diff options
| -rw-r--r-- | sepolicy/hal_graphics_composer_default.te | 1 | ||||
| -rw-r--r-- | sepolicy/init.te | 1 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 4 | ||||
| -rw-r--r-- | sepolicy/vendor_init.te | 4 |
4 files changed, 9 insertions, 1 deletions
diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te new file mode 100644 index 0000000..1237d2d --- /dev/null +++ b/sepolicy/hal_graphics_composer_default.te @@ -0,0 +1 @@ +allow hal_graphics_composer_default { sysfs_camera sysfs_video }:dir search; diff --git a/sepolicy/init.te b/sepolicy/init.te index 159809a..1d5a98d 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -11,3 +11,4 @@ allow init sysfs_fingerprint:file { open read setattr write }; allow init sysfs:file setattr; allow init tee_device:chr_file write; allow init hidl_base_hwservice:hwservice_manager add; +allow init sysfs_graphics:lnk_file read; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index 0b0b72b..22617da 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -20,6 +20,10 @@ allow priv_app sepolicy_file:file r_file_perms; allow priv_app service_contexts_file:file r_file_perms; allow priv_app vendor_file:file rx_file_perms; allow priv_app vndservice_contexts_file:file r_file_perms; +allow priv_app proc_interrupts:file r_file_perms; +allow priv_app proc_modules:file r_file_perms; +allow priv_app proc:file r_file_perms; +allow priv_app device:dir open; r_dir_file(priv_app, sysfs_type); binder_call(priv_app, hal_memtrack_default); diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te index caecc32..1e54496 100644 --- a/sepolicy/vendor_init.te +++ b/sepolicy/vendor_init.te @@ -13,4 +13,6 @@ allow vendor_init { thermal_data_file tombstone_data_file }:dir create_dir_perms; -allow vendor_init media_rw_data_file:dir getattr; +allow vendor_init media_rw_data_file:{ dir file } getattr; +allow vendor_init media_rw_data_file: file relabelfrom; +allow vendor_init device:file create_file_perms; |