From e7e54fac10cce1472fa8667566a7f95754a74ecc Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Thu, 25 Apr 2013 00:37:22 +0000
Subject: [PATCH] Revert "Revert "Split some device nodes out from device.""

This reverts commit 1c101164c00739cfae0a86c071f8eb713542d943

Restoring now that the conflict with tuna has passed.

Change-Id: I587dab8d7102c913fc03825a006e96d76680858d
---
 device.te         | 5 +++++
 file_contexts     | 5 +++++
 surfaceflinger.te | 6 ++++++
 system.te         | 1 +
 4 files changed, 17 insertions(+)

diff --git a/device.te b/device.te
index d55258ad8..a44b31ef2 100644
--- a/device.te
+++ b/device.te
@@ -10,6 +10,9 @@ type binder_device, dev_type, mlstrustedobject;
 type block_device, dev_type;
 type camera_device, dev_type;
 type dm_device, dev_type;
+# XXX may be specific for mako
+type dss_device, dev_type;
+type knvmap_device, dev_type;
 type loop_device, dev_type;
 type radio_device, dev_type;
 type ram_device, dev_type;
@@ -20,6 +23,7 @@ type graphics_device, dev_type;
 type input_device, dev_type;
 type kmem_device, dev_type;
 type log_device, dev_type, mlstrustedobject;
+type msm_rotator_device, dev_type;
 type mtd_device, dev_type;
 type mtp_device, dev_type, mlstrustedobject;
 type nfc_device, dev_type;
@@ -27,6 +31,7 @@ type nv_device, dev_type, mlstrustedobject;
 type powervr_device, dev_type, mlstrustedobject;
 type ptmx_device, dev_type, mlstrustedobject;
 type qemu_device, dev_type;
+type sysfs_devices_system_cpu, dev_type;
 type kmsg_device, dev_type;
 type null_device, dev_type, mlstrustedobject;
 type random_device, dev_type;
diff --git a/file_contexts b/file_contexts
index 8906e389e..fef8fb227 100644
--- a/file_contexts
+++ b/file_contexts
@@ -46,6 +46,7 @@
 /dev/console		u:object_r:console_device:s0
 /dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
 /dev/device-mapper	u:object_r:dm_device:s0
+/dev/dsscomp        u:object_r:dss_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/full		u:object_r:full_device:s0
 /dev/fuse		u:object_r:fuse_device:s0
@@ -53,12 +54,16 @@
 /dev/input(/.*)		u:object_r:input_device:s0
 /dev/iio:device[0-9]+   u:object_r:iio_device:s0
 /dev/ion		u:object_r:ion_device:s0
+/dev/kgsl-3d0       u:object_r:graphics_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
+/dev/knvmap     u:object_r:knvmap_device:s0
 /dev/log(/.*)?		u:object_r:log_device:s0
 /dev/mem		u:object_r:kmem_device:s0
 /dev/modem.*		u:object_r:radio_device:s0
 /dev/mpu		u:object_r:gps_device:s0
 /dev/mpuirq		u:object_r:gps_device:s0
+# XXX move to device-specific
+/dev/msm_rotator    u:object_r:msm_rotator_device:s0
 /dev/mtd(/.*)?		u:object_r:mtd_device:s0
 /dev/mtd/mtd5		u:object_r:radio_device:s0
 /dev/mtd/mtd5ro		u:object_r:radio_device:s0
diff --git a/surfaceflinger.te b/surfaceflinger.te
index a383ec11e..3a4b4b749 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -32,3 +32,9 @@ allow surfaceflinger ctl_default_prop:property_service set;
 allow surfaceflinger appdomain:fd use;
 allow surfaceflinger platform_app_data_file:file { read write };
 allow surfaceflinger app_data_file:file { read write };
+
+# Allow access to special-purpose devices
+# XXX may be device-specific
+allow surfaceflinger dss_device:chr_file { read write };
+allow surfaceflinger knvmap_device:chr_file { ioctl };
+allow surfaceflinger msm_rotator_device:chr_file { open };
\ No newline at end of file
diff --git a/system.te b/system.te
index 9d6d4c148..4086d6009 100644
--- a/system.te
+++ b/system.te
@@ -122,6 +122,7 @@ selinux_check_access(system)
 
 # XXX Label sysfs files with a specific type?
 allow system sysfs:file rw_file_perms;
+allow system sysfs_devices_system_cpu:dir search;
 allow system sysfs_nfc_power_writable:file rw_file_perms;
 
 # Access devices.
-- 
GitLab