Add sepolicy for hwcomposer HAL

am: fb08872a Change-Id: I739ce0035d0a0d22987aae2d67ea9553f43efbad

Add sepolicy for hwcomposer HAL
am: fb08872a Change-Id: I739ce0035d0a0d22987aae2d67ea9553f43efbad
cc15b4ce · Chia-I Wu · android-build-merger · aeb6d5bf · fb08872a · cc15b4ce
Commit cc15b4ce authored 8 years ago by Chia-I Wu Committed by android-build-merger 8 years ago
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -226,6 +226,7 @@
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_exec:s0
+/system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_exec:s0
 /system/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_exec:s0
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0

--- a/private/hal_graphics_composer.te
+++ b/private/hal_graphics_composer.te
+init_daemon_domain(hal_graphics_composer)
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -23,6 +23,9 @@ allow bootanim audioserver_service:service_manager find;
 allow bootanim ion_device:chr_file rw_file_perms;
 allow bootanim hal_graphics_allocator:fd use;

+# Fences
+allow bootanim hal_graphics_composer:fd use;
+
 # Read access to pseudo filesystems.
 r_dir_file(bootanim, proc)
 allow bootanim proc_meminfo:file r_file_perms;

--- a/public/hal_graphics_composer.te
+++ b/public/hal_graphics_composer.te
+# graphics composer subsystem
+type hal_graphics_composer, domain;
+type hal_graphics_composer_exec, exec_type, file_type;
+
+# HwBinder access
+hwbinder_use(hal_graphics_composer)
+# IComposerCallback
+binder_call(hal_graphics_composer, surfaceflinger)
+
+# GPU device access
+allow hal_graphics_composer gpu_device:chr_file rw_file_perms;
+allow hal_graphics_composer ion_device:chr_file r_file_perms;
+allow hal_graphics_composer hal_graphics_allocator:fd use;
+
+# Access /dev/graphics/fb0.
+allow hal_graphics_composer graphics_device:dir search;
+allow hal_graphics_composer graphics_device:chr_file rw_file_perms;
+
+# Fences
+allow hal_graphics_composer system_server:fd use;
+allow hal_graphics_composer bootanim:fd use;
+allow hal_graphics_composer {appdomain ephemeral_app}:fd use;
--- a/public/surfaceflinger.te
+++ b/public/surfaceflinger.te
@@ -7,6 +7,7 @@ typeattribute surfaceflinger mlstrustedsubject;
 # Perform HwBinder IPC.
 hwbinder_use(surfaceflinger)
 binder_call(surfaceflinger, hal_graphics_allocator)
+binder_call(surfaceflinger, hal_graphics_composer)

 # Perform Binder IPC.
 binder_use(surfaceflinger)