203b3d02de
[Detail] For Andorid Q, there is a more stringent restriction for ioctl, app need some permissions to access proc_ged by ioctlcmd. [Solution] Group existing sepolicies for different types app to access proc_ged by ioctlcmd together in appdomain. MTK-Commit-Id: e9ba9a00dbbc063388c8120048a72fd8f7ce497c Change-Id: I24a4671259a68a0fda756d37c16b7e61801e6cc8 CR-Id: ALPS04428389 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
38 lines
973 B
Plaintext
38 lines
973 B
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ============
|
|
|
|
# Date : WK16.33
|
|
# Purpose: Allow to access ged for gralloc_extra functions
|
|
allow appdomain proc_ged:file rw_file_perms;
|
|
allowxperm appdomain proc_ged:file ioctl {
|
|
GED_BRIDGE_IO_GE_ALLOC
|
|
GED_BRIDGE_IO_LOG_BUF_GET
|
|
GED_BRIDGE_IO_GE_GET
|
|
GED_BRIDGE_IO_GE_SET
|
|
GED_BRIDGE_IO_MONITOR_3D_FENCE
|
|
GED_BRIDGE_IO_QUERY_INFO
|
|
GED_BRIDGE_IO_LOG_BUF_WRITE
|
|
};
|
|
|
|
# Date : W16.42
|
|
# Operation : Integration
|
|
# Purpose : DRM / DRI GPU driver required
|
|
allow appdomain gpu_device:dir search;
|
|
|
|
# Date : W17.30
|
|
# Purpose : Allow MDP user access cmdq driver
|
|
allow appdomain mtk_cmdq_device:chr_file {open read ioctl};
|
|
|
|
# Date : W17.41
|
|
# Operation: SQC
|
|
# Purpose : Allow HWUI to access perfmgr
|
|
allow appdomain proc_perfmgr:dir search;
|
|
allow appdomain proc_perfmgr:file { getattr open read ioctl};
|
|
allowxperm appdomain proc_perfmgr:file ioctl {
|
|
FPSGO_QUEUE
|
|
FPSGO_DEQUEUE
|
|
FPSGO_QUEUE_CONNECT
|
|
FPSGO_BQID
|
|
};
|