Skip to content

Commit

Permalink
Add sepolicy rules for evs_app
Browse files Browse the repository at this point in the history
To let evs_app run normally, these rules are needed.

Test done: evs_app can run normally.

Tracked-On: OAM-118860
Signed-off-by: jizhenlo <[email protected]>
  • Loading branch information
ceiba1985 committed May 23, 2024
1 parent e15a34d commit ce122dd
Showing 1 changed file with 44 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
From e1c829258650d7b02ef8beb717c40d7f2b8b4468 Mon Sep 17 00:00:00 2001
From: jizhenlo <[email protected]>
Date: Wed, 22 May 2024 16:08:28 +0800
Subject: [PATCH] Add sepolicy rules for evs_app

To let evs_app run normally, these rules are needed.

Tracked-On: OAM-118860
Signed-off-by: jizhenlo <[email protected]>
---
car/evsmanagerd.te | 1 +
car/file_contexts | 2 ++
car/hal_graphics_allocator.te | 1 +
3 files changed, 4 insertions(+)
create mode 100644 car/evsmanagerd.te
create mode 100644 car/hal_graphics_allocator.te

diff --git a/car/evsmanagerd.te b/car/evsmanagerd.te
new file mode 100644
index 0000000..26534bc
--- /dev/null
+++ b/car/evsmanagerd.te
@@ -0,0 +1 @@
+allow evsmanagerd hal_graphics_allocator_default_tmpfs:file rw_file_perms;
diff --git a/car/file_contexts b/car/file_contexts
index dfbebfa..26d1317 100644
--- a/car/file_contexts
+++ b/car/file_contexts
@@ -3,3 +3,5 @@

/vendor/bin/hw/android.hardware.broadcastradio@intel-service u:object_r:hal_broadcastradio_default_exec:s0
/vendor/bin/hw/[email protected] u:object_r:hal_audiocontrol_default_exec:s0
+
+/dev/media[0-9]+ u:object_r:video_device:s0
diff --git a/car/hal_graphics_allocator.te b/car/hal_graphics_allocator.te
new file mode 100644
index 0000000..3991430
--- /dev/null
+++ b/car/hal_graphics_allocator.te
@@ -0,0 +1 @@
+allow { hal_graphics_allocator_client -isolated_app_all } hal_graphics_allocator_default_tmpfs:file rw_file_perms;
--
2.25.1

0 comments on commit ce122dd

Please sign in to comment.