From fe68a3779344ef58742fe428f3e192ddd9dbd064 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Timi=20Rautam=C3=A4ki?= Date: Thu, 24 Mar 2022 08:10:55 +0000 Subject: [PATCH] g12: sepolicy: update for new blobs Change-Id: I0d969ddc841165282b86f9472c4bbcebab8ab666 --- sepolicy/vendor/file_contexts | 25 ++++++++----------- .../vendor/hal_graphics_allocator_default.te | 1 + .../vendor/hal_graphics_composer_default.te | 2 ++ sepolicy/vendor/hal_tv_cec_default.te | 1 + 4 files changed, 14 insertions(+), 15 deletions(-) create mode 100644 sepolicy/vendor/hal_graphics_allocator_default.te diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index c04d658..32fe550 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -50,8 +50,10 @@ /data/vendor/mediadrm(/.*)? u:object_r:vendor_mediadrm_vendor_data_file:s0 /data/vendor/mediadrm/IDM1013/L[1-3](/.*)? u:object_r:vendor_mediadrm_vendor_data_file:s0 -/vendor/bin/hw/android\.hardware\.drm@1\.3-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 -/vendor/bin/hw/android\.hardware\.drm@1\.3-service\.widevine u:object_r:hal_drm_default_exec:s0 +/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 + +/vendor/bin/hw/android\.hardware\.drm@1\.4-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 +/vendor/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_default_exec:s0 # Gatekeeper /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service.software u:object_r:hal_gatekeeper_default_exec:s0 @@ -63,22 +65,20 @@ /dev/mali0 u:object_r:gpu_device:s0 /vendor/bin/hw/android\.hardware\.graphics\.composer@2\.4-service\.droidlogic u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-arm\.so u:object_r:same_process_hal_file:s0 - +/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-arm\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/arm\.graphics-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0 # HDMI /sys/devices/virtual/amhdmitx/amhdmitx0(/.*)? u:object_r:sysfs_amhdmitx:s0 /sys/class/amstream/vcodec_profile u:object_r:sysfs_graphics_device:s0 /sys/class/video(/.*)? u:object_r:sysfs_graphics_device:s0 /sys/module/hdmitx20/parameters/hdmi_authenticated u:object_r:sysfs_hdmi:s0 -/vendor/bin/hdmicecd u:object_r:hdmicecd_exec:s0 - # Health -/vendor/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.health@2\.0-service.droidlogic u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.health@2\.1-service.droidlogic u:object_r:hal_health_default_exec:s0 # Keymaster -/vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.amlogic u:object_r:hal_keymaster_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service.amlogic u:object_r:hal_keymint_default_exec:s0 # Lights /sys/devices/platform/gpioleds/leds/green/brightness u:object_r:sysfs_leds:s0 @@ -92,9 +92,6 @@ /sys/module/am_vecm/parameters(/.*)? u:object_r:sysfs_media:s0 /sys/module/amvdec_(.*)/parameters/double_write_mode u:object_r:sysfs_media:s0 -# OEM Lock -/vendor/bin/hw/android\.hardware\.oemlock@1\.0-service\.droidlogic u:object_r:hal_oemlock_default_exec:s0 - # Param /mnt/vendor/param(/.*)? u:object_r:param_tv_file:s0 @@ -111,8 +108,6 @@ /sys/power/state u:object_r:sysfs_power:s0 /sys/power/wakeup_count u:object_r:sysfs_power:s0 -/vendor/bin/hw/android.hardware.power@1.0-service u:object_r:hal_power_default_exec:s0 - # RTC /sys/devices/platform/rtc/rtc/rtc0/hctosys u:object_r:sysfs_rtc:s0 @@ -136,7 +131,7 @@ /vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.droidlogic u:object_r:hal_thermal_default_exec:s0 # USB -/vendor/bin/hw/android\.hardware\.usb\.gadget@1\.1-service\.droidlogic u:object_r:hal_usb_gadget_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget@1\.2-service\.droidlogic u:object_r:hal_usb_gadget_default_exec:s0 # Video /dev/amvideo u:object_r:video_device:s0 diff --git a/sepolicy/vendor/hal_graphics_allocator_default.te b/sepolicy/vendor/hal_graphics_allocator_default.te new file mode 100644 index 0000000..cf4fe6d --- /dev/null +++ b/sepolicy/vendor/hal_graphics_allocator_default.te @@ -0,0 +1 @@ +allow hal_graphics_allocator_client hal_graphics_allocator_default_tmpfs:file rw_file_perms; diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te index 2ccd89f..3d2304d 100644 --- a/sepolicy/vendor/hal_graphics_composer_default.te +++ b/sepolicy/vendor/hal_graphics_composer_default.te @@ -15,6 +15,8 @@ allow hal_graphics_composer_default systemcontrol_hwservice:hwservice_manager fi allow hal_graphics_composer_default system_control:binder call; +allow hal_graphics_composer_default hal_graphics_allocator_default_tmpfs:file rw_file_perms; + set_prop(hal_graphics_composer_default, vendor_boot_prop) vndbinder_use(hal_graphics_composer_default) diff --git a/sepolicy/vendor/hal_tv_cec_default.te b/sepolicy/vendor/hal_tv_cec_default.te index a4101eb..ae068f5 100644 --- a/sepolicy/vendor/hal_tv_cec_default.te +++ b/sepolicy/vendor/hal_tv_cec_default.te @@ -1,3 +1,4 @@ allow hal_tv_cec_default hdmicecd_hwservice:hwservice_manager find; +allow hal_tv_cec_default cec_device:chr_file rw_file_perms; allow hal_tv_cec_default hdmicecd:binder { call transfer }; -- 2.20.1