From 8bf3b7a8656372c1dcead6aedbf1a96d0a3bf1d9 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 10 Feb 2017 13:33:56 -0800
Subject: [PATCH] surfaceflinger: grant access to vr_manager_service

Addresses
avc:  denied  { find } for service=vrmanager pid=472 uid=1000
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:vr_manager_service:s0
tclass=service_manager

Test: Marlin builds and boots. Denial no longer observed.
Bug: 35258608
Bug: 35197529
Change-Id: I480dff3fdaf01f71e29e96f08350f705c6a23bba
---
 private/surfaceflinger.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index a4009133e..5f7549d16 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -71,8 +71,10 @@ allow surfaceflinger surfaceflinger_service:service_manager { add find };
 allow surfaceflinger mediaserver_service:service_manager find;
 allow surfaceflinger permission_service:service_manager find;
 allow surfaceflinger power_service:service_manager find;
+allow surfaceflinger vr_manager_service:service_manager find;
 allow surfaceflinger window_service:service_manager find;
 
+
 # allow self to set SCHED_FIFO
 allow surfaceflinger self:capability sys_nice;
 allow surfaceflinger proc_meminfo:file r_file_perms;
-- 
GitLab