diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-28 20:01:08 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-28 20:01:08 +0000 |
commit | c68d93894792e71eab82ebdefb7566a97d094cf5 (patch) | |
tree | b3500eb5ccd0fc360f3f4439b74a87bc4b05daa4 | |
parent | 5cc775a527da7d8da3709e75423432cb25e266d2 (diff) | |
parent | c9be610c78e0fb9d00654b50616e5dba63fb7630 (diff) |
Snap for 8505378 from c9be610c78e0fb9d00654b50616e5dba63fb7630 to mainline-go-adservices-releaseaml_go_ads_330915100aml_go_ads_330915000aml_go_ads_330913000
Change-Id: I813d261ff427d5789319bc4a31b24bb6b3197459
-rw-r--r-- | sepolicy/file.te | 1 | ||||
-rw-r--r-- | sepolicy/genfs_contexts | 1 | ||||
-rw-r--r-- | sepolicy/kernel.te | 6 | ||||
-rw-r--r-- | sepolicy/surfaceflinger.te | 1 | ||||
-rw-r--r-- | sepolicy/system_server.te | 2 |
5 files changed, 9 insertions, 2 deletions
diff --git a/sepolicy/file.te b/sepolicy/file.te index e5a0bd1..b149497 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,4 +1,3 @@ -type sysfs_gpu, fs_type, sysfs_type; type sysfs_mss, fs_type, sysfs_type; type sysfs_rmtfs, fs_type, sysfs_type; type sysfs_remoteproc, fs_type, sysfs_type; diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts index e8ddb12..2a50d9c 100644 --- a/sepolicy/genfs_contexts +++ b/sepolicy/genfs_contexts @@ -1,4 +1,5 @@ genfscon sysfs /devices/platform/88f00000.memory/rmtfs u:object_r:sysfs_rmtfs:s0 +genfscon sysfs /devices/platform/88f00000.rmtfs/rmtfs u:object_r:sysfs_rmtfs:s0 genfscon sysfs /devices/platform/remoteproc-adsp/remoteproc u:object_r:sysfs_remoteproc:s0 genfscon sysfs /devices/platform/remoteproc-cdsp/remoteproc u:object_r:sysfs_remoteproc:s0 genfscon sysfs /devices/platform/soc@0/4080000.remoteproc u:object_r:sysfs_remoteproc:s0 diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te index 3fad122..176d6f6 100644 --- a/sepolicy/kernel.te +++ b/sepolicy/kernel.te @@ -2,6 +2,10 @@ allow kernel device:chr_file { create setattr }; allow kernel device:dir { add_name create write }; allow kernel self:capability mknod; -allow kernel vendor_file:file { open read }; +allow kernel vendor_file:file { open read getattr}; +allow kernel vendor_file:dir read; allow kernel self:system module_request; allow vendor_init kernel:system module_request; +allow kernel sepolicy_file:file getattr; +allow kernel system_bootstrap_lib_file:dir getattr; +allow kernel system_bootstrap_lib_file:file getattr; diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te index 17b66a8..9bffa3f 100644 --- a/sepolicy/surfaceflinger.te +++ b/sepolicy/surfaceflinger.te @@ -1 +1,2 @@ gpu_access(surfaceflinger) +allow surfaceflinger vendor_file:dir read; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 80957cc..e801436 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -1 +1,3 @@ gpu_access(system_server) +allow system_server wifi_hal_prop:file {open read getattr map}; +allow system_server vendor_file:dir read; |