mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
Updated SEPolicy for camera/composer/sensors.
Removes binder violations for camera/hwcomposer HALs. Bug: 36683636 Bug: 37302783 Test: muskie/taimen boot, graphics/camera works Change-Id: Id3996b3ca11e2c4cb1d0df10e0f4a456829b8f9b
This commit is contained in:
Martijn Coenen
@@ -29,14 +29,7 @@ r_dir_file(hal_camera, sysfs_type)
|
||||
# find libraries
|
||||
allow hal_camera system_file:dir r_dir_perms;
|
||||
|
||||
# talk over binder to some binder services
|
||||
# TODO(b/36569385): Must be moved to HIDL
|
||||
binder_use(hal_camera)
|
||||
binder_call(hal_camera, binderservicedomain)
|
||||
|
||||
allow hal_camera surfaceflinger_service:service_manager find;
|
||||
allow hal_camera sensorservice_service:service_manager find;
|
||||
allow hal_camera scheduling_policy_service:service_manager find;
|
||||
allow hal_camera qdisplay_service:service_manager find;
|
||||
|
||||
# talk to system_server
|
||||
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
# TODO(b/36569385): Remove once Camera HAL no longer uses Binder
|
||||
typeattribute hal_camera_default binder_in_vendor_violators;
|
||||
|
||||
allow hal_camera_default input_device:dir r_dir_perms;
|
||||
|
||||
allow hal_camera_default sysfs_laser:file w_file_perms;
|
||||
vndbinder_use(hal_camera_default);
|
||||
allow hal_camera_default qdisplay_service:service_manager { find };
|
||||
|
||||
binder_call(hal_camera_default, hal_graphics_composer)
|
||||
binder_call(hal_camera_default, system_server)
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
# Binder access (for display.qservice)
|
||||
# TODO(35706331): Remove once Graphics Composer HAL stops using Binder
|
||||
typeattribute hal_graphics_composer_default binder_in_vendor_violators;
|
||||
binder_service(hal_graphics_composer_default)
|
||||
binder_use(hal_graphics_composer_default)
|
||||
allow hal_graphics_composer_default surfaceflinger_service:service_manager { add find };
|
||||
vndbinder_use(hal_graphics_composer_default)
|
||||
allow hal_graphics_composer_default qdisplay_service:service_manager { add find };
|
||||
|
||||
allow hal_graphics_composer_default sysfs_camera:dir search;
|
||||
allow hal_graphics_composer_default sysfs_camera:file r_file_perms;
|
||||
|
||||
@@ -5,6 +5,7 @@ allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls;
|
||||
binder_call(system_server, per_mgr)
|
||||
binder_call(system_server, folio_daemon)
|
||||
|
||||
binder_call(system_server, hal_camera_default)
|
||||
allow system_server per_mgr_service:service_manager find;
|
||||
|
||||
# TODO(b/36613917): Remove this once system_server no longer communicates with netmgrd over sockets.
|
||||
|
||||
1
sepolicy/vndservice.te
Normal file
1
sepolicy/vndservice.te
Normal file
@@ -0,0 +1 @@
|
||||
type qdisplay_service, vndservice_manager_type;
|
||||
1
sepolicy/vndservice_contexts
Normal file
1
sepolicy/vndservice_contexts
Normal file
@@ -0,0 +1 @@
|
||||
display.qservice u:object_r:qdisplay_service:s0
|
||||
Reference in New Issue
Block a user