diff options
| author | Amit Pundir <amit.pundir@linaro.org> | 2023-09-14 18:58:15 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-09-14 18:58:15 +0000 |
| commit | e6ebfb6e97a309ca76377b857e212c3f45f013fc (patch) | |
| tree | 11cc2e70bf261d7ce5458a7dc5ea52379fbad56c | |
| parent | 9e382093fe96ff332e24da0fabb588c56b42952e (diff) | |
| parent | 47466848112e0895c609f6ac736d81cd361e68a5 (diff) | |
sepolicy: minigbm_msm: fix vendor.minigbm.debug prop access denials am: 4746684811
Original change: https://android-review.googlesource.com/c/device/linaro/dragonboard/+/2752086
Change-Id: I0f15d19e69098b725164dadcb046d53106228631
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| -rw-r--r-- | shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te | 31 | ||||
| -rw-r--r-- | shared/graphics/minigbm_msm/sepolicy/minigbm_macros | 6 |
2 files changed, 31 insertions, 6 deletions
diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te index b486932..fef3164 100644 --- a/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te +++ b/shared/graphics/minigbm_msm/sepolicy/minigbm_debug.te @@ -1,2 +1,33 @@ vendor_public_prop(vendor_minigbm_debug_prop) set_prop(vendor_init, vendor_minigbm_debug_prop) + +# +# audit2allow +# + +#============= bootanim ============== +allow bootanim vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= hal_graphics_allocator_default ============== +allow hal_graphics_allocator_default vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= hal_graphics_composer_default ============== +allow hal_graphics_composer_default vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= platform_app ============== +allow platform_app vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= priv_app ============== +allow priv_app vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= surfaceflinger ============== +allow surfaceflinger vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= system_app ============== +allow system_app vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= system_server ============== +allow system_server vendor_minigbm_debug_prop:file { getattr map open read }; + +#============= untrusted_app_xx ============== +allow appdomain -isolated_app_all vendor_minigbm_debug_prop:file { getattr map open read }; diff --git a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros b/shared/graphics/minigbm_msm/sepolicy/minigbm_macros deleted file mode 100644 index a2b0523..0000000 --- a/shared/graphics/minigbm_msm/sepolicy/minigbm_macros +++ /dev/null @@ -1,6 +0,0 @@ -##################################### -# minigbm_access(client_domain) -# Allow client_domain to communicate with the minigbm lib -define(`minigbm_access', ` -allow $1 vendor_minigbm_debug_prop:file { getattr map open read }; -') |