_perms;
allow mtk_hal_gpu debugfs_ion:dir search;
allow mtk_hal_gpu merged_hal_service:fd use;
Reference in New Issue View Git Blame Copy Permalink