c5181b4250
[Detail] Add GED ioctl selinux policy to let SF and HWC
that can use GED.
[Solution] Add needed sepolicy
MTK-Commit-Id: 26f1f2fa7735d91ccbb51643b1ed7d200a013988
Change-Id: Ie20589d100473578a8fc824d57718537d7102f07
CR-Id: ALPS04393149
Feature: [Module]SurfaceFlinger/HWComposer
66 lines
2.3 KiB
Plaintext
66 lines
2.3 KiB
Plaintext
vndbinder_use(hal_graphics_composer_default)
|
|
|
|
allow hal_graphics_composer_default debugfs_ged:dir search;
|
|
|
|
# Date : WK17.09
|
|
# Operation : Add sepolicy
|
|
# Purpose : Add polivy for hwc HIDL
|
|
|
|
allow hal_graphics_composer_default proc:file { read getattr open ioctl };
|
|
allow hal_graphics_composer_default proc_ged:file { read ioctl open };
|
|
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read bind create setopt };
|
|
|
|
# Date : WK17.21
|
|
# Purpose: GPU driver required
|
|
allow hal_graphics_composer_default sw_sync_device:chr_file { read write open ioctl };
|
|
allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
|
|
|
|
# Date : W17.24
|
|
# Purpose: GPU driver required
|
|
allow hal_graphics_composer_default gpu_device:dir search;
|
|
|
|
#============= hal_graphics_composer_default ==============
|
|
allow hal_graphics_composer_default debugfs_ion:dir search;
|
|
|
|
#============= hal_graphics_composer_default ==============
|
|
allow hal_graphics_composer_default debugfs_tracing:file write;
|
|
|
|
#============= hal_graphics_composer_default ==============
|
|
allow hal_graphics_composer_default debugfs_tracing:file open;
|
|
|
|
# Date : WK17.30
|
|
# Operation : O Migration
|
|
# Purpose: Allow to access cmdq driver
|
|
allow hal_graphics_composer_default mtk_cmdq_device:chr_file { read ioctl open };
|
|
|
|
# Date : W17.30
|
|
# Add for control PowerHAL
|
|
allow hal_graphics_composer_default mtk_hal_power_hwservice:hwservice_manager find;
|
|
binder_call(hal_graphics_composer_default, mtk_hal_power)
|
|
|
|
# Date : WK17.32
|
|
# Operation : O Migration
|
|
# Purpose: Allow to access property
|
|
set_prop(hal_graphics_composer_default, graphics_hwc_pid_prop)
|
|
get_prop(hal_graphics_composer_default, graphics_hwc_pid_prop)
|
|
set_prop(hal_graphics_composer_default, graphics_hwc_latch_unsignaled_prop)
|
|
|
|
# Date : WK18.03
|
|
# Purpose: Allow to access property dev/mdp_sync
|
|
#============= hal_graphics_composer_default ==============
|
|
allow hal_graphics_composer_default mtk_mdp_device:chr_file { read write open ioctl };
|
|
|
|
allowxperm hal_graphics_composer_default proc_ged:file ioctl {
|
|
GED_BRIDGE_IO_LOG_BUF_GET
|
|
GED_BRIDGE_IO_GE_INFO
|
|
GED_BRIDGE_IO_GE_GET
|
|
GED_BRIDGE_IO_GE_SET
|
|
GED_BRIDGE_IO_LOG_BUF_WRITE
|
|
GED_BRIDGE_IO_GE_ALLOC
|
|
GED_BRIDGE_IO_BOOST_GPU_FREQ
|
|
GED_BRIDGE_IO_IOCTLCMD_0F
|
|
GED_BRIDGE_IO_IOCTLCMD_10
|
|
GED_BRIDGE_IO_MONITOR_3D_FENCE
|
|
GED_BRIDGE_IO_QUERY_INFO
|
|
};
|