projects / GitHub / LineageOS / G12 / android_device_amlogic_g12-common.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 53d12cb)
g12: Fix sepolicy for graphics allocator tmpfs
authorTimi Rautamäki <timi.rautamaki@gmail.com>
Tue, 10 May 2022 20:21:28 +0000 (20:21 +0000)
committerNolen Johnson <johnsonnolen@gmail.com>
Sun, 5 Jun 2022 20:02:20 +0000 (22:02 +0200)
Change-Id: I33e3c05e830b9462136cb71df89ba3b59dd1fdbb

sepolicy/vendor/bootanim.te patch | blob | blame | history
sepolicy/vendor/mediacodec.te patch | blob | blame | history
sepolicy/vendor/surfaceflinger.te patch | blob | blame | history
sepolicy/vendor/system_app.te patch | blob | blame | history
sepolicy/vendor/system_server.te patch | blob | blame | history
sepolicy/vendor/untrusted_app.te [new file with mode: 0644] patch | blob

diff --git a/sepolicy/vendor/bootanim.te b/sepolicy/vendor/bootanim.te
index 51ffda84429892c442b32c6479f9d3372bb92188..852425a8dafb5df894d7644b126fa9698407b2ac 100644 (file)
--- a/sepolicy/vendor/bootanim.te
+++ b/sepolicy/vendor/bootanim.te
@@ -1 +1,2 @@
 allow bootanim system_data_file:dir search;
+allow bootanim hal_graphics_allocator_default_tmpfs:file rw_file_perms;
diff --git a/sepolicy/vendor/mediacodec.te b/sepolicy/vendor/mediacodec.te
index d3c6d334c8fd0910b0987ad03c18f039fe530308..8c275308d38d256df3ccc6d51401c8f64185234d 100644 (file)
--- a/sepolicy/vendor/mediacodec.te
+++ b/sepolicy/vendor/mediacodec.te
@@ -10,6 +10,8 @@ allow mediacodec tee_device:chr_file rw_file_perms;
 allow mediacodec tee_device:file rw_file_perms;
 allow mediacodec video_device:file rw_file_perms;
 
+allow mediacodec hal_graphics_allocator_default_tmpfs:file rw_file_perms;
+
 get_prop(mediacodec, build_bootimage_prop);
 get_prop(mediacodec, omx_prop);
 get_prop(mediacodec, vendor_media_prop);
diff --git a/sepolicy/vendor/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te
index 8b9fac2fd336d2d497b8638d12d9049d54dc1243..0f5e0312dbf4ac62f194a8043c0583dccef1f525 100644 (file)
--- a/sepolicy/vendor/surfaceflinger.te
+++ b/sepolicy/vendor/surfaceflinger.te
@@ -1,3 +1,4 @@
 allow surfaceflinger gpu_device:chr_file rw_file_perms;
+allow surfaceflinger hal_graphics_allocator_default_tmpfs:file rw_file_perms;
 
 #allow surfaceflinger init:binder call;
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
index 2bab268d3fe5b2c4de31806bead2f0dae920e2a0..4899efb7007eb6f20c598ad5862b1bc3f3c84248 100644 (file)
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -6,6 +6,8 @@ allow system_app systemcontrol_hwservice:hwservice_manager find;
 
 allow system_app hdmicecd:binder {call transfer};
 
+allow system_app hal_graphics_allocator_default_tmpfs:file rw_file_perms;
+
 binder_call(system_app, system_control)
 
 get_prop(system_app, system_prop)
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index e0c89f741f5452c9a49b0bf7624c5549c935b05b..894261a330bc92e0764699587708c50a5ce0706c 100644 (file)
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -3,3 +3,5 @@ typeattribute system_server mlstrustedsubject;
 allow system_server frp_block_device:blk_file r_file_perms;
 allow system_server sysfs_amhdmitx:file r_file_perms;
 allow system_server sysfs_rtc:file r_file_perms;
+
+allow bootanim hal_graphics_allocator_default_tmpfs:file rw_file_perms;
diff --git a/sepolicy/vendor/untrusted_app.te b/sepolicy/vendor/untrusted_app.te
new file mode 100644 (file)
index 0000000..315ed9e
--- /dev/null
+++ b/sepolicy/vendor/untrusted_app.te
@@ -0,0 +1 @@
+allow untrusted_app hal_graphics_allocator_default_tmpfs:file rw_file_perms;