NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/surfaceflinger.te
Kaiduan.Cao a7a2701b66 [ALPS04654012] SurfaceFlinger: update proc_ged sepolicy 
Update the sepolicy for surfaceflinger proc_ged ioctl.

MTK-Commit-Id: 61dc5b4a1d4886d3a53879e4db927ec7f115b3b5

Change-Id: I1479e29fa864c44e8ed3850a650511ca4ba52602
CR-Id: ALPS04654012
Feature: [Module]SurfaceFlinger/HWComposer
2020-01-18 10:15:23 +08:00

106 lines
3.1 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ==============================================
# MTK Policy Rule
# ============
# Data : WK14.42
# Operation : Migration
# Purpose : Video playback
allow surfaceflinger sw_sync_device:chr_file { rw_file_perms };
allow surfaceflinger debug_prop:property_service set;
# Date : WK16.33
# Purpose: Allow to access ged for gralloc_extra functions
allow surfaceflinger proc_ged:file rw_file_perms;
# Date : W16.42
# Operation : Integration
# Purpose : DRM / DRI GPU driver required
allow surfaceflinger gpu_device:dir search;
# Date : WK17.12
# Purpose: Fix bootup fail
allow surfaceflinger proc_bootprof:file r_file_perms;
#============= surfaceflinger ==============
allow surfaceflinger debugfs_ion:dir search;
# Date : WK17.30
# Operation : O Migration
# Purpose: Allow to access cmdq driver
allow surfaceflinger mtk_cmdq_device:chr_file { read ioctl open };
# Date : W17.39
# Perform Binder IPC.
binder_use(surfaceflinger)
binder_call(surfaceflinger, binderservicedomain)
binder_call(surfaceflinger, appdomain)
binder_call(surfaceflinger, mtkbootanimation)
binder_service(surfaceflinger)
allow surfaceflinger mtkbootanimation:dir search;
allow surfaceflinger mtkbootanimation:file { read getattr open };
# Date : W17.43
# Operation : Migration
# Purpose: Allow to access perfmgr
allow surfaceflinger proc_perfmgr:dir {read search};
allow surfaceflinger proc_perfmgr:file {open read ioctl};
allowxperm surfaceflinger proc_perfmgr:file ioctl {
PERFMGR_FPSGO_QUEUE
PERFMGR_FPSGO_DEQUEUE
PERFMGR_FPSGO_QUEUE_CONNECT
PERFMGR_FPSGO_BQID
PERFMGR_FPSGO_VSYNC
};
# Date : WK17.43
# Operation : Debug
# Purpose: Allow to dump HWC backtrace
get_prop(surfaceflinger, graphics_hwc_pid_prop)
get_prop(surfaceflinger, graphics_hwc_latch_unsignaled_prop)
allow surfaceflinger hal_graphics_composer_default:dir search;
allow surfaceflinger hal_graphics_composer_default:lnk_file read;
# Date : WK18.36
# Operation : Debug
# Purpose: Allow to dump buffer queue
get_prop(surfaceflinger, debug_bq_dump_prop)
allowxperm surfaceflinger proc_perfmgr:file ioctl {GED_BRIDGE_IO_LOG_BUF_GET GED_BRIDGE_IO_BOOST_GPU_FREQ GED_BRIDGE_IO_QUERY_INFO};
allowxperm surfaceflinger proc_ged:file ioctl {
  GED_BRIDGE_IO_LOG_BUF_GET
  GED_BRIDGE_IO_BOOST_GPU_FREQ
  GED_BRIDGE_IO_QUERY_INFO
  GED_BRIDGE_IO_GE_GET
  GED_BRIDGE_IO_LOG_BUF_WRITE
  GED_BRIDGE_IO_GE_SET
  GED_BRIDGE_IO_GE_ALLOC
  GED_BRIDGE_IO_GE_INFO
GED_BRIDGE_IO_IOCTLCMD_0F
GED_BRIDGE_IO_IOCTLCMD_10
  GED_BRIDGE_IO_MONITOR_3D_FENCE
  GED_BRIDGE_IO_NOTIFY_VSYNC
  GED_BRIDGE_IO_DVFS_PROBE
  GED_BRIDGE_IO_DVFS_UM_RETURN
  GED_BRIDGE_IO_EVENT_NOTIFY
  GED_BRIDGE_IO_WAIT_HW_VSYNC
  GED_BRIDGE_IO_QUERY_TARGET_FPS
  GED_BRIDGE_IO_VSYNC_WAIT
  GED_BRIDGE_IO_GPU_HINT_TO_CPU
  GED_BRIDGE_IO_LOG_BUF_RESET
  GED_BRIDGE_IO_GPU_TIMESTAMP
  GED_BRIDGE_IO_TARGET_FPS
  GED_BRIDGE_IO_GPU_TUNER_STATUS
};
# Date : WK19.4
# Operation : P Migration
# Purpose: Allow to access /dev/mdp_device driver
allow surfaceflinger mdp_device:chr_file rw_file_perms;
# Date : WK19.09
# Purpose: Allow to access property dev/mdp_sync
#============= surfaceflinger ==============
allow surfaceflinger mtk_mdp_device:chr_file rw_file_perms;
Reference in New Issue View Git Blame Copy Permalink