ueventd/sepolicy changes needed for virtio-gpu
bug: 143698833
Change-Id: I9c79d7c469fa8163cb69df6774a0af09274ccd57
diff --git a/sepolicy/common/bootanim.te b/sepolicy/common/bootanim.te
index bc84ee7..4d011e1 100644
--- a/sepolicy/common/bootanim.te
+++ b/sepolicy/common/bootanim.te
@@ -4,6 +4,7 @@
dontaudit bootanim system_data_file:dir read;
allow bootanim graphics_device:chr_file { read ioctl open };
+allow bootanim gpu_device:chr_file { read ioctl open };
typeattribute bootanim system_writes_vendor_properties_violators;
set_prop(bootanim, qemu_prop)
diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts
index 2373463..6bcc673 100644
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@@ -15,6 +15,9 @@
/dev/goldfish_sync u:object_r:qemu_device:s0
/dev/goldfish_address_space u:object_r:qemu_device:s0
/dev/qemu_.* u:object_r:qemu_device:s0
+/dev/dri/card0 u:object_r:gpu_device:s0
+/dev/dri/controlD64 u:object_r:gpu_device:s0
+/dev/dri/renderD128 u:object_r:gpu_device:s0
/dev/ttyGF[0-9]* u:object_r:serial_device:s0
/dev/ttyS2 u:object_r:console_device:s0
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
diff --git a/sepolicy/common/hal_graphics_allocator_default.te b/sepolicy/common/hal_graphics_allocator_default.te
index 6676f57..527cabd 100644
--- a/sepolicy/common/hal_graphics_allocator_default.te
+++ b/sepolicy/common/hal_graphics_allocator_default.te
@@ -1,4 +1,6 @@
allow hal_graphics_allocator_default graphics_device:dir search;
allow hal_graphics_allocator_default graphics_device:chr_file { ioctl open read write map rw_file_perms };
+allow hal_graphics_allocator_default gpu_device:dir search;
+allow hal_graphics_allocator_default gpu_device:chr_file { ioctl open read write map rw_file_perms };
allow hal_graphics_allocator_default dumpstate:fd use;
allow hal_graphics_allocator_default dumpstate:fifo_file write;
diff --git a/sepolicy/common/hal_graphics_composer_default.te b/sepolicy/common/hal_graphics_composer_default.te
index e9205cd..3b0c862 100644
--- a/sepolicy/common/hal_graphics_composer_default.te
+++ b/sepolicy/common/hal_graphics_composer_default.te
@@ -1,3 +1,4 @@
#============= hal_graphics_composer_default ==============
allow hal_graphics_composer_default vndbinder_device:chr_file { ioctl open read write map };
-
+allow hal_graphics_composer_default graphics_device:chr_file { ioctl open read write map };
+allow hal_graphics_composer_default gpu_device:chr_file { ioctl open read write map };
diff --git a/sepolicy/common/surfaceflinger.te b/sepolicy/common/surfaceflinger.te
index 2bba8a7..575ec1b 100644
--- a/sepolicy/common/surfaceflinger.te
+++ b/sepolicy/common/surfaceflinger.te
@@ -1,5 +1,6 @@
allow surfaceflinger self:process execmem;
allow surfaceflinger ashmem_device:chr_file execute;
+allow surfaceflinger gpu_device:chr_file { ioctl open read write map };
typeattribute surfaceflinger system_writes_vendor_properties_violators;
set_prop(surfaceflinger, qemu_prop)
diff --git a/ueventd.ranchu.rc b/ueventd.ranchu.rc
index 38ad757..db42634 100644
--- a/ueventd.ranchu.rc
+++ b/ueventd.ranchu.rc
@@ -4,3 +4,6 @@
/dev/ttyS* 0666 system system
/dev/goldfish_sync 0666 system system
/dev/goldfish_address_space 0666 system system
+/dev/dri/card0 0660 system graphics
+/dev/dri/controlD64 0660 system graphics
+/dev/dri/renderD128 0666 system graphics
