Switching some vendor libraries over to same_process_hal_file type

A lot of app domains were requesting vendor_file read access due to some mislabeled .so files. This should fix that without granting read access to vendor_file Bug: 34784662 Test: .so files are properly labeled Change-Id: I2aa69d54717af4c9274c979b01a717d991a03449
2026-02-01 07:50:47 +00:00 · 2017-04-11 11:26:12 -07:00
parent c708f9fe23
commit 723bebb5ce
1 changed files with 20 additions and 0 deletions
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -193,6 +193,26 @@
 /vendor/etc/init\.insmod\.cfg                                        u:object_r:init-insmod-sh_exec:s0
 /vendor/bin/hw/android\.hardware\.vibrator@1\.0-service.wahoo        u:object_r:hal_vibrator_default_exec:s0

+###############################################
+# same-process HAL files and their dependencies
+#
+/vendor/lib(64)?/hw/gralloc\.msm8998\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqdMetaData\.so         u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqservice\.so           u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqdutils\.so            u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libadreno_utils\.so       u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgsl\.so                u:object_r:same_process_hal_file:s0
+
+/vendor/lib(64)?/libdrmutils\.so           u:object_r:same_process_hal_file:s0
+
+# libGLESv2_adreno depends on this
+/vendor/lib(64)?/libllvm-glnext\.so         u:object_r:same_process_hal_file:s0
+
+# Loaded by native loader (zygote) for all processes
+/vendor/lib(64)?/libhalide_hexagon_host\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libadsprpc\.so             u:object_r:same_process_hal_file:s0
+###############################################
+
 # data files
 /data/misc/radio(/.*)?                 u:object_r:radio_data_file:s0
 /data/misc/netmgr(/.*)?                u:object_r:netmgr_data_file:s0