DivestOS/Patches/LineageOS-16.0/android_device_lge_hammerhead/263103.patch

41 lines
1.4 KiB
Diff
Raw Normal View History

From 303349ca33b80052b0f16defdddc7f4c126f5349 Mon Sep 17 00:00:00 2001
From: Adrian DC <radian.dc@gmail.com>
Date: Sun, 3 Nov 2019 00:54:38 +0200
Subject: [PATCH] sepolicy: Resolve surfaceflinger access to qdisplay service
* denied { add find } for service=display.qservice uid=1000
scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:qdisplay_service:s0 tclass=service_manager
Change-Id: I9e8af53ecbc475056497926d401d2312b43283c9
---
sepolicy/service.te | 1 +
sepolicy/service_contexts | 1 +
sepolicy/surfaceflinger.te | 1 +
3 files changed, 3 insertions(+)
create mode 100644 sepolicy/service.te
create mode 100644 sepolicy/service_contexts
diff --git a/sepolicy/service.te b/sepolicy/service.te
new file mode 100644
index 00000000..60490a58
--- /dev/null
+++ b/sepolicy/service.te
@@ -0,0 +1 @@
+type qdisplay_service, service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
new file mode 100644
index 00000000..3d6b681b
--- /dev/null
+++ b/sepolicy/service_contexts
@@ -0,0 +1 @@
+display.qservice u:object_r:qdisplay_service:s0
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index 02adf8ac..a92feab8 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -1,2 +1,3 @@
allow surfaceflinger sysfs_surfaceflinger:file rw_file_perms;
allow surfaceflinger sysfs_thermal:file r_file_perms;
+allow surfaceflinger qdisplay_service:service_manager { add find };