diff options
| author | Amit Pundir <amit.pundir@linaro.org> | 2023-09-12 18:55:27 +0530 |
|---|---|---|
| committer | Amit Pundir <amit.pundir@linaro.org> | 2023-09-14 14:57:30 +0530 |
| commit | 47466848112e0895c609f6ac736d81cd361e68a5 (patch) | |
| tree | 11cc2e70bf261d7ce5458a7dc5ea52379fbad56c | |
| parent | 6749c910f384be6699844b05e3377075632adf54 (diff) | |
sepolicy: minigbm_msm: fix vendor.minigbm.debug prop access denials
Change-Id: I2de2fe44f5d105f68eef7353dc6c902a61ff765a
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
| -rw-r--r-- | shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te | 31 | ||||
| -rw-r--r-- | shared/graphics/minigbm_msm/sepolicy/minigbm_macros | 6 |
2 files changed, 31 insertions, 6 deletions
diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te index b486932..fef3164 100644 --- a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te +++ b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te @@ -1,2 +1,33 @@ vendor_public_prop(vendor_minigbm_debug_prop) set_prop(vendor_init, vendor_minigbm_debug_prop) + +# +# audit2allow +# + +#============= bootanim ============== +allow bootanim vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= hal_graphics_allocator_default ============== +allow hal_graphics_allocator_default vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= hal_graphics_composer_default ============== +allow hal_graphics_composer_default vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= platform_app ============== +allow platform_app vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= priv_app ============== +allow priv_app vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= surfaceflinger ============== +allow surfaceflinger vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= system_app ============== +allow system_app vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= system_server ============== +allow system_server vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= untrusted_app_xx ============== +allow appdomain -isolated_app_all vendor_minigbm_debug_prop:file { getattr map open read }; diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros b/shared/graphics/minigbm_msm/sepolicy/minigbm_macros deleted file mode 100644 index a2b0523..0000000 --- a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros +++ /dev/null @@ -1,6 +0,0 @@ -##################################### -# minigbm_access(client_domain) -# Allow client_domain to communicate with the minigbm lib -define(`minigbm_access', ` -allow $1 vendor_minigbm_debug_prop:file { getattr map open read }; -') |