mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-14 18:34:30 -05:00
60 lines
2.9 KiB
Diff
60 lines
2.9 KiB
Diff
|
From 5ff294c0a20302e01695ebc82180d0ad6ea11501 Mon Sep 17 00:00:00 2001
|
||
|
From: Sashko <sashko506@gmail.com>
|
||
|
Date: Sun, 3 Nov 2019 02:07:03 +0200
|
||
|
Subject: [PATCH] sepolicy: Resolve surfaceflinger denials
|
||
|
|
||
|
denied { read open } for name=msm_fb_split dev=sysfs ino=11739 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
|
||
|
|
||
|
denied { getattr } for path=/sys/devices/virtual/graphics/fb0/msm_fb_split dev=sysfs ino=11739 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
|
||
|
|
||
|
denied { read open } for name=fb2 dev=sysfs ino=11788 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=1
|
||
|
|
||
|
denied { search read open } for name=fb0 dev=sysfs ino=11697 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs_surfaceflinger:s0 tclass=dir permissive=1
|
||
|
|
||
|
denied { write } for name=rgb dev=sysfs ino=11740 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_surfaceflinger:s0 tclass=file permissive=1
|
||
|
|
||
|
Change-Id: I404b61992eb082d87c5b3b1b7875a7bc83f8cf7d
|
||
|
---
|
||
|
sepolicy/file_contexts | 4 +---
|
||
|
sepolicy/surfaceflinger.te | 1 +
|
||
|
sepolicy/system_server.te | 2 ++
|
||
|
3 files changed, 4 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
|
||
|
index 9ec66741..cb9b79e7 100644
|
||
|
--- a/sepolicy/file_contexts
|
||
|
+++ b/sepolicy/file_contexts
|
||
|
@@ -142,9 +142,7 @@
|
||
|
/sys/module/pm_8x60/modes(/.*)? u:object_r:sysfs_mpdecision:s0
|
||
|
|
||
|
# Sysfs files used by surfaceflinger
|
||
|
-/sys/devices/virtual/graphics/fb1/hpd -- u:object_r:sysfs_surfaceflinger:s0
|
||
|
-/sys/devices/virtual/graphics/fb1/vendor_name -- u:object_r:sysfs_surfaceflinger:s0
|
||
|
-/sys/devices/virtual/graphics/fb1/product_description -- u:object_r:sysfs_surfaceflinger:s0
|
||
|
+/sys/devices/virtual/graphics/fb([0-2])+(/.*)? u:object_r:sysfs_surfaceflinger:s0
|
||
|
|
||
|
/sys/devices/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk u:object_r:sysfs_thermal:s0
|
||
|
/sys/devices/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/max_gpuclk u:object_r:sysfs_thermal:s0
|
||
|
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
|
||
|
index a92feab8..e2760a36 100644
|
||
|
--- a/sepolicy/surfaceflinger.te
|
||
|
+++ b/sepolicy/surfaceflinger.te
|
||
|
@@ -1,3 +1,4 @@
|
||
|
+allow surfaceflinger sysfs_surfaceflinger:dir r_dir_perms;
|
||
|
allow surfaceflinger sysfs_surfaceflinger:file rw_file_perms;
|
||
|
allow surfaceflinger sysfs_thermal:file r_file_perms;
|
||
|
allow surfaceflinger qdisplay_service:service_manager { add find };
|
||
|
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
|
||
|
index ab211feb..cf161518 100644
|
||
|
--- a/sepolicy/system_server.te
|
||
|
+++ b/sepolicy/system_server.te
|
||
|
@@ -22,6 +22,8 @@ allow system_server self:netlink_socket create_socket_perms_no_ioctl;
|
||
|
|
||
|
allow system_server sysfs_thermal:file r_file_perms;
|
||
|
|
||
|
+allow system_server sysfs_surfaceflinger:file write;
|
||
|
+
|
||
|
allow system_server sensors_device:chr_file getattr;
|
||
|
|
||
|
allowxperm system_server self:udp_socket ioctl { SIOCSIFFLAGS SIOCDEVPRIVATE_D };
|