DivestOS/Patches/LineageOS-16.0/android_device_lge_hammerhead/263108.patch

60 lines
2.9 KiB
Diff
Raw Normal View History

From 5ff294c0a20302e01695ebc82180d0ad6ea11501 Mon Sep 17 00:00:00 2001
From: Sashko <sashko506@gmail.com>
Date: Sun, 3 Nov 2019 02:07:03 +0200
Subject: [PATCH] sepolicy: Resolve surfaceflinger denials
denied { read open } for name=msm_fb_split dev=sysfs ino=11739 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
denied { getattr } for path=/sys/devices/virtual/graphics/fb0/msm_fb_split dev=sysfs ino=11739 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
denied { read open } for name=fb2 dev=sysfs ino=11788 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=1
denied { search read open } for name=fb0 dev=sysfs ino=11697 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs_surfaceflinger:s0 tclass=dir permissive=1
denied { write } for name=rgb dev=sysfs ino=11740 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_surfaceflinger:s0 tclass=file permissive=1
Change-Id: I404b61992eb082d87c5b3b1b7875a7bc83f8cf7d
---
sepolicy/file_contexts | 4 +---
sepolicy/surfaceflinger.te | 1 +
sepolicy/system_server.te | 2 ++
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 9ec66741..cb9b79e7 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -142,9 +142,7 @@
/sys/module/pm_8x60/modes(/.*)? u:object_r:sysfs_mpdecision:s0
# Sysfs files used by surfaceflinger
-/sys/devices/virtual/graphics/fb1/hpd -- u:object_r:sysfs_surfaceflinger:s0
-/sys/devices/virtual/graphics/fb1/vendor_name -- u:object_r:sysfs_surfaceflinger:s0
-/sys/devices/virtual/graphics/fb1/product_description -- u:object_r:sysfs_surfaceflinger:s0
+/sys/devices/virtual/graphics/fb([0-2])+(/.*)? u:object_r:sysfs_surfaceflinger:s0
/sys/devices/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk u:object_r:sysfs_thermal:s0
/sys/devices/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/max_gpuclk u:object_r:sysfs_thermal:s0
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index a92feab8..e2760a36 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -1,3 +1,4 @@
+allow surfaceflinger sysfs_surfaceflinger:dir r_dir_perms;
allow surfaceflinger sysfs_surfaceflinger:file rw_file_perms;
allow surfaceflinger sysfs_thermal:file r_file_perms;
allow surfaceflinger qdisplay_service:service_manager { add find };
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index ab211feb..cf161518 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -22,6 +22,8 @@ allow system_server self:netlink_socket create_socket_perms_no_ioctl;
allow system_server sysfs_thermal:file r_file_perms;
+allow system_server sysfs_surfaceflinger:file write;
+
allow system_server sensors_device:chr_file getattr;
allowxperm system_server self:udp_socket ioctl { SIOCSIFFLAGS SIOCDEVPRIVATE_D };