author | TreeHugger Robot <treehugger-gerrit@google.com> | 2020-02-13 13:48:19 (GMT) |
---|---|---|
committer | Android Partner Code Review <android-gerrit-partner@google.com> | 2020-02-13 13:48:19 (GMT) |
commit | 678673300fac46fa2dd4df4206a23e94d822d19f (patch) | |
tree | 5c60e377e651e255f6ee7e159b73442f955aa0e3 | |
parent | 711d11a115c6988030a2c0bc59831ea8fce1f458 (diff) | |
parent | 6547c784f535e4370742ecf6c6ad3448c64e6b17 (diff) | |
download | common-678673300fac46fa2dd4df4206a23e94d822d19f.zip common-678673300fac46fa2dd4df4206a23e94d822d19f.tar.gz common-678673300fac46fa2dd4df4206a23e94d822d19f.tar.bz2 |
Merge "hal_memtrack_default: selinux permission for EGL&GL mem track [1/3]" into q-tv-dev
-rwxr-xr-x | sepolicy/file.te | 2 | ||||
-rwxr-xr-x | sepolicy/file_contexts | 2 | ||||
-rwxr-xr-x | sepolicy/genfs_contexts | 2 | ||||
-rw-r--r-- | sepolicy/hal_memtrack_default.te | 7 |
4 files changed, 13 insertions, 0 deletions
diff --git a/sepolicy/file.te b/sepolicy/file.te index 53dfbc7..795e6c3 100755 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -5,6 +5,8 @@ type iso9660, sdcard_type, fs_type; type udf,sdcard_type, fs_type; #type proc_mounts, fs_type; type debugfs_mali, fs_type, sysfs_type, debugfs_type; +type sysfs_mali, fs_type, sysfs_type; +type debugfs_ion, fs_type, sysfs_type, debugfs_type; type pppoe_wrapper_socket, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index a3d9f80..138f7b8 100755 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -250,6 +250,8 @@ /dev/graphics/fb0 u:object_r:sysfs_display:s0 /dev/graphics/fb1 u:object_r:sysfs_display:s0 +/sys/devices/platform/ffe40000.bifrost/mem_pool_size u:object_r:sysfs_mali:s0 + /sys/devices/system/clocksource/clocksource0/current_clocksource u:object_r:sysfs_clock:s0 /sys/devices/platform/rtc/rtc/rtc0/hctosys u:object_r:sysfs_rtc:s0 diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts index 12636ad..58889f5 100755 --- a/sepolicy/genfs_contexts +++ b/sepolicy/genfs_contexts @@ -8,6 +8,8 @@ genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0 #genfscon ntfs / u:object_r:ntfs:s0 #genfscon exfat / u:object_r:exfat:s0 genfscon debugfs /mali0 u:object_r:debugfs_mali:s0 +genfscon debugfs /mali0/ctx u:object_r:debugfs_mali:s0 +genfscon debugfs /ion/heaps u:object_r:debugfs_ion:s0 genfscon proc /sys/vm/watermark_scale_factor u:object_r:proc_vm_writable:s0 genfscon proc /sys/vm/min_free_kbytes u:object_r:proc_vm_writable:s0 genfscon sysfs /class/astream u:object_r:sysfs_astream:s0 diff --git a/sepolicy/hal_memtrack_default.te b/sepolicy/hal_memtrack_default.te index a69e3b5..fc60ab8 100644 --- a/sepolicy/hal_memtrack_default.te +++ b/sepolicy/hal_memtrack_default.te @@ -1,6 +1,13 @@ typeattribute hal_memtrack_default mlstrustedsubject; +allow hal_memtrack_default debugfs:dir { read open }; +allow hal_memtrack_default sysfs:file { r_file_perms }; + allow hal_memtrack_default debugfs_mali:dir { search r_dir_perms}; +allow hal_memtrack_default debugfs_ion:dir { search read open }; + allow hal_memtrack_default debugfs_mali:file r_file_perms; +allow hal_memtrack_default debugfs_ion:file { r_file_perms }; +allow hal_memtrack_default sysfs_mali:file { r_file_perms }; r_dir_file(hal_memtrack_default, domain) |