mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 15:09:34 -05:00
41 lines
1.4 KiB
Diff
41 lines
1.4 KiB
Diff
|
From 303349ca33b80052b0f16defdddc7f4c126f5349 Mon Sep 17 00:00:00 2001
|
||
|
From: Adrian DC <radian.dc@gmail.com>
|
||
|
Date: Sun, 3 Nov 2019 00:54:38 +0200
|
||
|
Subject: [PATCH] sepolicy: Resolve surfaceflinger access to qdisplay service
|
||
|
|
||
|
* denied { add find } for service=display.qservice uid=1000
|
||
|
scontext=u:r:surfaceflinger:s0
|
||
|
tcontext=u:object_r:qdisplay_service:s0 tclass=service_manager
|
||
|
|
||
|
Change-Id: I9e8af53ecbc475056497926d401d2312b43283c9
|
||
|
---
|
||
|
sepolicy/service.te | 1 +
|
||
|
sepolicy/service_contexts | 1 +
|
||
|
sepolicy/surfaceflinger.te | 1 +
|
||
|
3 files changed, 3 insertions(+)
|
||
|
create mode 100644 sepolicy/service.te
|
||
|
create mode 100644 sepolicy/service_contexts
|
||
|
|
||
|
diff --git a/sepolicy/service.te b/sepolicy/service.te
|
||
|
new file mode 100644
|
||
|
index 00000000..60490a58
|
||
|
--- /dev/null
|
||
|
+++ b/sepolicy/service.te
|
||
|
@@ -0,0 +1 @@
|
||
|
+type qdisplay_service, service_manager_type;
|
||
|
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
|
||
|
new file mode 100644
|
||
|
index 00000000..3d6b681b
|
||
|
--- /dev/null
|
||
|
+++ b/sepolicy/service_contexts
|
||
|
@@ -0,0 +1 @@
|
||
|
+display.qservice u:object_r:qdisplay_service:s0
|
||
|
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
|
||
|
index 02adf8ac..a92feab8 100644
|
||
|
--- a/sepolicy/surfaceflinger.te
|
||
|
+++ b/sepolicy/surfaceflinger.te
|
||
|
@@ -1,2 +1,3 @@
|
||
|
allow surfaceflinger sysfs_surfaceflinger:file rw_file_perms;
|
||
|
allow surfaceflinger sysfs_thermal:file r_file_perms;
|
||
|
+allow surfaceflinger qdisplay_service:service_manager { add find };
|