From 723bebb5cedef1c4ff04bd07b42d452ec767ecf2 Mon Sep 17 00:00:00 2001 From: Max Bires Date: Tue, 11 Apr 2017 11:26:12 -0700 Subject: [PATCH] Switching some vendor libraries over to same_process_hal_file type A lot of app domains were requesting vendor_file read access due to some mislabeled .so files. This should fix that without granting read access to vendor_file Bug: 34784662 Test: .so files are properly labeled Change-Id: I2aa69d54717af4c9274c979b01a717d991a03449 --- sepolicy/file_contexts | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 1c949c3e..ceb45b4e 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -193,6 +193,26 @@ /vendor/etc/init\.insmod\.cfg u:object_r:init-insmod-sh_exec:s0 /vendor/bin/hw/android\.hardware\.vibrator@1\.0-service.wahoo u:object_r:hal_vibrator_default_exec:s0 +############################################### +# same-process HAL files and their dependencies +# +/vendor/lib(64)?/hw/gralloc\.msm8998\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libqdMetaData\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libqservice\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libqdutils\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libadreno_utils\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libgsl\.so u:object_r:same_process_hal_file:s0 + +/vendor/lib(64)?/libdrmutils\.so u:object_r:same_process_hal_file:s0 + +# libGLESv2_adreno depends on this +/vendor/lib(64)?/libllvm-glnext\.so u:object_r:same_process_hal_file:s0 + +# Loaded by native loader (zygote) for all processes +/vendor/lib(64)?/libhalide_hexagon_host\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libadsprpc\.so u:object_r:same_process_hal_file:s0 +############################################### + # data files /data/misc/radio(/.*)? u:object_r:radio_data_file:s0 /data/misc/netmgr(/.*)? u:object_r:netmgr_data_file:s0