From b4116fc7e19c299df511b7bba3691336896d3f1c Mon Sep 17 00:00:00 2001 From: Jeevaka Prabu Badrappan Date: Fri, 9 Aug 2024 19:44:17 +0530 Subject: [PATCH] Add sepolicy for mapper5 stable-c interface Tests done: - Android boot in BM & GVT-d config - adb reboot Tracked-On: OAM-124485 Tracked-On: OAM-124524 Signed-off-by: Jeevaka Prabu Badrappan --- graphics/mesa/hal_graphics_composer_default.te | 1 + graphics/mesa/service_contexts | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 graphics/mesa/service_contexts diff --git a/graphics/mesa/hal_graphics_composer_default.te b/graphics/mesa/hal_graphics_composer_default.te index e2e3cb50..74166e51 100644 --- a/graphics/mesa/hal_graphics_composer_default.te +++ b/graphics/mesa/hal_graphics_composer_default.te @@ -26,3 +26,4 @@ dontaudit hal_graphics_composer_default default_prop:file *; allow hal_graphics_composer_default sysfs:file { open read }; allow hal_graphics_composer_default uio_device:chr_file { map open read write }; allow hal_graphics_composer_default hal_graphics_allocator_default_tmpfs:file { read write map }; +allow hal_graphics_composer_default hal_graphics_mapper_service:service_manager find; diff --git a/graphics/mesa/service_contexts b/graphics/mesa/service_contexts new file mode 100644 index 00000000..af5051cb --- /dev/null +++ b/graphics/mesa/service_contexts @@ -0,0 +1,14 @@ +# "mapper/minigbm" represents "mapper.minigbm.so" which is a minigbm +# implementation of mapper5 stable-c interface. This corresponds to the +# VINTF manifest declaration: +# +# mapper +# 5.0 +# +# minigbm +# +# +# Note that native/passthrough HALs use the "{type}/{instance}" pattern from +# SEPolicy perspective and are looked up via the corresponding filename +# "{type}.{instance}.so". +mapper/minigbm u:object_r:hal_graphics_mapper_service:s0 \ No newline at end of file